You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2020/08/13 16:17:22 UTC
[ranger] branch ranger-2.1 updated: RANGER-2947: updated policy
validation to detect incorrect service-type
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.1
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.1 by this push:
new d2eaba6 RANGER-2947: updated policy validation to detect incorrect service-type
d2eaba6 is described below
commit d2eaba6739895fff34b6d6e492b66d27756a39b7
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Wed Aug 12 13:08:14 2020 +0530
RANGER-2947: updated policy validation to detect incorrect service-type
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
(cherry picked from commit 876d0bcb853cb46975b8c1b6953c748c2404ea8b)
---
.../ranger/plugin/errors/ValidationErrorCode.java | 1 +
.../plugin/model/validation/RangerPolicyValidator.java | 17 +++++++++++++++++
2 files changed, 18 insertions(+)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index 971fd50..df45329 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -104,6 +104,7 @@ public enum ValidationErrorCode {
POLICY_VALIDATION_ERR_NONEXISTANT_ZONE_NAME(3033, "Non-existent Zone name={0} in policy create"),
POLICY_VALIDATION_ERR_SERVICE_NOT_ASSOCIATED_TO_ZONE(3048, "Service name = {0} is not associated to Zone name = {1}"),
POLICY_VALIDATION_ERR_UNSUPPORTED_POLICY_ITEM_TYPE(3049, "Deny or deny-exceptions are not supported if policy has isDenyAllElse flag set to true"),
+ POLICY_VALIDATION_ERR_INVALID_SERVICE_TYPE(4009," Invalid service type [{0}] provided for service [{1}]"),
// SECURITY_ZONE Validations
SECURITY_ZONE_VALIDATION_ERR_UNSUPPORTED_ACTION(3034, "Internal error: unsupported action[{0}]; isValid() is only supported for DELETE"),
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index fb0afba..0ba1fb9 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -168,6 +168,7 @@ public class RangerPolicyValidator extends RangerValidator {
}
String policyName = policy.getName();
String serviceName = policy.getService();
+ String policyServicetype = policy.getServiceType();
String zoneName = policy.getZoneName();
RangerService service = null;
@@ -195,6 +196,22 @@ public class RangerPolicyValidator extends RangerValidator {
valid = false;
} else {
serviceNameValid = true;
+
+ String serviceType = service.getType();
+
+ if (StringUtils.isNotEmpty(serviceType) && StringUtils.isNotEmpty(policyServicetype)) {
+ if (!serviceType.equalsIgnoreCase(policyServicetype)) {
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_SERVICE_TYPE;
+
+ failures.add(new ValidationFailureDetailsBuilder()
+ .field("service type")
+ .isSemanticallyIncorrect()
+ .becauseOf(error.getMessage(policyServicetype,serviceName))
+ .errorCode(error.getErrorCode())
+ .build());
+ valid = false;
+ }
+ }
}
}