Repository: incubator-hawq Updated Branches: refs/heads/master eb2ea9074 -> 8a5e65bff
HAWQ-1281. Refactored RPS integration tests (closes #1100) Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/8a5e65bf Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/8a5e65bf Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/8a5e65bf Branch: refs/heads/master Commit: 8a5e65bffc52f6c36c0813ecd1825631fac3acba Parents: eb2ea90 Author: Alexander Denissov <adenis...@pivotal.io> Authored: Fri Jan 20 11:19:40 2017 -0800 Committer: Alexander Denissov <adenis...@pivotal.io> Committed: Wed Jan 25 09:56:05 2017 -0800 ---------------------------------------------------------------------- .../integration/service/tests/DatabaseTest.java | 66 ++++---- .../integration/service/tests/FunctionTest.java | 111 +++++++------ .../integration/service/tests/LanguageTest.java | 96 +++++------ .../integration/service/tests/ProtocolTest.java | 61 +++---- .../integration/service/tests/RPSRequest.java | 60 ------- .../integration/service/tests/RPSResponse.java | 42 ----- .../integration/service/tests/SchemaTest.java | 95 +++++++++++ .../integration/service/tests/SequenceTest.java | 97 +++++++++++ .../service/tests/ServiceBaseTest.java | 116 ------------- .../service/tests/SpecialPrivilegesTest.java | 95 +++++++++++ .../integration/service/tests/TableTest.java | 96 +++++++++++ .../service/tests/TablespaceTest.java | 61 +++---- .../ranger/integration/service/tests/Utils.java | 76 --------- .../tests/common/ComplexResourceTestBase.java | 40 +++++ .../service/tests/common/Policy.java | 107 ++++++++++++ .../service/tests/common/RESTClient.java | 114 +++++++++++++ .../service/tests/common/ServiceTestBase.java | 162 +++++++++++++++++++ .../tests/common/SimpleResourceTestBase.java | 114 +++++++++++++ .../src/test/resources/test-database.json | 46 ------ .../src/test/resources/test-function-2.json | 40 ----- .../src/test/resources/test-function.json | 40 ----- .../src/test/resources/test-language-2.json | 35 ---- .../src/test/resources/test-language.json | 35 ---- .../src/test/resources/test-protocol.json | 33 ---- .../src/test/resources/test-tablespace.json | 30 ---- 25 files changed, 1107 insertions(+), 761 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java index 451a289..1e6557f 100644 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/DatabaseTest.java @@ -19,49 +19,43 @@ package org.apache.hawq.ranger.integration.service.tests; -import org.junit.Test; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.apache.hawq.ranger.integration.service.tests.common.SimpleResourceTestBase; +import org.junit.Before; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.*; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +public class DatabaseTest extends SimpleResourceTestBase { -public class DatabaseTest extends ServiceBaseTest { + // create-schema will be requested by HAWQ with only database in context, so it looks like a privilege for database resource + private static final String[] SPECIAL_PRIVILEGES = new String[] {"connect", "temp", "create-schema"}; - private static final List<String> PRIVILEGES = Arrays.asList("connect", "temp"); - - public void beforeTest() - throws IOException { - createPolicy("test-database.json"); - resources.put("database", "sirotan"); - } - - @Test - public void testDatabases_UserMaria_SirotanDb_Allowed() - throws IOException { - assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Before + public void beforeTest() { + specificResource.put(database, TEST_DB); + unknownResource.put(database, UNKNOWN); + privileges = new String[] {"connect", "temp", "create"}; } - @Test - public void testDatabases_UserMaria_DoesNotExistDb_Denied() - throws IOException { - resources.put("database", "doesnotexist"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, STAR) + .resource(table, STAR) + .userAccess(TEST_USER, SPECIAL_PRIVILEGES) + .build(); + return policy; } - @Test - public void testDatabases_UserBob_SirotanDb_Denied() - throws IOException { - assertFalse(hasAccess("bob", resources, PRIVILEGES)); + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, STAR) + .resource(table, STAR) + .groupAccess(PUBLIC_GROUP, SPECIAL_PRIVILEGES) + .build(); + return policy; } - - @Test - public void testDatabases_UserMaria_SirotanDb_Denied() - throws IOException { - deletePolicy(); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); - } - } http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java index 1253c38..ecdb67b 100644 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/FunctionTest.java @@ -19,73 +19,78 @@ package org.apache.hawq.ranger.integration.service.tests; -import org.junit.Test; +import org.apache.hawq.ranger.integration.service.tests.common.ComplexResourceTestBase; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.junit.Before; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.*; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +public class FunctionTest extends ComplexResourceTestBase { -public class FunctionTest extends ServiceBaseTest { + @Before + public void beforeTest() { + specificResource.put(database, TEST_DB); + specificResource.put(schema, TEST_SCHEMA); + specificResource.put(function, TEST_FUNCTION); - private static final List<String> PRIVILEGES = Arrays.asList("execute"); + parentUnknownResource.put(database, TEST_DB); + parentUnknownResource.put(schema, UNKNOWN); + parentUnknownResource.put(function, TEST_FUNCTION); - public void beforeTest() - throws IOException { - createPolicy("test-function.json"); - resources.put("database", "sirotan"); - resources.put("schema", "siroschema"); - resources.put("function", "atan"); - } + childUnknownResource.put(database, TEST_DB); + childUnknownResource.put(schema, TEST_SCHEMA); + childUnknownResource.put(function, UNKNOWN); - @Test - public void testFunctions_UserMaria_SirotanDb_AtanFunction_Allowed() - throws IOException { - assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); - } + unknownResource.put(database, UNKNOWN); + unknownResource.put(schema, UNKNOWN); + unknownResource.put(function, UNKNOWN); - @Test - public void testFunctions_UserMaria_OtherDb_AtanFunction_Denied() - throws IOException { - resources.put("database", "other"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + privileges = new String[] {"execute"}; } - @Test - public void testFunctions_UserMaria_SirotanDb_DoesNotExistFunction_Denied() - throws IOException { - resources.put("function", "doesnotexist"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(function, TEST_FUNCTION) + .userAccess(TEST_USER, privileges) + .build(); + return policy; } - @Test - public void testFunctions_UserBob_SirotanDb_AtanFunction_Denied() - throws IOException { - assertFalse(hasAccess("bob", resources, PRIVILEGES)); + @Override + protected Policy getResourceParentStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, STAR) + .resource(function, TEST_FUNCTION) + .userAccess(TEST_USER, privileges) + .build(); + policy.isParentStar = true; + return