You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/07 09:42:52 UTC
[1/2] incubator-ranger git commit: RANGER-344: fix for issues found
by static analyzer
Repository: incubator-ranger
Updated Branches:
refs/heads/master b73b29042 -> 0711abe23
RANGER-344: fix for issues found by static analyzer
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ae39d3ee
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ae39d3ee
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ae39d3ee
Branch: refs/heads/master
Commit: ae39d3eeb2b54d4aad228202b6cca9d3a5a768ca
Parents: 0ea6b16
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Tue Apr 7 00:36:01 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Apr 7 00:42:19 2015 -0700
----------------------------------------------------------------------
.../model/validation/RangerPolicyValidator.java | 2 +-
.../RangerDefaultPolicyEvaluator.java | 37 +++++++++-------
.../services/hbase/client/HBaseClient.java | 12 ++++--
.../hadoop/RangerHdfsAuthorizer.java | 10 +++--
.../hive/authorizer/RangerHiveAuthorizer.java | 32 ++++++++------
.../ranger/services/yarn/client/YarnClient.java | 2 +-
.../java/org/apache/ranger/biz/ServiceMgr.java | 45 ++++++++++++--------
7 files changed, 84 insertions(+), 56 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae39d3ee/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index 36fc550..63bcdda 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -168,7 +168,7 @@ public class RangerPolicyValidator extends RangerValidator {
.becauseOf("policy already exists with name[" + policyName + "]; its id is[" + policies.iterator().next().getId() + "]")
.build());
valid = false;
- } else if (policies.iterator().next().getId() != id) { // size == 1 && action == UPDATE
+ } else if (!policies.iterator().next().getId().equals(id)) { // size == 1 && action == UPDATE
failures.add(new ValidationFailureDetailsBuilder()
.field("id/name")
.isSemanticallyIncorrect()
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae39d3ee/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index fb80675..3cdc5ea 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -604,26 +604,31 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
RangerResourceMatcher ret = null;
- String resName = resourceDef != null ? resourceDef.getName() : null;
- String clsName = resourceDef != null ? resourceDef.getMatcher() : null;
+ if (resourceDef != null) {
+ String resName = resourceDef.getName();
+ String clsName = resourceDef.getMatcher();
+
+ if (!StringUtils.isEmpty(clsName)) {
+ try {
+ @SuppressWarnings("unchecked")
+ Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>) Class.forName(clsName);
+
+ ret = matcherClass.newInstance();
+ } catch (Exception excp) {
+ LOG.error("failed to instantiate resource matcher '" + clsName + "' for '" + resName + "'. Default resource matcher will be used", excp);
+ }
+ }
- if(! StringUtils.isEmpty(clsName)) {
- try {
- @SuppressWarnings("unchecked")
- Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>)Class.forName(clsName);
- ret = matcherClass.newInstance();
- } catch(Exception excp) {
- LOG.error("failed to instantiate resource matcher '" + clsName + "' for '" + resName + "'. Default resource matcher will be used", excp);
+ if (ret == null) {
+ ret = new RangerDefaultResourceMatcher();
}
- }
- if(ret == null) {
- ret = new RangerDefaultResourceMatcher();
- }
-
- if(ret != null) {
- ret.init(resourceDef, resource);
+ if (ret != null) {
+ ret.init(resourceDef, resource);
+ }
+ } else {
+ LOG.error("RangerDefaultPolicyEvaluator: RangerResourceDef is null");
}
if(LOG.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae39d3ee/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java
index e051bb9..e9bc684 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java
@@ -245,11 +245,15 @@ public class HBaseClient extends BaseClient {
LOG.info("getTableList: no exception: HbaseAvailability true");
admin = new HBaseAdmin(conf) ;
for (HTableDescriptor htd : admin.listTables(tableNameMatching)) {
- String tableName = htd.getNameAsString();
- if ( existingTableList != null && existingTableList.contains(tableName)) {
- continue;
+ if (htd == null) {
+ LOG.error("getTableList: null HTableDescription received from HBaseAdmin.listTables");
} else {
- tableList.add(htd.getNameAsString());
+ String tableName = htd.getNameAsString();
+ if (existingTableList != null && existingTableList.contains(tableName)) {
+ continue;
+ } else {
+ tableList.add(htd.getNameAsString());
+ }
}
}
} catch (ZooKeeperConnectionException zce) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae39d3ee/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 8a73d4d..61a95d2 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -335,10 +335,14 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
RangerAccessResult result = plugin.isAccessAllowed(request, auditHandler);
- ret = result.getIsAllowed();
+ if (result == null) {
+ LOG.error("RangerAccessControlEnforcer: Internal error: null RangerAccessResult object received back from isAccessAllowed()!");
+ } else {
+ ret = result.getIsAllowed();
- if(! ret) {
- break;
+ if (!ret) {
+ break;
+ }
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae39d3ee/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index bca8858..9dcc33d 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -317,7 +317,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if (column != null) {
column = column.trim();
}
- if(StringUtils.isEmpty(column.trim())) {
+ if(StringUtils.isEmpty(column)) {
continue;
}
@@ -345,7 +345,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
if(result != null && !result.getIsAllowed()) {
- String path = resource != null ? resource.getAsString(result.getServiceDef()) : null;
+ String path = resource.getAsString(result.getServiceDef());
throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
user, request.getHiveAccessType().name(), path));
