This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 556675a15 RANGER-3883: updated REST APIs to validate id/userId path parameter 556675a15 is described below commit 556675a15a0b99d871d5668e08a109a1b04429b7 Author: Ramachandran Krishnan <ramachandran.k.krish...@oracle.com> AuthorDate: Tue Nov 29 17:23:33 2022 +0530 RANGER-3883: updated REST APIs to validate id/userId path parameter Signed-off-by: Madhan Neethiraj <mad...@apache.org> (cherry picked from commit d1fd921e419c469d3b02e96ae9a5c4d1081cd15a) --- .../java/org/apache/ranger/rest/AssetREST.java | 11 +- .../java/org/apache/ranger/rest/PublicAPIs.java | 2 +- .../java/org/apache/ranger/rest/PublicAPIsv2.java | 8 +- .../java/org/apache/ranger/rest/ServiceREST.java | 29 +++- .../main/java/org/apache/ranger/rest/UserREST.java | 14 +- .../java/org/apache/ranger/rest/XUserREST.java | 12 +- .../java/org/apache/ranger/rest/TestAssetREST.java | 54 ++++++- .../org/apache/ranger/rest/TestPublicAPIs.java | 7 +- .../org/apache/ranger/rest/TestPublicAPIsv2.java | 16 +-- .../org/apache/ranger/rest/TestServiceREST.java | 155 +++++++++++++++++++-- .../java/org/apache/ranger/rest/TestUserREST.java | 33 +++-- .../java/org/apache/ranger/rest/TestXUserREST.java | 41 +++++- 12 files changed, 322 insertions(+), 60 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index a0ba3b750..abc324dd1 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -341,15 +341,22 @@ public class AssetREST { @Path("/resources/{id}") @Consumes({ "application/json" }) @Produces({ "application/json" }) - public VXResource updateXResource(VXResource vXResource) { + public VXResource updateXResource(VXResource vXResource , @PathParam("id") Long id) { if(logger.isDebugEnabled()) { logger.debug("==> AssetREST.updateXResource(" + vXResource + ")"); } + // if vXResource.id is specified, it should be same as the param 'id' + if (vXResource.getId() == null) { + vXResource.setId(id); + } else if(!vXResource.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "resource Id mismatch", true); + } + RangerService service = serviceREST.getService(vXResource.getAssetId()); RangerPolicy policy = serviceUtil.toRangerPolicy(vXResource, service); - RangerPolicy updatedPolicy = serviceREST.updatePolicy(policy); + RangerPolicy updatedPolicy = serviceREST.updatePolicy(policy, policy.getId()); VXResource ret = serviceUtil.toVXResource(updatedPolicy, service); diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java index 2e7e90bb4..a6b86e965 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java @@ -321,7 +321,7 @@ public class PublicAPIs { if(policy != null) { policy.setVersion(existing.getVersion()); - RangerPolicy updatedPolicy = serviceREST.updatePolicy(policy); + RangerPolicy updatedPolicy = serviceREST.updatePolicy(policy, policy.getId()); ret = serviceUtil.toVXPolicy(updatedPolicy, service); } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java index 293107f24..c7a6ea0a6 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java @@ -253,7 +253,7 @@ public class PublicAPIsv2 { throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef id mismatch", true); } - return serviceREST.updateServiceDef(serviceDef); + return serviceREST.updateServiceDef(serviceDef, serviceDef.getId()); } @@ -279,7 +279,7 @@ public class PublicAPIsv2 { serviceDef.setGuid(existingServiceDef.getGuid()); } - return serviceREST.updateServiceDef(serviceDef); + return serviceREST.updateServiceDef(serviceDef, null); } /* @@ -538,7 +538,7 @@ public class PublicAPIsv2 { throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "policyID mismatch", true); } - return serviceREST.updatePolicy(policy); + return serviceREST.updatePolicy(policy, id); } @PUT @@ -563,7 +563,7 @@ public class PublicAPIsv2 { policy.setName(StringUtils.trim(oldPolicy.getName())); } - return serviceREST.updatePolicy(policy); + return serviceREST.updatePolicy(policy, policy.getId()); } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index c556f1e90..0538a7820 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -323,11 +323,19 @@ public class ServiceREST { @Consumes({ "application/json" }) @Produces({ "application/json" }) @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.UPDATE_SERVICE_DEF + "\")") - public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) { + public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef, @PathParam("id") Long id) { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceREST.updateServiceDef(serviceDefName=" + serviceDef.getName() + ")"); } + // if serviceDef.id and param 'id' are specified, serviceDef.id should be same as the param 'id' + // if serviceDef.id is null, then set param 'id' into serviceDef Object + if (serviceDef.getId() == null) { + serviceDef.setId(id); + } else if(!serviceDef.