Examples with ValidationErrorCode org.apache.ranger.plugin.errors.ValidationErrorCode used on opensource projects

Search in sources :

Example 11 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerPolicyValidator method isValidPolicyItem.

boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDetails> failures, RangerServiceDef serviceDef) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", policyItem, failures, serviceDef));
    }
    boolean valid = true;
    if (policyItem == null) {
        LOG.debug("policy item was null!");
    } else {
        // access items collection can't be empty (unless delegated admin is true) and should be otherwise valid
        if (CollectionUtils.isEmpty(policyItem.getAccesses())) {
            if (!Boolean.TRUE.equals(policyItem.getDelegateAdmin())) {
                ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
                failures.add(new ValidationFailureDetailsBuilder().field("policy item accesses").isMissing().becauseOf(error.getMessage("policy item accesses")).errorCode(error.getErrorCode()).build());
                valid = false;
            } else {
                LOG.debug("policy item collection was null but delegated admin is true. Ok");
            }
        } else {
            valid = isValidItemAccesses(policyItem.getAccesses(), failures, serviceDef) && valid;
        }
        // both users and user-groups collections can't be empty
        if (CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups())) {
            ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
            failures.add(new ValidationFailureDetailsBuilder().field("policy item users/user-groups").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
            valid = false;
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s): %s", policyItem, failures, serviceDef, valid));
    }
    return valid;
}
Also used : ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Example 12 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerPolicyValidator method isValidResourceValues.

boolean isValidResourceValues(Map<String, RangerPolicyResource> resourceMap, List<ValidationFailureDetails> failures, RangerServiceDef serviceDef) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isValidResourceValues(%s, %s, %s)", resourceMap, failures, serviceDef));
    }
    boolean valid = true;
    Map<String, String> validationRegExMap = getValidationRegExes(serviceDef);
    for (Map.Entry<String, RangerPolicyResource> entry : resourceMap.entrySet()) {
        String name = entry.getKey();
        RangerPolicyResource policyResource = entry.getValue();
        if (policyResource != null) {
            if (CollectionUtils.isNotEmpty(policyResource.getValues())) {
                Set<String> resources = new HashSet<>(policyResource.getValues());
                for (String aValue : resources) {
                    if (StringUtils.isBlank(aValue)) {
                        policyResource.getValues().remove(aValue);
                    }
                }
            }
            if (CollectionUtils.isEmpty(policyResource.getValues())) {
                ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_RESOURCE_LIST;
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("Resource list was empty or contains null: value[%s], resource-name[%s], service-def-name[%s]", policyResource.getValues(), name, serviceDef.getName()));
                }
                failures.add(new ValidationFailureDetailsBuilder().field("resource-values").subField(name).isMissing().becauseOf(error.getMessage(name)).errorCode(error.getErrorCode()).build());
                valid = false;
            }
            if (validationRegExMap.containsKey(name) && CollectionUtils.isNotEmpty(policyResource.getValues())) {
                String regEx = validationRegExMap.get(name);
                for (String aValue : policyResource.getValues()) {
                    if (!aValue.matches(regEx)) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug(String.format("Resource failed regex check: value[%s], resource-name[%s], regEx[%s], service-def-name[%s]", aValue, name, regEx, serviceDef.getName()));
                        }
                        ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_RESOURCE_VALUE_REGEX;
                        failures.add(new ValidationFailureDetailsBuilder().field("resource-values").subField(name).isSemanticallyIncorrect().becauseOf(error.getMessage(aValue, name)).errorCode(error.getErrorCode()).build());
                        valid = false;
                    }
                }
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isValidResourceValues(%s, %s, %s): %s", resourceMap, failures, serviceDef, valid));
    }
    return valid;
}
Also used : RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Example 13 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerPolicyValidator method isValid.

@Override
boolean isValid(Long id, Action action, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", id, action, failures));
    }
    boolean valid = true;
    if (action != Action.DELETE) {
        ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_UNSUPPORTED_ACTION;
        failures.add(new ValidationFailureDetailsBuilder().isAnInternalError().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
        valid = false;
    } else if (id == null) {
        ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
        failures.add(new ValidationFailureDetailsBuilder().becauseOf("policy id was null/missing").field("id").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage("id")).build());
        valid = false;
    } else if (getPolicy(id) == null) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("No policy found for id[" + id + "]! ok!");
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s): %s", id, action, failures, valid));
    }
    return valid;
}
Also used : ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Example 14 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerPolicyValidator method isValidResourceFlags.

