RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
index f501f28..c19e3e1 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
@@ -391,13 +391,13 @@
public Set<RangerRole> getRoleNames(String userName, Set<String> userGroups) throws Exception{
Set<RangerRole> ret = new HashSet<>();
if (StringUtils.isNotEmpty(userName)) {
- List<XXRoleRefUser> xxRoleRefUsers = roleRefUpdater.daoMgr.getXXRoleRefUser().findByUserName(userName);
+ List<XXRoleRefUser> xxRoleRefUsers = roleRefUpdater.getRangerDaoManager().getXXRoleRefUser().findByUserName(userName);
for (XXRoleRefUser xxRoleRefUser : xxRoleRefUsers) {
ret.add(getRole(xxRoleRefUser.getRoleId()));
}
}
for(String userGroup : userGroups) {
- List<XXRoleRefGroup> xxRoleRefGroups = roleRefUpdater.daoMgr.getXXRoleRefGroup().findByGroupName(userGroup);
+ List<XXRoleRefGroup> xxRoleRefGroups = roleRefUpdater.getRangerDaoManager().getXXRoleRefGroup().findByGroupName(userGroup);
for (XXRoleRefGroup xxRoleRefGroup : xxRoleRefGroups) {
ret.add(getRole(xxRoleRefGroup.getRoleId()));
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
index 012d4c0..66adac2 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
@@ -74,7 +74,9 @@
@Autowired
RangerBizUtil xaBizUtil;
-
+ public RangerDaoManager getRangerDaoManager() {
+ return daoMgr;
+ }
public void createNewRoleMappingForRefTable(RangerRole rangerRole, Boolean createNonExistUserGroup) {
if (rangerRole == null) {
return;
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
new file mode 100644
index 0000000..217c1bb
--- /dev/null
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
@@ -0,0 +1,933 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ranger.rest;
+
+import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.biz.*;
+import org.apache.ranger.common.*;
+import org.apache.ranger.db.*;
+import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.model.RangerRole;
+import org.apache.ranger.plugin.model.validation.RangerRoleValidator;
+import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
+import org.apache.ranger.plugin.util.RangerRoles;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.service.RangerRoleService;
+import org.apache.ranger.service.XUserService;
+import org.apache.ranger.view.RangerRoleList;
+import org.apache.ranger.view.VXUser;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.*;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.*;
+
+import static org.mockito.ArgumentMatchers.eq;
+
+
+@RunWith(MockitoJUnitRunner.class)
+public class TestRoleREST {
+ private static final Long userId = 8L;
+ private static final Long roleId = 9L;
+ private static final String adminLoginID = "admin";
+
+ @Mock
+ RangerRole role;
+
+ @Mock
+ RESTErrorUtil restErrorUtil;
+ @Mock
+ AssetMgr assetMgr;
+
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ RangerDaoManager daoMgr;
+ @Mock
+ RoleDBStore roleStore;
+ @Mock
+ RangerRoleService roleService;
+
+ @Mock
+ XUserService xUserService;
+
+ @Mock
+ ServiceDBStore svcStore;
+
+ @Mock
+ RangerSearchUtil searchUtil;
+
+ @Mock
+ ServiceUtil serviceUtil;
+
+ @Mock
+ RangerValidatorFactory validatorFactory;
+
+ @Mock
+ RangerBizUtil bizUtil;
+
+ @Mock
+ XUserMgr userMgr;
+
+ @Mock
+ XXRoleRefUserDao xRoleUserDao;
+
+ @Mock
+ XXRoleRefGroupDao xRoleGroupDao;
+
+ @Mock
+ XXRoleRefRoleDao xRoleRoleDao;
+
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ RoleRefUpdater roleRefUpdater;
+
+ @InjectMocks private RoleREST roleRest = new RoleREST();
+
+ @Before
+ public void setup() {
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(true);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(adminLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+ }
+
+ @After
+ public void destroySession() {
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(null);
+ RangerContextHolder.setSecurityContext(context);
+ }
+
+ @Test
+ public void test1CreateRole(){
+ boolean createNonExistUserGroup = true;
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
+ RangerRole rangerRole = createRole();
+ try {
+ Mockito.when(roleStore.createRole(Mockito.any(RangerRole.class), eq(createNonExistUserGroup))).
+ thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole createdRole = roleRest.createRole("admin", rangerRole ,createNonExistUserGroup);
+ Assert.assertNotNull(createdRole);
+ Assert.assertEquals(createdRole.getName(), rangerRole.getName());
+ Assert.assertEquals(createdRole.getDescription(), rangerRole.getDescription());
+ Assert.assertEquals(createdRole.getCreatedByUser(), rangerRole.getCreatedByUser());
+ }
+
+ @Test
+ public void test2UpdateRole(){
+ Boolean createNonExistUserGroup = Boolean.TRUE;
+ RangerRole rangerRole = createRole();
+ RangerRole rangerRoleOld = createRoleOld();
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class);
+ Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
+ Mockito.when(daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(Mockito.anyString())).thenReturn(0l);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenReturn(rangerRoleOld);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole updatedRole = roleRest.updateRole(roleId, rangerRole, eq(createNonExistUserGroup));
+ Assert.assertNotNull(updatedRole);
+ Assert.assertEquals(updatedRole.getName(), rangerRole.getName());
+ Assert.assertEquals(updatedRole.getUsers(), rangerRole.getUsers());
+ }
+
+ @Test
+ public void test3DeleteRoleByName(){
+ RangerRole rangerRole = createRole();
+ Mockito.doReturn(true).when(bizUtil).isUserRangerAdmin(Mockito.anyString());
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ roleRest.deleteRole("admin", adminLoginID ,rangerRole.getName());
+ try {
+ Mockito.verify(roleStore, Mockito.times(1)).deleteRole(Mockito.anyString());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test
+ public void test4DeleteRoleById(){
+ RangerRole rangerRole = createRole();
+ Mockito.doReturn(true).when(bizUtil).isUserRangerAdmin(Mockito.anyString());
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ roleRest.deleteRole(rangerRole.getId());
+ try {
+ Mockito.verify(roleStore, Mockito.times(1)).deleteRole(Mockito.anyLong());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test
+ public void test5GetRoleByName(){
+ RangerRole rangerRole = createRole();
+ Mockito.doReturn(true).when(bizUtil).isUserRangerAdmin(Mockito.anyString());
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyString())).thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole returnedRole = roleRest.getRole("admin", adminLoginID ,rangerRole.getName());
+ Assert.assertNotNull(returnedRole);
+ Assert.assertEquals(returnedRole.getName(), rangerRole.getName());
+ }
+
+ @Test
+ public void test6GetRoleById(){
+ RangerRole rangerRole = createRole();
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole returnedRole = roleRest.getRole(eq(rangerRole.getId()));
+ Assert.assertNotNull(returnedRole);
+ Assert.assertEquals(returnedRole.getName(), rangerRole.getName());
+ Assert.assertEquals(returnedRole.getId(), rangerRole.getId());
+ }
+
+ @Test
+ public void test7GetAllRoles(){
+ RangerRoleList rangerRoleList = new RangerRoleList();
+ Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class), eq(roleService.sortFields))).
+ thenReturn(Mockito.mock(SearchFilter.class));
+ RangerRoleList returnedRangerRoleList = roleRest.getAllRoles(Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(returnedRangerRoleList);
+ Assert.assertEquals(returnedRangerRoleList.getListSize(), rangerRoleList.getListSize());
+ }
+
+ @Test
+ public void test8GetAllRolesForUser(){
+ RangerRoleList rangerRoleList = new RangerRoleList();
+ SearchFilter searchFilter = new SearchFilter();
+ Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class), eq(roleService.sortFields))).
+ thenReturn(searchFilter);
+ RangerRoleList returnedRangerRoleList = roleRest.getAllRolesForUser(Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(returnedRangerRoleList);
+ Assert.assertEquals(returnedRangerRoleList.getListSize(), rangerRoleList.getListSize());
+ }
+ @Test
+ public void test9GetAllRoleNames(){
+ List<String> roleList = createRoleList();
+ Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class), eq(roleService.sortFields))).
+ thenReturn(Mockito.mock(SearchFilter.class));
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRoleNames(Mockito.any(SearchFilter.class))).thenReturn(roleList);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ List<String> returnedRoleList = roleRest.getAllRoleNames(adminLoginID, adminLoginID, Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(returnedRoleList);
+ Assert.assertEquals(returnedRoleList.size(), roleList.size());
+ }
+ @Test
+ public void test10AddUsersAndGroups(){
+ RangerRole rangerRole = createRole();
+ List<String> users = new ArrayList<>(Arrays.asList("test-role","admin"));
+ List<String> groups = new ArrayList<>(Arrays.asList("group1","group2"));
+ Boolean isAdmin = true;
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).
