This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new cb65abc86 RANGER-4274: updated security-zones to support admin-roles
and audit-roles: fix unit test failures - #2
cb65abc86 is described below
commit cb65abc86802cdae0fa34d41f1479d23a961fd27
Author: Madhan Neethiraj <mad...@apache.org>
AuthorDate: Fri Jun 9 06:33:50 2023 -0700
RANGER-4274: updated security-zones to support admin-roles and audit-roles:
fix unit test failures - #2
---
.../ranger/plugin/model/RangerSecurityZone.java | 2 +-
.../RangerSecurityZoneValidatorTest.java | 2 +-
.../org/apache/ranger/biz/TestRoleDBStore.java | 54 ++++++++++++++++------
3 files changed, 43 insertions(+), 15 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
index ea79b69e8..bd10ff1df 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
@@ -55,7 +55,7 @@ public class RangerSecurityZone extends RangerBaseModelObject
implements java.io
}
public RangerSecurityZone(String name, Map<String,
RangerSecurityZoneService> services,List<String> tagServices, List<String>
adminUsers, List<String> adminUserGroups, List<String> auditUsers, List<String>
auditUserGroups, String description) {
- this(name, services, tagServices, adminUsers, adminUserGroups, null,
adminUsers, adminUserGroups, null, description);
+ this(name, services, tagServices, adminUsers, adminUserGroups, null,
auditUsers, auditUserGroups, null, description);
}
public RangerSecurityZone(String name, Map<String,
RangerSecurityZoneService> services,List<String> tagServices, List<String>
adminUsers, List<String> adminUserGroups, List<String> adminRoles, List<String>
auditUsers, List<String> auditUserGroups, List<String> auditRoles, String
description) {
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
index 8bc77672c..dcc970c47 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
@@ -163,7 +163,7 @@ public class RangerSecurityZoneValidatorTest {
} catch (Exception ex) {
Assert.assertEquals(
ex.getMessage(),
- "(0) Validation failure: error
code[3044], reason[No services specified for security-zone:[MyZone]],
field[services], subfield[null], type[missing] (1) Validation failure: error
code[3038], reason[both users and user-groups collections for the security zone
were null/empty], field[security zone admin users/user-groups], subfield[null],
type[missing] (2) Validation failure: error code[3038], reason[both users and
user-groups collections for the security zone were null/empty], field[s [...]
+ "(0) Validation failure: error
code[3044], reason[No services specified for security-zone:[MyZone]],
field[services], subfield[null], type[missing] (1) Validation failure: error
code[3038], reason[users, user-groups and roles collections for the security
zone were null/empty], field[security zone admin users/user-groups/roles],
subfield[null], type[missing] (2) Validation failure: error code[3038],
reason[users, user-groups and roles collections for the security zone were
null/empty [...]
}
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
index 75bdb5451..6d340f25a 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
@@ -35,6 +35,7 @@ import org.apache.ranger.db.XXGlobalStateDao;
import org.apache.ranger.db.XXPolicyRefRoleDao;
import org.apache.ranger.db.XXRoleDao;
import org.apache.ranger.db.XXRoleRefRoleDao;
+import org.apache.ranger.db.XXSecurityZoneRefRoleDao;
import org.apache.ranger.db.XXServiceDefDao;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXRole;
@@ -356,19 +357,22 @@ public class TestRoleDBStore {
@Test
public void testDeleteRoleByValidRoleName() throws Exception {
- XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class);
- XXPolicyRefRoleDao xxPolicyRefRoleDao =
Mockito.mock(XXPolicyRefRoleDao.class);
- XXRoleRefRoleDao xxRoleRefRoleDao =
Mockito.mock(XXRoleRefRoleDao.class);
- XXTrxLog xTrxLog = new XXTrxLog() {{
setAction("delete"); }};
