Search in sources :

Example 51 with RangerSecurityZone

use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.

the class RangerSecurityZoneValidatorTest method testIsValidSecurityZoneForDeleteWithoutNameReturnFalse.

@Test
public void testIsValidSecurityZoneForDeleteWithoutNameReturnFalse() throws Exception {
    RangerSecurityZone suppliedSecurityZone = new RangerSecurityZone();
    suppliedSecurityZone.setName(null);
    List<ValidationFailureDetails> failures = new ArrayList<ValidationFailureDetails>();
    boolean isValid = rangerSecurityZoneValidator.isValid(suppliedSecurityZone.getName(), RangerValidator.Action.DELETE, failures);
    Assert.assertFalse(isValid);
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 52 with RangerSecurityZone

use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.

the class RangerSecurityZoneValidatorTest method testIsValidSecurityZoneForDeleteWithWrongActionTypeReturnFalse.

@Test
public void testIsValidSecurityZoneForDeleteWithWrongActionTypeReturnFalse() throws Exception {
    RangerSecurityZone suppliedSecurityZone = getRangerSecurityZone();
    List<ValidationFailureDetails> failures = new ArrayList<ValidationFailureDetails>();
    boolean isValid = rangerSecurityZoneValidator.isValid(suppliedSecurityZone.getName(), RangerValidator.Action.UPDATE, failures);
    Assert.assertFalse(isValid);
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 53 with RangerSecurityZone

use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.

the class RangerSecurityZoneValidatorTest method testValidateSecurityZoneForDelete.

@Test
public void testValidateSecurityZoneForDelete() throws Exception {
    List<ValidationFailureDetails> failures = new ArrayList<ValidationFailureDetails>();
    RangerSecurityZone suppliedSecurityZone = getRangerSecurityZone();
    Mockito.when(_store.getSecurityZone(1L)).thenReturn(suppliedSecurityZone);
    rangerSecurityZoneValidator.isValid(1L, RangerValidator.Action.DELETE, failures);
    Mockito.verify(_store).getSecurityZone(1L);
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 54 with RangerSecurityZone

use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.

the class RangerSecurityZoneValidatorTest method testValidateSecurityZoneWitoutRangerServiceForCreateThrowsError.

@Test
public void testValidateSecurityZoneWitoutRangerServiceForCreateThrowsError() throws Exception {
    RangerSecurityZone suppliedSecurityZone = getRangerSecurityZone();
    Mockito.when(_store.getSecurityZone("MyZone")).thenReturn(null);
    Mockito.when(_store.getServiceByName("hdfsSvc")).thenReturn(null);
    try {
        rangerSecurityZoneValidator.validate(suppliedSecurityZone, RangerValidator.Action.CREATE);
    } catch (Exception ex) {
        Assert.assertEquals(ex.getMessage(), "(0) Validation failure: error code[3040], reason[Invalid service [hdfsSvc]], field[security zone resource service-name], subfield[null], type[] ");
    }
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) Test(org.junit.Test)

Example 55 with RangerSecurityZone

use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.

the class RangerSecurityZoneValidator method isValid.

boolean isValid(RangerSecurityZone securityZone, Action action, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", securityZone, action, failures));
    }
    if (!(action == Action.CREATE || action == Action.UPDATE)) {
        throw new IllegalArgumentException("isValid(RangerPolicy, ...) is only supported for create/update");
    }
    boolean ret = true;
    RangerSecurityZone existingZone;
    final String zoneName = securityZone.getName();
    if (StringUtils.isEmpty(StringUtils.trim(zoneName))) {
        ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_FIELD;
        failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name was null/missing").field("name").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage("name")).build());
        ret = false;
    }
    if (action == Action.CREATE) {
        securityZone.setId(-1L);
        existingZone = getSecurityZone(zoneName);
        if (existingZone != null) {
            ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
            failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name exists").field("name").errorCode(error.getErrorCode()).becauseOf(error.getMessage(existingZone.getId())).build());
            ret = false;
        }
    } else {
        Long zoneId = securityZone.getId();
        existingZone = getSecurityZone(zoneId);
        if (existingZone == null) {
            ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_INVALID_ZONE_ID;
            failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone with id does not exist").field("id").errorCode(error.getErrorCode()).becauseOf(error.getMessage(zoneId)).build());
            ret = false;
        } else if (StringUtils.isNotEmpty(StringUtils.trim(zoneName)) && !StringUtils.equals(zoneName, existingZone.getName())) {
            existingZone = getSecurityZone(zoneName);
            if (existingZone != null) {
                if (!StringUtils.equals(existingZone.getName(), zoneName)) {
                    ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
                    failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name").field("name").errorCode(error.getErrorCode()).becauseOf(error.getMessage(existingZone.getId())).build());
                    ret = false;
                }
            }
        }
    }
    ret = ret && validateWithinSecurityZone(securityZone, action, failures);
    ret = ret && validateAgainstAllSecurityZones(securityZone, action, failures);
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s) : %s", securityZone, action, failures, ret));
    }
    return ret;
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Aggregations

RangerSecurityZone (org.apache.ranger.plugin.model.RangerSecurityZone)68 Test (org.junit.Test)40 ArrayList (java.util.ArrayList)27 XXSecurityZone (org.apache.ranger.entity.XXSecurityZone)16 WebApplicationException (javax.ws.rs.WebApplicationException)14 XXSecurityZoneDao (org.apache.ranger.db.XXSecurityZoneDao)12 RangerService (org.apache.ranger.plugin.model.RangerService)11 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)10 SearchFilter (org.apache.ranger.plugin.util.SearchFilter)10 XXTrxLog (org.apache.ranger.entity.XXTrxLog)9 RangerSecurityZoneService (org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)7 HashMap (java.util.HashMap)6 ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)5 HashSet (java.util.HashSet)4 List (java.util.List)4 XXGlobalStateDao (org.apache.ranger.db.XXGlobalStateDao)4 Map (java.util.Map)3 Path (javax.ws.rs.Path)3 XXServiceDao (org.apache.ranger.db.XXServiceDao)3 XXServiceDefDao (org.apache.ranger.db.XXServiceDefDao)3