You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/22 06:59:30 UTC
incubator-ranger git commit: RANGER-419 Assign generated name to
policy if missing before validation logic is triggered
Repository: incubator-ranger
Updated Branches:
refs/heads/master c5716e5db -> 35c490d60
RANGER-419 Assign generated name to policy if missing before validation logic is triggered
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/35c490d6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/35c490d6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/35c490d6
Branch: refs/heads/master
Commit: 35c490d607b6f2f0f0c70cdf2da073d1cf41cf6e
Parents: c5716e5
Author: Alok Lal <al...@hortonworks.com>
Authored: Tue Apr 21 20:34:54 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Apr 21 21:51:04 2015 -0700
----------------------------------------------------------------------
.../model/validation/RangerPolicyValidator.java | 2 +-
.../validation/RangerValidatorFactory.java | 36 ----------
.../org/apache/ranger/biz/RangerBizUtil.java | 5 +-
.../java/org/apache/ranger/biz/UserMgr.java | 7 +-
.../java/org/apache/ranger/common/GUIDUtil.java | 13 ++--
.../ranger/common/RangerValidatorFactory.java | 43 ++++++++++++
.../org/apache/ranger/common/ServiceUtil.java | 3 +-
.../java/org/apache/ranger/rest/AssetREST.java | 5 +-
.../org/apache/ranger/rest/ServiceREST.java | 31 +++++++--
.../RangerSecurityContextFormationFilter.java | 7 +-
.../ranger/service/RangerPolicyServiceBase.java | 6 +-
.../service/RangerServiceDefServiceBase.java | 5 +-
.../service/RangerServiceServiceBase.java | 8 ++-
.../java/org/apache/ranger/view/VXResource.java | 25 +++++++
.../org/apache/ranger/rest/TestServiceREST.java | 2 +-
.../rest/TestServiceRESTForValidation.java | 70 +++++++++++++++-----
.../TestRangerServiceDefServiceBase.java | 5 ++
17 files changed, 196 insertions(+), 77 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index 63bcdda..ae5bd68 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -278,7 +278,7 @@ public class RangerPolicyValidator extends RangerValidator {
failures.add(new ValidationFailureDetailsBuilder()
.field("resources")
.isSemanticallyIncorrect()
- .becauseOf("found another policy[" + policy.getName() + "] with matching resources[" + policy.getResources() + "]!")
+ .becauseOf("found another policy[" + otherPolicy.getName() + "] with matching resources[" + otherPolicy.getResources() + "]!")
.build());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java
deleted file mode 100644
index f72e8df..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.model.validation;
-
-import org.apache.ranger.plugin.store.ServiceStore;
-
-public class RangerValidatorFactory {
- public RangerServiceValidator getServiceValidator(ServiceStore store) {
- return new RangerServiceValidator(store);
- }
-
- public RangerPolicyValidator getPolicyValidator(ServiceStore store) {
- return new RangerPolicyValidator(store);
- }
-
- public RangerServiceDefValidator getServiceDefValidator(ServiceStore store) {
- return new RangerServiceDefValidator(store);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index d408611..0ab9d17 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -77,6 +77,9 @@ public class RangerBizUtil {
@Autowired
UserMgr userMgr;
+ @Autowired
+ GUIDUtil guidUtil;
+
Set<Class<?>> groupEditableClasses;
private Class<?>[] groupEditableClassesList = {};
@@ -1317,7 +1320,7 @@ public class RangerBizUtil {
if (usb != null) {
authSessionId = ContextUtil.getCurrentUserSession().getSessionId();
}
- Long trxId = GUIDUtil.genLong();
+ Long trxId = guidUtil.genLong();
for (XXTrxLog xTrxLog : trxLogList) {
xTrxLog.setTransactionId(trxId.toString());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 52b6695..0b6281b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -110,6 +110,9 @@ public class UserMgr {
@Autowired
XUserMgr xUserMgr;
+ @Autowired
+ GUIDUtil guidUtil;
+
String publicRoles[] = new String[] { RangerConstants.ROLE_USER,
RangerConstants.ROLE_OTHER };
@@ -203,7 +206,7 @@ public class UserMgr {
// emailAddress
String emailAddress = userProfile.getEmailAddress();
if (stringUtil.isEmpty(emailAddress)) {
- String randomString = GUIDUtil.genGUI();
+ String randomString = guidUtil.genGUID();
userProfile.setEmailAddress(randomString);
updateUser = true;
} else {
@@ -1122,7 +1125,7 @@ public class UserMgr {
MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
}
} else {
- String randomEmail = GUIDUtil.genGUI();
+ String randomEmail = guidUtil.genGUID();
userProfile.setEmailAddress(randomEmail);
xXPortalUser = this.createUser(userProfile,
