Search in sources :

Example 6 with RangerPolicyResourceSignature

use of org.apache.ranger.plugin.model.RangerPolicyResourceSignature in project ranger by apache.

the class RangerPolicyValidator method isPolicyResourceUnique.

boolean isPolicyResourceUnique(RangerPolicy policy, final List<ValidationFailureDetails> failures, Action action) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isPolicyResourceUnique(%s, %s, %s)", policy, failures, action));
    }
    boolean valid = true;
    if (!Boolean.TRUE.equals(policy.getIsEnabled())) {
        LOG.debug("Policy is disabled. Skipping resource uniqueness validation.");
    } else {
        RangerPolicyResourceSignature policySignature = _factory.createPolicyResourceSignature(policy);
        String signature = policySignature.getSignature();
        List<RangerPolicy> policies = getPoliciesForResourceSignature(policy.getService(), signature);
        if (CollectionUtils.isNotEmpty(policies)) {
            ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE;
            RangerPolicy matchedPolicy = policies.iterator().next();
            // there shouldn't be a matching policy for create.  During update only match should be to itself
            if (action == Action.CREATE || (action == Action.UPDATE && (policies.size() > 1 || !matchedPolicy.getId().equals(policy.getId())))) {
                failures.add(new ValidationFailureDetailsBuilder().field("resources").isSemanticallyIncorrect().becauseOf(error.getMessage(matchedPolicy.getName(), policy.getService())).errorCode(error.getErrorCode()).build());
                valid = false;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isPolicyResourceUnique(%s, %s, %s): %s", policy, failures, action, valid));
    }
    return valid;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyResourceSignature(org.apache.ranger.plugin.model.RangerPolicyResourceSignature) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Example 7 with RangerPolicyResourceSignature

use of org.apache.ranger.plugin.model.RangerPolicyResourceSignature in project ranger by apache.

the class TestServiceDBStore method tess28updatePolicy.