policy; } - @Test - public void testFunctions_UserMaria_SirotanDb_AtanFunction_Denied() - throws IOException { - deletePolicy(); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceChildStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(function, STAR) + .userAccess(TEST_USER, privileges) + .build(); + policy.isChildStar = true; + return policy; } - @Test - public void testFunctions_UserMaria_DoesNotExistDb_AtanFunction_Denied() - throws IOException { - resources.put("database", "doesnotexist"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(function, TEST_FUNCTION) + .groupAccess(PUBLIC_GROUP, privileges) + .build(); + return policy; } - - @Test - public void testFunctions_UserMaria_SirotanDb_AtanFunction_Policy2_Allowed() - throws IOException { - deletePolicy(); - createPolicy("test-function-2.json"); - assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); - } - } http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java index 6eedb08..d39a595 100644 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/LanguageTest.java @@ -19,65 +19,71 @@ package org.apache.hawq.ranger.integration.service.tests; -import org.junit.Test; +import org.apache.hawq.ranger.integration.service.tests.common.ComplexResourceTestBase; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.junit.Before; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.database; +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.language; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +public class LanguageTest extends ComplexResourceTestBase { -public class LanguageTest extends ServiceBaseTest { + @Before + public void beforeTest() { + specificResource.put(database, TEST_DB); + specificResource.put(language, TEST_LANGUAGE); - private static final List<String> PRIVILEGES = Arrays.asList("usage"); + parentUnknownResource.put(database, UNKNOWN); + parentUnknownResource.put(language, TEST_LANGUAGE); - public void beforeTest() - throws IOException { - createPolicy("test-language.json"); - resources.put("database", "sirotan"); - resources.put("language", "sql"); - } + childUnknownResource.put(database, TEST_DB); + childUnknownResource.put(language, UNKNOWN); - @Test - public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Allowed() - throws IOException { - assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); - } + unknownResource.put(database, UNKNOWN); + unknownResource.put(language, UNKNOWN); - @Test - public void testLanguages_UserMaria_SirotanDb_DoesNotExistLanguage_Denied() - throws IOException { - resources.put("language", "doesnotexist"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + privileges = new String[] {"usage"}; } - @Test - public void testLanguages_UserBob_SirotanDb_SqlLanguage_Denied() - throws IOException { - assertFalse(hasAccess("bob", resources, PRIVILEGES)); + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(language, TEST_LANGUAGE) + .userAccess(TEST_USER, privileges) + .build(); + return policy; } - @Test - public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Denied() - throws IOException { - deletePolicy(); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceParentStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, STAR) + .resource(language, TEST_LANGUAGE) + .userAccess(TEST_USER, privileges) + .build(); + policy.isParentStar = true; + return policy; } - @Test - public void testLanguages_UserMaria_DoesNotExistDb_SqlLanguage_Denied() - throws IOException { - resources.put("database", "doesnotexist"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceChildStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(language, STAR) + .userAccess(TEST_USER, privileges) + .build(); + policy.isChildStar = true; + return policy; } - @Test - public void testLanguages_UserMaria_SirotanDb_SqlLanguage_Policy2_Allowed() - throws IOException { - deletePolicy(); - createPolicy("test-language-2.json"); - assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(language, TEST_LANGUAGE) + .groupAccess(PUBLIC_GROUP, privileges) + .build(); + return policy; } - } http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java index f0e5c99..e67a0d3 100644 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ProtocolTest.java @@ -19,49 +19,36 @@ package org.apache.hawq.ranger.integration.service.tests; -import org.junit.Test; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.apache.hawq.ranger.integration.service.tests.common.SimpleResourceTestBase; +import org.junit.Before; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.protocol; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +public class ProtocolTest extends SimpleResourceTestBase { -public class ProtocolTest extends ServiceBaseTest { - - private static final List<String> PRIVILEGES = Arrays.asList("select", "insert"); - - public void beforeTest() - throws IOException { - createPolicy("test-protocol.json"); - resources.put("protocol", "pxf"); - } - - @Test - public void testProtocols_UserMaria_PxfProtocol_Allowed() - throws IOException { - assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Before + public void beforeTest() { + specificResource.put(protocol, TEST_PROTOCOL); + unknownResource.put(protocol, UNKNOWN); + privileges = new String[] {"select", "insert"}; } - @Test - public void testProtocols_UserMaria_DoesNotExistProtocol_Denied() - throws IOException { - resources.put("protocol", "doesnotexist"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(protocol, TEST_PROTOCOL) + .userAccess(TEST_USER, privileges) + .build(); + return policy; } - @Test - public void testProtocols_UserBob_PxfProtocol_Denied() - throws IOException { - assertFalse(hasAccess("bob", resources, PRIVILEGES)); + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(protocol, TEST_PROTOCOL) + .groupAccess(PUBLIC_GROUP, privileges) + .build(); + return policy; } - - @Test - public void testProtocols_UserMaria_PxfProtocol_Denied() - throws IOException { - deletePolicy(); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); - } - } http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java deleted file mode 100644 index 7e7787a..0000000 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSRequest.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.hawq.ranger.integration.service.tests; - -import org.codehaus.jackson.map.ObjectMapper; - -import java.io.IOException; - -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -public class RPSRequest { - - String user; - Map<String, String> resources; - List<String> privileges; - - public RPSRequest(String user, - Map<String, String> resources, - List<String> privileges) { - this.user = user; - this.resources = resources; - this.privileges = privileges; - } - - public String getJsonString() - throws IOException { - - Map<String, Object> request = new HashMap<>(); - request.put("requestId", 9); - request.put("user", user); - request.put("clientIp", "123.0.0.21"); - request.put("context", "CREATE DATABASE sirotan;"); - Map<String, Object> accessHash = new HashMap<>(); - accessHash.put("resource", resources); - accessHash.put("privileges", privileges); - request.put("access", Arrays.asList(accessHash)); - return new ObjectMapper().writeValueAsString(request); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java deleted file mode 100644 index 2ed1046..0000000 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/RPSResponse.