Example 6 with RangerPolicyResourceSignature
use of org.apache.ranger.plugin.model.RangerPolicyResourceSignature in project ranger by apache.
the class RangerPolicyValidator method isPolicyResourceUnique.
boolean isPolicyResourceUnique(RangerPolicy policy, final List<ValidationFailureDetails> failures, Action action) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerPolicyValidator.isPolicyResourceUnique(%s, %s, %s)", policy, failures, action));
}
boolean valid = true;
if (!Boolean.TRUE.equals(policy.getIsEnabled())) {
LOG.debug("Policy is disabled. Skipping resource uniqueness validation.");
} else {
RangerPolicyResourceSignature policySignature = _factory.createPolicyResourceSignature(policy);
String signature = policySignature.getSignature();
List<RangerPolicy> policies = getPoliciesForResourceSignature(policy.getService(), signature);
if (CollectionUtils.isNotEmpty(policies)) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE;
RangerPolicy matchedPolicy = policies.iterator().next();
// there shouldn't be a matching policy for create. During update only match should be to itself
if (action == Action.CREATE || (action == Action.UPDATE && (policies.size() > 1 || !matchedPolicy.getId().equals(policy.getId())))) {
failures.add(new ValidationFailureDetailsBuilder().field("resources").isSemanticallyIncorrect().becauseOf(error.getMessage(matchedPolicy.getName(), policy.getService())).errorCode(error.getErrorCode()).build());
valid = false;
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerPolicyValidator.isPolicyResourceUnique(%s, %s, %s): %s", policy, failures, action, valid));
}
return valid;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyResourceSignature(org.apache.ranger.plugin.model.RangerPolicyResourceSignature)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
Example 7 with RangerPolicyResourceSignature
use of org.apache.ranger.plugin.model.RangerPolicyResourceSignature in project ranger by apache.
the class TestServiceDBStore method tess28updatePolicy.
@Test
public void tess28updatePolicy() throws Exception {
setup();
XXPolicyDao xPolicyDao = Mockito.mock(XXPolicyDao.class);
XXPolicy xPolicy = Mockito.mock(XXPolicy.class);
XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
XXService xService = Mockito.mock(XXService.class);
XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
XXServiceDef xServiceDef = Mockito.mock(XXServiceDef.class);
XXServiceVersionInfo xServiceVersionInfo = Mockito.mock(XXServiceVersionInfo.class);
XXPolicyResourceDao xPolicyResourceDao = Mockito.mock(XXPolicyResourceDao.class);
XXPolicyResourceMapDao xPolicyResourceMapDao = Mockito.mock(XXPolicyResourceMapDao.class);
XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class);
XXPolicyItem xPolicyItem = Mockito.mock(XXPolicyItem.class);
RangerService rangerService = rangerService();
RangerPolicy rangerPolicy = rangerPolicy();
String name = "HDFS_1-1-20150316062453";
List<XXPolicyResource> policyResourceList = new ArrayList<XXPolicyResource>();
XXPolicyResource policyResource = new XXPolicyResource();
policyResource.setId(Id);
policyResource.setCreateTime(new Date());
policyResource.setAddedByUserId(Id);
policyResource.setIsExcludes(false);
policyResource.setIsRecursive(false);
policyResource.setPolicyId(Id);
policyResource.setResDefId(Id);
policyResource.setUpdatedByUserId(Id);
policyResource.setUpdateTime(new Date());
policyResourceList.add(policyResource);
List<XXPolicyResourceMap> policyResourceMapList = new ArrayList<XXPolicyResourceMap>();
XXPolicyResourceMap policyResourceMap = new XXPolicyResourceMap();
policyResourceMap.setAddedByUserId(Id);
policyResourceMap.setCreateTime(new Date());
policyResourceMap.setId(Id);
policyResourceMap.setOrder(1);
policyResourceMap.setResourceId(Id);
policyResourceMap.setUpdatedByUserId(Id);
policyResourceMap.setUpdateTime(new Date());
policyResourceMap.setValue("1L");
policyResourceMapList.add(policyResourceMap);
List<XXPolicyLabelMap> xxPolicyLabelMapList = new ArrayList<>();
List<XXServiceConfigDef> xServiceConfigDefList = new ArrayList<XXServiceConfigDef>();
XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
serviceConfigDefObj.setId(Id);
xServiceConfigDefList.add(serviceConfigDefObj);
List<XXServiceConfigMap> xConfMapList = new ArrayList<XXServiceConfigMap>();
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap.setAddedByUserId(null);