@Test
public void tess28updatePolicy() throws Exception {
    setup();
    XXPolicyDao xPolicyDao = Mockito.mock(XXPolicyDao.class);
    XXPolicy xPolicy = Mockito.mock(XXPolicy.class);
    XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
    XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
    XXService xService = Mockito.mock(XXService.class);
    XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
    XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
    XXServiceDef xServiceDef = Mockito.mock(XXServiceDef.class);
    XXServiceVersionInfo xServiceVersionInfo = Mockito.mock(XXServiceVersionInfo.class);
    XXPolicyResourceDao xPolicyResourceDao = Mockito.mock(XXPolicyResourceDao.class);
    XXPolicyResourceMapDao xPolicyResourceMapDao = Mockito.mock(XXPolicyResourceMapDao.class);
    XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class);
    XXPolicyItem xPolicyItem = Mockito.mock(XXPolicyItem.class);
    RangerService rangerService = rangerService();
    RangerPolicy rangerPolicy = rangerPolicy();
    String name = "HDFS_1-1-20150316062453";
    List<XXPolicyResource> policyResourceList = new ArrayList<XXPolicyResource>();
    XXPolicyResource policyResource = new XXPolicyResource();
    policyResource.setId(Id);
    policyResource.setCreateTime(new Date());
    policyResource.setAddedByUserId(Id);
    policyResource.setIsExcludes(false);
    policyResource.setIsRecursive(false);
    policyResource.setPolicyId(Id);
    policyResource.setResDefId(Id);
    policyResource.setUpdatedByUserId(Id);
    policyResource.setUpdateTime(new Date());
    policyResourceList.add(policyResource);
    List<XXPolicyResourceMap> policyResourceMapList = new ArrayList<XXPolicyResourceMap>();
    XXPolicyResourceMap policyResourceMap = new XXPolicyResourceMap();
    policyResourceMap.setAddedByUserId(Id);
    policyResourceMap.setCreateTime(new Date());
    policyResourceMap.setId(Id);
    policyResourceMap.setOrder(1);
    policyResourceMap.setResourceId(Id);
    policyResourceMap.setUpdatedByUserId(Id);
    policyResourceMap.setUpdateTime(new Date());
    policyResourceMap.setValue("1L");
    policyResourceMapList.add(policyResourceMap);
    List<XXPolicyLabelMap> xxPolicyLabelMapList = new ArrayList<>();
    List<XXServiceConfigDef> xServiceConfigDefList = new ArrayList<XXServiceConfigDef>();
    XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
    serviceConfigDefObj.setId(Id);
    xServiceConfigDefList.add(serviceConfigDefObj);
    List<XXServiceConfigMap> xConfMapList = new ArrayList<XXServiceConfigMap>();
    XXServiceConfigMap xConfMap = new XXServiceConfigMap();
    xConfMap.setAddedByUserId(null);
    xConfMap.setConfigkey(name);
    xConfMap.setConfigvalue(name);
    xConfMap.setCreateTime(new Date());
    xConfMap.setServiceId(null);
    xConfMap.setId(Id);
    xConfMap.setUpdatedByUserId(null);
    xConfMap.setUpdateTime(new Date());
    xConfMapList.add(xConfMap);
    Mockito.when(daoManager.getXXPolicy()).thenReturn(xPolicyDao);
    Mockito.when(xPolicyDao.getById(Id)).thenReturn(xPolicy);
    Mockito.when(policyService.getPopulatedViewObject(xPolicy)).thenReturn(rangerPolicy);
    Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
    Mockito.when(xServiceDao.findByName(name)).thenReturn(xService);
    Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(rangerService);
    Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
    Mockito.when(xServiceVersionInfoDao.findByServiceId(Id)).thenReturn(xServiceVersionInfo);
    Mockito.when(xServiceVersionInfoDao.update(xServiceVersionInfo)).thenReturn(xServiceVersionInfo);
    Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
    Mockito.when(xServiceDefDao.findByName(rangerService.getType())).thenReturn(xServiceDef);
    Mockito.when(policyService.update(rangerPolicy)).thenReturn(rangerPolicy);
    Mockito.when(daoManager.getXXPolicy()).thenReturn(xPolicyDao);
    Mockito.when(xPolicyDao.getById(rangerPolicy.getId())).thenReturn(xPolicy);
    Mockito.when(daoManager.getXXPolicyResource()).thenReturn(xPolicyResourceDao);
    Mockito.when(xPolicyResourceDao.findByPolicyId(rangerPolicy.getId())).thenReturn(policyResourceList);
    Mockito.when(daoManager.getXXPolicyResourceMap()).thenReturn(xPolicyResourceMapDao);
    Mockito.when(xPolicyResourceMapDao.findByPolicyResId(policyResourceMap.getId())).thenReturn(policyResourceMapList);
    Mockito.when(daoManager.getXXPolicyItem()).thenReturn(xPolicyItemDao);
    Mockito.when(rangerAuditFields.populateAuditFields(Mockito.isA(XXPolicyItem.class), Mockito.isA(XXPolicy.class))).thenReturn(xPolicyItem);
    Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
    Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(xService);
    Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
    Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(xService);
    Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
    Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId())).thenReturn(xxPolicyLabelMapList);
    RangerPolicyResourceSignature signature = Mockito.mock(RangerPolicyResourceSignature.class);
    Mockito.when(factory.createPolicyResourceSignature(rangerPolicy)).thenReturn(signature);
    Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
    RangerPolicy dbRangerPolicy = serviceDBStore.updatePolicy(rangerPolicy);
    Assert.assertNotNull(dbRangerPolicy);
    Assert.assertEquals(dbRangerPolicy, rangerPolicy);
    Assert.assertEquals(dbRangerPolicy.getId(), rangerPolicy.getId());
    Assert.assertEquals(dbRangerPolicy.getCreatedBy(), rangerPolicy.getCreatedBy());
    Assert.assertEquals(dbRangerPolicy.getDescription(), rangerPolicy.getDescription());
    Assert.assertEquals(dbRangerPolicy.getName(), rangerPolicy.getName());
    Assert.assertEquals(dbRangerPolicy.getGuid(), rangerPolicy.getGuid());
    Assert.assertEquals(dbRangerPolicy.getService(), rangerPolicy.getService());
    Assert.assertEquals(dbRangerPolicy.getIsEnabled(), rangerPolicy.getIsEnabled());
    Assert.assertEquals(dbRangerPolicy.getVersion(), rangerPolicy.getVersion());
    Mockito.verify(rangerAuditFields).populateAuditFields(Mockito.isA(XXPolicyItem.class), Mockito.isA(XXPolicy.class));
}
Also used : ArrayList(java.util.ArrayList) VXString(org.apache.ranger.view.VXString) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyResourceSignature(org.apache.ranger.plugin.model.RangerPolicyResourceSignature) RangerService(org.apache.ranger.plugin.model.RangerService) Date(java.util.Date) Test(org.junit.Test)

Aggregations

RangerPolicyResourceSignature (org.apache.ranger.plugin.model.RangerPolicyResourceSignature)7 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6 Test (org.junit.Test)5 ArrayList (java.util.ArrayList)4 RangerService (org.apache.ranger.plugin.model.RangerService)4 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)3 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)3 Action (org.apache.ranger.plugin.model.validation.RangerValidator.Action)3 VXString (org.apache.ranger.view.VXString)3 Date (java.util.Date)2 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)2 SearchFilter (org.apache.ranger.plugin.util.SearchFilter)2 HashMap (java.util.HashMap)1 ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)1 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)1 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)1