Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: apache/ranger
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e7c1c0768ab505017d5a1390ba13504cd240c8b4
Choose a base ref
..
head repository: apache/ranger
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e706da8e790ec8a1d3c7234a80adec3fe0f64332
Choose a head ref
74 changes: 55 additions & 19 deletions dev-support/smoketests/ranger/apitests/policy_management.py
View file
Original file line number Diff line number Diff line change
@@ -26,7 +26,11 @@ class TestPolicyManagement:

def __init__(self, ranger_url, username, password):
self.ranger = RangerClient(ranger_url, (username, password))
self.login_user = username
self.ranger.session.verify = False
self.test_hive_policy_prefix = 'test_hive_policy'
self.test_hive_db_prefix = 'test_hive_db'
self.test_hive_table_prefix = 'test_hive_table'
return

def get_hive_policy(self, service_name, policy_name):
@@ -35,37 +39,69 @@ def get_hive_policy(self, service_name, policy_name):
def delete_hive_policy(self, service_name, policy_name):
return self.ranger.delete_policy(service_name, policy_name)

def create_hive_policy(self, service_name, policy_name, db_name):
@staticmethod
def _create_policy_item_accesses(access_types):
ret = []
for access_type in access_types:
ret.append(RangerPolicyItemAccess({'type': access_type}))
return ret

@staticmethod
def _create_policy_item(users, access_types):
allow_item = RangerPolicyItem()
allow_item.users = users
allow_item.accesses = TestPolicyManagement._create_policy_item_accesses(access_types)
return allow_item

@staticmethod
def _create_policy_item_with_delegate_admin(users, access_types):
allow_item = TestPolicyManagement._create_policy_item(users, access_types)
allow_item.delegateAdmin = True
return allow_item

@staticmethod
def _create_hive_policy_resource(db_name, table_name, column_name):
resources = {
'database': RangerPolicyResource({'values': [db_name]}),
'table': RangerPolicyResource({'values': [table_name]}),
'column': RangerPolicyResource({'values': [column_name]})
}
return resources

def create_hive_policy(self, service_name, policy_name, db_name, table_name):
policy = RangerPolicy()
policy.service = service_name
policy.name = policy_name
policy.resources = {'database': RangerPolicyResource({'values': [db_name]}),
'table': RangerPolicyResource({'values': ['test_tbl']}),
'column': RangerPolicyResource({'values': ['*']})}

allowItem1 = RangerPolicyItem()
allowItem1.users = ['admin']
allowItem1.accesses = [RangerPolicyItemAccess({'type': 'create'}),
RangerPolicyItemAccess({'type': 'alter'})]

denyItem1 = RangerPolicyItem()
denyItem1.users = ['admin']
denyItem1.accesses = [RangerPolicyItemAccess({'type': 'drop'})]

policy.policyItems = [allowItem1]
policy.denyPolicyItems = [denyItem1]

print(f'Creating policy: name={policy.name}')
policy.resources = TestPolicyManagement._create_hive_policy_resource(db_name, table_name, "*")
allow_item = TestPolicyManagement._create_policy_item_with_delegate_admin(['test_user_1'], ['create', 'alter'])
deny_item = TestPolicyManagement._create_policy_item([self.login_user], ['drop'])
policy.policyItems = [allow_item]
policy.denyPolicyItems = [deny_item]

created_policy = self.ranger.create_policy(policy)

print(f'Created policy: name={created_policy.name}, id={created_policy.id}')
return created_policy

def get_all_policies(self):
all_policies = self.ranger.find_policies()
return all_policies

def create_policies_in_bulk(self, service_name, count):
count = int(count)
for i in range(count):
policy_name = f'{self.test_hive_policy_prefix}_{i}'
db_name = f'{self.test_hive_db_prefix}_{i}'
table_name = f'{self.test_hive_table_prefix}_{i}'
self.create_hive_policy(service_name, policy_name, db_name, table_name)
return

def delete_policies_in_bulk(self, service_name, count):
count = int(count)
for i in range(count):
policy_name = f'{self.test_hive_policy_prefix}_{i}'
self.delete_hive_policy(service_name, policy_name)
return


class TestServiceManagement:
ROBOT_LIBRARY_SCOPE = 'SUITE'
4 changes: 2 additions & 2 deletions dev-support/smoketests/ranger/apitests/user_management.py
View file
Original file line number Diff line number Diff line change
@@ -43,13 +43,13 @@ def find_groups(self):
print(f'{len(groups.list)} groups found')
return groups

def create_user(self, user_name):
def create_user(self, user_name, role):
user = RangerUser({'name': user_name,
'firstName': user_name,
'lastName': 'lnu',
'emailAddress': user_name + '@test.org',
'password': 'Welcome1',
'userRoleList': ['ROLE_USER'],
'userRoleList': [role],
'otherAttributes': '{ "dept": "test" }'})

created_user = self.ugclient.create_user(user)
23 changes: 23 additions & 0 deletions dev-support/smoketests/ranger/custom.robot
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
*** Settings ***
Library policy_management.TestPolicyManagement http://localhost:6080 admin rangerR0cks! WITH NAME admin_p
Library policy_management.TestPolicyManagement http://localhost:6080 test_user_1 Welcome1 WITH NAME user_t
Library policy_management.TestPolicyManagement http://localhost:6080 finance_user Welcome1 WITH NAME user_f
Library Collections
Library JSONLibrary