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.hawq.ranger.integration.service.tests; - -import org.codehaus.jackson.annotate.JsonProperty; - -import java.util.List; -import java.util.Map; - -public class RPSResponse { - - @JsonProperty - public int requestId; - - @JsonProperty - public List<Map<String, Object>> access; - - public List<Map<String, Object>> getAccess() { - return access; - } - - public boolean hasAccess() { - return (boolean) access.get(0).get("allowed"); - } -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SchemaTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SchemaTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SchemaTest.java new file mode 100644 index 0000000..b3dff37 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SchemaTest.java @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.apache.hawq.ranger.integration.service.tests.common.ComplexResourceTestBase; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.junit.Before; + +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.*; + +public class SchemaTest extends ComplexResourceTestBase { + + // for schema only, privileges in policy must have -schema suffix added, create-schema is covered as part of DatabaseTest + private static final String[] SPECIAL_PRIVILEGES = new String[] {"usage-schema"}; + + @Before + public void beforeTest() { + specificResource.put(database, TEST_DB); + specificResource.put(schema, TEST_SCHEMA); + + parentUnknownResource.put(database, UNKNOWN); + parentUnknownResource.put(schema, TEST_SCHEMA); + + childUnknownResource.put(database, TEST_DB); + childUnknownResource.put(schema, UNKNOWN); + + unknownResource.put(database, UNKNOWN); + unknownResource.put(schema, UNKNOWN); + + privileges = new String[] {"usage"}; + } + + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(table, STAR) + .userAccess(TEST_USER, SPECIAL_PRIVILEGES) + .build(); + return policy; + } + + @Override + protected Policy getResourceParentStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, STAR) + .resource(schema, TEST_SCHEMA) + .resource(table, STAR) + .userAccess(TEST_USER, SPECIAL_PRIVILEGES) + .build(); + policy.isParentStar = true; + return policy; + } + + @Override + protected Policy getResourceChildStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, STAR) + .resource(table, STAR) + .userAccess(TEST_USER, SPECIAL_PRIVILEGES) + .build(); + policy.isChildStar = true; + return policy; + } + + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(table, STAR) + .groupAccess(PUBLIC_GROUP, SPECIAL_PRIVILEGES) + .build(); + return policy; + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SequenceTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SequenceTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SequenceTest.java new file mode 100644 index 0000000..5add94c --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SequenceTest.java @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.apache.hawq.ranger.integration.service.tests.common.ComplexResourceTestBase; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.junit.Before; + +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.*; + +public class SequenceTest extends ComplexResourceTestBase { + + @Before + public void beforeTest() { + specificResource.put(database, TEST_DB); + specificResource.put(schema, TEST_SCHEMA); + specificResource.put(sequence, TEST_SEQUENCE); + + parentUnknownResource.put(database, TEST_DB); + parentUnknownResource.put(schema, UNKNOWN); + parentUnknownResource.put(sequence, TEST_SEQUENCE); + + childUnknownResource.put(database, TEST_DB); + childUnknownResource.put(schema, TEST_SCHEMA); + childUnknownResource.put(sequence, UNKNOWN); + + unknownResource.put(database, UNKNOWN); + unknownResource.put(schema, UNKNOWN); + unknownResource.put(sequence, UNKNOWN); + + privileges = new String[] {"select", "update", "usage"}; + } + + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(sequence, TEST_SEQUENCE) + .userAccess(TEST_USER, privileges) + .build(); + return policy; + } + + @Override + + protected Policy getResourceParentStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, STAR) + .resource(sequence, TEST_SEQUENCE) + .userAccess(TEST_USER, privileges) + .build(); + policy.isParentStar = true; + return policy; + } + + @Override + protected Policy getResourceChildStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(sequence, STAR) + .userAccess(TEST_USER, privileges) + .build(); + policy.isChildStar = true; + return policy; + } + + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(sequence, TEST_SEQUENCE) + .groupAccess(PUBLIC_GROUP, privileges) + .build(); + return policy; + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java deleted file mode 100644 index 8608584..0000000 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/ServiceBaseTest.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.hawq.ranger.integration.service.tests; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.entity.StringEntity; -import org.junit.After; -import org.junit.Before; -import org.junit.Rule; -import org.junit.rules.TestName; - -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -public abstract class ServiceBaseTest { - - protected final Log log = LogFactory.getLog(this.getClass()); - - @Rule - public final TestName testName = new TestName(); - protected final String policyName = getClass().getSimpleName(); - protected Map<String, String> resources = new HashMap<>(); - - public static String RANGER_PLUGIN_SERVICE_HOST = "localhost"; - public static String RANGER_PLUGIN_SERVICE_PORT = "8432"; - public static String RANGER_PLUGIN_SERVICE_URL = - "http://" + RANGER_PLUGIN_SERVICE_HOST + ":" + RANGER_PLUGIN_SERVICE_PORT + "/rps"; - public static String RANGER_ADMIN_HOST = "localhost"; - public static String RANGER_ADMIN_PORT = "6080"; - public static String RANGER_URL = - "http://" + RANGER_ADMIN_HOST + ":" + RANGER_ADMIN_PORT + "/service/public/v2/api"; - public static String RANGER_TEST_USER = "maria_dev"; - public static int POLICY_REFRESH_INTERVAL = 6000; - - @Before - public void setUp() - throws IOException { - log.info("======================================================================================"); - log.info("Running test " + testName.getMethodName()); - log.info("======================================================================================"); - beforeTest(); - } - - @After - public void tearDown() - throws IOException { - deletePolicy(); - } - - protected void createPolicy(String jsonFile) - throws IOException { - - log.info("Creating policy " + policyName); - HttpPost httpPost = new