You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/26 03:19:09 UTC
incubator-ranger git commit: RANGER-278 Interim commit to enable
policy validation
Repository: incubator-ranger
Updated Branches:
refs/heads/master 0e4ced2f8 -> 06fe51834
RANGER-278 Interim commit to enable policy validation
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/06fe5183
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/06fe5183
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/06fe5183
Branch: refs/heads/master
Commit: 06fe51834e0f34b33dabe6f90ba7458e7de01a94
Parents: 0e4ced2
Author: Alok Lal <al...@hortonworks.com>
Authored: Sat Apr 25 13:36:28 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Apr 25 18:08:57 2015 -0700
----------------------------------------------------------------------
.../model/validation/RangerPolicyValidator.java | 3 ++-
.../validation/TestRangerPolicyValidator.java | 21 ++++++++++----------
.../org/apache/ranger/rest/ServiceREST.java | 13 ++++++------
.../rest/TestServiceRESTForValidation.java | 15 +++++---------
4 files changed, 25 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06fe5183/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index ae5bd68..991b641 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -239,7 +239,8 @@ public class RangerPolicyValidator extends RangerValidator {
boolean valid = true;
if (serviceDef != null) { // following checks can't be done meaningfully otherwise
- valid = isValidResourceNames(policy, failures, serviceDef);
+// TODO - disabled till a more robust fix for Hive resources definition can be found
+// valid = isValidResourceNames(policy, failures, serviceDef);
Map<String, RangerPolicyResource> resourceMap = policy.getResources();
if (resourceMap != null) { // following checks can't be done meaningfully otherwise
valid = isValidResourceValues(resourceMap, failures, serviceDef) && valid;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06fe5183/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
index 55404b2..90d7c06 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
@@ -401,16 +401,17 @@ public class TestRangerPolicyValidator {
// one mandatory is missing (tbl) and one unknown resource is specified (extra), and values of option resource don't conform to validation pattern (col)
Map<String, RangerPolicyResource> policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad);
when(_policy.getResources()).thenReturn(policyResources);
- for (Action action : cu) {
- for (boolean isAdmin : new boolean[] { true, false }) {
- _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
- _utils.checkFailureForMissingValue(_failures, "resources", "tbl"); // for missing resource: tbl
- _utils.checkFailureForSemanticError(_failures, "resources", "extra"); // for spurious resource: "extra"
- _utils.checkFailureForSemanticError(_failures, "resource-values", "col"); // for spurious resource: "extra"
- _utils.checkFailureForSemanticError(_failures, "isRecursive", "db"); // for specifying it as true when def did not allow it
- _utils.checkFailureForSemanticError(_failures, "isExcludes", "col"); // for specifying it as true when def did not allow it
- }
- }
+// TODO disabled till a more robust fix for Hive resources definition can be found
+// for (Action action : cu) {
+// for (boolean isAdmin : new boolean[] { true, false }) {
+// _failures.clear(); assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
+// _utils.checkFailureForMissingValue(_failures, "resources", "tbl"); // for missing resource: tbl
+// _utils.checkFailureForSemanticError(_failures, "resources", "extra"); // for spurious resource: "extra"
+// _utils.checkFailureForSemanticError(_failures, "resource-values", "col"); // for spurious resource: "extra"
+// _utils.checkFailureForSemanticError(_failures, "isRecursive", "db"); // for specifying it as true when def did not allow it
+// _utils.checkFailureForSemanticError(_failures, "isExcludes", "col"); // for specifying it as true when def did not allow it
+// }
+// }
// create the right resource def but let it clash with another policy with matching resource-def
policyResources = _utils.createPolicyResourceMap(policyResourceMap_good);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06fe5183/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index ad04a26..a02b932 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -63,6 +63,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.validation.RangerPolicyValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
import org.apache.ranger.plugin.model.validation.RangerServiceValidator;
import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
@@ -883,8 +884,8 @@ public class ServiceREST {
LOG.debug("Policy did not have its name set! Ok, setting name to [" + name + "]");
}
}
- // RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
- // validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
+ RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+ validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
ensureAdminAccess(policy.getService(), policy.getResources());
@@ -917,8 +918,8 @@ public class ServiceREST {
RangerPolicy ret = null;
try {
- // RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
- // validator.validate(policy, Action.UPDATE, bizUtil.isAdmin());
+ RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+ validator.validate(policy, Action.UPDATE, bizUtil.isAdmin());
ensureAdminAccess(policy.getService(), policy.getResources());
@@ -945,8 +946,8 @@ public class ServiceREST {
}
try {
- // RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
- // validator.validate(id, Action.DELETE);
+ RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+ validator.validate(id, Action.DELETE);
RangerPolicy policy = svcStore.getPolicy(id);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06fe5183/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
index c81f2e9..57a6f1f 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
@@ -205,9 +205,8 @@ public class TestServiceRESTForValidation {
}
}
- @Ignore("Disabled pending with hive policy creation-failure")
@Test
- public void testPolicy_happyPath() {
+ final public void testPolicy_happyPath() {
setupBizUtils();
try {
@@ -222,9 +221,8 @@ public class TestServiceRESTForValidation {
}
}
- @Ignore("Disabled pending with hive policy creation-failure")
@Test
- public void testPolicy_happyPath_deletion() {
+ final public void testPolicy_happyPath_deletion() {
setupBizUtils();
try {
@@ -238,9 +236,8 @@ public class TestServiceRESTForValidation {
}
}
- @Ignore("Disabled pending with hive policy creation-failure")
@Test
- public void testPolicy_validatorFailure() throws Exception {
+ final public void testPolicy_validatorFailure() throws Exception {
// let's have bizutil return true everytime
setupBizUtils();
@@ -282,9 +279,8 @@ public class TestServiceRESTForValidation {
}
}
- @Ignore("Disabled pending with hive policy creation-failure")
@Test
- public void testPolicy_storeFailure() throws Exception {
+ final public void testPolicy_storeFailure() throws Exception {
// let's have bizutils return true for now
setupBizUtils();
@@ -314,9 +310,8 @@ public class TestServiceRESTForValidation {
}
}
- @Ignore("Disabled pending with hive policy creation-failure")
@Test
- public void testPolicy_storeFailure_forDelete() throws Exception {
+ final public void testPolicy_storeFailure_forDelete() throws Exception {
// let's have bizutils return true for now
setupBizUtils();