+ then(AdditionalAnswers.returnsFirstArg());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole returnedRole = roleRest.addUsersAndGroups(roleId, users, groups, isAdmin);
+ Assert.assertNotNull(returnedRole);
+ Assert.assertEquals(returnedRole.getUsers().size(), users.size());
+ Assert.assertEquals(returnedRole.getGroups().size(), groups.size());
+ }
+ @Test
+ public void test11RemoveUsersAndGroups(){
+ RangerRole rangerRole = createRoleWithUsersAndGroups();
+ List<String> users = new ArrayList<>(Arrays.asList("test-role","admin"));
+ List<String> groups = new ArrayList<>(Arrays.asList("test-group","admin"));
+ List<String> createdRoleUsers = new ArrayList<>();
+ for(RangerRole.RoleMember roleMember : rangerRole.getUsers()){
+ createdRoleUsers.add(roleMember.getName());
+ }
+ List<String> createdRoleGroups = new ArrayList<>();
+ for(RangerRole.RoleMember groupMember : rangerRole.getGroups()){
+ createdRoleGroups.add(groupMember.getName());
+ }
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).
+ then(AdditionalAnswers.returnsFirstArg());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole returnedRole = roleRest.removeUsersAndGroups(roleId, users, groups);
+ Assert.assertNotNull(returnedRole);
+ Assert.assertEquals(createdRoleUsers,users);
+ Assert.assertEquals(createdRoleGroups,groups);
+ Assert.assertEquals(returnedRole.getUsers().size(), 0);
+ Assert.assertEquals(returnedRole.getGroups().size(), 0);
+ }
+
+ @Test
+ public void test12RemoveAdminFromUsersAndGroups(){
+ RangerRole rangerRole = createRoleWithUsersAndGroups();
+ for (RangerRole.RoleMember role: rangerRole.getUsers()){
+ Assert.assertTrue(role.getIsAdmin());
+ }
+ for (RangerRole.RoleMember group: rangerRole.getGroups()){
+ Assert.assertTrue(group.getIsAdmin());
+ }
+ List<String> users = new ArrayList<>(Arrays.asList("test-role","admin"));
+ List<String> groups = new ArrayList<>(Arrays.asList("test-group","admin"));
+ List<String> createdRoleUsers = new ArrayList<>();
+ for(RangerRole.RoleMember roleMember : rangerRole.getUsers()){
+ createdRoleUsers.add(roleMember.getName());
+ }
+ List<String> createdRoleGroups = new ArrayList<>();
+ for(RangerRole.RoleMember groupMember : rangerRole.getGroups()){
+ createdRoleGroups.add(groupMember.getName());
+ }
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).
+ then(AdditionalAnswers.returnsFirstArg());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole returnedRole = roleRest.removeAdminFromUsersAndGroups(roleId, users, groups);
+ Assert.assertNotNull(returnedRole);
+ Assert.assertEquals(createdRoleUsers,users);
+ Assert.assertEquals(createdRoleGroups,groups);
+ for (RangerRole.RoleMember role: returnedRole.getUsers()){
+ Assert.assertFalse(role.getIsAdmin());
+ }
+ for (RangerRole.RoleMember group: returnedRole.getGroups()){
+ Assert.assertFalse(group.getIsAdmin());
+ }
+ }
+ @Test
+ public void test13GrantRole(){
+ RangerRole rangerRole = createRole();
+ String serviceName = "serviceName";
+ GrantRevokeRoleRequest grantRevokeRoleRequest = createGrantRevokeRoleRequest();
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true,true,true);
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).
+ then(AdditionalAnswers.returnsFirstArg());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyString())).thenReturn(rangerRole,rangerRole,rangerRole,rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RESTResponse resp = roleRest.grantRole(serviceName, grantRevokeRoleRequest,
+ Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(resp);
+ Assert.assertEquals(resp.getStatusCode(), RESTResponse.STATUS_SUCCESS);
+ }
+
+ @Test
+ public void test14RevokeRole(){
+ RangerRole rangerRole = createRole();
+ String serviceName = "serviceName";
+ GrantRevokeRoleRequest grantRevokeRoleRequest = createGrantRevokeRoleRequest();
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true,true,true);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyString())).thenReturn(rangerRole,rangerRole,rangerRole,rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).
+ then(AdditionalAnswers.returnsFirstArg());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RESTResponse resp = roleRest.revokeRole(serviceName, grantRevokeRoleRequest,
+ Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(resp);
+ Assert.assertEquals(resp.getStatusCode(), RESTResponse.STATUS_SUCCESS);
+ }
+
+ @Test
+ public void test15GetUserRoles(){
+ Set<RangerRole> rangerRoles = new HashSet<>();
+ RangerRole rangerRole = createRole();
+ rangerRoles.add(rangerRole);
+ List<XXRoleRefGroup> xxRoleRefGroupList = createXXRoleRefGroupList();
+ List<XXRoleRefUser> xxRoleRefRoleList = createXXRoleRefUserList();
+ Set<String> groups = new HashSet<>(Arrays.asList("group1", "group2"));
+ Mockito.when(xUserService.getXUserByUserName(Mockito.anyString())).thenReturn(createVXUser());
+ Mockito.when(userMgr.getGroupsForUser(Mockito.anyString())).thenReturn(groups);
+ Mockito.when(roleRefUpdater.getRangerDaoManager().getXXRoleRefUser().findByUserName(adminLoginID)).