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef Id mismatch", true); + } + RangerServiceDef ret = null; RangerPerfTracer perf = null; @@ -1650,7 +1658,7 @@ public class ServiceREST { RangerPolicy existingPolicy = getPolicyMatchByName(policy, request); if (existingPolicy != null) { policy.setId(existingPolicy.getId()); - ret = updatePolicy(policy); + ret = updatePolicy(policy, null); } else { ret = createPolicyUnconditionally(policy); } @@ -1749,7 +1757,7 @@ public class ServiceREST { } else { policy.setId(existingPolicy.getId()); } - ret = updatePolicy(policy); + ret = updatePolicy(policy, null); } } catch(WebApplicationException excp) { throw excp; @@ -1772,10 +1780,19 @@ public class ServiceREST { @Path("/policies/{id}") @Consumes({ "application/json" }) @Produces({ "application/json" }) - public RangerPolicy updatePolicy(RangerPolicy policy) { + public RangerPolicy updatePolicy(RangerPolicy policy, @PathParam("id") Long id) { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceREST.updatePolicy(" + policy + ")"); } + + // if policy.id and param 'id' are specified, policy.id should be same as the param 'id' + // if policy.id is null, then set param 'id' into policy Object + if (policy.getId() == null) { + policy.setId(id); + } else if(!policy.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "policyID mismatch", true); + } + RangerPolicy ret = null; RangerPerfTracer perf = null; @@ -2471,7 +2488,7 @@ public class ServiceREST { createPolicy(policy, request); } else { ServiceRESTUtil.mergeExactMatchPolicyForResource(existingPolicy, policy); - updatePolicy(existingPolicy); + updatePolicy(existingPolicy, null); } } else { createPolicy(policy, request); @@ -2507,7 +2524,7 @@ public class ServiceREST { createPolicy(policy, request); } else { ServiceRESTUtil.mergeExactMatchPolicyForResource(existingPolicy, policy); - updatePolicy(existingPolicy); + updatePolicy(existingPolicy, null); } } else { createPolicy(policy, request); diff --git a/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java index 5fc18034b..c6557b11c 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java @@ -307,8 +307,13 @@ public class UserREST { @Produces({ "application/json" }) public VXResponse changePassword(@PathParam("userId") Long userId, VXPasswordChange changePassword) { - if(changePassword==null || stringUtil.isEmpty(changePassword.getLoginId())){ + if(changePassword==null || stringUtil.isEmpty(changePassword.getLoginId())) { logger.warn("SECURITY:changePassword(): Invalid loginId provided. loginId was empty or null"); + throw restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, ""); + } else if (changePassword.getId() == null) { + changePassword.setId(userId); + } else if (!changePassword.getId().equals(userId) ) { + logger.warn("SECURITY:changePassword(): userId mismatch"); throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null,""); } @@ -336,8 +341,13 @@ public class UserREST { @Produces({ "application/json" }) public VXPortalUser changeEmailAddress(@PathParam("userId") Long userId, VXPasswordChange changeEmail) { - if(changeEmail==null || stringUtil.isEmpty(changeEmail.getLoginId())){ + if(changeEmail==null || stringUtil.isEmpty(changeEmail.getLoginId())) { logger.warn("SECURITY:changeEmail(): Invalid loginId provided. loginId was empty or null"); + throw restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, ""); + } else if (changeEmail.getId() == null) { + changeEmail.setId(userId); + } else if (!changeEmail.getId().equals(userId) ) { + logger.warn("SECURITY:changeEmail(): userId mismatch"); throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null,""); } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java index dd12048ac..faad41c6c 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java @@ -1111,7 +1111,7 @@ public class XUserREST { public VXGroupPermission createXGroupPermission( VXGroupPermission vXGroupPermission) { xUserMgr.checkAdminAccess(); - bizUtil.blockAuditorRoleUser(); + bizUtil.blockAuditorRoleUser(); return xUserMgr.createXGroupPermission(vXGroupPermission); } @@ -1128,10 +1128,16 @@ public class XUserREST { @Consumes({ "application/json" }) @Produces({ "application/json" }) @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.UPDATE_X_GROUP_PERMISSION + "\")") - public VXGroupPermission updateXGroupPermission( + public VXGroupPermission updateXGroupPermission(@PathParam("id") Long id, VXGroupPermission vXGroupPermission) { + // if VXGroupPermission.id is specified, it should be same as the param 'id' + if(vXGroupPermission.getId() == null) { + vXGroupPermission.setId(id); + } else if(!vXGroupPermission.