@@ -443,20 +443,24 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
RangerHiveResource resource = createHiveResource(privilegeObject);
- RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, context, sessionContext);
- RangerAccessResult result = hivePlugin.isAccessAllowed(request);
- if (result == null) {
- LOG.error("filterListCmdObjects: Internal error: null RangerAccessResult object received back from isAccessAllowed()!");
- } else if (!result.getIsAllowed()) {
- if (!LOG.isDebugEnabled()) {
- String path = resource.getAsString(result.getServiceDef());
- LOG.debug(String.format("filterListCmdObjects: Permission denied: user [%s] does not have [%s] privilege on [%s]", user, request.getHiveAccessType().name(), path));
- }
+ if (resource == null) {
+ LOG.error("filterListCmdObjects: RangerHiveResource returned by createHiveResource is null");
} else {
- if (LOG.isDebugEnabled()) {
- LOG.debug(String.format("filterListCmdObjects: resource[%s]: allowed!: request[%s], result[%s]", resource, request, result));
+ RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, context, sessionContext);
+ RangerAccessResult result = hivePlugin.isAccessAllowed(request);
+ if (result == null) {
+ LOG.error("filterListCmdObjects: Internal error: null RangerAccessResult object received back from isAccessAllowed()!");
+ } else if (!result.getIsAllowed()) {
+ if (!LOG.isDebugEnabled()) {
+ String path = resource.getAsString(result.getServiceDef());
+ LOG.debug(String.format("filterListCmdObjects: Permission denied: user [%s] does not have [%s] privilege on [%s]", user, request.getHiveAccessType().name(), path));
+ }
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("filterListCmdObjects: resource[%s]: allowed!: request[%s], result[%s]", resource, request, result));
+ }
+ ret.add(privilegeObject);
}
- ret.add(privilegeObject);
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae39d3ee/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
----------------------------------------------------------------------
diff --git a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
index 34c8b61..fc07760 100644
--- a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
+++ b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
@@ -76,7 +76,7 @@ public class YarnClient {
}
final String errMsg = errMessage;
- List<String> ret = new ArrayList<String>();
+ List<String> ret = null;
Callable<List<String>> yarnQueueListGetter = new Callable<List<String>>() {
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ae39d3ee/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index 13756c5..b5ca24e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -98,13 +98,10 @@ public class ServiceMgr {
String msg = "Unable to connect repository with given config for " + svc.getServiceName();
HashMap<String, Object> respData = new HashMap<String, Object>();
- String message = "";
if (e instanceof HadoopException) {
respData = ((HadoopException) e).responseData;
- message = (respData != null && respData.get("message") != null) ? respData.get(
- "message").toString() : msg;
}
- ret = generateResponseForTestConn(respData, message);
+ ret = generateResponseForTestConn(respData, msg);
LOG.error("==> ServiceMgr.validateConfig Error:" + e);
} finally {
Thread.currentThread().setContextClassLoader(clsLoader);
@@ -290,19 +287,33 @@ public class ServiceMgr {
HashMap<String, Object> responseData, String msg) {
VXResponse vXResponse = new VXResponse();
- Long objId = (responseData.get("objectId") != null) ? Long
- .parseLong(responseData.get("objectId").toString()) : null;
- boolean connectivityStatus = (responseData.get("connectivityStatus") != null) ? Boolean
- .parseBoolean(responseData.get("connectivityStatus").toString())
- : false;
- int statusCode = (connectivityStatus) ? VXResponse.STATUS_SUCCESS
- : VXResponse.STATUS_ERROR;
- String message = (responseData.get("message") != null) ? responseData
- .get("message").toString() : msg;
- String description = (responseData.get("description") != null) ? responseData
- .get("description").toString() : msg;
- String fieldName = (responseData.get("fieldName") != null) ? responseData
- .get("fieldName").toString() : null;
+ Long objId = null;
+ boolean connectivityStatus = false;
+ int statusCode = VXResponse.STATUS_ERROR;
+ String message = msg;
+ String description = msg;
+ String fieldName = null;
+
+ if (responseData != null) {
+ if (responseData.get("objectId") != null) {
+ objId = Long.parseLong(responseData.get("objectId").toString());
+ }
+ if (responseData.get("connectivityStatus") != null) {
+ connectivityStatus = Boolean.parseBoolean(responseData.get("connectivityStatus").toString());
+ }
+ if (connectivityStatus) {
+ statusCode = VXResponse.STATUS_SUCCESS;
+ }
+ if (responseData.get("message") != null) {
+ message = responseData.get("message").toString();
+ }
+ if (responseData.get("description") != null) {
+ description = responseData.get("description").toString();
+ }
+ if (responseData.get("fieldName") != null) {
+ fieldName = responseData.get("fieldName").toString();
+ }
+ }
VXMessage vXMsg = new VXMessage();
List<VXMessage> vXMsgList = new ArrayList<VXMessage>();
[2/2] incubator-ranger git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/incubator-ranger
Posted by ma...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-ranger
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/0711abe2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/0711abe2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/0711abe2
Branch: refs/heads/master
Commit: 0711abe23b4660019ad72ae0dfbac64ddd68e50d
Parents: ae39d3e b73b290
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue Apr 7 00:42:45 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Apr 7 00:42:45 2015 -0700
----------------------------------------------------------------------
----------------------------------------------------------------------