+ thenReturn(xxRoleRefRoleList);
+ Mockito.when(roleRefUpdater.getRangerDaoManager().getXXRoleRefGroup().findByGroupName(adminLoginID)).
+ thenReturn(xxRoleRefGroupList);
+ try {
+ Mockito.when(roleStore.getRoleNames(Mockito.anyString(),eq(groups))).thenReturn(rangerRoles);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ List<String> returnedRoles = roleRest.getUserRoles(adminLoginID,Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(returnedRoles);
+ Assert.assertEquals(returnedRoles.size(), rangerRoles.size());
+ }
+
+ @Test
+ public void test16GetRangerRolesIfUpdated() {
+ RangerRoles rangerRoles = createRangerRoles();
+ String serviceName = "serviceName";
+ String pluginId = "pluginId";
+ String clusterName = "";
+ String pluginCapabilities = "";
+ RangerRoles returnedRangeRoles;
+ Mockito.when(serviceUtil.isValidService(Mockito.anyString(),Mockito.any(HttpServletRequest.class))).
+ thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRoles(Mockito.anyString(), Mockito.anyLong())).thenReturn(rangerRoles);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ returnedRangeRoles = roleRest.getRangerRolesIfUpdated(serviceName,
+ -1l, 0l, pluginId, clusterName, pluginCapabilities,
+ Mockito.mock(HttpServletRequest.class));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ Assert.assertNotNull(returnedRangeRoles);
+ Assert.assertEquals(returnedRangeRoles.getRangerRoles().size(), rangerRoles.getRangerRoles().size());
+ }
+
+ @Test
+ public void test17GetSecureRangerRolesIfUpdated(){
+ RangerRoles rangerRoles = createRangerRoles();
+ String serviceName = "serviceName";
+ String pluginId = "pluginId";
+ String clusterName = "";
+ String pluginCapabilities = "";
+ RangerRoles returnedRangeRoles;
+ Mockito.when(serviceUtil.isValidService(Mockito.anyString(),Mockito.any(HttpServletRequest.class))).
+ thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRoles(Mockito.anyString(), Mockito.anyLong())).thenReturn(rangerRoles);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ Mockito.when(daoMgr.getXXService().findByName(Mockito.anyString())).thenReturn(createXXService());
+ Mockito.when(bizUtil.isAdmin()).thenReturn(true);
+ try {
+ returnedRangeRoles = roleRest.getSecureRangerRolesIfUpdated(serviceName,
+ -1l, 0l, pluginId, clusterName, pluginCapabilities,
+ Mockito.mock(HttpServletRequest.class));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ Assert.assertNotNull(returnedRangeRoles);
+ Assert.assertEquals(returnedRangeRoles.getRangerRoles().size(), rangerRoles.getRangerRoles().size());
+ }
+
+ @Test(expected = Throwable.class)
+ public void test1bCreateRole(){
+ boolean createNonExistUserGroup = true;
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
+ RangerRole rangerRole = createRoleInvalidMember();
+ roleRest.createRole("admin", rangerRole ,createNonExistUserGroup);
+ }
+ @Test(expected = Throwable.class)
+ public void test2bUpdateRole(){
+ Boolean createNonExistUserGroup = Boolean.TRUE;
+ RangerRole rangerRole = createRoleInvalidMember();
+ RangerRole rangerRoleOld = createRoleOld();
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class);
+ Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
+ Mockito.when(daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(Mockito.anyString())).thenReturn(0l);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenReturn(rangerRoleOld);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ roleRest.updateRole(roleId, rangerRole, eq(createNonExistUserGroup));
+ }
+ @Test(expected = Throwable.class)
+ public void test3bDeleteRoleByName(){
+ RangerRole rangerRole = createRole();
+ Mockito.doReturn(false).when(bizUtil).isUserRangerAdmin(Mockito.anyString());
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ roleRest.deleteRole("admin", adminLoginID ,rangerRole.getName());
+ try {
+ Mockito.verify(roleStore, Mockito.times(1)).deleteRole(Mockito.anyString());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test(expected = Throwable.class)
+ public void test4bDeleteRoleById(){
+ RangerRole rangerRole = createRole();
+ Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenReturn(Mockito.mock(RangerRoleValidator.class));
+ roleRest.deleteRole(rangerRole.getId());
+ try {
+ Mockito.verify(roleStore, Mockito.times(1)).deleteRole(Mockito.anyLong());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test(expected = Throwable.class)
+ public void test5bGetRoleByName(){
+ RangerRole rangerRole = createRole();
+ roleRest.getRole("admin", adminLoginID ,rangerRole.getName());
+ }
+
+ @Test(expected = Throwable.class)
+ public void test6bGetRoleById(){
+ RangerRole rangerRole = createRole();
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenThrow(new Exception("test"));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ roleRest.getRole(eq(rangerRole.getId()));
+ }
+
+ @Test(expected = Throwable.class)
+ public void test7bGetAllRoles(){
+ SearchFilter searchFilter = new SearchFilter();
+ try {
+ Mockito.when(roleStore.getRoles(searchFilter, Mockito.any(RangerRoleList.class))).thenThrow(new Exception("test"));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class), eq(roleService.sortFields))).