RangerCommonEnums.STATUS_ENABLED);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java b/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java
index c4e0403..6710088 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java
@@ -20,22 +20,27 @@
package org.apache.ranger.common;
import java.io.Serializable;
+import java.nio.ByteBuffer;
import java.security.SecureRandom;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
public class GUIDUtil implements Serializable {
private static final long serialVersionUID = -7284237762948427019L;
- static SecureRandom secureRandom = new SecureRandom();
+ static SecureRandom secureRandom = new SecureRandom(ByteBuffer.allocate(8).putLong(System.nanoTime()).array());
static int counter = 0;
- static public String genGUI() {
+ public String genGUID() {
return System.currentTimeMillis() + "_" + secureRandom.nextInt(1000)
+ "_" + counter++;
}
- public static long genLong() {
+ public long genLong() {
return secureRandom.nextLong();
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java b/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java
new file mode 100644
index 0000000..ebe20b2
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
+import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
+import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class RangerValidatorFactory {
+ public RangerServiceValidator getServiceValidator(ServiceStore store) {
+ return new RangerServiceValidator(store);
+ }
+
+ public RangerPolicyValidator getPolicyValidator(ServiceStore store) {
+ return new RangerPolicyValidator(store);
+ }
+
+ public RangerServiceDefValidator getServiceDefValidator(ServiceStore store) {
+ return new RangerServiceDefValidator(store);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 3c48e4c..cd54fd6 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -54,9 +54,9 @@ import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermObj;
import org.apache.ranger.view.VXPolicy;
import org.apache.ranger.view.VXPolicyList;
+import org.apache.ranger.view.VXRepository;
import org.apache.ranger.view.VXRepositoryList;
import org.apache.ranger.view.VXResource;
-import org.apache.ranger.view.VXRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -288,6 +288,7 @@ public class ServiceUtil {
ret.setAssetType(toAssetType(service.getType()));
ret.setPolicyName(policy.getName());
ret.setDescription(policy.getDescription());
+ ret.setGuid(policy.getGuid());
ret.setResourceStatus(policy.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
List<VXAuditMap> auditList = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index 0fc0094..bc2c988 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -48,12 +48,11 @@ import org.apache.ranger.common.RangerSearchUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.ServiceUtil;
import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.annotation.RangerAnnotationClassName;
+import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
-import org.apache.ranger.common.annotation.RangerAnnotationClassName;
-import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
-import org.apache.ranger.service.AbstractBaseResourceService;
import org.apache.ranger.service.XAccessAuditService;
import org.apache.ranger.service.XAgentService;
import org.apache.ranger.service.XAssetService;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 4ffbabd..ad04a26 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -49,10 +49,12 @@ import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.biz.ServiceMgr;
import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConfigUtil;
import org.apache.ranger.common.RangerSearchUtil;
+import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.common.ServiceUtil;
import org.apache.ranger.entity.XXPolicyExportAudit;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -61,11 +63,9 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
-import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
@@ -134,9 +134,11 @@ public class ServiceREST {
@Autowired
RangerBizUtil bizUtil;
- // this indirection for validation via a factory exists only for testability
- // TODO move the instantiation to DI framework?
- RangerValidatorFactory validatorFactory = new RangerValidatorFactory();
+ @Autowired
+ GUIDUtil guidUtil;
+
+ @Autowired
+ RangerValidatorFactory validatorFactory;
public ServiceREST() {
}
@@ -864,6 +866,23 @@ public class ServiceREST {
RangerPolicy ret = null;
try {
+ // this needs to happen before validator is called
+ // set name of policy if unspecified
+ if (StringUtils.isBlank(policy.getName())) { // use of isBlank over isEmpty is deliberate as a blank string does not strike us as a particularly useful policy name!