HttpPost(RANGER_URL + "/policy"); - httpPost.setEntity(new StringEntity(Utils.getPayload(jsonFile))); - Utils.processHttpRequest(httpPost); - waitForPolicyRefresh(); - } - - protected void deletePolicy() - throws IOException { - - log.info("Deleting policy " + policyName); - String requestUrl = RANGER_URL + "/policy?servicename=hawq&policyname=" + policyName; - Utils.processHttpRequest(new HttpDelete(requestUrl)); - waitForPolicyRefresh(); - } - - protected boolean hasAccess(String user, - Map<String, String> resources, - List<String> privileges) - throws IOException { - - log.info("Checking access for user " + user); - RPSRequest request = new RPSRequest(user, resources, privileges); - HttpPost httpPost = new HttpPost(RANGER_PLUGIN_SERVICE_URL); - httpPost.setEntity(new StringEntity(request.getJsonString())); - String result = Utils.processHttpRequest(httpPost); - RPSResponse rpsResponse = Utils.getResponse(result); - return rpsResponse.hasAccess(); - } - - private void waitForPolicyRefresh() { - - try { - Thread.sleep(POLICY_REFRESH_INTERVAL); - } - catch (InterruptedException e) { - log.error(e); - } - } - - public abstract void beforeTest() throws IOException; -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SpecialPrivilegesTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SpecialPrivilegesTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SpecialPrivilegesTest.java new file mode 100644 index 0000000..ac1727f --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/SpecialPrivilegesTest.java @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.apache.hawq.ranger.integration.service.tests.common.ServiceTestBase; +import org.junit.Before; +import org.junit.Test; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.*; + +public class SpecialPrivilegesTest extends ServiceTestBase { + + private final String[] privilegeUsageSchema = new String[] {"usage-schema"}; + private final String[] privilegeUsage = new String[] {"usage"}; + + + private Map<Policy.ResourceType, String> schemaResource; + private Map<Policy.ResourceType, String> sequenceResource; + + @Before + public void beforeTest() { + // resource used for lookup from RPS + schemaResource = new HashMap<>(); + schemaResource.put(database, TEST_DB); + schemaResource.put(schema, TEST_SCHEMA); + + sequenceResource = new HashMap<>(); + sequenceResource.put(database, TEST_DB); + sequenceResource.put(schema, TEST_SCHEMA); + sequenceResource.put(sequence, TEST_SEQUENCE); + } + + + @Test + public void testUsageSchemaPrivilege() throws IOException { + // define policy for "usage-schema" on db:schema:* + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(sequence, STAR) + .userAccess(TEST_USER, privilegeUsageSchema) + .build(); + createPolicy(policy); + try { + // user should have access to usage on schema + checkUserHasResourceAccess(TEST_USER, schemaResource, privilegeUsage); + // user should have NO access to usage on sequence + checkUserDeniedResourceAccess(TEST_USER, sequenceResource, privilegeUsage); + } finally { + deletePolicy(policy); + } + } + + @Test + public void testUsagePrivilege() throws IOException { + // define policy for "usage" on db:schema:* + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(sequence, STAR) + .userAccess(TEST_USER, privilegeUsage) + .build(); + createPolicy(policy); + try { + // user should have NO access to usage on schema + checkUserDeniedResourceAccess(TEST_USER, schemaResource, privilegeUsage); + // user should have access to usage on sequence + checkUserHasResourceAccess(TEST_USER, sequenceResource, privilegeUsage); + } finally { + deletePolicy(policy); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TableTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TableTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TableTest.java new file mode 100644 index 0000000..742b91c --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TableTest.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests; + +import org.apache.hawq.ranger.integration.service.tests.common.ComplexResourceTestBase; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.junit.Before; + +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.*; + +public class TableTest extends ComplexResourceTestBase { + + @Before + public void beforeTest() { + specificResource.put(database, TEST_DB); + specificResource.put(schema, TEST_SCHEMA); + specificResource.put(table, TEST_TABLE); + + parentUnknownResource.put(database, TEST_DB); + parentUnknownResource.put(schema, UNKNOWN); + parentUnknownResource.put(table, TEST_TABLE); + + childUnknownResource.put(database, TEST_DB); + childUnknownResource.put(schema, TEST_SCHEMA); + childUnknownResource.put(table, UNKNOWN); + + unknownResource.put(database, UNKNOWN); + unknownResource.put(schema, UNKNOWN); + unknownResource.put(table, UNKNOWN); + + privileges = new String[] {"select", "insert", "update", "delete", "references"}; + } + + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(table, TEST_TABLE) + .userAccess(TEST_USER, privileges) + .build(); + return policy; + } + + @Override + protected Policy getResourceParentStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, STAR) + .resource(table, TEST_TABLE) + .userAccess(TEST_USER, privileges) + .build(); + policy.isParentStar = true; + return policy; + } + + @Override + protected Policy getResourceChildStarUserPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(table, STAR) + .userAccess(TEST_USER, privileges) + .build(); + policy.isChildStar = true; + return policy; + } + + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(database, TEST_DB) + .resource(schema, TEST_SCHEMA) + .resource(table, TEST_TABLE) + .groupAccess(PUBLIC_GROUP, privileges) + .build(); + return policy; + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java index cfc41cb..f8834b5 100644 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/TablespaceTest.java @@ -19,49 +19,36 @@ package org.apache.hawq.ranger.integration.service.tests; -import org.junit.Test; +import org.apache.hawq.ranger.integration.service.tests.common.Policy; +import org.apache.hawq.ranger.integration.service.tests.common.SimpleResourceTestBase; +import org.junit.Before; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; +import static org.apache.hawq.ranger.integration.service.tests.common.Policy.ResourceType.tablespace; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +public class TablespaceTest extends SimpleResourceTestBase { -public class TablespaceTest extends ServiceBaseTest { - - private static final List<String> PRIVILEGES = Arrays.asList("create"); - - public void beforeTest() - throws IOException { - createPolicy("test-tablespace.json"); - resources.put("tablespace", "pg_global"); - } - - @Test - public void testTablespaces_UserMaria_PgGlobalTablespace_Allowed() - throws IOException { - assertTrue(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Before + public void beforeTest() { + specificResource.put(tablespace, TEST_TABLESPACE); + unknownResource.put(tablespace, UNKNOWN); + privileges = new String[] {"create"}; } - @Test - public void testTablespaces_UserMaria_DoesNotExistTablespace_Denied() - throws IOException { - resources.put("tablespace", "doesnotexist"); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); + @Override + protected Policy getResourceUserPolicy() { + Policy policy = policyBuilder + .resource(tablespace, TEST_TABLESPACE) + .userAccess(TEST_USER, privileges) + .build(); + return policy; } - @Test - public void testTablespaces_UserBob_PgGlobalTablespace_Denied() - throws IOException { - assertFalse(hasAccess("bob", resources, PRIVILEGES)); + @Override + protected Policy getResourceGroupPolicy() { + Policy policy = policyBuilder + .resource(tablespace, TEST_TABLESPACE) + .groupAccess(PUBLIC_GROUP, privileges) + .build(); + return policy; } - - @Test - public void testTablespaces_UserMaria_PgGlobalTablespace_Denied() - throws IOException { - deletePolicy(); - assertFalse(hasAccess(RANGER_TEST_USER, resources, PRIVILEGES)); - } - } http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java deleted file mode 100644 index 971e513..0000000 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/Utils.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.hawq.ranger.integration.service.tests; - -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.io.IOUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.client.HttpClient; -import org.apache.http.client.methods.HttpRequestBase; -import org.apache.http.impl.client.HttpClientBuilder; -import org.codehaus.jackson.map.ObjectMapper; - -import java.io.IOException; - -public class Utils { - - protected static final Log log = LogFactory.getLog(Utils.class); - - public static String getPayload(String jsonFile) - throws IOException { - return IOUtils.toString(Utils.class.getClassLoader().getResourceAsStream(jsonFile)); - } - - public static String getEncoding() { - return Base64.encodeBase64String("admin:admin".getBytes()); - } - - public static String processHttpRequest(HttpRequestBase request) - throws IOException { - - if (log.isDebugEnabled()) { - log.debug("Request URI = " + request.getURI().toString()); - } - request.setHeader("Authorization", "Basic " + getEncoding()); - request.setHeader("Content-Type", "application/json"); - HttpClient httpClient = HttpClientBuilder.create().build(); - HttpResponse response = httpClient.execute(request); - int responseCode = response.getStatusLine().getStatusCode(); - log.info("Response Code = " + responseCode); - HttpEntity entity = response.getEntity(); - if (entity != null) { - String result = IOUtils.toString(entity.getContent()); - if (log.isDebugEnabled()) { - log.debug(result); - } - return result; - } - return null; - } - - public static RPSResponse getResponse(String result) - throws IOException { - return new ObjectMapper().readValue(result, RPSResponse.class); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ComplexResourceTestBase.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ComplexResourceTestBase.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ComplexResourceTestBase.java new file mode 100644 index 0000000..f49c18b --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ComplexResourceTestBase.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests.common; + +import org.junit.Test; + +import java.io.IOException; + +public abstract class ComplexResourceTestBase extends SimpleResourceTestBase { + + @Test + public void testParentStarResourceUserPolicy() throws IOException { + checkResourceUserPolicy(getResourceParentStarUserPolicy()); + } + + @Test + public void testChildStarResourceUserPolicy() throws IOException { + checkResourceUserPolicy(getResourceChildStarUserPolicy()); + } + + abstract protected Policy getResourceParentStarUserPolicy(); + abstract protected Policy getResourceChildStarUserPolicy(); +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/Policy.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/Policy.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/Policy.java new file mode 100644 index 0000000..7d8f4b5 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/Policy.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests.common; + +import java.util.*; + +public class Policy { + + public enum ResourceType { + database, schema, table, function, sequence, tablespace, language, protocol; + } + + public static class ResourceValue { + public Set<String> values = new HashSet<>(); + public Boolean isExcludes = false; + public Boolean isRecursive = false; + + public ResourceValue(String... values) { + this.values.addAll(Arrays.asList(values)); + } + } + + public static class Access { + public String type; + public Boolean isAllowed = true; + public Access(String type) { + this.type = type; + } + } + + public static class PolicyItem { + public Set<Access> accesses = new HashSet<>(); + public Set<String> users = new HashSet<>(); + public Set<String> groups = new HashSet<>(); + public Set<String> conditions = new HashSet<>(); + public Boolean delegateAdmin = true; + public PolicyItem(String[] privileges) { + for (String privilege : privileges) { + this.accesses.add(new Access(privilege)); + } + } + } + + public Boolean isEnabled = true; + public String service = "hawq"; + public String name; + public Integer policyType = 0; + public String description = "Test policy"; + public Boolean isAuditEnabled = true; + public Map<ResourceType, ResourceValue> resources = new HashMap<>(); + public Set<PolicyItem> policyItems = new HashSet<>(); + public Set<Object> denyPolicyItems = new HashSet<>(); + public Set<Object> allowExceptions = new HashSet<>(); + public Set<Object> denyExceptions = new HashSet<>(); + public Set<Object> dataMaskPolicyItems = new HashSet<>(); + public Set<Object> rowFilterPolicyItems = new HashSet<>(); + + // do not serialize into JSON + public transient boolean isParentStar = false; + public transient boolean isChildStar = false; + + public static class PolicyBuilder { + private Policy policy = new Policy(); + + public PolicyBuilder name(String name) { + policy.name = name; + policy.description = "Test Policy for " + name; + return this; + } + public PolicyBuilder resource(ResourceType type, String value) { + policy.resources.put(type, new ResourceValue(value)); + return this; + } + public PolicyBuilder userAccess(String user, String... privileges) { + PolicyItem policyItem = new PolicyItem(privileges); + policyItem.users.add(user); + policy.policyItems.add(policyItem); + return this; + } + public PolicyBuilder groupAccess(String group, String... privileges) { + PolicyItem policyItem = new PolicyItem(privileges); + policyItem.groups.add(group); + policy.policyItems.add(policyItem); + return this; + } + public Policy build() { + return policy; + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/RESTClient.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/RESTClient.