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "vXGroupPermission Id mismatch", true); + } xUserMgr.checkAdminAccess(); - bizUtil.blockAuditorRoleUser(); + bizUtil.blockAuditorRoleUser(); return xUserMgr.updateXGroupPermission(vXGroupPermission); } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java index abd4b1c1c..cc0d75872 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java @@ -36,6 +36,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.ranger.admin.client.datatype.RESTResponse; import org.apache.ranger.biz.AssetMgr; import org.apache.ranger.biz.RangerBizUtil; +import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerSearchUtil; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.ServiceUtil; @@ -84,7 +85,9 @@ import org.apache.ranger.view.VXTrxLog; import org.apache.ranger.view.VXTrxLogList; import org.junit.Assert; import org.junit.FixMethodOrder; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.junit.runners.MethodSorters; import org.mockito.InjectMocks; @@ -105,8 +108,8 @@ public class TestAssetREST { @Mock RangerSearchUtil searchUtil; - @Mock - RangerBizUtil xaBizUtil; + @Mock + RangerBizUtil xaBizUtil; @Mock XAssetService xAssetService; @@ -143,6 +146,11 @@ public class TestAssetREST { @InjectMocks AssetREST assetREST = new AssetREST(); + @Rule public ExpectedException thrown = ExpectedException.none(); + @Mock RESTErrorUtil restErrorUtil; + @Mock WebApplicationException webApplicationException; + + public void TestAssetRest() { } @@ -202,6 +210,7 @@ public class TestAssetREST { private VXResource vxResource(Long id) { VXResource vXResource = new VXResource(); vXResource.setName("HDFS_1-1-20150316062453"); + vXResource.setId(id); vXResource.setAssetId(id); return vXResource; } @@ -453,14 +462,49 @@ public class TestAssetREST { RangerPolicy rangerPolicy = rangerPolicy(Id); RangerService rangerService = rangerService(Id); Mockito.when(serviceREST.getService(vxResource.getAssetId())).thenReturn(rangerService); - Mockito.when(serviceREST.updatePolicy(rangerPolicy)).thenReturn(rangerPolicy); + Mockito.when(serviceREST.updatePolicy(rangerPolicy, Id)).thenReturn(rangerPolicy); + Mockito.when(serviceUtil.toRangerPolicy(vxResource, rangerService)).thenReturn(rangerPolicy); + Mockito.when(serviceUtil.toVXResource(rangerPolicy, rangerService)).thenReturn(vxResource); + VXResource actualvxResource = assetREST.updateXResource(vxResource, Id); + Assert.assertNotNull(actualvxResource); + Assert.assertEquals(vxResource, actualvxResource); + Mockito.verify(serviceREST).getService(vxResource.getAssetId()); + Mockito.verify(serviceREST).updatePolicy(rangerPolicy, Id); + Mockito.verify(serviceUtil).toRangerPolicy(vxResource, rangerService); + Mockito.verify(serviceUtil).toVXResource(rangerPolicy, rangerService); + } + + @Test + public void testUpdateXResourceForInvalidResourceId() { + VXResource vxResource = vxResource(Id); + RangerPolicy rangerPolicy = rangerPolicy(Id); + RangerService rangerService = rangerService(Id); + Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + VXResource actualvxResource = assetREST.updateXResource(vxResource, -11L); + Assert.assertNotNull(actualvxResource); + Assert.assertEquals(vxResource, actualvxResource); + Mockito.verify(serviceREST).getService(vxResource.getAssetId()); + Mockito.verify(serviceREST).updatePolicy(rangerPolicy, Id); + Mockito.verify(serviceUtil).toRangerPolicy(vxResource, rangerService); + Mockito.verify(serviceUtil).toVXResource(rangerPolicy, rangerService); + } + + @Test + public void testUpdateXResourceWhenResourceIdIsNull() { + VXResource vxResource = vxResource(Id); + vxResource.setId(null); + RangerPolicy rangerPolicy = rangerPolicy(Id); + RangerService rangerService = rangerService(Id); + Mockito.when(serviceREST.getService(vxResource.getAssetId())).thenReturn(rangerService); + Mockito.when(serviceREST.updatePolicy(rangerPolicy, Id)).thenReturn(rangerPolicy); Mockito.when(serviceUtil.toRangerPolicy(vxResource, rangerService)).thenReturn(rangerPolicy); Mockito.when(serviceUtil.toVXResource(rangerPolicy, rangerService)).thenReturn(vxResource); - VXResource