You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by al...@apache.org on 2016/03/03 01:06:45 UTC

[21/50] [abbrv] incubator-ranger git commit: RANGER-551 Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped

RANGER-551 Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped

Signed-off-by: Madhan Neethiraj <ma...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/59810b2d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/59810b2d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/59810b2d

Branch: refs/heads/HDP-2.3.2-groupid
Commit: 59810b2dccfb93f708705f8e13b181d07a0b639b
Parents: 4d3192f
Author: Alok Lal <al...@hortonworks.com>
Authored: Fri Jun 12 16:29:04 2015 -0700
Committer: Alok Lal <al...@apache.org>
Committed: Wed Sep 2 13:09:42 2015 -0700

----------------------------------------------------------------------
 .../model/validation/RangerPolicyValidator.java | 38 ++++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/59810b2d/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index d27b667..84f750d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -322,26 +322,26 @@ public class RangerPolicyValidator extends RangerValidator {
 				valid = false;
 			} else {
 				if (LOG.isDebugEnabled()) {
-					LOG.debug("isValidResourceNames: Found compatible hierarchies: " + toStringHierarchies_all(candidateHierarchies, defHelper));
+					LOG.debug("isValidResourceNames: Found [" + candidateHierarchies.size() + "] compatible hierarchies: " + toStringHierarchies_all(candidateHierarchies, defHelper));
 				}
-			}
-			/*
-			 * Among the candidate hierarchies there should be at least one for which policy specifies all of the mandatory resources.  Note that there could be multiple 
-			 * hierarchies that meet that criteria, e.g. a hive policy that specified only DB.  It is not clear if it belongs to DB->UDF or DB->TBL->COL hierarchy.
-			 * However, if both UDF and TBL were required then we can detect that policy does not specify mandatory levels for any of the candidate hierarchies.
-			 */
-			Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources, candidateHierarchies, defHelper);
-			if (validHierarchies.isEmpty()) {
-				failures.add(new ValidationFailureDetailsBuilder()
-					.field("resources")
-					.subField("missing mandatory")
-					.isSemanticallyIncorrect()
-					.becauseOf("policy is missing required resources. Mandatory fields of potential hierarchies are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper))
-					.build());
-				valid = false;
-			} else {
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("isValidResourceNames: Found hierarchies with all mandatory fields specified: " + toStringHierarchies_mandatory(validHierarchies, defHelper));
+				/*
+				 * Among the candidate hierarchies there should be at least one for which policy specifies all of the mandatory resources.  Note that there could be multiple
+				 * hierarchies that meet that criteria, e.g. a hive policy that specified only DB.  It is not clear if it belongs to DB->UDF or DB->TBL->COL hierarchy.
+				 * However, if both UDF and TBL were required then we can detect that policy does not specify mandatory levels for any of the candidate hierarchies.
+				 */
+				Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources, candidateHierarchies, defHelper);
+				if (validHierarchies.isEmpty()) {
+					failures.add(new ValidationFailureDetailsBuilder()
+						.field("resources")
+						.subField("missing mandatory")
+						.isSemanticallyIncorrect()
+						.becauseOf("policy is missing required resources. Mandatory fields of potential hierarchies are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper))
+						.build());
+					valid = false;
+				} else {
+					if (LOG.isDebugEnabled()) {
+						LOG.debug("isValidResourceNames: Found hierarchies with all mandatory fields specified: " + toStringHierarchies_mandatory(validHierarchies, defHelper));
+					}
 				}
 			}
 		}