+ thenReturn(Mockito.mock(SearchFilter.class));
+ roleRest.getAllRoles(Mockito.mock(HttpServletRequest.class));
+ }
+
+ @Test
+ public void test8bGetAllRolesForUser(){
+ RangerRoleList rangerRoleList = new RangerRoleList();
+ SearchFilter searchFilter = new SearchFilter();
+ Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class), eq(roleService.sortFields))).
+ thenReturn(searchFilter);
+ RangerRoleList returnedRangerRoleList = roleRest.getAllRolesForUser(Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(returnedRangerRoleList);
+ Assert.assertEquals(returnedRangerRoleList.getListSize(), rangerRoleList.getListSize());
+ }
+
+ @Test(expected = Throwable.class)
+ public void test9bGetAllRoleNames(){
+ List<String> roleList = createRoleList();
+ Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class), eq(roleService.sortFields))).
+ thenReturn(Mockito.mock(SearchFilter.class));
+ List<String> returnedRoleList = roleRest.getAllRoleNames(adminLoginID, adminLoginID, Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(returnedRoleList);
+ Assert.assertEquals(returnedRoleList.size(), roleList.size());
+ }
+ @Test
+ public void test10bAddUsersAndGroups(){
+ RangerRole rangerRole = createRoleWithUsersAndGroups();
+ int currentUsersCount = rangerRole.getUsers().size();
+ int currentGroupsCount = rangerRole.getGroups().size();
+ List<String> users = new ArrayList<>(Arrays.asList("test-role2","test-role3"));
+ List<String> groups = new ArrayList<>(Arrays.asList("test-group2","test-group3"));
+ Boolean isAdmin = Boolean.TRUE;
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyLong())).thenReturn(rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).
+ then(AdditionalAnswers.returnsFirstArg());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RangerRole returnedRole = roleRest.addUsersAndGroups(roleId, users, groups, isAdmin);
+ Assert.assertNotNull(returnedRole);
+ Assert.assertEquals(returnedRole.getGroups().size(), groups.size() + currentGroupsCount);
+ }
+
+ @Test(expected = Throwable.class)
+ public void test10cAddUsersAndGroups(){
+ RangerRole rangerRole = createRole();
+ List<String> users = new ArrayList<>(Arrays.asList("{OWNER}","test-role3"));
+ List<String> groups = new ArrayList<>(Arrays.asList("test-group2","test-group3"));
+ Boolean isAdmin = Boolean.TRUE;
+ roleRest.addUsersAndGroups(roleId, users, groups, isAdmin);
+ }
+
+ @Test(expected = Throwable.class)
+ public void test11bRemoveUsersAndGroups(){
+ RangerRole rangerRole = createRole();
+ List<String> users = new ArrayList<>(Arrays.asList("test-role","admin"));
+ List<String> groups = new ArrayList<>();
+ List<String> createdRoleUsers = new ArrayList<>();
+ for(RangerRole.RoleMember roleMember : rangerRole.getUsers()){
+ createdRoleUsers.add(roleMember.getName());
+ }
+ roleRest.removeUsersAndGroups(roleId, users, groups);
+ }
+
+ @Test(expected = Throwable.class)
+ public void test12bRemoveAdminFromUsersAndGroups(){
+ RangerRole rangerRole = createRole();
+ for (RangerRole.RoleMember role: rangerRole.getUsers()){
+ Assert.assertTrue(role.getIsAdmin());
+ }
+ List<String> users = new ArrayList<>(Arrays.asList("test-role","admin"));
+ List<String> groups = new ArrayList<>();
+ List<String> createdRoleUsers = new ArrayList<>();
+ for(RangerRole.RoleMember roleMember : rangerRole.getUsers()){
+ createdRoleUsers.add(roleMember.getName());
+ }
+ roleRest.removeAdminFromUsersAndGroups(roleId, users, groups);
+ }
+
+ @Test(expected = Throwable.class)