actualvxResource = assetREST.updateXResource(vxResource); + VXResource actualvxResource = assetREST.updateXResource(vxResource, Id); Assert.assertNotNull(actualvxResource); Assert.assertEquals(vxResource, actualvxResource); Mockito.verify(serviceREST).getService(vxResource.getAssetId()); - Mockito.verify(serviceREST).updatePolicy(rangerPolicy); + Mockito.verify(serviceREST).updatePolicy(rangerPolicy, Id); Mockito.verify(serviceUtil).toRangerPolicy(vxResource, rangerService); Mockito.verify(serviceUtil).toVXResource(rangerPolicy, rangerService); } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java index 2bf5ee6c9..eb0cb6452 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java @@ -425,7 +425,7 @@ public class TestPublicAPIs { Mockito.when(xXPolicyDao.getById(Id)).thenReturn(xXPolicy); Mockito.when(serviceREST.getServiceByName(vXPolicy.getRepositoryName())).thenReturn(service); Mockito.when(serviceUtil.toRangerPolicy(vXPolicy,service)).thenReturn(policy); - Mockito.when(serviceREST.updatePolicy(policy)).thenReturn(policy); + Mockito.when(serviceREST.updatePolicy(policy, Id)).thenReturn(policy); Mockito.when(serviceUtil.toVXPolicy(policy, service)).thenReturn(vXPolicy); VXPolicy dbVXPolicy = publicAPIs.updatePolicy(vXPolicy, Id); @@ -435,7 +435,7 @@ public class TestPublicAPIs { vXPolicy.getId()); Assert.assertEquals(dbVXPolicy.getRepositoryName(), vXPolicy.getRepositoryName()); - Mockito.verify(serviceREST).updatePolicy(policy); + Mockito.verify(serviceREST).updatePolicy(policy, Id); Mockito.verify(serviceREST).getServiceByName(vXPolicy.getRepositoryName()); Mockito.verify(serviceUtil).toVXPolicy(policy, service); Mockito.verify(serviceUtil).toRangerPolicy(vXPolicy,service); @@ -508,6 +508,5 @@ public class TestPublicAPIs { Mockito.verify(serviceUtil).rangerPolicyListToPublic(policyList,filter); } - - + } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java index 1069f013d..2a123de93 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java @@ -302,7 +302,7 @@ public class TestPublicAPIsv2 { @Test public void test5updateServiceDef() throws Exception { RangerServiceDef rangerServiceDef = rangerServiceDef(); - Mockito.when(serviceREST.updateServiceDef(rangerServiceDef)).thenReturn(rangerServiceDef); + Mockito.when(serviceREST.updateServiceDef(rangerServiceDef, rangerServiceDef.getId())).thenReturn(rangerServiceDef); RangerServiceDef dbRangerServiceDef = publicAPIsv2.updateServiceDef(rangerServiceDef, Id); Assert.assertNotNull(dbRangerServiceDef); Assert.assertEquals(dbRangerServiceDef, rangerServiceDef); @@ -310,7 +310,7 @@ public class TestPublicAPIsv2 { rangerServiceDef.getId()); Assert.assertEquals(dbRangerServiceDef.getName(), rangerServiceDef.getName()); - Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef); + Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef, rangerServiceDef.getId()); } @Test @@ -318,7 +318,7 @@ public class TestPublicAPIsv2 { RangerServiceDef rangerServiceDef = rangerServiceDef(); String name = rangerServiceDef.getName(); Mockito.when(serviceREST.getServiceDefByName(name)).thenReturn(rangerServiceDef); - Mockito.when(serviceREST.updateServiceDef(rangerServiceDef)).thenReturn(rangerServiceDef); + Mockito.when(serviceREST.updateServiceDef(rangerServiceDef, null)).thenReturn(rangerServiceDef); RangerServiceDef dbRangerServiceDef = publicAPIsv2.updateServiceDefByName(rangerServiceDef, name); Assert.assertNotNull(dbRangerServiceDef); Assert.assertEquals(dbRangerServiceDef, rangerServiceDef); @@ -326,7 +326,7 @@ public class TestPublicAPIsv2 { rangerServiceDef.getId()); Assert.assertEquals(dbRangerServiceDef.getName(), rangerServiceDef.getName()); - Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef); + Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef, null); Mockito.verify(serviceREST).getServiceDefByName(name); } @@ -541,7 +541,7 @@ public class TestPublicAPIsv2 { @Test public void test22updatePolicy() throws Exception { RangerPolicy rangerPolicy = rangerPolicy(); - Mockito.when(serviceREST.updatePolicy(rangerPolicy)).thenReturn(rangerPolicy); + Mockito.when(serviceREST.updatePolicy(rangerPolicy, Id)).thenReturn(rangerPolicy); RangerPolicy dbRangerPolicy = publicAPIsv2.updatePolicy(rangerPolicy, Id); Assert.assertNotNull(dbRangerPolicy); Assert.assertEquals(dbRangerPolicy, rangerPolicy); @@ -549,7 +549,7 @@ public class TestPublicAPIsv2 { rangerPolicy.getId()); Assert.assertEquals(dbRangerPolicy.getName(), rangerPolicy.getName()); - Mockito.verify(serviceREST).updatePolicy(rangerPolicy); + Mockito.verify(serviceREST).updatePolicy(rangerPolicy, Id); } @Test @@ -562,7 +562,7 @@ public class TestPublicAPIsv2 { List<RangerPolicy> policies = new ArrayList<RangerPolicy>(); policies.add(rangerPolicy); Mockito.when(serviceREST.getPolicies((SearchFilter) Mockito.any())).thenReturn(policies); - Mockito.when(serviceREST.updatePolicy(rangerPolicy)).thenReturn(rangerPolicy); + Mockito.when(serviceREST.updatePolicy(rangerPolicy, rangerPolicy.getId())).thenReturn(rangerPolicy); RangerPolicy dbRangerPolicy = publicAPIsv2.updatePolicyByName(rangerPolicy, serviceName, policyName, request); Assert.assertNotNull(dbRangerPolicy); Assert.assertEquals(dbRangerPolicy, rangerPolicy); @@ -570,7 +570,7 @@ public class TestPublicAPIsv2 { rangerPolicy.getId()); Assert.assertEquals(dbRangerPolicy.getName(), rangerPolicy.getName()); - Mockito.verify(serviceREST).updatePolicy(rangerPolicy); + Mockito.verify(serviceREST).updatePolicy(rangerPolicy, rangerPolicy.getId()); Mockito.verify(serviceREST).getPolicies((SearchFilter) Mockito.any()); } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index 375135a5a..7b15810e0 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -499,7 +499,7 @@ public class TestServiceREST { .any())).thenReturn(rangerServiceDef); RangerServiceDef dbRangerServiceDef = serviceREST - .updateServiceDef(rangerServiceDef); + .updateServiceDef(rangerServiceDef, rangerServiceDef.getId()); Assert.assertNotNull(dbRangerServiceDef); Assert.assertEquals(dbRangerServiceDef, rangerServiceDef); Assert.assertEquals(dbRangerServiceDef.getId(), @@ -851,7 +851,7 @@ public class TestServiceREST { servicePolicies.setServiceDef(rangerServiceDef); servicePolicies.setPolicies(policies); - List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerAccessTypeDef>(); RangerAccessTypeDef rangerAccessTypeDefObj = new RangerAccessTypeDef(); rangerAccessTypeDefObj.setLabel("Read"); rangerAccessTypeDefObj.setName("read"); @@ -893,7 +893,7 @@ public class TestServiceREST { userGroupsList.add("group1"); userGroupsList.add("group2"); - List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerAccessTypeDef>(); RangerAccessTypeDef rangerAccessTypeDefObj = new RangerAccessTypeDef(); rangerAccessTypeDefObj.setLabel("Read"); rangerAccessTypeDefObj.setName("read"); @@ -912,7 +912,7 @@ public class TestServiceREST { Mockito.when(xServiceDao.findByName(Mockito.anyString())).thenReturn(xService); Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao); Mockito.when(xServiceDefDao.getById(xService.getType())).thenReturn(xServiceDef); - RangerPolicy dbRangerPolicy = serviceREST.updatePolicy(rangerPolicy); + RangerPolicy dbRangerPolicy = serviceREST.updatePolicy(rangerPolicy, Id); Assert.assertNull(dbRangerPolicy); Mockito.verify(validatorFactory).getPolicyValidator(svcStore); } @@ -929,7 +929,7 @@ public class TestServiceREST { userGroupsList.add("group1"); userGroupsList.add("group2"); - List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerAccessTypeDef>(); RangerAccessTypeDef rangerAccessTypeDefObj = new RangerAccessTypeDef(); rangerAccessTypeDefObj.setLabel("Read"); rangerAccessTypeDefObj.setName("read"); @@ -963,7 +963,7 @@ public class TestServiceREST { userGroupsList.add("group1"); userGroupsList.add("group2"); - List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerAccessTypeDef>(); RangerAccessTypeDef rangerAccessTypeDefObj = new RangerAccessTypeDef(); rangerAccessTypeDefObj.setLabel("Read"); rangerAccessTypeDefObj.setName("read"); @@ -1162,7 +1162,7 @@ public class TestServiceREST { Mockito.when(request.getParameter("policyId")).thenReturn("1"); Mockito.when(request.getParameter("versionNo")).thenReturn("1"); RangerPolicy policy=new RangerPolicy(); - Map<String, RangerPolicyResource> resources=new HashMap<String, RangerPolicy.RangerPolicyResource>(); + Map<String, RangerPolicyResource> resources=new HashMap<String, RangerPolicyResource>(); policy.setService("services"); policy.setResources(resources); Mockito.when(svcStore.getPolicyFromEventTime(strdt, 1l)).thenReturn(policy); @@ -2039,7 +2039,7 @@ public class TestServiceREST { Mockito.when(request.getParameter("policyId")).thenReturn("1"); Mockito.when(request.getParameter("versionNo")).thenReturn("1"); RangerPolicy policy = new RangerPolicy(); - Map<String, RangerPolicyResource> resources = new HashMap<String, RangerPolicy.RangerPolicyResource>(); + Map<String, RangerPolicyResource> resources = new