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/RESTClient.java new file mode 100644 index 0000000..ee7cb6e --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/RESTClient.java @@ -0,0 +1,114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests.common; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.http.HttpEntity; +import org.apache.http.HttpStatus; +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.methods.*; +import org.apache.http.entity.ContentType; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.util.EntityUtils; + +import java.io.IOException; + + +public class RESTClient { + + private static final Log LOG = LogFactory.getLog(RESTClient.class); + private static final String AUTH_HEADER = getAuthorizationHeader(); + + private CloseableHttpClient httpClient; + + private static String getAuthorizationHeader() { + return "Basic " + Base64.encodeBase64String("admin:admin".getBytes()); + } + + public RESTClient() { + httpClient = HttpClients.createDefault(); + } + + public String executeRequest(Method method, String url) throws IOException { + return executeRequest(method, url, null); + } + + public String executeRequest(Method method, String url, String payload) throws IOException { + HttpUriRequest request = null; + switch (method) { + case GET: + request = new HttpGet(url); + break; + case POST: + request = new HttpPost(url); + ((HttpPost) request).setEntity(new StringEntity(payload)); + break; + case DELETE: + request = new HttpDelete(url); + break; + default: + throw new IllegalArgumentException("Method " + method + " is not supported"); + } + return executeRequest(request); + } + + private String executeRequest(HttpUriRequest request) throws IOException { + + LOG.debug("--> request URI = " + request.getURI()); + + request.setHeader("Authorization", AUTH_HEADER); + request.setHeader("Content-Type", ContentType.APPLICATION_JSON.toString()); + + CloseableHttpResponse response = httpClient.execute(request); + String payload = null; + try { + int responseCode = response.getStatusLine().getStatusCode(); + LOG.debug("<-- response code = " + responseCode); + + HttpEntity entity = response.getEntity(); + if (entity != null) { + payload = EntityUtils.toString(response.getEntity()); + } + LOG.debug("<-- response payload = " + payload); + + if (responseCode == HttpStatus.SC_NOT_FOUND) { + throw new ResourceNotFoundException(); + } else if (responseCode >= 300) { + throw new ClientProtocolException("Unexpected HTTP response code = " + responseCode); + } + } finally { + response.close(); + } + + return payload; + } + + public static class ResourceNotFoundException extends IOException { + + } + + public enum Method { + GET, POST, PUT, DELETE; + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java new file mode 100644 index 0000000..0b3be56 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java @@ -0,0 +1,162 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests.common; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hawq.ranger.integration.service.tests.common.Policy.PolicyBuilder; +import org.codehaus.jackson.map.ObjectMapper; +import org.codehaus.jackson.type.TypeReference; +import org.junit.Before; +import org.junit.Rule; +import org.junit.rules.TestName; + +import java.io.IOException; +import java.util.*; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public abstract class ServiceTestBase { + + protected Log LOG = LogFactory.getLog(this.getClass()); + + @Rule + public final TestName testName = new TestName(); + + protected static final String PUBLIC_GROUP = "public"; + protected static final String GPADMIN_USER = "gpadmin"; + protected static final String TEST_USER = "maria_dev"; + protected static final String UNKNOWN = "unknown"; + protected static final String STAR = "*"; + + protected static final String TEST_DB = "test-db"; + protected static final String TEST_SCHEMA = "test-schema"; + protected static final String TEST_TABLE = "test-table"; + protected static final String TEST_FUNCTION = "test-function"; + protected static final String TEST_SEQUENCE = "test-sequence"; + protected static final String TEST_LANGUAGE = "test-language"; + protected static final String TEST_PROTOCOL = "test-protocol"; + protected static final String TEST_TABLESPACE = "test-tablespace"; + + protected PolicyBuilder policyBuilder; + + private static final String RPS_HOST = "localhost"; + private static final String RPS_PORT = "8432"; + private static final String RPS_URL = String.format("http://%s:%s/rps", RPS_HOST, RPS_PORT); + + private static final String RANGER_HOST = "localhost"; + private static final String RANGER_PORT = "6080"; + private static final String RANGER_URL = String.format("http://%s:%s/service/public/v2/api", RANGER_HOST, RANGER_PORT); + private static final String RANGER_POLICY_URL = RANGER_URL + "/policy"; + + private static final int POLICY_REFRESH_INTERVAL = 6000; + private static final TypeReference<HashMap<String,Object>> typeMSO = new TypeReference<HashMap<String,Object>>() {}; + + private RESTClient rest = new RESTClient(); + private ObjectMapper mapper = new ObjectMapper(); + + @Before + public void setUp() throws IOException { + LOG.info("======================================================================================"); + LOG.info("Running test " + testName.getMethodName()); + LOG.info("======================================================================================"); + + policyBuilder = (new PolicyBuilder()).name(getClass().getSimpleName()); + } + + protected void checkUserHasResourceAccess(String user, Map<Policy.ResourceType, String> resource, String[] privileges) throws IOException { + // user IN the policy --> has all possible privileges to the specific resource + LOG.debug(String.format("Asserting user %s HAS access %s privileges %s", user, resource, Arrays.toString(privileges))); + assertTrue(hasAccess(user, resource, privileges)); + for (String privilege : privileges) { + // user IN the policy --> has individual privileges to the specific resource + LOG.debug(String.format("Asserting user %s HAS access %s privilege %s", user, resource, privilege)); + assertTrue(hasAccess(user, resource, privilege)); + } + } + + protected void checkUserDeniedResourceAccess(String user, Map<Policy.ResourceType, String> resource, String[] privileges) throws IOException { + // user IN the policy --> has all possible privileges to the specific resource + LOG.debug(String.format("Asserting user %s HAS NO access %s privileges %s", user, resource, Arrays.toString(privileges))); + assertFalse(hasAccess(user, resource, privileges)); + for (String privilege : privileges) { + // user IN the policy --> has individual privileges to the specific resource + LOG.debug(String.format("Asserting user %s HAS No access %s privilege %s", user, resource, privilege)); + assertFalse(hasAccess(user, resource, privilege)); + } + } + + protected void createPolicy(Policy policy) throws IOException { + String policyJson = mapper.writeValueAsString(policy); + LOG.info(String.format("Creating policy %s : %s", policy.name, policyJson)); + rest.executeRequest(RESTClient.Method.POST, RANGER_POLICY_URL, policyJson); + waitForPolicyRefresh(); + } + + protected void deletePolicy(Policy policy) throws IOException { + LOG.info("Deleting policy " + policy.name); + try { + rest.executeRequest(RESTClient.Method.DELETE, getRangerPolicyUrl(policy.name)); + } catch (RESTClient.ResourceNotFoundException e) { + // ignore error when deleting a policy that does not exit + } + waitForPolicyRefresh(); + } + + protected boolean hasAccess(String user, Map<Policy.ResourceType, String> resources, String... privileges) throws IOException { + LOG.info("Checking access for user " + user); + String response = rest.executeRequest(RESTClient.Method.POST, RPS_URL, getRPSRequestPayload(user, resources, privileges)); + Map<String, Object> responseMap = mapper.readValue(response, typeMSO); + boolean allowed = (Boolean)((Map)((List) responseMap.get("access")).get(0)).get("allowed"); + LOG.info(String.format("Access for user %s is allowed = %s", user, allowed)); + return allowed; + } + + private void waitForPolicyRefresh() { + try { + Thread.sleep(POLICY_REFRESH_INTERVAL); + } + catch (InterruptedException e) { + LOG.error(e); + } + } + + private String getRangerPolicyUrl(String policyName) { + return RANGER_POLICY_URL + "?servicename=hawq&policyname=" + policyName; + } + + private String getRPSRequestPayload(String user, Map<Policy.ResourceType, String> resources, String[] privileges) throws IOException { + Map<String, Object> request = new HashMap<>(); + request.put("requestId", 9); + request.put("user", user); + request.put("clientIp", "123.0.0.21"); + request.put("context", "CREATE SOME DATABASE OBJECT;"); + + Map<String, Object> access = new HashMap<>(); + access.put("resource", resources); + access.put("privileges", privileges); + + Set<Map<String, Object>> accesses = new HashSet<>(); + accesses.add(access); + request.put("access", accesses); + return new ObjectMapper().writeValueAsString(request); + } +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/SimpleResourceTestBase.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/SimpleResourceTestBase.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/SimpleResourceTestBase.java new file mode 100644 index 0000000..8bd18e8 --- /dev/null +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/SimpleResourceTestBase.java @@ -0,0 +1,114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hawq.ranger.integration.service.tests.common; + +import org.junit.Before; +import org.junit.Test; + +import java.io.IOException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.Assert.*; + +public abstract class SimpleResourceTestBase extends ServiceTestBase { + + protected Map<Policy.ResourceType, String> specificResource = new HashMap<>(); + protected Map<Policy.ResourceType, String> parentUnknownResource = new HashMap<>(); + protected Map<Policy.ResourceType, String> childUnknownResource = new HashMap<>(); + protected Map<Policy.ResourceType, String> unknownResource = new HashMap<>(); + protected String[] privileges = {}; + + @Before + public void beforeSimple() throws IOException { + specificResource = new HashMap<>(); + parentUnknownResource = new HashMap<>(); + childUnknownResource = new HashMap<>(); + unknownResource = new HashMap<>(); + privileges = new String[]{}; + } + + @Test + public void testSpecificResourceUserPolicy() throws IOException { + checkResourceUserPolicy(getResourceUserPolicy()); + } + + @Test + public void testStarResourceGpadminPolicy() throws IOException { + checkUserHasResourceAccess(GPADMIN_USER, specificResource, privileges); + // user NOT in the policy --> has NO access to the specific resource + assertFalse(hasAccess(UNKNOWN, specificResource, privileges)); + // test that other existing user can't rely on gpadmin policy + assertFalse(hasAccess(TEST_USER, specificResource, privileges)); + // user IN the policy --> has access to the unknown resource + assertTrue(hasAccess(GPADMIN_USER, unknownResource, privileges)); + } + + @Test + public void testSpecificResourcePublicGroupPolicy() throws IOException { + Policy policy = getResourceGroupPolicy(); + createPolicy(policy); + checkUserHasResourceAccess(TEST_USER, specificResource, privileges); + // user NOT in the policy --> has access to the specific resource + assertTrue(hasAccess(UNKNOWN, specificResource, privileges)); + // user IN the policy --> has NO access to the unknown resource + assertFalse(hasAccess(TEST_USER, unknownResource, privileges)); + // test that user doesn't have access if policy is deleted + deletePolicy(policy); + assertFalse(hasAccess(TEST_USER, specificResource, privileges)); + } + + protected void checkResourceUserPolicy(Policy policy) throws IOException { + createPolicy(policy); + boolean policyDeleted = false; + try { + checkUserHasResourceAccess(TEST_USER, specificResource, privileges); + // user NOT in the policy --> has NO access to the specific resource + LOG.debug(String.format("Asserting user %s NO access %s privileges %s", UNKNOWN, specificResource, Arrays.toString(privileges))); + assertFalse(hasAccess(UNKNOWN, specificResource, privileges)); + + // if resource has parents, assert edge cases + if (!parentUnknownResource.isEmpty()) { + // user IN the policy --> has access to the resource only for parentStar policies + assertEquals(policy.isParentStar, hasAccess(TEST_USER, parentUnknownResource, privileges)); + } + if (!childUnknownResource.isEmpty()) { + // user IN the policy --> has access to the resource only for childStar policies + assertEquals(policy.isChildStar, hasAccess(TEST_USER, childUnknownResource, privileges)); + } + + // user IN the policy --> has NO access to the unknown resource + assertFalse(hasAccess(TEST_USER, unknownResource, privileges)); + // test that user doesn't have access if policy is deleted + deletePolicy(policy); + policyDeleted = true; + assertFalse(hasAccess(TEST_USER, specificResource, privileges)); + } finally { + // if a given test fails with assertion, still delete the policy not to impact other tests + if (!policyDeleted) { + deletePolicy(policy); + } + } + } + + abstract protected Policy getResourceUserPolicy(); + abstract protected Policy getResourceGroupPolicy(); +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/resources/test-database.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-database.json b/ranger-plugin/integration/service/src/test/resources/test-database.json deleted file mode 100644 index ffa3bfe..0000000 --- a/ranger-plugin/integration/service/src/test/resources/test-database.