boolean isValidResourceFlags(final Map<String, RangerPolicyResource> inputPolicyResources, final List<ValidationFailureDetails> failures, final List<RangerResourceDef> resourceDefs, final String serviceDefName, final String policyName, boolean isAdmin) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isValidResourceFlags(%s, %s, %s, %s, %s, %s)", inputPolicyResources, failures, resourceDefs, serviceDefName, policyName, isAdmin));
    }
    boolean valid = true;
    if (resourceDefs == null) {
        LOG.debug("isValidResourceFlags: service Def is null");
    } else {
        Map<String, RangerPolicyResource> policyResources = getPolicyResourceWithLowerCaseKeys(inputPolicyResources);
        for (RangerResourceDef resourceDef : resourceDefs) {
            if (resourceDef == null) {
                ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_RESOURCE_DEF;
                failures.add(new ValidationFailureDetailsBuilder().field("resource-def").isAnInternalError().becauseOf(error.getMessage(serviceDefName)).errorCode(error.getErrorCode()).build());
                valid = false;
            } else if (StringUtils.isBlank(resourceDef.getName())) {
                ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_RESOURCE_DEF_NAME;
                failures.add(new ValidationFailureDetailsBuilder().field("resource-def-name").isAnInternalError().becauseOf(error.getMessage(serviceDefName)).errorCode(error.getErrorCode()).build());
                valid = false;
            } else {
                String resourceName = resourceDef.getName().toLowerCase();
                RangerPolicyResource policyResource = policyResources.get(resourceName);
                if (policyResource == null) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("a policy-resource object for resource[" + resourceName + "] on policy [" + policyName + "] was null");
                    }
                } else {
                    // could be null
                    boolean excludesSupported = Boolean.TRUE.equals(resourceDef.getExcludesSupported());
                    // could be null
                    boolean policyResourceIsExcludes = Boolean.TRUE.equals(policyResource.getIsExcludes());
                    if (policyResourceIsExcludes && !excludesSupported) {
                        ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_NOT_SUPPORTED;
                        failures.add(new ValidationFailureDetailsBuilder().field("isExcludes").subField(resourceName).isSemanticallyIncorrect().becauseOf(error.getMessage(resourceName)).errorCode(error.getErrorCode()).build());
                        valid = false;
                    }
                    if (policyResourceIsExcludes && !isAdmin) {
                        ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_REQUIRES_ADMIN;
                        failures.add(new ValidationFailureDetailsBuilder().field("isExcludes").subField("isAdmin").isSemanticallyIncorrect().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
                        valid = false;
                    }
                    boolean recursiveSupported = Boolean.TRUE.equals(resourceDef.getRecursiveSupported());
                    boolean policyIsRecursive = Boolean.TRUE.equals(policyResource.getIsRecursive());
                    if (policyIsRecursive && !recursiveSupported) {
                        ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_RECURSIVE_NOT_SUPPORTED;
                        failures.add(new ValidationFailureDetailsBuilder().field("isRecursive").subField(resourceName).isSemanticallyIncorrect().becauseOf(error.getMessage(resourceName)).errorCode(error.getErrorCode()).build());
                        valid = false;
                    }
                }
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isValidResourceFlags(%s, %s, %s, %s, %s, %s): %s", inputPolicyResources, failures, resourceDefs, serviceDefName, policyName, isAdmin, valid));
    }
    return valid;
}
Also used : RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)

Example 15 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerPolicyValidator method isValidPolicyItems.

boolean isValidPolicyItems(List<RangerPolicyItem> policyItems, List<ValidationFailureDetails> failures, RangerServiceDef serviceDef) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", policyItems, failures, serviceDef));
    }
    boolean valid = true;
    if (CollectionUtils.isEmpty(policyItems)) {
        LOG.debug("policy items collection was null/empty");
    } else {
        for (RangerPolicyItem policyItem : policyItems) {
            if (policyItem == null) {
                ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM;
                failures.add(new ValidationFailureDetailsBuilder().field("policy item").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
                valid = false;
            } else {
                // we want to go through all elements even though one may be bad so all failures are captured
                valid = isValidPolicyItem(policyItem, failures, serviceDef) && valid;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s): %s", policyItems, failures, serviceDef, valid));
    }
    return valid;
}
Also used : RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Aggregations

ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)25 HashSet (java.util.HashSet)6 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)3 RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)3 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)3 ArrayList (java.util.ArrayList)2 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)2 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)2 RangerService (org.apache.ranger.plugin.model.RangerService)2 RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)2 List (java.util.List)1 RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)1 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)1 RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)1 RangerPolicyResourceSignature (org.apache.ranger.plugin.model.RangerPolicyResourceSignature)1 RangerEnumElementDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)1 RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial