Skip to content

RANGER-5551: TestRangerOzoneAuthorizer should use builder for RequestContext #913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
spacemonkd wants to merge 3 commits into
base: master
Choose a base branch
from
+18 −10
Open

RANGER-5551: TestRangerOzoneAuthorizer should use builder for RequestContext #913

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8f18b3a
RANGER-5551: Update TestRangerOzoneAuthorizer to use builder for Requ…
spacemonkd Apr 10, 2026
2bb5ef3
Address review comments
spacemonkd Apr 10, 2026
e155547
Address checkstyle issues
spacemonkd Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 18 additions & 10 deletions ...test/java/org/apache/ranger/authorization/ozone/authorizer/TestRangerOzoneAuthorizer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,14 @@ public class TestRangerOzoneAuthorizer {
private final OzoneGrant grantList = new OzoneGrant(new HashSet<>(Arrays.asList(vol1, buck1)), Collections.singleton(IAccessAuthorizer.ACLType.LIST));
private final OzoneGrant grantRead = new OzoneGrant(Collections.singleton(key1), Collections.singleton(IAccessAuthorizer.ACLType.READ));

private final RequestContext.Builder reqCtxBuilder = RequestContext.newBuilder()
.setHost(hostname)
.setIp(ipAddress)
.setClientUgi(user1)
.setServiceId(OZONE_SERVICE_ID)
.setAclType(IAccessAuthorizer.ACLIdentityType.ANONYMOUS)
.setOwnerName(OWNER_NAME);

@BeforeAll
public static void setUpBeforeClass() {
RangerPluginConfig pluginConfig = new RangerPluginConfig(RANGER_SERVICE_TYPE, null, RANGER_APP_ID, null, null, null); // loads ranger-ozone-security.xml
Expand Down Expand Up @@ -108,10 +116,10 @@ public void testAssumeRoleWithEmptyGrants() throws Exception {
assertEquals(RangerInlinePolicy.Mode.INLINE, inlinePolicy.getMode());
assertNotNull(inlinePolicy.getGrants());

RequestContext ctxListWithoutSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.LIST, OWNER_NAME);
RequestContext ctxReadWithoutSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.READ, OWNER_NAME);
RequestContext ctxListWithSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.LIST, OWNER_NAME, false, sessionPolicy);
RequestContext ctxReadWithSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.READ, OWNER_NAME, false, sessionPolicy);
RequestContext ctxListWithoutSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.LIST).build();
RequestContext ctxReadWithoutSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.READ).build();
RequestContext ctxListWithSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.LIST).setRecursiveAccessCheck(false).setSessionPolicy(sessionPolicy).build();
RequestContext ctxReadWithSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.READ).setRecursiveAccessCheck(false).setSessionPolicy(sessionPolicy).build();

// user1 doesn't have access without session-policy
assertFalse(ozoneAuthorizer.checkAccess(vol1, ctxListWithoutSessionPolicy), "session-policy should not allow list on volume vol1");
Expand Down Expand Up @@ -144,10 +152,10 @@ public void testAssumeRoleWithNullGrants() throws Exception {
assertEquals(RangerInlinePolicy.Mode.INLINE, inlinePolicy.getMode());
assertNull(inlinePolicy.getGrants());

RequestContext ctxListWithoutSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.LIST, OWNER_NAME);
RequestContext ctxReadWithoutSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.READ, OWNER_NAME);
RequestContext ctxListWithSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.LIST, OWNER_NAME, false, sessionPolicy);
RequestContext ctxReadWithSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.READ, OWNER_NAME, false, sessionPolicy);
RequestContext ctxListWithoutSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.LIST).build();
RequestContext ctxReadWithoutSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.READ).build();
RequestContext ctxListWithSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.LIST).setRecursiveAccessCheck(false).setSessionPolicy(sessionPolicy).build();
RequestContext ctxReadWithSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.READ).setRecursiveAccessCheck(false).setSessionPolicy(sessionPolicy).build();

// user1 doesn't have access without session-policy
assertFalse(ozoneAuthorizer.checkAccess(vol1, ctxListWithoutSessionPolicy), "session-policy should not allow list on volume vol1");
Expand Down Expand Up @@ -184,8 +192,8 @@ public void testAssumeRoleWithGrants() throws Exception {
assertTrue(inlinePolicy.getGrants().contains(new RangerInlinePolicy.Grant(null, new HashSet<>(Arrays.asList("volume:vol1", "bucket:vol1/buck1")), Collections.singleton("list"))));
assertTrue(inlinePolicy.getGrants().contains(new RangerInlinePolicy.Grant(null, Collections.singleton("key:vol1/buck1/key1"), Collections.singleton("read"))));

RequestContext ctxListWithSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.LIST, OWNER_NAME, false, sessionPolicy);
RequestContext ctxReadWithSessionPolicy = new RequestContext(hostname, ipAddress, user1, OZONE_SERVICE_ID, IAccessAuthorizer.ACLIdentityType.ANONYMOUS, IAccessAuthorizer.ACLType.READ, OWNER_NAME, false, sessionPolicy);
RequestContext ctxListWithSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.LIST).setRecursiveAccessCheck(false).setSessionPolicy(sessionPolicy).build();
RequestContext ctxReadWithSessionPolicy = reqCtxBuilder.setAclRights(IAccessAuthorizer.ACLType.READ).setRecursiveAccessCheck(false).setSessionPolicy(sessionPolicy).build();

// user1 should have access with sessionPolicy
assertTrue(ozoneAuthorizer.checkAccess(vol1, ctxListWithSessionPolicy), "session-policy should allow list on volume vol1");
Expand Down