+ String guid = policy.getGuid();
+ if (StringUtils.isBlank(guid)) { // use of isBlank is deliberate. External parties could send the guid in, perhaps to sync between dev/test/prod instances?
+ guid = guidUtil.genGUID();
+ policy.setGuid(guid);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No GUID supplied on the policy! Ok, setting GUID to [" + guid + "].");
+ }
+ }
+ String name = policy.getService() + "-" + guid;
+ policy.setName(name);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Policy did not have its name set! Ok, setting name to [" + name + "]");
+ }
+ }
// RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
// validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
@@ -1400,7 +1419,7 @@ public class ServiceREST {
}
}
- private void ensureAdminAccess(String serviceName, Map<String, RangerPolicyResource> resources) {
+ void ensureAdminAccess(String serviceName, Map<String, RangerPolicyResource> resources) {
boolean isAdmin = bizUtil.isAdmin();
if(!isAdmin) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index ad8c95e..52ea841 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -64,8 +64,11 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean {
HTTPUtil httpUtil;
@Autowired
- XUserMgr xUserMgr;
+ XUserMgr xUserMgr;
+ @Autowired
+ GUIDUtil guidUtil;
+
String testIP = null;
public RangerSecurityContextFormationFilter() {
@@ -113,7 +116,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean {
requestContext.setUserAgent(userAgent);
requestContext.setDeviceType(httpUtil
.getDeviceType(httpRequest));
- requestContext.setServerRequestId(GUIDUtil.genGUI());
+ requestContext.setServerRequestId(guidUtil.genGUID());
requestContext.setRequestURL(httpRequest.getRequestURI());
requestContext.setClientTimeOffsetInMinute(clientTimeOffset);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
index 319ca29..9584c3d 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
@@ -50,10 +50,14 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.view.RangerPolicyList;
+import org.springframework.beans.factory.annotation.Autowired;
public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends RangerPolicy> extends
RangerBaseModelService<T, V> {
+ @Autowired
+ GUIDUtil guidUtil;
+
public RangerPolicyServiceBase() {
super();
searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE, "xSvcDef.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
@@ -89,7 +93,7 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends
@Override
@SuppressWarnings("unchecked")
protected XXPolicyBase mapViewToEntityBean(RangerPolicy vObj, XXPolicyBase xObj, int OPERATION_CONTEXT) {
- String guid = (StringUtils.isEmpty(vObj.getGuid())) ? GUIDUtil.genGUI() : vObj.getGuid();
+ String guid = (StringUtils.isEmpty(vObj.getGuid())) ? guidUtil.genGUID() : vObj.getGuid();
xObj.setGuid(guid);
xObj.setVersion(vObj.getVersion());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
index 3cdd1e7..d3f0d7b 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
@@ -60,11 +60,14 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
@Autowired
JSONUtil jsonUtil;
+ @Autowired
+ GUIDUtil guidUtil;
+
@SuppressWarnings("unchecked")
@Override
protected XXServiceDef mapViewToEntityBean(RangerServiceDef vObj, XXServiceDef xObj, int operationContext) {
- String guid = (StringUtils.isEmpty(vObj.getGuid())) ? GUIDUtil.genGUI() : vObj.getGuid();
+ String guid = (StringUtils.isEmpty(vObj.getGuid())) ? guidUtil.genGUID() : vObj.getGuid();
xObj.setGuid(guid);
xObj.setVersion(vObj.getVersion());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
index 5505a88..6883d98 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
@@ -24,9 +24,9 @@ import org.apache.commons.lang.StringUtils;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.SearchField;
-import org.apache.ranger.common.SortField;
import org.apache.ranger.common.SearchField.DATA_TYPE;
import org.apache.ranger.common.SearchField.SEARCH_TYPE;
+import org.apache.ranger.common.SortField;
import org.apache.ranger.common.SortField.SORT_ORDER;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceBase;
@@ -34,9 +34,13 @@ import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.view.RangerServiceList;
+import org.springframework.beans.factory.annotation.Autowired;
public abstract class RangerServiceServiceBase<T extends XXServiceBase, V extends RangerService> extends RangerBaseModelService<T, V> {
+ @Autowired
+ GUIDUtil guidUtil;
+
public RangerServiceServiceBase() {
super();
@@ -57,7 +61,7 @@ public abstract class RangerServiceServiceBase<T extends XXServiceBase, V extend
@Override
@SuppressWarnings("unchecked")
protected XXServiceBase mapViewToEntityBean(RangerService vObj, XXServiceBase xObj, int OPERATION_CONTEXT) {
- String guid = (StringUtils.isEmpty(vObj.getGuid())) ? GUIDUtil.genGUI() : vObj.getGuid();
+ String guid = (StringUtils.isEmpty(vObj.getGuid())) ? guidUtil.genGUID() : vObj.getGuid();
xObj.setGuid(guid);
xObj.setVersion(vObj.getVersion());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/view/VXResource.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXResource.java b/security-admin/src/main/java/org/apache/ranger/view/VXResource.java
index 23d3e4a..334c3c4 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXResource.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXResource.java
@@ -146,6 +146,11 @@ public class VXResource extends VXDataObject implements java.io.Serializable {
protected String services;
/**
+ * guid
+ */
+ protected String guid;
+
+ /**
* Default constructor. This will set all the attributes to default value.
