You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2015/05/31 17:03:43 UTC

[03/12] incubator-ranger git commit: RANGER-513 Policy validation: resource hierarchies check does not work with single-node hierarchies e.g. for HDFS

RANGER-513 Policy validation: resource hierarchies check does not work with single-node hierarchies e.g. for HDFS

Signed-off-by: Madhan Neethiraj <ma...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f0a8931a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f0a8931a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f0a8931a

Branch: refs/heads/ranger-0.5
Commit: f0a8931a8c1847470e486ffdf59c70814270ce9d
Parents: fb6e94f
Author: Alok Lal <al...@hortonworks.com>
Authored: Thu May 28 15:34:15 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu May 28 20:47:54 2015 -0700

----------------------------------------------------------------------
 .../validation/RangerServiceDefHelper.java      | 30 +++++++++++---
 .../validation/TestRangerServiceDefHelper.java  | 42 +++++++++++++++++++-
 2 files changed, 66 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f0a8931a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
index 91ff16a..d3bcc1a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
@@ -36,6 +36,8 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
 
+import com.google.common.collect.Lists;
+
 public class RangerServiceDefHelper {
 
 	private static final Log LOG = LogFactory.getLog(RangerServiceDefHelper.class);
@@ -238,10 +240,20 @@ public class RangerServiceDefHelper {
 			Set<String> sources = graph.getSources();
 			Set<String> sinks = graph.getSinks();
 			for (String source : sources) {
-				for (String sink : sinks) {
-					List<String> path = graph.getAPath(source, sink, new HashSet<String>());
-					if (!path.isEmpty()) {
-						hierarchies.add(path);
+				/*
+				 * A disconnected node, i.e. one that does not have any arc coming into or out of it is a hierarchy in itself!
+				 * A source by definition does not have any arcs coming into it.  So if it also doesn't have any neighbors then we know
+				 * it is a disconnected node.
+				 */
+				if (!graph.hasNeighbors(source)) {
+					List<String> path = Lists.newArrayList(source);
+					hierarchies.add(path);
+				} else {
+					for (String sink : sinks) {
+						List<String> path = graph.getAPath(source, sink, new HashSet<String>());
+						if (!path.isEmpty()) {
+							hierarchies.add(path);
+						}
 					}
 				}
 			}
@@ -328,6 +340,14 @@ public class RangerServiceDefHelper {
 		}
 
 		/**
+		 * Returns true if the node "from" has any neighbor.
+		 * @param from
+		 * @return
+		 */
+		boolean hasNeighbors(String from) {
+			return _nodes.containsKey(from) && _nodes.get(from).size() > 0;
+		}
+		/**
 		 * Return the set of nodes with in degree of 0, i.e. those that are not in any other nodes' list of neighbors
 		 * 
 		 * @return
@@ -339,7 +359,7 @@ public class RangerServiceDefHelper {
 				sources.removeAll(nbrs); // A source in a DAG can't be a neighbor of any other node
 			}
 			if (LOG.isDebugEnabled()) {
-				LOG.debug("Returning sinks: " + sources);
+				LOG.debug("Returning sources: " + sources);
 			}
 			return sources;
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f0a8931a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
index 2703384..883b808 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
@@ -149,10 +149,50 @@ public class TestRangerServiceDefHelper {
 			assertTrue(expectedHierarchies.contains(resourceNames));
 			expectedHierarchies.remove(resourceNames);
 		}
-		assertTrue(expectedHierarchies.isEmpty()); // make sure we saw got back hierarchies
+		assertTrue("Missing hierarchies: " + expectedHierarchies.toString(), expectedHierarchies.isEmpty()); // make sure we got back all hierarchies
 	}
 
 	@Test
+	public final void test_isResourceGraphValid_forest_singleNodeTrees() {
+		/*
+		 * Create a service-def which is a forest with a few single node trees
+		 * 
+		 *   Database
+		 *   
+		 *   Server
+		 *      
+		 *   Namespace -> package
+		 *       |
+		 *       v
+		 *     function
+		 *     
+		 * Check that helper corrects reports back all of the hierarchies: levels in it and their order.   
+		 */
+		RangerResourceDef database = createResourceDef("database", "");
+		RangerResourceDef server = createResourceDef("server", "");
+		RangerResourceDef namespace = createResourceDef("namespace", "");
+		RangerResourceDef function = createResourceDef("function", "namespace");
+		RangerResourceDef Package = createResourceDef("package", "namespace"); 
+		List<RangerResourceDef> resourceDefs = Lists.newArrayList(database, server, namespace, function, Package);
+		when(_serviceDef.getResources()).thenReturn(resourceDefs);
+		_helper = new RangerServiceDefHelper(_serviceDef);
+		assertTrue(_helper.isResourceGraphValid());
+		Set<List<RangerResourceDef>> hierarchies = _helper.getResourceHierarchies();
+
+		Set<List<String>> expectedHierarchies = new HashSet<List<String>>(); 
+		expectedHierarchies.add(Lists.newArrayList("database"));
+		expectedHierarchies.add(Lists.newArrayList("server"));
+		expectedHierarchies.add(Lists.newArrayList("namespace", "package"));
+		expectedHierarchies.add(Lists.newArrayList("namespace", "function"));
+		
+		for (List<RangerResourceDef> aHierarchy : hierarchies) {
+			List<String> resourceNames = _helper.getAllResourceNames(aHierarchy);
+			assertTrue(expectedHierarchies.contains(resourceNames));
+			expectedHierarchies.remove(resourceNames);
+		}
+		assertTrue("Missing hierarchies: " + expectedHierarchies.toString(), expectedHierarchies.isEmpty()); // make sure we got back all hierarchies
+	}
+	@Test
 	public final void test_cacheBehavior() {
 		// wipe the cache clean
 		RangerServiceDefHelper._Cache.clear();