Skip to content

Commit

Permalink
Added policy engine test cases for checkForDescendantDenial
Browse files Browse the repository at this point in the history
  • Loading branch information
fateh288 committed Nov 15, 2024
1 parent 00c6835 commit 29c98c5
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -284,8 +284,8 @@ public void testPolicyEngine_hbase_with_multiple_matching_policies() {
runTestsFromResourceFiles(hbaseTestResourceFiles);
}
@Test
public void testPolicyEngine_hbase_ResourceMatchingScope_equals_SELF_AND_ALL_DESCENDANTS() {
String[] hbaseTestResourceFiles = { "/policyengine/test_policyengine_hbase_selfandalldescendants.json" };
public void testPolicyEngine_hbase_checkForDescendantDenial() {
String[] hbaseTestResourceFiles = { "/policyengine/test_policyengine_hbase_checkForDescendantDenial.json" };

runTestsFromResourceFiles(hbaseTestResourceFiles);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,21 +34,48 @@
],

"tests":[
{"name":"TEST!!! DENY 'get' for restricted column family when ResourceMatchingScope=SELF_AND_ALL_DESCENDANTS",
{"name":"TEST1!!! DENY 'get' for restricted column family when ResourceMatchingScope=SELF_OR_DESCENDANTS,checkForDescendantDenial=true",
"request":{
"resource":{"elements":{"table":"finance","column-family":"restricted_cf"}},
"resourceMatchingScope": "SELF_AND_ALL_DESCENDANTS",
"resourceMatchingScope": "SELF_OR_DESCENDANTS",
"checkForDescendantDenial": true,
"accessType":"read","user":"user1","requestData":"deny get as there is a restricted column"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":1}
},
{"name":"TEST!!! Allow 'get' for restricted column family when ResourceMatchingScope=SELF",
{"name":"TEST2!!! ALLOW 'get' for restricted column family when ResourceMatchingScope=SELF_OR_DESCENDANTS,checkForDescendantDenial=false",
"request":{
"resource":{"elements":{"table":"finance","column-family":"restricted_cf"}},
"resourceMatchingScope": "SELF_OR_DESCENDANTS",
"checkForDescendantDenial": false,
"accessType":"read","user":"user1","requestData":""
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
},
{"name":"TEST3!!! ALLOW 'get' for restricted column family when ResourceMatchingScope=SELF_OR_DESCENDANTS,checkForDescendantDenial=default",
"request":{
"resource":{"elements":{"table":"finance","column-family":"restricted_cf"}},
"resourceMatchingScope": "SELF_OR_DESCENDANTS",
"accessType":"read","user":"user1","requestData":"deny get as there is a restricted column"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
},
{"name":"TEST4!!! Allow 'get' for restricted column family when ResourceMatchingScope=SELF, checkForDescendantDenial=true",
"request":{
"resource":{"elements":{"table":"finance","column-family":"restricted_cf"}},
"resourceMatchingScope": "SELF",
"checkForDescendantDenial": true,
"accessType":"read","user":"user1","requestData":"allow get as restricted column policy not considered"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
},
{"name":"TEST5!!! Allow 'get' for restricted column family when ResourceMatchingScope=SELF, checkForDescendantDenial=default",
"request":{
"resource":{"elements":{"table":"finance","column-family":"restricted_cf"}},
"resourceMatchingScope": "SELF",
"accessType":"read","user":"user1","requestData":"allow get as restricted column policy not considered"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
}

]
Expand Down

0 comments on commit 29c98c5

Please sign in to comment.