RANGER-4274: updated security-zones to support admin-roles and audit-…

…roles: fix unit test failures - #2
gympass · Jun 9, 2023 · cb65abc · cb65abc
1 parent 04cb1dc
commit cb65abc
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 15 deletions.
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
@@ -55,7 +55,7 @@ public RangerSecurityZone() {
     }
 
     public RangerSecurityZone(String name, Map<String, RangerSecurityZoneService> services,List<String> tagServices, List<String> adminUsers, List<String> adminUserGroups, List<String> auditUsers, List<String> auditUserGroups, String description) {
-        this(name, services, tagServices, adminUsers, adminUserGroups, null, adminUsers, adminUserGroups, null, description);
+        this(name, services, tagServices, adminUsers, adminUserGroups, null, auditUsers, auditUserGroups, null, description);
     }
 
     public RangerSecurityZone(String name, Map<String, RangerSecurityZoneService> services,List<String> tagServices, List<String> adminUsers, List<String> adminUserGroups, List<String> adminRoles, List<String> auditUsers, List<String> auditUserGroups, List<String> auditRoles, String description) {

diff --git a/.../test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java b/.../test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
@@ -163,7 +163,7 @@ public void testValidateSecurityZoneWitoutServicesAdminUserAdminUserGroupAuditUs
 		} catch (Exception ex) {
 			Assert.assertEquals(
 					ex.getMessage(),
-					"(0) Validation failure: error code[3044], reason[No services specified for security-zone:[MyZone]], field[services], subfield[null], type[missing] (1) Validation failure: error code[3038], reason[both users and user-groups collections for the security zone were null/empty], field[security zone admin users/user-groups], subfield[null], type[missing] (2) Validation failure: error code[3038], reason[both users and user-groups collections for the security zone were null/empty], field[security zone audit users/user-groups], subfield[null], type[missing] ");
+					"(0) Validation failure: error code[3044], reason[No services specified for security-zone:[MyZone]], field[services], subfield[null], type[missing] (1) Validation failure: error code[3038], reason[users, user-groups and roles collections for the security zone were null/empty], field[security zone admin users/user-groups/roles], subfield[null], type[missing] (2) Validation failure: error code[3038], reason[users, user-groups and roles collections for the security zone were null/empty], field[security zone audit users/user-groups/roles], subfield[null], type[missing] ");
 		}
 	}
 

diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java
@@ -35,6 +35,7 @@
 import org.apache.ranger.db.XXPolicyRefRoleDao;
 import org.apache.ranger.db.XXRoleDao;
 import org.apache.ranger.db.XXRoleRefRoleDao;
+import org.apache.ranger.db.XXSecurityZoneRefRoleDao;
 import org.apache.ranger.db.XXServiceDefDao;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.entity.XXRole;
@@ -356,19 +357,22 @@ public void testDeleteRoleByInValidRoleName() throws Exception {
 
     @Test
     public void testDeleteRoleByValidRoleName() throws Exception {
-        XXRoleDao          xxRoleDao          = Mockito.mock(XXRoleDao.class);
-        XXPolicyRefRoleDao xxPolicyRefRoleDao = Mockito.mock(XXPolicyRefRoleDao.class);
-        XXRoleRefRoleDao   xxRoleRefRoleDao   = Mockito.mock(XXRoleRefRoleDao.class);
-        XXTrxLog           xTrxLog            = new XXTrxLog() {{ setAction("delete"); }};
-        List<XXTrxLog>     trxLogList         = Collections.singletonList(xTrxLog);
-        XXRole             xxRole             = getTestRole();
-        RangerRole         rangerRole         = getRangerRole();
+        XXRoleDao                xxRoleDao          = Mockito.mock(XXRoleDao.class);
+        XXPolicyRefRoleDao       xxPolicyRefRoleDao = Mockito.mock(XXPolicyRefRoleDao.class);
+        XXRoleRefRoleDao         xxRoleRefRoleDao   = Mockito.mock(XXRoleRefRoleDao.class);
+        XXSecurityZoneRefRoleDao xxSzRefRoleDao     = Mockito.mock(XXSecurityZoneRefRoleDao.class);
+        XXTrxLog                 xTrxLog            = new XXTrxLog() {{ setAction("delete"); }};
+        List<XXTrxLog>           trxLogList         = Collections.singletonList(xTrxLog);
+        XXRole                   xxRole             = getTestRole();
+        RangerRole               rangerRole         = getRangerRole();
 
         Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
         Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+        Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
         Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(roleName)).thenReturn(0L);
         Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
         Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(roleName)).thenReturn(0L);
+        Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(roleName)).thenReturn(0L);
         Mockito.when(roleService.read(xxRole.getId())).thenReturn(rangerRole);
         Mockito.when(xxRoleDao.findByRoleName(roleName)).thenReturn(xxRole);
         Mockito.doNothing().when(transactionSynchronizationAdapter).executeOnTransactionCommit(Mockito.any());
@@ -450,16 +454,19 @@ public void testUpdateRole() throws Exception {
 
     @Test
     public void testDeleteRoleByRoleId() throws Exception {
-        RangerRole         rangerRole         = getRangerRole();
-        XXPolicyRefRoleDao xxPolicyRefRoleDao = Mockito.mock(XXPolicyRefRoleDao.class);
-        XXRoleRefRoleDao   xxRoleRefRoleDao   = Mockito.mock(XXRoleRefRoleDao.class);
-        XXTrxLog           xTrxLog            = new XXTrxLog() {{ setAction("delete"); }};
-        List<XXTrxLog>     trxLogList         = Collections.singletonList(xTrxLog);
-        XXRole             xxRole             = getTestRole();
+        RangerRole               rangerRole         = getRangerRole();
+        XXPolicyRefRoleDao       xxPolicyRefRoleDao = Mockito.mock(XXPolicyRefRoleDao.class);
+        XXRoleRefRoleDao         xxRoleRefRoleDao   = Mockito.mock(XXRoleRefRoleDao.class);
+        XXSecurityZoneRefRoleDao xxSzRefRoleDao     = Mockito.mock(XXSecurityZoneRefRoleDao.class);
+        XXTrxLog                 xTrxLog            = new XXTrxLog() {{ setAction("delete"); }};
+        List<XXTrxLog>           trxLogList         = Collections.singletonList(xTrxLog);
+        XXRole                   xxRole             = getTestRole();
 
         Mockito.when(roleService.read(roleId)).thenReturn(rangerRole);
         Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+        Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
         Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(rangerRole.getName())).thenReturn(0L);
+        Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(rangerRole.getName())).thenReturn(0L);
         Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
         Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(rangerRole.getName())).thenReturn(0L);
         Mockito.when(roleService.read(xxRole.getId())).thenReturn(rangerRole);
@@ -506,6 +513,27 @@ public void testDeleteRoleByValidRoleNameWhenRoleIsAssociatedWithOneOrMoreRoles(
         roleDBStore.deleteRole(roleName);
     }
 
+    @Test
+    public void testDeleteRoleByValidRoleNameWhenRoleIsAssociatedWithOneOrMoreSecurityZones() throws Exception {
+        XXRole                   xxRole             = getTestRole();
+        XXRoleDao                xxRoleDao          = Mockito.mock(XXRoleDao.class);
+        XXPolicyRefRoleDao       xxPolicyRefRoleDao = Mockito.mock(XXPolicyRefRoleDao.class);
+        XXRoleRefRoleDao         xxRoleRefRoleDao   = Mockito.mock(XXRoleRefRoleDao.class);
+        XXSecurityZoneRefRoleDao xxSzRefRoleDao     = Mockito.mock(XXSecurityZoneRefRoleDao.class);
+
+        Mockito.when(daoMgr.getXXRole()).thenReturn(xxRoleDao);
+        Mockito.when(xxRoleDao.findByRoleName(roleName)).thenReturn(xxRole);
+        Mockito.when(daoMgr.getXXPolicyRefRole()).thenReturn(xxPolicyRefRoleDao);
+        Mockito.when(xxPolicyRefRoleDao.findRoleRefPolicyCount(roleName)).thenReturn(0L);
+        Mockito.when(daoMgr.getXXRoleRefRole()).thenReturn(xxRoleRefRoleDao);
+        Mockito.when(xxRoleRefRoleDao.findRoleRefRoleCount(roleName)).thenReturn(0L);
+        Mockito.when(daoMgr.getXXSecurityZoneRefRole()).thenReturn(xxSzRefRoleDao);
+        Mockito.when(xxSzRefRoleDao.findRoleRefZoneCount(roleName)).thenReturn(1L);
+        thrown.expect(Exception.class);
+
+        roleDBStore.deleteRole(roleName);
+    }
+
     private XXRole getTestRole() {
         return new XXRole() {{
             setId(TestRoleDBStore.roleId);