*/
public VXResource ( ) {
@@ -583,6 +588,25 @@ public class VXResource extends VXDataObject implements java.io.Serializable {
}
/**
+ * Returns the value for the member attribute <b>guid</b>
+ *
+ * @return String - value of member attribute <b>guid</b>.
+ */
+ public String getGuid() {
+ return guid;
+ }
+
+ /**
+ * This method sets the value to the member attribute <b>guid</b>. You
+ * cannot set null to the attribute.
+ *
+ * @param guid - Value to set member attribute <b>guid</b>
+ */
+ public void setGuid(String guid) {
+ this.guid = guid;
+ }
+
+ /**
* This return the bean content in string format
* @return formatedStr
*/
@@ -590,6 +614,7 @@ public class VXResource extends VXDataObject implements java.io.Serializable {
String str = "VXResource={";
str += super.toString();
str += "name={" + name + "} ";
+ str += "guid={" + guid + "} ";
str += "policyName={" + policyName + "} ";
str += "description={" + description + "} ";
str += "resourceType={" + resourceType + "} ";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 102c006..c043389 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -35,6 +35,7 @@ import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
+import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.common.ServiceUtil;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
@@ -56,7 +57,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
-import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.SearchFilter;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
index bcf587a..c81f2e9 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
@@ -23,11 +23,7 @@ import static org.junit.Assert.fail;
import static org.mockito.Matchers.anyBoolean;
import static org.mockito.Matchers.anyInt;
import static org.mockito.Matchers.anyString;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
@@ -36,7 +32,9 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -44,13 +42,11 @@ import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
-import org.apache.ranger.plugin.model.validation.RangerValidatorFactory;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.mockito.Mockito;
-@Ignore("tests to be reviewed")
public class TestServiceRESTForValidation {
private static final Log LOG = LogFactory.getLog(TestServiceRESTForValidation.class);
@@ -79,6 +75,11 @@ public class TestServiceRESTForValidation {
WebApplicationException webApplicationException = new WebApplicationException();
when(_restErrorUtil.createRESTException(anyInt(), anyString(), anyBoolean())).thenReturn(webApplicationException);
_serviceRest.restErrorUtil = _restErrorUtil;
+
+ _guidUtil = mock(GUIDUtil.class);
+ when(_guidUtil.genGUID()).thenReturn("a-guid");
+ _serviceRest.guidUtil = _guidUtil;
+
// other object of use in multiple tests
_service = mock(RangerService.class);
_policy = mock(RangerPolicy.class);
@@ -204,6 +205,7 @@ public class TestServiceRESTForValidation {
}
}
+ @Ignore("Disabled pending with hive policy creation-failure")
@Test
public void testPolicy_happyPath() {
setupBizUtils();
@@ -212,9 +214,6 @@ public class TestServiceRESTForValidation {
_serviceRest.updatePolicy(_policy);
verify(_policyValidator).validate(_policy, Action.UPDATE, true);
- _serviceRest.deletePolicy(3L);
- verify(_policyValidator).validate(3L, Action.DELETE);
-
_serviceRest.createPolicy(_policy);
verify(_policyValidator).validate(_policy, Action.CREATE, true);
} catch (Exception e) {
@@ -223,6 +222,23 @@ public class TestServiceRESTForValidation {
}
}
+ @Ignore("Disabled pending with hive policy creation-failure")
+ @Test
+ public void testPolicy_happyPath_deletion() {
+ setupBizUtils();
+