HashMap<String, RangerPolicyResource>(); policy.setService("services"); policy.setResources(resources); Mockito.when(svcStore.getPolicyFromEventTime(strdt, 1l)).thenReturn(null); @@ -2378,4 +2378,143 @@ public class TestServiceREST { assert response.getIsDeleted(); } } + + @Test + public void test72updatePolicyWithPolicyIdIsNull() throws Exception { + RangerPolicy rangerPolicy = rangerPolicy(); + Long policyId = rangerPolicy.getId(); + rangerPolicy.setId(null); + String userName = "admin"; + + Set<String> userGroupsList = new HashSet<String>(); + userGroupsList.add("group1"); + userGroupsList.add("group2"); + + List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerAccessTypeDef>(); + RangerAccessTypeDef rangerAccessTypeDefObj = new RangerAccessTypeDef(); + rangerAccessTypeDefObj.setLabel("Read"); + rangerAccessTypeDefObj.setName("read"); + rangerAccessTypeDefObj.setRbKeyLabel(null); + rangerAccessTypeDefList.add(rangerAccessTypeDefObj); + XXServiceDef xServiceDef = serviceDef(); + XXService xService = xService(); + XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class); + XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class); + + Mockito.when(validatorFactory.getPolicyValidator(svcStore)).thenReturn( + policyValidator); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); + Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName); + Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao); + Mockito.when(xServiceDao.findByName(Mockito.anyString())).thenReturn(xService); + Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao); + Mockito.when(xServiceDefDao.getById(xService.getType())).thenReturn(xServiceDef); + RangerPolicy dbRangerPolicy = serviceREST.updatePolicy(rangerPolicy, policyId); + Assert.assertNull(dbRangerPolicy); + Mockito.verify(validatorFactory).getPolicyValidator(svcStore); + } + + @Test + public void test72updatePolicyWithInvalidPolicyId() throws Exception { + RangerPolicy rangerPolicy = rangerPolicy(); + String userName = "admin"; + + Set<String> userGroupsList = new HashSet<String>(); + userGroupsList.add("group1"); + userGroupsList.add("group2"); + + List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerAccessTypeDef>(); + RangerAccessTypeDef rangerAccessTypeDefObj = new RangerAccessTypeDef(); + rangerAccessTypeDefObj.setLabel("Read"); + rangerAccessTypeDefObj.setName("read"); + rangerAccessTypeDefObj.setRbKeyLabel(null); + rangerAccessTypeDefList.add(rangerAccessTypeDefObj); + XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class); + XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class); + + Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao); + Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao); + Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + RangerPolicy dbRangerPolicy = serviceREST.updatePolicy(rangerPolicy, -11L); + Assert.assertNull(dbRangerPolicy); + Mockito.verify(validatorFactory).getPolicyValidator(svcStore); + } + + @Test + public void test73updateServiceDefWhenIdIsNull() throws Exception { + RangerServiceDef rangerServiceDef = rangerServiceDef(); + Long id = rangerServiceDef.getId(); + rangerServiceDef.setId(null); + + Mockito.when(validatorFactory.getServiceDefValidator(svcStore)) + .thenReturn(serviceDefValidator); + + Mockito.when( + svcStore.updateServiceDef((RangerServiceDef) Mockito + .any())).thenReturn(rangerServiceDef); + + RangerServiceDef dbRangerServiceDef = serviceREST + .updateServiceDef(rangerServiceDef, rangerServiceDef.getId()); + Assert.assertNotNull(dbRangerServiceDef); + Assert.assertEquals(dbRangerServiceDef, rangerServiceDef); + Assert.assertEquals(dbRangerServiceDef.getId(), + rangerServiceDef.getId()); + Assert.assertEquals(dbRangerServiceDef.getName(), + rangerServiceDef.getName()); + Assert.assertEquals(dbRangerServiceDef.getImplClass(), + rangerServiceDef.getImplClass()); + Assert.assertEquals(dbRangerServiceDef.getLabel(), + rangerServiceDef.getLabel()); + Assert.assertEquals(dbRangerServiceDef.getDescription(), + rangerServiceDef.getDescription()); + Assert.assertEquals(dbRangerServiceDef.getRbKeyDescription(), + rangerServiceDef.getRbKeyDescription()); + Assert.assertEquals(dbRangerServiceDef.getUpdatedBy(), + rangerServiceDef.getUpdatedBy()); + Assert.assertEquals(dbRangerServiceDef.getUpdateTime(), + rangerServiceDef.getUpdateTime()); + Assert.assertEquals(dbRangerServiceDef.getVersion(), + rangerServiceDef.getVersion()); + Assert.assertEquals(dbRangerServiceDef.getConfigs(), + rangerServiceDef.getConfigs()); + + Mockito.verify(validatorFactory).getServiceDefValidator(svcStore); + Mockito.verify(svcStore).updateServiceDef(rangerServiceDef); + } + @Test + public void test74updateServiceDefWithInvalidDefId() throws Exception { + RangerServiceDef rangerServiceDef = rangerServiceDef(); + + Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + + RangerServiceDef dbRangerServiceDef = serviceREST + .updateServiceDef(rangerServiceDef, -1L); + Assert.assertNotNull(dbRangerServiceDef); + Assert.assertEquals(dbRangerServiceDef, rangerServiceDef); + Assert.assertEquals(dbRangerServiceDef.getId(), + rangerServiceDef.getId()); + Assert.assertEquals(dbRangerServiceDef.getName(), + rangerServiceDef.getName()); + Assert.assertEquals(dbRangerServiceDef.getImplClass(), + rangerServiceDef.getImplClass()); + Assert.assertEquals(dbRangerServiceDef.getLabel(), + rangerServiceDef.getLabel()); + Assert.assertEquals(dbRangerServiceDef.getDescription(), + rangerServiceDef.getDescription()); + Assert.assertEquals(dbRangerServiceDef.getRbKeyDescription(), + rangerServiceDef.getRbKeyDescription()); + Assert.assertEquals(dbRangerServiceDef.getUpdatedBy(), + rangerServiceDef.getUpdatedBy()); + Assert.assertEquals(dbRangerServiceDef.getUpdateTime(), + rangerServiceDef.getUpdateTime()); + Assert.assertEquals(dbRangerServiceDef.getVersion(), + rangerServiceDef.getVersion()); + Assert.assertEquals(dbRangerServiceDef.getConfigs(), + rangerServiceDef.getConfigs()); + + Mockito.verify(validatorFactory).getServiceDefValidator(svcStore); + Mockito.verify(svcStore).updateServiceDef(rangerServiceDef); + } } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java index 48cd7face..cb2ccc47c 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java @@ -112,6 +112,9 @@ public class TestUserREST { String loginId = "xyzId"; String emailId = "a...@example.com"; + String oldPassword = "ranger123$"; + String newPassword = "rangerAdmin1234$"; + @Test public void test1SearchUsers() { SearchCriteria searchCriteria = new SearchCriteria(); @@ -383,13 +386,14 @@ public class TestUserREST { public void test16ChangePassword() { XXPortalUser xxPUser = new XXPortalUser(); VXResponse vxResponseExp = new VXResponse(); + VXPasswordChange vxPasswordChange = createPasswordChange(); vxResponseExp.setStatusCode(10); XXPortalUserDao xxPortalUserDao = Mockito.mock(XXPortalUserDao.class); Mockito.when(daoManager.getXXPortalUser()).thenReturn(xxPortalUserDao); - Mockito.when(restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, changePassword.getLoginId())).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, vxPasswordChange.getLoginId())).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); - VXResponse vxResponseAct = userREST.changePassword(userId, changePassword); + VXResponse vxResponseAct = userREST.changePassword(userId, vxPasswordChange); Assert.assertNotNull(vxResponseAct); Assert.assertEquals(vxResponseExp, vxResponseAct); @@ -398,15 +402,12 @@ public class TestUserREST { Mockito.verify(daoManager).getXXPortalUser(); Mockito.verify(xxPortalUserDao).getById(userId); Mockito.verify(userManager).checkAccessForUpdate(xxPUser); - Mockito.verify(changePassword).setId(userId); - Mockito.verify(userManager).changePassword(changePassword); + Mockito.verify(userManager).changePassword(vxPasswordChange); } @Test public void test17ChangePassword() { XXPortalUserDao xxPortalUserDao = Mockito.mock(XXPortalUserDao.class); - - Mockito.when(daoManager.getXXPortalUser()).thenReturn(xxPortalUserDao); Mockito.when(restErrorUtil.createRESTException(Mockito.anyString(), (MessageEnums) Mockito.any(), Mockito.nullable(Long.class), Mockito.nullable(String.class), Mockito.nullable(String.class))).thenReturn(new WebApplicationException()); thrown.expect(WebApplicationException.class); @@ -423,13 +424,14 @@ public class TestUserREST { public void test18ChangeEmailAddress() { XXPortalUser xxPUser = new XXPortalUser(); VXPortalUser vxPUserExp = CreateVXPortalUser(); + VXPasswordChange changeEmail = createPasswordChange(); XXPortalUserDao xxPortalUserDao = Mockito.mock(XXPortalUserDao.class); Mockito.when(daoManager.getXXPortalUser()).thenReturn(xxPortalUserDao); - Mockito.when(restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, changePassword.getLoginId())).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, changeEmail.getLoginId())).