use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneValidatorTest method testIsValidSecurityZoneForDeleteWithoutNameReturnFalse.
@Test
public void testIsValidSecurityZoneForDeleteWithoutNameReturnFalse() throws Exception {
RangerSecurityZone suppliedSecurityZone = new RangerSecurityZone();
suppliedSecurityZone.setName(null);
List<ValidationFailureDetails> failures = new ArrayList<ValidationFailureDetails>();
boolean isValid = rangerSecurityZoneValidator.isValid(suppliedSecurityZone.getName(), RangerValidator.Action.DELETE, failures);
Assert.assertFalse(isValid);
}
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneValidatorTest method testIsValidSecurityZoneForDeleteWithWrongActionTypeReturnFalse.
@Test
public void testIsValidSecurityZoneForDeleteWithWrongActionTypeReturnFalse() throws Exception {
RangerSecurityZone suppliedSecurityZone = getRangerSecurityZone();
List<ValidationFailureDetails> failures = new ArrayList<ValidationFailureDetails>();
boolean isValid = rangerSecurityZoneValidator.isValid(suppliedSecurityZone.getName(), RangerValidator.Action.UPDATE, failures);
Assert.assertFalse(isValid);
}
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneValidatorTest method testValidateSecurityZoneForDelete.
@Test
public void testValidateSecurityZoneForDelete() throws Exception {
List<ValidationFailureDetails> failures = new ArrayList<ValidationFailureDetails>();
RangerSecurityZone suppliedSecurityZone = getRangerSecurityZone();
Mockito.when(_store.getSecurityZone(1L)).thenReturn(suppliedSecurityZone);
rangerSecurityZoneValidator.isValid(1L, RangerValidator.Action.DELETE, failures);
Mockito.verify(_store).getSecurityZone(1L);
}
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneValidatorTest method testValidateSecurityZoneWitoutRangerServiceForCreateThrowsError.
@Test
public void testValidateSecurityZoneWitoutRangerServiceForCreateThrowsError() throws Exception {
RangerSecurityZone suppliedSecurityZone = getRangerSecurityZone();
Mockito.when(_store.getSecurityZone("MyZone")).thenReturn(null);
Mockito.when(_store.getServiceByName("hdfsSvc")).thenReturn(null);
try {
rangerSecurityZoneValidator.validate(suppliedSecurityZone, RangerValidator.Action.CREATE);
} catch (Exception ex) {
Assert.assertEquals(ex.getMessage(), "(0) Validation failure: error code[3040], reason[Invalid service [hdfsSvc]], field[security zone resource service-name], subfield[null], type[] ");
}
}
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneValidator method isValid.
boolean isValid(RangerSecurityZone securityZone, Action action, List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", securityZone, action, failures));
}
if (!(action == Action.CREATE || action == Action.UPDATE)) {
throw new IllegalArgumentException("isValid(RangerPolicy, ...) is only supported for create/update");
}
boolean ret = true;
RangerSecurityZone existingZone;
final String zoneName = securityZone.getName();
if (StringUtils.isEmpty(StringUtils.trim(zoneName))) {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_FIELD;
failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name was null/missing").field("name").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage("name")).build());
ret = false;
}
if (action == Action.CREATE) {
securityZone.setId(-1L);
existingZone = getSecurityZone(zoneName);
if (existingZone != null) {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name exists").field("name").errorCode(error.getErrorCode()).becauseOf(error.getMessage(existingZone.getId())).build());
ret = false;
}
} else {
Long zoneId = securityZone.getId();
existingZone = getSecurityZone(zoneId);
if (existingZone == null) {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_ZONE_ID;
failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone with id does not exist").field("id").errorCode(error.getErrorCode()).becauseOf(error.getMessage(zoneId)).build());
ret = false;
} else if (StringUtils.isNotEmpty(StringUtils.trim(zoneName)) && !StringUtils.equals(zoneName, existingZone.getName())) {
existingZone = getSecurityZone(zoneName);
if (existingZone != null) {
if (!StringUtils.equals(existingZone.getName(), zoneName)) {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name").field("name").errorCode(error.getErrorCode()).becauseOf(error.getMessage(existingZone.getId())).build());
ret = false;
}
}
}
}
ret = ret && validateWithinSecurityZone(securityZone, action, failures);
ret = ret && validateAgainstAllSecurityZones(securityZone, action, failures);
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s) : %s", securityZone, action, failures, ret));
}
return ret;
}
Aggregations