+ try {
+ long id = 3;
+ ServiceREST spy = setupForDelete(id);
+ spy.deletePolicy(id);
+ verify(_policyValidator).validate(id, Action.DELETE);
+ } catch (Exception e) {
+ LOG.debug(e);
+ fail("unexpected exception");
+ }
+ }
+
+ @Ignore("Disabled pending with hive policy creation-failure")
@Test
public void testPolicy_validatorFailure() throws Exception {
@@ -266,6 +282,7 @@ public class TestServiceRESTForValidation {
}
}
+ @Ignore("Disabled pending with hive policy creation-failure")
@Test
public void testPolicy_storeFailure() throws Exception {
@@ -295,14 +312,24 @@ public class TestServiceRESTForValidation {
LOG.debug(t);
fail("Unexpected exception!");
}
+ }
+
+ @Ignore("Disabled pending with hive policy creation-failure")
+ @Test
+ public void testPolicy_storeFailure_forDelete() throws Exception {
+
+ // let's have bizutils return true for now
+ setupBizUtils();
- doThrow(_exception).when(_store).deletePolicy(5L);
+ Long id = 5L;
+ ServiceREST spy = setupForDelete(id);
+ doThrow(_exception).when(_store).deletePolicy(id);
try {
- _serviceRest.deletePolicy(5L);
+ spy.deletePolicy(id);
fail("Should have thrown exception!");
} catch (WebApplicationException e) {
- verify(_policyValidator).validate(5L, Action.DELETE);
- verify(_store).deletePolicy(5L);
+ verify(_policyValidator).validate(id, Action.DELETE);
+ verify(_store).deletePolicy(id);
} catch (Throwable t) {
LOG.debug(t);
fail("Unexpected exception!");
@@ -400,14 +427,14 @@ public class TestServiceRESTForValidation {
fail("Unexpected exception!");
}
- doThrow(_exception).when(_store).deleteServiceDef(5L);
+ doThrow(_exception).when(_store).deleteServiceDef(5L, false);
try {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
_serviceRest.deleteServiceDef(5L, request);
fail("Should have thrown exception!");
} catch (WebApplicationException e) {
verify(_serviceDefValidator).validate(5L, Action.DELETE);
- verify(_store).deleteServiceDef(5L);
+ verify(_store).deleteServiceDef(5L, false);
} catch (Throwable t) {
LOG.debug(t);
fail("Unexpected exception!");
@@ -418,6 +445,16 @@ public class TestServiceRESTForValidation {
when(_bizUtils.isAdmin()).thenReturn(true);
}
+ @SuppressWarnings("unchecked")
+ ServiceREST setupForDelete(long id) throws Exception {
+ // deletion now asserts admin privileges. Ensure that it will find the policy from the store
+ when(_store.getPolicy(id)).thenReturn(_policy);
+ // now we have to ensure that real admin check never gets called -- we are not interested in its working
+ ServiceREST spy = spy(_serviceRest);
+ doNothing().when(spy).ensureAdminAccess(anyString(), anyMap());
+ return spy;
+ }
+
private RangerValidatorFactory _factory;
private RangerServiceValidator _serviceValidator;
private RangerPolicyValidator _policyValidator;
@@ -432,4 +469,5 @@ public class TestServiceRESTForValidation {
private RangerService _service;
private RangerPolicy _policy;
private RangerServiceDef _serviceDef;
+ private GUIDUtil _guidUtil;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
index db3d044..72f5597 100644
--- a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
+++ b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java
@@ -22,8 +22,10 @@ import java.util.List;
import javax.persistence.EntityManager;
import javax.ws.rs.WebApplicationException;
+
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.common.ContextUtil;
+import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
@@ -93,6 +95,9 @@ public class TestRangerServiceDefServiceBase {
@Mock
RangerSearchUtil searchUtil;
+
+ @Mock
+ GUIDUtil guidUtil;
@Rule
public ExpectedException thrown = ExpectedException.none();