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); - VXPortalUser vxPortalUserAct = userREST.changeEmailAddress(userId, changePassword); + VXPortalUser vxPortalUserAct = userREST.changeEmailAddress(userId, changeEmail); Assert.assertNotNull(vxPortalUserAct); Assert.assertEquals(vxPUserExp, vxPortalUserAct); @@ -439,15 +441,12 @@ public class TestUserREST { Mockito.verify(daoManager).getXXPortalUser(); Mockito.verify(xxPortalUserDao).getById(userId); Mockito.verify(userManager).checkAccessForUpdate(xxPUser); - Mockito.verify(changePassword).setId(userId); - Mockito.verify(userManager).changeEmailAddress(xxPUser, changePassword); + Mockito.verify(userManager).changeEmailAddress(xxPUser, changeEmail); } @Test public void test19ChangeEmailAddress() { XXPortalUserDao xxPortalUserDao = Mockito.mock(XXPortalUserDao.class); - - Mockito.when(daoManager.getXXPortalUser()).thenReturn(xxPortalUserDao); Mockito.when(restErrorUtil.createRESTException(Mockito.anyString(), (MessageEnums) Mockito.any(), Mockito.nullable(Long.class), Mockito.nullable(String.class), Mockito.nullable(String.class))).thenReturn(new WebApplicationException()); thrown.expect(WebApplicationException.class); @@ -470,4 +469,14 @@ public class TestUserREST { vxPUserExp.setLoginId(loginId); return vxPUserExp; } + + private VXPasswordChange createPasswordChange() { + VXPasswordChange vxPasswordChange = new VXPasswordChange(); + vxPasswordChange.setId(userId); + vxPasswordChange.setOldPassword(oldPassword); + vxPasswordChange.setUpdPassword(newPassword); + vxPasswordChange.setEmailAddress(emailId); + vxPasswordChange.setLoginId(loginId); + return vxPasswordChange; + } } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java index 2b25ba813..74744e6cf 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java @@ -1596,18 +1596,17 @@ public class TestXUserREST { } @Test public void test90updateXGroupPermission() { - + VXGroupPermission testVXGroupPermission = createVXGroupPermission(); Mockito.doNothing().when(xUserMgr).checkAdminAccess(); Mockito.when(xUserMgr.updateXGroupPermission(testVXGroupPermission)).thenReturn(testVXGroupPermission); - VXGroupPermission retVXGroupPermission=xUserRest.updateXGroupPermission(testVXGroupPermission); + VXGroupPermission retVXGroupPermission=xUserRest.updateXGroupPermission(testVXGroupPermission.getId(), testVXGroupPermission); Mockito.verify(xUserMgr).updateXGroupPermission(testVXGroupPermission); Mockito.verify(xUserMgr).checkAdminAccess(); assertNotNull(retVXGroupPermission); assertEquals(retVXGroupPermission.getId(), testVXGroupPermission.getId()); assertEquals(retVXGroupPermission.getClass(), testVXGroupPermission.getClass()); - - + } @Test public void test91deleteXGroupPermission() { @@ -2022,7 +2021,7 @@ public class TestXUserREST { xUserRest.searchXUsers(request); } - + @SuppressWarnings({ "unchecked", "static-access" }) @Test public void test114RoleUserWillGetOnlyHisOwnUserDetails() { @@ -2076,6 +2075,38 @@ public class TestXUserREST { assertEquals(gotVXUserList.getList().get(0).getId(), expectedUser.getId()); assertEquals(gotVXUserList.getList().get(0).getName(), expectedUser.getName()); } + + @Test + public void test115updateXGroupPermissionWithInvalidPermissionId() { + + VXGroupPermission testVXGroupPermission = createVXGroupPermission(); + Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + VXGroupPermission retVXGroupPermission=xUserRest.updateXGroupPermission(-1L, testVXGroupPermission); + Mockito.verify(xUserMgr).updateXGroupPermission(testVXGroupPermission); + Mockito.verify(xUserMgr).checkAdminAccess(); + assertNotNull(retVXGroupPermission); + assertEquals(retVXGroupPermission.getId(), testVXGroupPermission.getId()); + assertEquals(retVXGroupPermission.getClass(), testVXGroupPermission.getClass()); + + } + + @Test + public void test116updateXGroupPermissionWithPermissionIdIsNull() { + + VXGroupPermission testVXGroupPermission = createVXGroupPermission(); + Long testVXGroupPermissionId = testVXGroupPermission.getId(); + testVXGroupPermission.setId(null); + Mockito.doNothing().when(xUserMgr).checkAdminAccess(); + Mockito.when(xUserMgr.updateXGroupPermission(testVXGroupPermission)).thenReturn(testVXGroupPermission); + VXGroupPermission retVXGroupPermission=xUserRest.updateXGroupPermission(testVXGroupPermissionId, testVXGroupPermission); + Mockito.verify(xUserMgr).updateXGroupPermission(testVXGroupPermission); + Mockito.verify(xUserMgr).checkAdminAccess(); + assertNotNull(retVXGroupPermission); + assertEquals(retVXGroupPermission.getId(), testVXGroupPermission.getId()); + assertEquals(retVXGroupPermission.getClass(), testVXGroupPermission.getClass()); + + } @After public void destroySession() {