You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2023/02/05 19:49:30 UTC
[ranger] branch ranger-2.4 updated (24e743b1d -> ebe1ca7c0)
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a change to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
from 24e743b1d RANGER-4055: updated to require user's firstName to be non-empty
new 92010c2ba RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch
new ebe1ca7c0 RANGER-4057: updated resetCache() APIs to handle invalid service-name with status code 400
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../java/org/apache/ranger/rest/ServiceREST.java | 12 ++++-
.../main/java/org/apache/ranger/rest/TagREST.java | 59 +++++++++++++++++++---
.../org/apache/ranger/rest/TestServiceREST.java | 57 ++++++++++++++++++++-
.../java/org/apache/ranger/rest/TestTagREST.java | 46 +++++++++++++++++
4 files changed, 164 insertions(+), 10 deletions(-)
[ranger] 01/02: RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 92010c2ba8a46af278c95efb10a5de9bd32d471a
Author: Kishor Gollapalliwar <ki...@gmail.com>
AuthorDate: Tue May 31 16:43:04 2022 +0530
RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch
Signed-off-by: Mehul Parikh <me...@apache.org>
(cherry picked from commit 2a057768fc6a345fce013a89c72d5d67d0df666d)
---
.../main/java/org/apache/ranger/rest/TagREST.java | 47 ++++++++++++++++++----
1 file changed, 40 insertions(+), 7 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 5d14f41ea..41b1504a8 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -606,6 +606,11 @@ public class TagREST {
return ret;
}
+ /**
+ * Resets/ removes tag policy cache for given service.
+ * @param serviceName non-empty service-name
+ * @return {@code true} if successfully reseted/ removed for given service, {@code false} otherwise.
+ */
@GET
@Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset")
@Produces({ "application/json", "application/xml" })
@@ -614,18 +619,20 @@ public class TagREST {
LOG.debug("==> TagREST.resetTagCache({})", serviceName);
}
+ if (StringUtils.isEmpty(serviceName)) {
+ throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA);
+ }
+
// check for ADMIN access
if (!bizUtil.isAdmin()) {
boolean isServiceAdmin = false;
String loggedInUser = bizUtil.getCurrentUserLoginId();
- if (StringUtils.isNotEmpty(serviceName)) {
- try {
- RangerService rangerService = svcStore.getServiceByName(serviceName);
- isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser);
- } catch (Exception e) {
- LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e);
- }
+ try {
+ RangerService rangerService = svcStore.getServiceByName(serviceName);
+ isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser);
+ } catch (Exception e) {
+ LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e);
}
if (!isServiceAdmin) {
@@ -642,6 +649,32 @@ public class TagREST {
return ret;
}
+ /**
+ * Resets/ removes tag policy cache for all.
+ * @return {@code true} if successfully reseted/ removed, {@code false} otherwise.
+ */
+ @GET
+ @Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset-all")
+ @Produces({ "application/json", "application/xml" })
+ public boolean resetTagCacheAll() {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> TagREST.resetTagCacheAll()");
+ }
+
+ // check for ADMIN access
+ if (!bizUtil.isAdmin()) {
+ throw restErrorUtil.createRESTException("User cannot reset policy cache", MessageEnums.OPER_NO_PERMISSION);
+ }
+
+ boolean ret = tagStore.resetTagCache(null);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== TagREST.resetTagCacheAll(): ret={}", ret);
+ }
+
+ return ret;
+ }
+
@POST
@Path(TagRESTConstants.RESOURCES_RESOURCE)
@Consumes({ "application/json" })
[ranger] 02/02: RANGER-4057: updated resetCache() APIs to handle invalid service-name with status code 400
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ebe1ca7c0d39126a5edced9bbe2e2d8279915a58
Author: Ramachandran Krishnan <ra...@gmail.com>
AuthorDate: Tue Jan 24 11:12:33 2023 +0530
RANGER-4057: updated resetCache() APIs to handle invalid service-name with status code 400
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
(cherry picked from commit 380ca0bd03a181a1b2b750f27bd1446724ab70f0)
---
.../java/org/apache/ranger/rest/ServiceREST.java | 12 ++++-
.../main/java/org/apache/ranger/rest/TagREST.java | 16 ++++--
.../org/apache/ranger/rest/TestServiceREST.java | 57 +++++++++++++++++++++-
.../java/org/apache/ranger/rest/TestTagREST.java | 46 +++++++++++++++++
4 files changed, 126 insertions(+), 5 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 191bc62c3..862a1d754 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -2000,13 +2000,23 @@ public class ServiceREST {
throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA);
}
+ RangerService rangerService = null;
+ try {
+ rangerService = svcStore.getServiceByName(serviceName);
+ } catch (Exception e) {
+ LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName );
+ }
+
+ if (rangerService == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid service name", true);
+ }
+
// check for ADMIN access
if (!bizUtil.isAdmin()) {
boolean isServiceAdmin = false;
String loggedInUser = bizUtil.getCurrentUserLoginId();
try {
- RangerService rangerService = svcStore.getServiceByName(serviceName);
isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser);
} catch (Exception e) {
LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e);
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 41b1504a8..6d0019f70 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -613,7 +613,7 @@ public class TagREST {
*/
@GET
@Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset")
