You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by al...@apache.org on 2016/03/03 01:06:45 UTC
[21/50] [abbrv] incubator-ranger git commit: RANGER-551 Policy
Validation: If resource levels are not valid for any hierarchy then checks
about missing mandatory levels should be skipped
RANGER-551 Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/59810b2d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/59810b2d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/59810b2d
Branch: refs/heads/HDP-2.3.2-groupid
Commit: 59810b2dccfb93f708705f8e13b181d07a0b639b
Parents: 4d3192f
Author: Alok Lal <al...@hortonworks.com>
Authored: Fri Jun 12 16:29:04 2015 -0700
Committer: Alok Lal <al...@apache.org>
Committed: Wed Sep 2 13:09:42 2015 -0700
----------------------------------------------------------------------
.../model/validation/RangerPolicyValidator.java | 38 ++++++++++----------
1 file changed, 19 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/59810b2d/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index d27b667..84f750d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -322,26 +322,26 @@ public class RangerPolicyValidator extends RangerValidator {
valid = false;
} else {
if (LOG.isDebugEnabled()) {
- LOG.debug("isValidResourceNames: Found compatible hierarchies: " + toStringHierarchies_all(candidateHierarchies, defHelper));
+ LOG.debug("isValidResourceNames: Found [" + candidateHierarchies.size() + "] compatible hierarchies: " + toStringHierarchies_all(candidateHierarchies, defHelper));
}
- }
- /*
- * Among the candidate hierarchies there should be at least one for which policy specifies all of the mandatory resources. Note that there could be multiple
- * hierarchies that meet that criteria, e.g. a hive policy that specified only DB. It is not clear if it belongs to DB->UDF or DB->TBL->COL hierarchy.
- * However, if both UDF and TBL were required then we can detect that policy does not specify mandatory levels for any of the candidate hierarchies.
- */
- Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources, candidateHierarchies, defHelper);
- if (validHierarchies.isEmpty()) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("resources")
- .subField("missing mandatory")
- .isSemanticallyIncorrect()
- .becauseOf("policy is missing required resources. Mandatory fields of potential hierarchies are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper))
- .build());
- valid = false;
- } else {
- if (LOG.isDebugEnabled()) {
- LOG.debug("isValidResourceNames: Found hierarchies with all mandatory fields specified: " + toStringHierarchies_mandatory(validHierarchies, defHelper));
+ /*
+ * Among the candidate hierarchies there should be at least one for which policy specifies all of the mandatory resources. Note that there could be multiple
+ * hierarchies that meet that criteria, e.g. a hive policy that specified only DB. It is not clear if it belongs to DB->UDF or DB->TBL->COL hierarchy.
+ * However, if both UDF and TBL were required then we can detect that policy does not specify mandatory levels for any of the candidate hierarchies.
+ */
+ Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources, candidateHierarchies, defHelper);
+ if (validHierarchies.isEmpty()) {
+ failures.add(new ValidationFailureDetailsBuilder()
+ .field("resources")
+ .subField("missing mandatory")
+ .isSemanticallyIncorrect()
+ .becauseOf("policy is missing required resources. Mandatory fields of potential hierarchies are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper))
+ .build());
+ valid = false;
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("isValidResourceNames: Found hierarchies with all mandatory fields specified: " + toStringHierarchies_mandatory(validHierarchies, defHelper));
+ }
}
}
}