hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java - ranger - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.ranger.authorization.hbase;


 import static org.junit.Assert.*;

 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.lang.reflect.Type;
 import java.util.List;

 import org.apache.ranger.authorization.hbase.TestPolicyEngine.PolicyEngineTestCase.TestData;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 import org.apache.ranger.plugin.policyengine.RangerAccessResource;
 import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
 import org.apache.ranger.plugin.policyengine.RangerPluginContext;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 import org.apache.ranger.plugin.util.ServicePolicies;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;

 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonDeserializationContext;
 import com.google.gson.JsonDeserializer;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonParseException;
 import org.junit.Test;


 public class TestPolicyEngine {
 	static RangerBasePlugin plugin = null;
 	static Gson             gsonBuilder  = null;


 	@BeforeClass
 	public static void setUpBeforeClass() throws Exception {
 		plugin = new RangerBasePlugin("hbase", "hbase");
 		gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
 									   .setPrettyPrinting()
 									   .registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
 									   .registerTypeAdapter(RangerAccessResource.class,  new RangerResourceDeserializer())
 									   .create();
 	}

 	@AfterClass
 	public static void tearDownAfterClass() throws Exception {
 	}


 	@Test
 	public void testPolicyEngine_hbase() {
 		String[] hbaseTestResourceFiles = { "/policyengine/test_policyengine_hbase.json" };

 		runTestsFromResourceFiles(hbaseTestResourceFiles);
 	}

 	private void runTestsFromResourceFiles(String[] resourceNames) {
 		for(String resourceName : resourceNames) {
 			InputStream inStream = this.getClass().getResourceAsStream(resourceName);
 			InputStreamReader reader   = new InputStreamReader(inStream);

 			runTests(reader, resourceName);
 		}
 	}

 	private void runTests(InputStreamReader reader, String testName) {
 		try {
 			PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);

 			assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);

 			ServicePolicies servicePolicies = new ServicePolicies();
 			servicePolicies.setServiceName(testCase.serviceName);
 			servicePolicies.setServiceDef(testCase.serviceDef);
 			servicePolicies.setPolicies(testCase.policies);

 			RangerPolicyEngineOptions policyEngineOptions = new RangerPolicyEngineOptions();
 			RangerPluginContext pluginContext = new RangerPluginContext("hive");
 			pluginContext.setClusterName("cl1");
 			pluginContext.setClusterType("on-prem");
 			RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(testName, servicePolicies, policyEngineOptions, pluginContext);

 			RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(pluginContext.getConfig());

 			for(TestData test : testCase.tests) {
 				RangerAccessResult expected = test.result;
 				RangerAccessRequest request = test.request;
 				policyEngine.preProcess(request);

 				RangerAccessResult result   = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, auditHandler);

 				assertNotNull("result was null! - " + test.name, result);
 				assertEquals("isAllowed mismatched! - " + test.name, expected.getIsAllowed(), result.getIsAllowed());
 				assertEquals("isAudited mismatched! - " + test.name, expected.getIsAudited(), result.getIsAudited());
 				assertEquals("policyId mismatched! - " + test.name, expected.getPolicyId(), result.getPolicyId());
 			}

 		} catch(Throwable excp) {
 			excp.printStackTrace();
 		}

 	}

 	static class PolicyEngineTestCase {
 		public String             serviceName;
 		public RangerServiceDef   serviceDef;
 		public List<RangerPolicy> policies;
 		public List<TestData>     tests;

 		class TestData {
 			public String              name;
 			public RangerAccessRequest request;
 			public RangerAccessResult  result;
 		}
 	}

 	static class RangerAccessRequestDeserializer implements JsonDeserializer<RangerAccessRequest> {
 		@Override
 		public RangerAccessRequest deserialize(JsonElement jsonObj, Type type,
 				JsonDeserializationContext context) throws JsonParseException {
 			RangerAccessRequestImpl ret = gsonBuilder.fromJson(jsonObj, RangerAccessRequestImpl.class);

 			ret.setAccessType(ret.getAccessType()); // to force computation of isAccessTypeAny and isAccessTypeDelegatedAdmin

 			return ret;
 		}
 	}

 	static class RangerResourceDeserializer implements JsonDeserializer<RangerAccessResource> {
 		@Override
 		public RangerAccessResource deserialize(JsonElement jsonObj, Type type,
 				JsonDeserializationContext context) throws JsonParseException {
 			RangerAccessResourceImpl resource =  gsonBuilder.fromJson(jsonObj, RangerHBaseResource.class);
 			resource.setValue("table", resource.getValue("table"));
 			return resource;
 		}
 	}
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.ranger.authorization.hbase;


	import static org.junit.Assert.*;

	import java.io.InputStream;
	import java.io.InputStreamReader;
	import java.lang.reflect.Type;
	import java.util.List;