*** Variables ***


*** Test Cases ***
Admin User Succeeds To Create Policy Regular User Fails
[Documentation] A regular user fails to create hive policy whereas an admin user succeeds.
${response} admin_p.Create Hive Policy dev_hive test_policy_custom_1 test_db_custom_1 test_table_custom_1
Log ${response}
Run Keyword And Expect Error RangerServiceException* user_t.Create Hive Policy dev_hive test_policy_custom_2 test_db_custom_2 test_table_custom_2


Regular User With Delegate-Admin Succeeds To Delete Policy Where Regular User Fails
[Documentation] A regular user with delegated-admin succeeds to delete hive policy whereas a regular user w/o delegated-admin fails
Run Keyword And Expect Error RangerServiceException* user_f.Delete Hive Policy dev_hive test_policy_custom_1
${response} user_t.Delete Hive Policy dev_hive test_policy_custom_1
Log ${response}
16 changes: 7 additions & 9 deletions dev-support/smoketests/ranger/policy_management.robot
View file
Original file line number Diff line number Diff line change
@@ -49,7 +49,7 @@ Validate Response - Get Default Hive Policy

Create Hive Test Policy
[Documentation] Create a test policy in Default Hive Service
${response} Create Hive Policy dev_hive test_policy_78 test_db
${response} Create Hive Policy dev_hive test_policy_78 test_db test_table

${id} Get Value From Json ${response} $.id
Set Suite Variable ${POLICY_ID} ${id}
@@ -63,7 +63,7 @@ Delete Hive Test Policy
# Depends on an earlier Test
Validate Successive Hive Test Policy
[Documentation] Create the test policy again in Default Hive Service
${response} Create Hive Policy dev_hive test_policy_78 test_db
${response} Create Hive Policy dev_hive test_policy_78 test_db test_table

${id} Get Value From Json ${response} $.id
${result} Evaluate ${POLICY_ID}[0] + 1
@@ -77,13 +77,11 @@ Delete Successive Hive Test Policy


Create 100 Policies
FOR ${i} IN RANGE 1 101
${policy_name} Create Hive Policy dev_hive policy_${i} test_db_${i}
Log Created policy: ${policy_name}
END
[Documentation] Creates 100 test policies in dev_hive service
Create Policies In Bulk dev_hive 100


Delete 100 Policies
FOR ${i} IN RANGE 1 101
Delete Hive Policy ${HIVE_DEFAULT_SVC} policy_${i}
END
[Documentation] Deletes 100 test policies in dev_hive service
Delete Policies In Bulk dev_hive 100

53 changes: 34 additions & 19 deletions dev-support/smoketests/ranger/user_management.robot
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,13 @@ Library user_management.TestUserManagement http://localhost:6080 ad
Library Collections
Library JSONLibrary

*** Variables ***
*** Keywords ***
Create Test User
[Arguments] ${user_name} ${role}
${response} Create User ${username} ${role}
Log ${response}
RETURN ${response}


*** Test Cases ***
Get All Users
@@ -12,11 +18,18 @@ Get All Users
Get All Groups
Find Groups

Create Test User
${response} Create User test_user_1
Create Test User With Admin Role
${response} Create Test User test_user_2 ROLE_SYS_ADMIN
${id} Get Value From Json ${response} $.id
Set Suite Variable ${ADMIN_ID} ${id}

Create Test User With User Role
${response} Create Test User test_user_1 ROLE_USER
${id} Get Value From Json ${response} $.id
Set Suite Variable ${USER_ID} ${id}
Log ${response}

Create Finance User With User Role
${response} Create Test User finance_user ROLE_USER

Create Test Group
${response} Create Group test_group_1
@@ -30,24 +43,26 @@ Add Test User To Test Group
List Should Contain Value ${users} test_user_1


List Users In Hadoop Group
[Documentation] Check existence of users: hdfs, yarn
${users} List Users In Group hadoop
List Should Contain Value ${users} hdfs
List Should Contain Value ${users} yarn

List Groups For Ranger
${groups} List Groups For User ranger
List Should Contain Value ${groups} ranger
#List Users In Hadoop Group
# [Documentation] Check existence of users: hdfs, yarn
# ${users} List Users In Group hadoop
# List Should Contain Value ${users} hdfs
# List Should Contain Value ${users} yarn
#
#List Groups For Ranger
# ${groups} List Groups For User ranger
# List Should Contain Value ${groups} ranger


List GroupUsers
${response} List Group Users
Log ${response}

Delete Last User Created
Delete User By Id ${USER_ID}[0]

Delete Last Group Created
Delete Group By Id ${GROUP_ID}[0]

#Delete Last User Created
# Delete User By Id ${USER_ID}[0]
#
#Delete Last Group Created
# Delete Group By Id ${GROUP_ID}[0]
#
#Delete Admin User Created
# Delete User By Id ${ADMIN_ID}[0]