xConfMap.setConfigkey(name);
xConfMap.setConfigvalue(name);
xConfMap.setCreateTime(new Date());
xConfMap.setServiceId(null);
xConfMap.setId(Id);
xConfMap.setUpdatedByUserId(null);
xConfMap.setUpdateTime(new Date());
xConfMapList.add(xConfMap);
Mockito.when(daoManager.getXXPolicy()).thenReturn(xPolicyDao);
Mockito.when(xPolicyDao.getById(Id)).thenReturn(xPolicy);
Mockito.when(policyService.getPopulatedViewObject(xPolicy)).thenReturn(rangerPolicy);
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
Mockito.when(xServiceDao.findByName(name)).thenReturn(xService);
Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(rangerService);
Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
Mockito.when(xServiceVersionInfoDao.findByServiceId(Id)).thenReturn(xServiceVersionInfo);
Mockito.when(xServiceVersionInfoDao.update(xServiceVersionInfo)).thenReturn(xServiceVersionInfo);
Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
Mockito.when(xServiceDefDao.findByName(rangerService.getType())).thenReturn(xServiceDef);
Mockito.when(policyService.update(rangerPolicy)).thenReturn(rangerPolicy);
Mockito.when(daoManager.getXXPolicy()).thenReturn(xPolicyDao);
Mockito.when(xPolicyDao.getById(rangerPolicy.getId())).thenReturn(xPolicy);
Mockito.when(daoManager.getXXPolicyResource()).thenReturn(xPolicyResourceDao);
Mockito.when(xPolicyResourceDao.findByPolicyId(rangerPolicy.getId())).thenReturn(policyResourceList);
Mockito.when(daoManager.getXXPolicyResourceMap()).thenReturn(xPolicyResourceMapDao);
Mockito.when(xPolicyResourceMapDao.findByPolicyResId(policyResourceMap.getId())).thenReturn(policyResourceMapList);
Mockito.when(daoManager.getXXPolicyItem()).thenReturn(xPolicyItemDao);
Mockito.when(rangerAuditFields.populateAuditFields(Mockito.isA(XXPolicyItem.class), Mockito.isA(XXPolicy.class))).thenReturn(xPolicyItem);
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(xService);
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(xService);
Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId())).thenReturn(xxPolicyLabelMapList);
RangerPolicyResourceSignature signature = Mockito.mock(RangerPolicyResourceSignature.class);
Mockito.when(factory.createPolicyResourceSignature(rangerPolicy)).thenReturn(signature);
Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
RangerPolicy dbRangerPolicy = serviceDBStore.updatePolicy(rangerPolicy);
Assert.assertNotNull(dbRangerPolicy);
Assert.assertEquals(dbRangerPolicy, rangerPolicy);
Assert.assertEquals(dbRangerPolicy.getId(), rangerPolicy.getId());
Assert.assertEquals(dbRangerPolicy.getCreatedBy(), rangerPolicy.getCreatedBy());
Assert.assertEquals(dbRangerPolicy.getDescription(), rangerPolicy.getDescription());
Assert.assertEquals(dbRangerPolicy.getName(), rangerPolicy.getName());
Assert.assertEquals(dbRangerPolicy.getGuid(), rangerPolicy.getGuid());
Assert.assertEquals(dbRangerPolicy.getService(), rangerPolicy.getService());
Assert.assertEquals(dbRangerPolicy.getIsEnabled(), rangerPolicy.getIsEnabled());
Assert.assertEquals(dbRangerPolicy.getVersion(), rangerPolicy.getVersion());
Mockito.verify(rangerAuditFields).populateAuditFields(Mockito.isA(XXPolicyItem.class), Mockito.isA(XXPolicy.class));
}
Also used :
ArrayList(java.util.ArrayList)
VXString(org.apache.ranger.view.VXString)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyResourceSignature(org.apache.ranger.plugin.model.RangerPolicyResourceSignature)
RangerService(org.apache.ranger.plugin.model.RangerService)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
RangerPolicyResourceSignature (org.apache.ranger.plugin.model.RangerPolicyResourceSignature)7
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6
Test (org.junit.Test)5
ArrayList (java.util.ArrayList)4
RangerService (org.apache.ranger.plugin.model.RangerService)4
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)3
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)3
Action (org.apache.ranger.plugin.model.validation.RangerValidator.Action)3
VXString (org.apache.ranger.view.VXString)3
Date (java.util.Date)2
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)2
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)2
HashMap (java.util.HashMap)1
ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)1
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)1
RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)1
