You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by ve...@apache.org on 2016/12/20 01:06:54 UTC

[1/3] incubator-ranger git commit: RANGER-1243: One failed embedded ServiceDef creating prevent any service from being created in Ranger

Repository: incubator-ranger
Updated Branches:
  refs/heads/master 9a9e6e8dc -> 7676341a0


RANGER-1243: One failed embedded ServiceDef creating prevent any service from being created in Ranger

Signed-off-by: Velmurugan Periasamy <ve...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/09b57de3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/09b57de3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/09b57de3

Branch: refs/heads/master
Commit: 09b57de3b7d3e0365603f4bef8a8655463574913
Parents: 9a9e6e8
Author: Asger Askov Blekinge <ab...@statsbiblioteket.dk>
Authored: Tue Dec 6 10:54:31 2016 +0100
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Mon Dec 19 20:03:39 2016 -0500

----------------------------------------------------------------------
 .../apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/09b57de3/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index adae311..3753a70 100755
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -214,8 +214,11 @@ public class EmbeddedServiceDefsUtil {
 				LOG.info("creating embedded service-def " + serviceDefName);
 				if (ret.getId() != null) {
 					store.setPopulateExistingBaseFields(true);
-					ret = store.createServiceDef(ret);
-					store.setPopulateExistingBaseFields(false);
+					try {
+						ret = store.createServiceDef(ret);
+					} finally {
+						store.setPopulateExistingBaseFields(false);
+					}
 				} else {
 					ret = store.createServiceDef(ret);
 				}

[2/3] incubator-ranger git commit: RANGER-1244 - documentation change, added note to README.txt about using apache review board.

Posted by ve...@apache.org.

RANGER-1244 - documentation change, added note to README.txt about using apache review board.

Signed-off-by: Velmurugan Periasamy <ve...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ba5353df
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ba5353df
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ba5353df

Branch: refs/heads/master
Commit: ba5353df997f68ce224a26757a0cc71d5c3bbabc
Parents: 09b57de
Author: Alok Lal <al...@ebay.com>
Authored: Tue Dec 6 10:57:08 2016 -0800
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Mon Dec 19 20:05:21 2016 -0500

----------------------------------------------------------------------
 README.txt | 6 ++++++
 1 file changed, 6 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ba5353df/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index c68ac0b..536d398 100644
--- a/README.txt
+++ b/README.txt
@@ -16,6 +16,12 @@
 Check Apache Ranger Wiki for up to date instruction: 
 https://cwiki.apache.org/confluence/display/RANGER/Index
 
+NOTE about using sending pull request on github:
+================================================
+Apache Ranger is currently NOT setup to use pull requests to take in the changes for commit.
+Please use the apache review board to submit your code changes for review and commit. https://reviews.apache.org
+Also create a jira to go along with the review and mention it in the review board review. https://issues.apache.org/jira/browse/RANGER
+
 Build Process
 =============

[3/3] incubator-ranger git commit: RANGER-1250 : If non-existing access-permissions are added through curl then permission module shows loading icon.

Posted by ve...@apache.org.

RANGER-1250 : If non-existing access-permissions are added through curl then permission module shows loading icon.

Signed-off-by: Velmurugan Periasamy <ve...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7676341a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7676341a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7676341a

Branch: refs/heads/master
Commit: 7676341a08664d7726c6aa31510255e90d56aa35
Parents: ba5353d
Author: pradeep agrawal <pr...@freestoneinfotech.com>
Authored: Mon Dec 12 11:56:09 2016 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Mon Dec 19 20:06:32 2016 -0500

----------------------------------------------------------------------
 .../model/validation/RangerPolicyValidator.java | 77 ++++++++++++++++++++
 1 file changed, 77 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7676341a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index 279489d..0c82b7e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -27,12 +27,15 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.plugin.errors.ValidationErrorCode;
 import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
 import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
 import org.apache.ranger.plugin.model.RangerService;
 import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
 import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
 import org.apache.ranger.plugin.store.ServiceStore;
 
@@ -302,6 +305,7 @@ public class RangerPolicyValidator extends RangerValidator {
 
 			if (serviceNameValid) { // resource checks can't be done meaningfully otherwise
 				valid = isValidResources(policy, failures, action, isAdmin, serviceDef) && valid;
+				valid = isValidAccessTypeDef(policy, failures, action, isAdmin, serviceDef) && valid;
 			}
 		}
 		