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "isEnabled": true, - "service": "hawq", - "name": "DatabaseTest", - "policyType": 0, - "description": "Test policy for database resource", - "isAuditEnabled": true, - "resources": { - "schema": { - "values": ["*"], - "isExcludes": false, - "isRecursive": false - }, - "database": { - "values": ["sirotan"], - "isExcludes": false, - "isRecursive": false - }, - "function": { - "values": ["*"], - "isExcludes": false, - "isRecursive": false - } - }, - "policyItems": [{ - "accesses": [{ - "type": "create", - "isAllowed": true - }, { - "type": "connect", - "isAllowed": true - }, { - "type": "temp", - "isAllowed": true - }], - "users": ["maria_dev"], - "groups": [], - "conditions": [], - "delegateAdmin": true - }], - "denyPolicyItems": [], - "allowExceptions": [], - "denyExceptions": [], - "dataMaskPolicyItems": [], - "rowFilterPolicyItems": [] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/resources/test-function-2.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-function-2.json b/ranger-plugin/integration/service/src/test/resources/test-function-2.json deleted file mode 100644 index 5ae7f0b..0000000 --- a/ranger-plugin/integration/service/src/test/resources/test-function-2.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "isEnabled": true, - "service": "hawq", - "name": "FunctionTest", - "policyType": 0, - "description": "Test policy for function resource", - "isAuditEnabled": true, - "resources": { - "schema": { - "values": ["*"], - "isExcludes": false, - "isRecursive": false - }, - "database": { - "values": ["*"], - "isExcludes": false, - "isRecursive": false - }, - "function": { - "values": ["atan"], - "isExcludes": false, - "isRecursive": false - } - }, - "policyItems": [{ - "accesses": [{ - "type": "execute", - "isAllowed": true - }], - "users": ["maria_dev"], - "groups": [], - "conditions": [], - "delegateAdmin": true - }], - "denyPolicyItems": [], - "allowExceptions": [], - "denyExceptions": [], - "dataMaskPolicyItems": [], - "rowFilterPolicyItems": [] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/resources/test-function.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-function.json b/ranger-plugin/integration/service/src/test/resources/test-function.json deleted file mode 100644 index 74d5d83..0000000 --- a/ranger-plugin/integration/service/src/test/resources/test-function.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "isEnabled": true, - "service": "hawq", - "name": "FunctionTest", - "policyType": 0, - "description": "Test policy for function resource", - "isAuditEnabled": true, - "resources": { - "schema": { - "values": ["siroschema"], - "isExcludes": false, - "isRecursive": false - }, - "database": { - "values": ["sirotan"], - "isExcludes": false, - "isRecursive": false - }, - "function": { - "values": ["atan"], - "isExcludes": false, - "isRecursive": false - } - }, - "policyItems": [{ - "accesses": [{ - "type": "execute", - "isAllowed": true - }], - "users": ["maria_dev"], - "groups": [], - "conditions": [], - "delegateAdmin": true - }], - "denyPolicyItems": [], - "allowExceptions": [], - "denyExceptions": [], - "dataMaskPolicyItems": [], - "rowFilterPolicyItems": [] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/resources/test-language-2.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-language-2.json b/ranger-plugin/integration/service/src/test/resources/test-language-2.json deleted file mode 100644 index 93a41fe..0000000 --- a/ranger-plugin/integration/service/src/test/resources/test-language-2.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "isEnabled": true, - "service": "hawq", - "name": "LanguageTest", - "policyType": 0, - "description": "Test policy for language resource", - "isAuditEnabled": true, - "resources": { - "language": { - "values": ["sql"], - "isExcludes": false, - "isRecursive": false - }, - "database": { - "values": ["*"], - "isExcludes": false, - "isRecursive": false - } - }, - "policyItems": [{ - "accesses": [{ - "type": "usage", - "isAllowed": true - }], - "users": ["maria_dev"], - "groups": [], - "conditions": [], - "delegateAdmin": true - }], - "denyPolicyItems": [], - "allowExceptions": [], - "denyExceptions": [], - "dataMaskPolicyItems": [], - "rowFilterPolicyItems": [] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/resources/test-language.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-language.json b/ranger-plugin/integration/service/src/test/resources/test-language.json deleted file mode 100644 index cba2f43..0000000 --- a/ranger-plugin/integration/service/src/test/resources/test-language.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "isEnabled": true, - "service": "hawq", - "name": "LanguageTest", - "policyType": 0, - "description": "Test policy for language resource", - "isAuditEnabled": true, - "resources": { - "language": { - "values": ["sql"], - "isExcludes": false, - "isRecursive": false - }, - "database": { - "values": ["sirotan"], - "isExcludes": false, - "isRecursive": false - } - }, - "policyItems": [{ - "accesses": [{ - "type": "usage", - "isAllowed": true - }], - "users": ["maria_dev"], - "groups": [], - "conditions": [], - "delegateAdmin": true - }], - "denyPolicyItems": [], - "allowExceptions": [], - "denyExceptions": [], - "dataMaskPolicyItems": [], - "rowFilterPolicyItems": [] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/resources/test-protocol.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-protocol.json b/ranger-plugin/integration/service/src/test/resources/test-protocol.json deleted file mode 100644 index d59caed..0000000 --- a/ranger-plugin/integration/service/src/test/resources/test-protocol.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "isEnabled": true, - "service": "hawq", - "name": "ProtocolTest", - "policyType": 0, - "description": "Test policy for protocol resource", - "isAuditEnabled": true, - "resources": { - "protocol": { - "values": ["pxf"], - "isExcludes": false, - "isRecursive": false - } - }, - "policyItems": [{ - "accesses": [{ - "type": "select", - "isAllowed": true - }, { - "type": "insert", - "isAllowed": true - }], - "users": ["maria_dev"], - "groups": [], - "conditions": [], - "delegateAdmin": true - }], - "denyPolicyItems": [], - "allowExceptions": [], - "denyExceptions": [], - "dataMaskPolicyItems": [], - "rowFilterPolicyItems": [] -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8a5e65bf/ranger-plugin/integration/service/src/test/resources/test-tablespace.json ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/resources/test-tablespace.json b/ranger-plugin/integration/service/src/test/resources/test-tablespace.json deleted file mode 100644 index a45ecea..0000000 --- a/ranger-plugin/integration/service/src/test/resources/test-tablespace.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "isEnabled": true, - "service": "hawq", - "name": "TablespaceTest", - "policyType": 0, - "description": "Test policy for tablespace resource", - "isAuditEnabled": true, - "resources": { - "tablespace": { - "values": ["pg_global"], - "isExcludes": false, - "isRecursive": false - } - }, - "policyItems": [{ - "accesses": [{ - "type": "create", - "isAllowed": true - }], - "users": ["maria_dev"], - "groups": [], - "conditions": [], - "delegateAdmin": true - }], - "denyPolicyItems": [], - "allowExceptions": [], - "denyExceptions": [], - "dataMaskPolicyItems": [], - "rowFilterPolicyItems": [] -} \ No newline at end of file