	import org.apache.ranger.authorization.hbase.TestPolicyEngine.PolicyEngineTestCase.TestData;
	import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
	import org.apache.ranger.plugin.model.RangerPolicy;
	import org.apache.ranger.plugin.model.RangerServiceDef;
	import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
	import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
	import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
	import org.apache.ranger.plugin.policyengine.RangerAccessResult;
	import org.apache.ranger.plugin.policyengine.RangerAccessResource;
	import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
	import org.apache.ranger.plugin.policyengine.RangerPluginContext;
	import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
	import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
	import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
	import org.apache.ranger.plugin.service.RangerBasePlugin;
	import org.apache.ranger.plugin.util.ServicePolicies;
	import org.junit.AfterClass;
	import org.junit.BeforeClass;

	import com.google.gson.Gson;
	import com.google.gson.GsonBuilder;
	import com.google.gson.JsonDeserializationContext;
	import com.google.gson.JsonDeserializer;
	import com.google.gson.JsonElement;
	import com.google.gson.JsonParseException;
	import org.junit.Test;


	public class TestPolicyEngine {
	static RangerBasePlugin plugin = null;
	static Gson gsonBuilder = null;


	@BeforeClass
	public static void setUpBeforeClass() throws Exception {
	plugin = new RangerBasePlugin("hbase", "hbase");
	gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
	.setPrettyPrinting()
	.registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
	.registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer())
	.create();
	}

	@AfterClass
	public static void tearDownAfterClass() throws Exception {
	}


	@Test
	public void testPolicyEngine_hbase() {
	String[] hbaseTestResourceFiles = { "/policyengine/test_policyengine_hbase.json" };

	runTestsFromResourceFiles(hbaseTestResourceFiles);
	}

	private void runTestsFromResourceFiles(String[] resourceNames) {
	for(String resourceName : resourceNames) {
	InputStream inStream = this.getClass().getResourceAsStream(resourceName);
	InputStreamReader reader = new InputStreamReader(inStream);

	runTests(reader, resourceName);
	}
	}

	private void runTests(InputStreamReader reader, String testName) {
	try {
	PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);

	assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);

	ServicePolicies servicePolicies = new ServicePolicies();
	servicePolicies.setServiceName(testCase.serviceName);
	servicePolicies.setServiceDef(testCase.serviceDef);
	servicePolicies.setPolicies(testCase.policies);

	RangerPolicyEngineOptions policyEngineOptions = new RangerPolicyEngineOptions();
	RangerPluginContext pluginContext = new RangerPluginContext("hive");
	pluginContext.setClusterName("cl1");
	pluginContext.setClusterType("on-prem");
	RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(testName, servicePolicies, policyEngineOptions, pluginContext);

	RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(pluginContext.getConfig());

	for(TestData test : testCase.tests) {
	RangerAccessResult expected = test.result;
	RangerAccessRequest request = test.request;
	policyEngine.preProcess(request);

	RangerAccessResult result = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, auditHandler);

	assertNotNull("result was null! - " + test.name, result);
	assertEquals("isAllowed mismatched! - " + test.name, expected.getIsAllowed(), result.getIsAllowed());
	assertEquals("isAudited mismatched! - " + test.name, expected.getIsAudited(), result.getIsAudited());
	assertEquals("policyId mismatched! - " + test.name, expected.getPolicyId(), result.getPolicyId());
	}

	} catch(Throwable excp) {
	excp.printStackTrace();
	}

	}

	static class PolicyEngineTestCase {
	public String serviceName;
	public RangerServiceDef serviceDef;
	public List<RangerPolicy> policies;
	public List<TestData> tests;

	class TestData {
	public String name;
	public RangerAccessRequest request;
	public RangerAccessResult result;
	}
	}

	static class RangerAccessRequestDeserializer implements JsonDeserializer<RangerAccessRequest> {
	@Override
	public RangerAccessRequest deserialize(JsonElement jsonObj, Type type,
	JsonDeserializationContext context) throws JsonParseException {
	RangerAccessRequestImpl ret = gsonBuilder.fromJson(jsonObj, RangerAccessRequestImpl.class);

	ret.setAccessType(ret.getAccessType()); // to force computation of isAccessTypeAny and isAccessTypeDelegatedAdmin

	return ret;
	}
	}

	static class RangerResourceDeserializer implements JsonDeserializer<RangerAccessResource> {
	@Override
	public RangerAccessResource deserialize(JsonElement jsonObj, Type type,
	JsonDeserializationContext context) throws JsonParseException {
	RangerAccessResourceImpl resource = gsonBuilder.fromJson(jsonObj, RangerHBaseResource.class);
	resource.setValue("table", resource.getValue("table"));
	return resource;
	}
	}
	}