- @Produces({ "application/json", "application/xml" })
+ @Produces({ "application/json" })
public boolean resetTagCache(@QueryParam("serviceName") String serviceName) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> TagREST.resetTagCache({})", serviceName);
@@ -623,13 +623,23 @@ public class TagREST {
throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA);
}
+ RangerService rangerService = null;
+ try {
+ rangerService = svcStore.getServiceByName(serviceName);
+ } catch (Exception e) {
+ LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName );
+ }
+
+ if (rangerService == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid service name", true);
+ }
+
// check for ADMIN access
if (!bizUtil.isAdmin()) {
boolean isServiceAdmin = false;
String loggedInUser = bizUtil.getCurrentUserLoginId();
try {
- RangerService rangerService = svcStore.getServiceByName(serviceName);
isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser);
} catch (Exception e) {
LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e);
@@ -655,7 +665,7 @@ public class TagREST {
*/
@GET
@Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset-all")
- @Produces({ "application/json", "application/xml" })
+ @Produces({ "application/json" })
public boolean resetTagCacheAll() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> TagREST.resetTagCacheAll()");
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 8fdcc43c8..5e3b1908d 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -2311,13 +2311,22 @@ public class TestServiceREST {
}
@Test
- public void test67ResetPolicyCache(){
+ public void test67ResetPolicyCacheForAdmin(){
boolean res = true;
String serviceName = "HDFS_1";
Mockito.when(bizUtil.isAdmin()).thenReturn(true);
+ RangerService rangerService = rangerService();
+ try {
+ Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService);
+ } catch (Exception e) {
+ }
Mockito.when(svcStore.resetPolicyCache(serviceName)).thenReturn(res);
boolean isReset = serviceREST.resetPolicyCache(serviceName);
assert isReset == res;
+ try {
+ Mockito.verify(svcStore).getServiceByName(serviceName);
+ } catch (Exception e) {
+ }
}
@Test
@@ -2620,4 +2629,50 @@ public class TestServiceREST {
Mockito.verify(validatorFactory).getPolicyValidator(svcStore);
Mockito.verify(svcStore).getPolicy(rangerPolicy.getGuid(), null, null);
}
+
+ @Test
+ public void test78ResetPolicyCacheByServiceNameForServiceAdmin() {
+ boolean isAdmin = false;
+ boolean res = true;
+ RangerService rangerService = rangerService();
+ String serviceName = rangerService.getName();
+ Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin);
+ String userName = "admin";
+ Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName);
+ try {
+ Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService);
+ } catch (Exception e) {
+ }
+ Mockito.when(bizUtil.isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString())).thenReturn(true);
+ try {
+ Mockito.when(svcStore.resetPolicyCache(serviceName)).thenReturn(true);
+ } catch (Exception e) {
+ }
+ boolean isReset =serviceREST.resetPolicyCache(serviceName);
+ assert isReset == res;
+ Mockito.verify(bizUtil).isAdmin();
+ Mockito.verify(bizUtil).isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString());
+ try {
+ Mockito.verify(svcStore).getServiceByName(serviceName);
+ } catch (Exception e) {
+ }
+ try {
+ Mockito.verify(svcStore).resetPolicyCache(serviceName);
+ } catch (Exception e) {
+ }
+
+ }
+
+ @Test
+ public void test79ResetPolicyCacheWhenServiceNameIsInvalid(){
+ String serviceName = "HDFS_1";
+ try {
+ Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(null);
+ } catch (Exception e) {
+ }
+ Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
+ serviceREST.resetPolicyCache(serviceName);
+ Mockito.verify(restErrorUtil).createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean());
+ }
}
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
index 5986d5182..570ce874b 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
@@ -1823,4 +1823,50 @@ public class TestTagREST {
}
Mockito.verify(restErrorUtil).createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean());
}
+
+ @Test
+ public void test58resetTagCacheByServiceNameForServiceAdmin() {
+ boolean isAdmin = false;
+ boolean res = true;
+ RangerService rangerService = new RangerService();
+ rangerService.setId(id);
+ rangerService.setName(serviceName);
+ String userName = "admin";
+ Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName);
+
+ Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin);
+ try {
+ Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService);
+ } catch (Exception e) {
+ }
+ Mockito.when(bizUtil.isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString())).thenReturn(true);
+ try {
+ Mockito.when(tagStore.resetTagCache(serviceName)).thenReturn(true);
+ } catch (Exception e) {
+ }
+ boolean isReset = tagREST.resetTagCache(serviceName);
+ assert isReset == res;
+ Mockito.verify(bizUtil).isAdmin();
+ Mockito.verify(bizUtil).isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString());
+ try {
+ Mockito.verify(svcStore).getServiceByName(serviceName);
+ } catch (Exception e) {
+ }
+
+ try {
+ Mockito.verify(tagStore).resetTagCache(serviceName);
+ } catch (Exception e) {
+ }
+ }
+ @Test
+ public void test59resetTagCacheWhenServiceNameIsInvalid() {
+ try {
+ Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(null);
+ } catch (Exception e) {
+ }
+ Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
+ tagREST.resetTagCache(serviceName);
+ Mockito.verify(restErrorUtil).createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean());
+ }
}