RANGER-5307: Test Cases for Security-Admin Module: Package[validation ,solr ,solr.krb ,elasticsearch ,credentialapi ,amazon.cloudwatch] (#657)

Author: bhaveshamre

security-admin/src/test/java/org/apache/ranger/amazon/cloudwatch/CloudWatchAccessAuditsServiceTest.java

@@ -0,0 +1,200 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.amazon.cloudwatch;
+
+import com.amazonaws.services.logs.AWSLogs;
+import com.amazonaws.services.logs.model.FilteredLogEvent;
+import org.apache.ranger.audit.model.AuthzAuditEvent;
+import org.apache.ranger.audit.provider.MiscUtil;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXServiceDao;
+import org.apache.ranger.db.XXServiceDefDao;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.view.VXAccessAuditList;
+import org.apache.ranger.view.VXLong;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+
+import java.util.Arrays;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.when;
+
+/**
+ * @generated by Cursor
+ * @description : Unit Test cases for CloudWatchAccessAuditsService
+ */
+
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class CloudWatchAccessAuditsServiceTest {
+    @Mock CloudWatchMgr    mgr;
+    @Mock CloudWatchUtil   util;
+    @Mock RESTErrorUtil    restErrorUtil;
+    @Mock RangerDaoManager daoManager;
+    TestSvc svc;
+
+    @BeforeEach
+    public void setUp() {
+        svc = new TestSvc();
+        svc.setCloudWatchMgrForTest(mgr);
+        svc.setCloudWatchUtilForTest(util);
+        svc.setRestErrorUtil(restErrorUtil);
+        svc.setDaoManagerForTest(daoManager);
+    }
+
+    @Test
+    public void searchXAccessAudits_throws_whenClientNull() {
+        when(mgr.getClient()).thenReturn(null);
+        when(restErrorUtil.createRESTException(any(String.class), any(MessageEnums.class)))
+                .thenThrow(new WebApplicationException(Response.status(500).build()));
+
+        assertThrows(WebApplicationException.class, () -> svc.searchXAccessAudits(new SearchCriteria()));
+    }
+
+    @Test
+    public void searchXAccessAudits_throws_whenSearchFails() {
+        AWSLogs client = mock(AWSLogs.class);
+        when(mgr.getClient()).thenReturn(client);
+        when(util.searchResources(any(AWSLogs.class), any(SearchCriteria.class), anyList(), anyList()))
+                .thenThrow(new RuntimeException("err"));
+        when(restErrorUtil.createRESTException(any(String.class), any(MessageEnums.class)))
+                .thenThrow(new WebApplicationException(Response.status(500).build()));
+
+        assertThrows(WebApplicationException.class, () -> svc.searchXAccessAudits(new SearchCriteria()));
+    }
+
+    @Test
+    public void searchXAccessAudits_transformsEvents_and_appliesHiveVisibility() {
+        // properties: hide hive query
+        String key = "ranger.audit.hive.query.visibility";
+        String old = PropertiesUtil.getPropertiesMap().get(key);
+        PropertiesUtil.getPropertiesMap().put(key, "false");
+
+        try (MockedStatic<PropertiesUtil> mocked = mockStatic(PropertiesUtil.class)) {
+            mocked.when(() -> PropertiesUtil.getBooleanProperty(eq(key), anyBoolean())).thenReturn(false);
+
+            AWSLogs client = mock(AWSLogs.class);
+            when(mgr.getClient()).thenReturn(client);
+
+            // build two events: one hive grant/revoke with requestData, one non-hive
+            AuthzAuditEvent hive = new AuthzAuditEvent();
+            hive.setRepositoryName("svc");
+            hive.setRepositoryType(1);
+            hive.setAccessType("grant");
+            hive.setRequestData("select+*+from+x");
+
+            AuthzAuditEvent other = new AuthzAuditEvent();
+            other.setRepositoryName("svc");
+            other.setRepositoryType(1);
+            other.setAccessType("read");
+            other.setRequestData("abc");
+
+            FilteredLogEvent e1 = new FilteredLogEvent().withMessage(MiscUtil.stringify(hive));
+            FilteredLogEvent e2 = new FilteredLogEvent().withMessage(MiscUtil.stringify(other));
+
+            when(util.searchResources(any(AWSLogs.class), any(SearchCriteria.class), anyList(), anyList()))
+                    .thenReturn(Arrays.asList(e1, e2));
+
+            // mock dao manager for display names
+            XXServiceDao    svcDao    = mock(XXServiceDao.class);
+            XXServiceDefDao svcDefDao = mock(XXServiceDefDao.class);
+            when(daoManager.getXXService()).thenReturn(svcDao);
+            when(daoManager.getXXServiceDef()).thenReturn(svcDefDao);
+
+            XXService xxService = mock(XXService.class);
+            when(xxService.getDisplayName()).thenReturn("ServiceDisplay");
+            when(svcDao.findByName(any())).thenReturn(xxService);
+
+            XXServiceDef def = mock(XXServiceDef.class);
+            when(def.getName()).thenReturn("hive");
+            when(def.getDisplayName()).thenReturn("Hive");
+            when(svcDefDao.getById(anyLong())).thenReturn(def);
+
+            SearchCriteria sc = new SearchCriteria();
+            sc.setStartIndex(0);
+            sc.setMaxRows(10);
+
+            VXAccessAuditList out = svc.searchXAccessAudits(sc);
+
+            assertNotNull(out);
+            assertEquals(2, out.getTotalCount());
+            assertEquals(2, out.getResultSize());
+            assertEquals(2, out.getVXAccessAudits().size());
+
+            // check hive requestData hidden (null) when visibility is false
+            assertNull(out.getVXAccessAudits().get(1).getRequestData());
+            // display names applied
+            assertEquals("ServiceDisplay", out.getVXAccessAudits().get(0).getRepoDisplayName());
+            assertEquals("hive", out.getVXAccessAudits().get(1).getServiceType());
+            assertEquals("Hive", out.getVXAccessAudits().get(1).getServiceTypeDisplayName());
+        } finally {
+            if (old == null) {
+                PropertiesUtil.getPropertiesMap().remove(key);
+            } else {
+                PropertiesUtil.getPropertiesMap().put(key, old);
+            }
+        }
+    }
+
+    @Test
+    public void getXAccessAuditSearchCount_returns100() {
+        VXLong out = svc.getXAccessAuditSearchCount(new SearchCriteria());
+        assertNotNull(out);
+        assertEquals(100L, out.getValue());
+    }
+
+    static class TestSvc extends CloudWatchAccessAuditsService {
+        public void setDaoManagerForTest(RangerDaoManager dm) {
+            this.daoManager = dm;
+        }
+
+        public void setCloudWatchMgrForTest(CloudWatchMgr m) {
+            this.cloudWatchMgr = m;
+        }
+
+        public void setCloudWatchUtilForTest(CloudWatchUtil u) {
+            this.cloudWatchUtil = u;
+        }
+    }
+}