@@ -311,6 +315,79 @@ public class RangerPolicyValidator extends RangerValidator {
 		return valid;
 	}
 	
+	boolean isValidAccessTypeDef(RangerPolicy policy, final List<ValidationFailureDetails> failures, Action action,boolean isAdmin, final RangerServiceDef serviceDef) {
+		boolean valid = true;
+		if(LOG.isDebugEnabled()) {
+			LOG.debug(String.format("==> RangerPolicyValidator.isValidAccessTypeDef(%s, %s, %s,%s,%s)", policy, failures, action,isAdmin,serviceDef));
+		}
+		int policyType=policy.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : policy.getPolicyType();
+		//row filter policy
+		if (policyType==RangerPolicy.POLICY_TYPE_ROWFILTER){
+			List<String> rowFilterAccessTypeDefNames=new ArrayList<String>();
+			if(serviceDef!=null && serviceDef.getRowFilterDef()!=null){
+				if(!CollectionUtils.isEmpty(serviceDef.getRowFilterDef().getAccessTypes())){
+					for(RangerAccessTypeDef rangerAccessTypeDef:serviceDef.getRowFilterDef().getAccessTypes()){
+						rowFilterAccessTypeDefNames.add(rangerAccessTypeDef.getName().toLowerCase());
+					}
+				}
+			}
+
+			if(!CollectionUtils.isEmpty(policy.getRowFilterPolicyItems())){
+				for(RangerRowFilterPolicyItem rangerRowFilterPolicyItem:policy.getRowFilterPolicyItems()){
+					if(!CollectionUtils.isEmpty(rangerRowFilterPolicyItem.getAccesses())){
+						for(RangerPolicyItemAccess rangerPolicyItemAccess : rangerRowFilterPolicyItem.getAccesses()){
+							if(!rowFilterAccessTypeDefNames.contains(rangerPolicyItemAccess.getType().toLowerCase())){
+								ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID;
+								failures.add(new ValidationFailureDetailsBuilder()
+									.field("row filter policy item access type")
+									.isSemanticallyIncorrect()
+									.becauseOf(error.getMessage(rangerPolicyItemAccess.getType(), rowFilterAccessTypeDefNames))
+									.errorCode(error.getErrorCode())
+									.build());
+								valid = false;
+							}
+						}
+					}
+				}
+			}
+		}
+		//data mask policy
+		if (policyType==RangerPolicy.POLICY_TYPE_DATAMASK){
+			List<String> dataMaskAccessTypeDefNames=new ArrayList<String>();
+			if(serviceDef!=null && serviceDef.getDataMaskDef()!=null){
+				if(!CollectionUtils.isEmpty(serviceDef.getDataMaskDef().getAccessTypes())){
+					for(RangerAccessTypeDef rangerAccessTypeDef:serviceDef.getDataMaskDef().getAccessTypes()){
+						dataMaskAccessTypeDefNames.add(rangerAccessTypeDef.getName().toLowerCase());
+					}
+				}
+			}
+
+			if(!CollectionUtils.isEmpty(policy.getDataMaskPolicyItems())){
+				for(RangerDataMaskPolicyItem rangerDataMaskPolicyItem:policy.getDataMaskPolicyItems()){
+					if(!CollectionUtils.isEmpty(rangerDataMaskPolicyItem.getAccesses())){
+						for(RangerPolicyItemAccess rangerPolicyItemAccess : rangerDataMaskPolicyItem.getAccesses()){
+							if(!dataMaskAccessTypeDefNames.contains(rangerPolicyItemAccess.getType().toLowerCase())){
+								ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID;
+								failures.add(new ValidationFailureDetailsBuilder()
+									.field("data masking policy item access type")
+									.isSemanticallyIncorrect()
+									.becauseOf(error.getMessage(rangerPolicyItemAccess.getType(), dataMaskAccessTypeDefNames))
+									.errorCode(error.getErrorCode())
+									.build());
+								valid = false;
+							}
+						}
+					}
+				}
+			}
+		}
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug(String.format("<== RangerPolicyValidator.isValidAccessTypeDef(%s, %s, %s,%s,%s)", policy, failures, action,isAdmin,serviceDef));
+		}
+		return valid;
+	}
+
 	boolean isValidResources(RangerPolicy policy, final List<ValidationFailureDetails> failures, Action action,
 			boolean isAdmin, final RangerServiceDef serviceDef) {