+ public void test13bGrantRole(){
+ RangerRole rangerRole = createRole();
+ String serviceName = "serviceName";
+ GrantRevokeRoleRequest grantRevokeRoleRequest = createGrantRevokeRoleRequest();
+ roleRest.grantRole(serviceName, grantRevokeRoleRequest,
+ Mockito.mock(HttpServletRequest.class));
+ }
+
+ @Test
+ public void test14bRevokeRole(){
+ RangerRole rangerRole = createRole();
+ String serviceName = "serviceName";
+ GrantRevokeRoleRequest grantRevokeRoleRequest = createGrantRevokeRoleRequest();
+ grantRevokeRoleRequest.setGrantOption(Boolean.TRUE);
+ Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true,true,true);
+ try {
+ Mockito.when(roleStore.getRole(Mockito.anyString())).thenReturn(rangerRole,rangerRole,rangerRole,rangerRole);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ Mockito.when(roleStore.updateRole(Mockito.any(RangerRole.class),Mockito.anyBoolean())).
+ then(AdditionalAnswers.returnsFirstArg());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ RESTResponse resp = roleRest.revokeRole(serviceName, grantRevokeRoleRequest,
+ Mockito.mock(HttpServletRequest.class));
+ Assert.assertNotNull(resp);
+ Assert.assertEquals(resp.getStatusCode(), RESTResponse.STATUS_SUCCESS);
+ }
+
+ @Test(expected = Throwable.class)
+ public void test14cRevokeRole(){
+ RangerRole rangerRole = createRole();
+ String serviceName = "serviceName";
+ GrantRevokeRoleRequest grantRevokeRoleRequest = createGrantRevokeRoleRequest();
+ grantRevokeRoleRequest.setGrantOption(Boolean.TRUE);
+ grantRevokeRoleRequest.setGrantorGroups(new HashSet<>(Arrays.asList("group1","group2")));
+ roleRest.revokeRole(serviceName, grantRevokeRoleRequest,
+ Mockito.mock(HttpServletRequest.class));
+ }
+
+ @Test(expected = Throwable.class)
+ public void test15bGetUserRoles(){
+ Set<RangerRole> rangerRoles = new HashSet<>();
+ RangerRole rangerRole = createRole();
+ rangerRoles.add(rangerRole);
+ List<XXRoleRefGroup> xxRoleRefGroupList = createXXRoleRefGroupList();
+ List<XXRoleRefUser> xxRoleRefRoleList = createXXRoleRefUserList();
+ Set<String> groups = new HashSet<>(Arrays.asList("group1", "group2"));
+ Mockito.when(xUserService.getXUserByUserName(Mockito.anyString())).thenReturn(null);
+ Mockito.when(roleRefUpdater.getRangerDaoManager().getXXRoleRefUser().findByUserName(adminLoginID)).
+ thenReturn(xxRoleRefRoleList);
+ Mockito.when(roleRefUpdater.getRangerDaoManager().getXXRoleRefGroup().findByGroupName(adminLoginID)).
+ thenReturn(xxRoleRefGroupList);
+ roleRest.getUserRoles(adminLoginID,Mockito.mock(HttpServletRequest.class));
+ }
+
+ @Test(expected = Throwable.class)
+ public void test16bGetRangerRolesIfUpdated() {
+ RangerRoles rangerRoles = createRangerRoles();
+ String serviceName = "serviceName";
+ String pluginId = "pluginId";
+ String clusterName = "";
+ String pluginCapabilities = "";
+ try {
+ Mockito.doThrow(new Exception()).when(bizUtil).failUnauthenticatedDownloadIfNotAllowed();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ roleRest.getRangerRolesIfUpdated(serviceName, -1l, 0l, pluginId, clusterName,
+ pluginCapabilities, Mockito.mock(HttpServletRequest.class));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test(expected = Throwable.class)
+ public void test16cGetRangerRolesIfUpdated() {
+ String serviceName = "serviceName";
+ String pluginId = "pluginId";
+ String clusterName = "";
+ String pluginCapabilities = "";
+ Mockito.when(serviceUtil.isValidService(Mockito.anyString(),Mockito.any(HttpServletRequest.class))).
+ thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRoles(Mockito.anyString(), Mockito.anyLong())).thenReturn(null);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ try {
+ roleRest.getRangerRolesIfUpdated(serviceName, -1l, 0l, pluginId, clusterName,
+ pluginCapabilities, Mockito.mock(HttpServletRequest.class));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test(expected = Throwable.class)
+ public void test17bGetSecureRangerRolesIfUpdated(){
+ RangerRoles rangerRoles = createRangerRoles();
+ String serviceName = "serviceName";
+ String pluginId = "pluginId";
+ String clusterName = "";
+ String pluginCapabilities = "";
+ Mockito.when(serviceUtil.isValidService(eq(null),Mockito.any(HttpServletRequest.class))).
+ thenThrow(new Exception());
+ try {
+ Mockito.when(roleStore.getRoles(Mockito.anyString(), Mockito.anyLong())).thenReturn(rangerRoles);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ Mockito.when(daoMgr.getXXService().findByName(Mockito.anyString())).thenReturn(createXXService());
+ Mockito.when(bizUtil.isAdmin()).thenReturn(true);
+ try {
+ roleRest.getSecureRangerRolesIfUpdated(serviceName, -1l, 0l, pluginId,
+ clusterName, pluginCapabilities, Mockito.mock(HttpServletRequest.class));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test(expected = Throwable.class)
+ public void test17cGetSecureRangerRolesIfUpdated(){
+ String serviceName = "serviceName";
+ String pluginId = "pluginId";
+ String clusterName = "";
+ String pluginCapabilities = "";
+ Mockito.when(serviceUtil.isValidService(Mockito.anyString(), Mockito.any(HttpServletRequest.class))).
+ thenReturn(true);
+ Mockito.when(daoMgr.getXXService().findByName(Mockito.anyString())).thenReturn(null);
+ Mockito.when(bizUtil.isAdmin()).thenReturn(true);
+ try {
+ roleRest.getSecureRangerRolesIfUpdated(serviceName, -1l, 0l, pluginId,
+ clusterName, pluginCapabilities, Mockito.mock(HttpServletRequest.class));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test(expected = Throwable.class)
+ public void test17dGetSecureRangerRolesIfUpdated(){
+
+ String serviceName = "serviceName";
+ String pluginId = "pluginId";
+ String clusterName = "";
+ String pluginCapabilities = "";
+ Mockito.when(serviceUtil.isValidService(Mockito.anyString(), Mockito.any(HttpServletRequest.class))).
+ thenReturn(true);
+ try {
+ Mockito.when(roleStore.getRoles(Mockito.anyString(), Mockito.anyLong())).thenReturn(null);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ Mockito.when(daoMgr.getXXService().findByName(Mockito.anyString())).thenReturn(createXXService());
+ Mockito.when(bizUtil.isAdmin()).thenReturn(true);
+ try {
+ roleRest.getSecureRangerRolesIfUpdated(serviceName, -1l, 0l, pluginId,
+ clusterName, pluginCapabilities, Mockito.mock(HttpServletRequest.class));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private RangerRole createRole(){
+ String name = "test-role";
+ String name2 = "admin";
+ RangerRole.RoleMember rm1 = new RangerRole.RoleMember(name,true);
+ RangerRole.RoleMember rm2 = new RangerRole.RoleMember(name2, true);
+ List<RangerRole.RoleMember> usersList = new ArrayList<>(Arrays.asList(rm1,rm2));
+ RangerRole rangerRole = new RangerRole(name, name, null, usersList, null);
+ rangerRole.setCreatedByUser(name);
+ rangerRole.setId(roleId);
+ return rangerRole;
+ }
+
+ private RangerRole createRoleWithUsersAndGroups(){
+ String userName1 = "test-role";
+ String userName2 = "admin";
+ String groupName1 = "test-group";
+ String groupName2 = "admin";
+ RangerRole.RoleMember rm1 = new RangerRole.RoleMember(userName1,true);
+ RangerRole.RoleMember rm2 = new RangerRole.RoleMember(userName2, true);
+ List<RangerRole.RoleMember> usersList = new ArrayList<>(Arrays.asList(rm1,rm2));
+ RangerRole.RoleMember rm3 = new RangerRole.RoleMember(groupName1,true);