security-admin/src/test/java/org/apache/ranger/amazon/cloudwatch/CloudWatchMgrTest.java

@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.amazon.cloudwatch;
+
+import com.amazonaws.regions.Regions;
+import com.amazonaws.services.logs.AWSLogs;
+import com.amazonaws.services.logs.AWSLogsClientBuilder;
+import org.apache.ranger.common.PropertiesUtil;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.MockedStatic;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+/**
+ * @generated by Cursor
+ * @description : Unit Test cases for CloudWatchMgr
+ */
+
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class CloudWatchMgrTest {
+    @AfterEach
+    public void tearDown() {
+        PropertiesUtil.getPropertiesMap().remove("ranger.audit.amazon_cloudwatch.region");
+    }
+
+    @Test
+    public void getClient_buildsDefault_whenRegionBlank() {
+        PropertiesUtil.getPropertiesMap().put("ranger.audit.amazon_cloudwatch.region", " ");
+        CloudWatchMgr mgr = new CloudWatchMgr();
+
+        AWSLogsClientBuilder builder = mock(AWSLogsClientBuilder.class);
+        AWSLogs              client  = mock(AWSLogs.class);
+
+        try (MockedStatic<AWSLogsClientBuilder> mocked = mockStatic(AWSLogsClientBuilder.class)) {
+            mocked.when(AWSLogsClientBuilder::standard).thenReturn(builder);
+            // For default path, build() is called directly without withRegion
+            when(builder.build()).thenReturn(client);
+
+            AWSLogs out = mgr.getClient();
+            assertNotNull(out);
+            verify(builder, times(1)).build();
+        }
+    }
+
+    @Test
+    public void getClient_buildsWithRegion_whenRegionProvided() {
+        PropertiesUtil.getPropertiesMap().put("ranger.audit.amazon_cloudwatch.region", Regions.US_EAST_1.getName());
+        CloudWatchMgr mgr = new CloudWatchMgr();
+
+        AWSLogsClientBuilder builder = mock(AWSLogsClientBuilder.class);
+        AWSLogs              client  = mock(AWSLogs.class);
+
+        try (MockedStatic<AWSLogsClientBuilder> mocked = mockStatic(AWSLogsClientBuilder.class)) {
+            mocked.when(AWSLogsClientBuilder::standard).thenReturn(builder);
+            when(builder.withRegion(any(String.class))).thenReturn(builder);
+            when(builder.build()).thenReturn(client);
+
+            AWSLogs out = mgr.getClient();
+            assertNotNull(out);
+            verify(builder, times(1)).withRegion(Regions.US_EAST_1.getName());
+            verify(builder, times(1)).build();
+        }
+    }
+}