- List<XXTrxLog> trxLogList =
Collections.singletonList(xTrxLog);
- XXRole xxRole = getTestRole();
- RangerRole rangerRole = getRangerRole();
+ XXRoleDao xxRoleDao =
Mockito.mock(XXRoleDao.class);
+ XXPolicyRefRoleDao xxPolicyRefRoleDao =
Mockito.mock(XXPolicyRefRoleDao.class);
+ XXRoleRefRoleDao xxRoleRefRoleDao =
Mockito.mock(XXRoleRefRoleDao.class);
+ XXSecurityZoneRefRoleDao xxSzRefRoleDao =
Mockito.mock(XXSecurityZoneRefRoleDao.class);
+ XXTrxLog xTrxLog = new XXTrxLog() {{
setAction("delete"); }};
+ List<XXTrxLog> trxLogList =
Collections.singletonList(xTrxLog);
+ XXRole xxRole = getTestRole();
+ RangerRole rangerRole = getRangerRole();
Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+
Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(roleName)).thenReturn(0L);
Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(roleName)).thenReturn(0L);
+
Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(roleName)).thenReturn(0L);
Mockito.when(roleService.read(xxRole.getId())).thenReturn(rangerRole);
Mockito.when(xxRoleDao.findByRoleName(roleName)).thenReturn(xxRole);
Mockito.doNothing().when(transactionSynchronizationAdapter).executeOnTransactionCommit(Mockito.any());
@@ -450,16 +454,19 @@ public class TestRoleDBStore {
@Test
public void testDeleteRoleByRoleId() throws Exception {
- RangerRole rangerRole = getRangerRole();
- XXPolicyRefRoleDao xxPolicyRefRoleDao =
Mockito.mock(XXPolicyRefRoleDao.class);
- XXRoleRefRoleDao xxRoleRefRoleDao =
Mockito.mock(XXRoleRefRoleDao.class);
- XXTrxLog xTrxLog = new XXTrxLog() {{
setAction("delete"); }};
- List<XXTrxLog> trxLogList =
Collections.singletonList(xTrxLog);
- XXRole xxRole = getTestRole();
+ RangerRole rangerRole = getRangerRole();
+ XXPolicyRefRoleDao xxPolicyRefRoleDao =
Mockito.mock(XXPolicyRefRoleDao.class);
+ XXRoleRefRoleDao xxRoleRefRoleDao =
Mockito.mock(XXRoleRefRoleDao.class);
+ XXSecurityZoneRefRoleDao xxSzRefRoleDao =
Mockito.mock(XXSecurityZoneRefRoleDao.class);
+ XXTrxLog xTrxLog = new XXTrxLog() {{
setAction("delete"); }};
+ List<XXTrxLog> trxLogList =
Collections.singletonList(xTrxLog);
+ XXRole xxRole = getTestRole();
Mockito.when(roleService.read(roleId)).thenReturn(rangerRole);
Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+
Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(rangerRole.getName())).thenReturn(0L);
+
Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(rangerRole.getName())).thenReturn(0L);
Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(rangerRole.getName())).thenReturn(0L);
Mockito.when(roleService.read(xxRole.getId())).thenReturn(rangerRole);
@@ -506,6 +513,27 @@ public class TestRoleDBStore {
roleDBStore.deleteRole(roleName);
}
+ @Test
+ public void
testDeleteRoleByValidRoleNameWhenRoleIsAssociatedWithOneOrMoreSecurityZones()
throws Exception {
+ XXRole xxRole = getTestRole();
+ XXRoleDao xxRoleDao =
Mockito.mock(XXRoleDao.class);
+ XXPolicyRefRoleDao xxPolicyRefRoleDao =
Mockito.mock(XXPolicyRefRoleDao.class);
+ XXRoleRefRoleDao xxRoleRefRoleDao =
Mockito.mock(XXRoleRefRoleDao.class);
+ XXSecurityZoneRefRoleDao xxSzRefRoleDao =
Mockito.mock(XXSecurityZoneRefRoleDao.class);
+
+ Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
+ Mockito.when(xxRoleDao.findByRoleName(roleName)).thenReturn(xxRole);
+
Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+
Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(roleName)).thenReturn(0L);
+ Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
+
Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(roleName)).thenReturn(0L);
+
Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
+
Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(roleName)).thenReturn(1L);
+ thrown.expect(Exception.class);
+
+ roleDBStore.deleteRole(roleName);
+ }
+
private XXRole getTestRole() {
return new XXRole() {{
setId(TestRoleDBStore.roleId);