+ RangerRole.RoleMember rm4 = new RangerRole.RoleMember(groupName2, true);
+ List<RangerRole.RoleMember> groupList = new ArrayList<>(Arrays.asList(rm3,rm4));
+
+ RangerRole rangerRole = new RangerRole(userName1, userName1, null, usersList, groupList);
+ rangerRole.setCreatedByUser(userName1);
+ rangerRole.setId(roleId);
+ return rangerRole;
+ }
+
+ private RangerRole createRoleInvalidMember(){
+ String name = "{OWNER}";
+ String name2 = "admin";
+ RangerRole.RoleMember rm1 = new RangerRole.RoleMember(name,true);
+ RangerRole.RoleMember rm2 = new RangerRole.RoleMember(name2, true);
+ List<RangerRole.RoleMember> usersList = new ArrayList<>(Arrays.asList(rm1,rm2));
+ RangerRole rangerRole = new RangerRole(name, name, null, usersList, null);
+ rangerRole.setCreatedByUser(name);
+ rangerRole.setId(roleId);
+ return rangerRole;
+ }
+
+ private RangerRole createRoleOld(){
+ String name = "test-role2";
+ String name2 = "admin";
+ RangerRole.RoleMember rm1 = new RangerRole.RoleMember(name,true);
+ RangerRole.RoleMember rm2 = new RangerRole.RoleMember(name2, true);
+ List<RangerRole.RoleMember> usersList = Arrays.asList(rm1,rm2);
+ RangerRole rangerRole = new RangerRole(name, name, null, usersList, null);
+ rangerRole.setCreatedByUser(name);
+ rangerRole.setId(roleId);
+ return rangerRole;
+ }
+ private VXUser createVXUser() {
+ VXUser testVXUser= new VXUser();
+ Collection<String> c = new ArrayList<String>();
+ testVXUser.setId(userId);
+ testVXUser.setCreateDate(new Date());
+ testVXUser.setUpdateDate(new Date());
+ testVXUser.setOwner("admin");
+ testVXUser.setUpdatedBy("admin");
+ testVXUser.setName("User1");
+ testVXUser.setFirstName("FnameUser1");
+ testVXUser.setLastName("LnameUser1");
+ testVXUser.setPassword("User1");
+ testVXUser.setGroupIdList(null);
+ testVXUser.setGroupNameList(null);
+ testVXUser.setStatus(1);
+ testVXUser.setIsVisible(1);
+ testVXUser.setUserSource(0);
+ c.add("ROLE_SYS_ADMIN");
+ testVXUser.setUserRoleList(c);
+ return testVXUser;
+ }
+
+ private List<XXRoleRefGroup> createXXRoleRefGroupList(){
+ List<XXRoleRefGroup> xxRoleRefGroupList = new ArrayList<XXRoleRefGroup>();
+ XXRoleRefGroup xxRoleRefGroup1 = new XXRoleRefGroup();
+ xxRoleRefGroup1.setRoleId(roleId);
+ xxRoleRefGroupList.add(xxRoleRefGroup1);
+ return xxRoleRefGroupList;
+ }
+
+ private List<XXRoleRefUser> createXXRoleRefUserList(){
+ List<XXRoleRefUser> xxRoleRefUserList = new ArrayList<XXRoleRefUser>();
+ XXRoleRefUser xxRoleRefUser1 = new XXRoleRefUser();
+ xxRoleRefUser1.setRoleId(roleId);
+ xxRoleRefUserList.add(xxRoleRefUser1);
+ return xxRoleRefUserList;
+ }
+
+ private List<String> createRoleList(){
+ List<String> roleList = new ArrayList<String>();
+ roleList.add("admin");
+ roleList.add("user");
+ return roleList;
+ }
+
+ private RangerRoles createRangerRoles(){
+ Set<RangerRole> rangerRolesSet = new HashSet<>(Arrays.asList(createRole()));
+ RangerRoles rangerRoles = new RangerRoles();
+ rangerRoles.setRangerRoles(rangerRolesSet);
+ return rangerRoles;
+ }
+
+ private XXService createXXService(){
+ XXService xxService = new XXService();
+ xxService.setId(1L);
+ xxService.setName("test-service");
+ xxService.setDescription("test-service");
+ xxService.setIsEnabled(true);
+ xxService.setCreateTime(new Date());
+ xxService.setUpdateTime(new Date());
+ return xxService;
+ }
+
+ private GrantRevokeRoleRequest createGrantRevokeRoleRequest(){
+ Set<String> users = new HashSet<>(Arrays.asList("test-role","admin"));
+ Set<String> groups = new HashSet<>(Arrays.asList("test-group","admin"));
+ GrantRevokeRoleRequest roleRequest = new GrantRevokeRoleRequest();
+ roleRequest.setUsers(users);
+ roleRequest.setGroups(groups);
+ roleRequest.setGrantor("admin");
+ roleRequest.setTargetRoles(new HashSet<>(Arrays.asList("role1","role2")));
+ return roleRequest;
+ }
+}