You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2018/05/30 23:08:28 UTC
ranger git commit: RANGER-2108: Ensure that resource and access-type
names in service definition are in lower case
Repository: ranger
Updated Branches:
refs/heads/master 5dced6f66 -> b041df1dd
RANGER-2108: Ensure that resource and access-type names in service definition are in lower case
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/b041df1d
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/b041df1d
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/b041df1d
Branch: refs/heads/master
Commit: b041df1ddade3d3a78fe86513258d617a42e7f10
Parents: 5dced6f
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Wed May 30 16:07:18 2018 -0700
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Wed May 30 16:07:18 2018 -0700
----------------------------------------------------------------------
.../plugin/errors/ValidationErrorCode.java | 1 +
.../validation/RangerServiceDefValidator.java | 3 +++
.../model/validation/RangerValidator.java | 13 ++++++++++
.../TestRangerServiceDefValidator.java | 26 ++++++++++++++++++++
4 files changed, 43 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/b041df1d/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index ab120b7..fbe3030 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -61,6 +61,7 @@ public enum ValidationErrorCode {
SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX(2019, "default index[{0}] for enum [{1}] is invalid"),
SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT(2020, "An enum element in enum element collection of enum [{0}] is null"),
SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_RESOURCE_LEVELS(2021, "Resource-def levels are not in increasing order in an hierarchy"),
+ SERVICE_DEF_VALIDATION_ERR_NOT_LOWERCASE_NAME(2022, "{0}:[{1}] Invalid name. Name should consist of only lower case characters"),
// POLICY VALIDATION
POLICY_VALIDATION_ERR_UNSUPPORTED_ACTION(3001, "Internal error: method signature isValid(Long) is only supported for DELETE"),
http://git-wip-us.apache.org/repos/asf/ranger/blob/b041df1d/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
index d5f3fe5..3f9315a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
@@ -259,6 +259,7 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<Long> ids = new HashSet<>();
for (RangerAccessTypeDef def : accessTypeDefs) {
String name = def.getName();
+ valid = isInLowerCase(name, "access type name", failures) && valid;
valid = isUnique(name, accessNames, "access type name", "access types", failures) && valid;
valid = isUnique(def.getItemId(), ids, "access type itemId", "access types", failures) && valid;
if (CollectionUtils.isNotEmpty(def.getImpliedGrants())) {
@@ -472,6 +473,8 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<String> names = new HashSet<String>(resources.size());
Set<Long> ids = new HashSet<Long>(resources.size());
for (RangerResourceDef resource : resources) {
+ valid = isInLowerCase(resource.getName(), "resource type name", failures) && valid;
+
/*
* While id is the natural key, name is a surrogate key. At several places code expects resource name to be unique within a service.
*/
http://git-wip-us.apache.org/repos/asf/ranger/blob/b041df1d/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
index 55973f5..bdac640 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
@@ -33,6 +33,7 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerService;
@@ -588,6 +589,18 @@ public abstract class RangerValidator {
return valid;
}
+ boolean isInLowerCase(final String value, final String valueContext, final List<ValidationFailureDetails> failures) {
+ if (!StringUtils.isAllLowerCase(value)) {
+ ValidationErrorCode errorCode = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_NOT_LOWERCASE_NAME;
+ failures.add(new ValidationFailureDetailsBuilder()
+ .errorCode(errorCode.getErrorCode())
+ .field(value)
+ .becauseOf(errorCode.getMessage(valueContext, value))
+ .build());
+ return false;
+ }
+ return true;
+ }
boolean isUnique(final String value, final Set<String> alreadySeen, final String valueName, final String collectionName, final List<ValidationFailureDetails> failures) {
return isUnique(value, null, alreadySeen, valueName, collectionName, failures);
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/b041df1d/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
index 72c4520..1fafb12 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
@@ -209,6 +209,12 @@ public class TestRangerServiceDefValidator {
{ 3L, "admin", new String[] { "write", "admin" } } // non-existent access type (execute)
};
+ final Object[][] accessTypes_mixed_case_names = new Object[][] {
+ { 1L, "Read", null },
+ { 2L, "WRITE", new String[] { } },
+ { 3L, "adminPrivilege", new String[] { "write", "admin" } }
+ };
+
@Test
public final void test_isValidAccessTypes_happyPath() {
List<RangerAccessTypeDef> input = _utils.createAccessTypeDefs(accessTypes_good);
@@ -252,6 +258,13 @@ public class TestRangerServiceDefValidator {
accessTypeDefs = _utils.createAccessTypeDefs(accessTypes_bad_selfReference);
_failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures));
_utils.checkFailureForSemanticError(_failures, "implied grants", "admin");
+
+ // Mixed case access types
+ accessTypeDefs = _utils.createAccessTypeDefs(accessTypes_mixed_case_names);
+ _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures));
+ _utils.checkFailure(_failures, null, null, null, "Read",null);
+ _utils.checkFailure(_failures, null, null, null, "WRITE",null);
+ _utils.checkFailure(_failures, null, null, null, "adminPrivilege",null);
}
final Object[][] enums_bad_enumName_null = new Object[][] {
@@ -392,6 +405,13 @@ public class TestRangerServiceDefValidator {
{ 3L, 30, " " } // Name is all whitespace
};
+ Object[][] mixedCaseResources = new Object[][] {
+ // { id, level, name }
+ { 4L, -10, "DBase" }, // -ve value for level is ok
+ { 5L, 10, "TABLE" }, // id is duplicate
+ { 6L, -10, "Column" } // (in different case) but name and level are duplicate
+ };
+
@Test
public final void test_isValidResources() {
// null/empty resources are an error
@@ -410,6 +430,12 @@ public class TestRangerServiceDefValidator {
_utils.checkFailureForMissingValue(_failures, "resource itemId");
_utils.checkFailureForSemanticError(_failures, "resource itemId", "1"); // id 1 is duplicate
_utils.checkFailureForSemanticError(_failures, "resource name", "DataBase");
+
+ resources.clear(); resources.addAll(_utils.createResourceDefsWithIds(mixedCaseResources));
+ _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures));
+ _utils.checkFailure(_failures, null, null, null, "DBase",null);
+ _utils.checkFailure(_failures, null, null, null, "TABLE",null);
+ _utils.checkFailure(_failures, null, null, null, "Column",null);
}
@Test