Example 61 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneValidator method validateWithinSecurityZone.
private boolean validateWithinSecurityZone(RangerSecurityZone securityZone, Action action, List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerPolicyValidator.validateWithinSecurityZone(%s, %s, %s)", securityZone, action, failures));
}
boolean ret = true;
// Validate each service for existence, not being tag-service and each resource-spec for validity
if (MapUtils.isNotEmpty(securityZone.getServices())) {
for (Map.Entry<String, RangerSecurityZone.RangerSecurityZoneService> serviceSpecification : securityZone.getServices().entrySet()) {
String serviceName = serviceSpecification.getKey();
RangerSecurityZone.RangerSecurityZoneService securityZoneService = serviceSpecification.getValue();
ret = ret && validateSecurityZoneService(serviceName, securityZoneService, failures);
}
} else {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_SERVICES;
failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone services").isMissing().field("services").errorCode(error.getErrorCode()).becauseOf(error.getMessage(securityZone.getName())).build());
ret = false;
}
// both admin users and user-groups collections can't be empty
if (CollectionUtils.isEmpty(securityZone.getAdminUsers()) && CollectionUtils.isEmpty(securityZone.getAdminUserGroups())) {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
failures.add(new ValidationFailureDetailsBuilder().field("security zone admin users/user-groups").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
ret = false;
}
// both audit users and user-groups collections can't be empty
if (CollectionUtils.isEmpty(securityZone.getAuditUsers()) && CollectionUtils.isEmpty(securityZone.getAuditUserGroups())) {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
failures.add(new ValidationFailureDetailsBuilder().field("security zone audit users/user-groups").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
ret = false;
}
if (securityZone.getServices() != null) {
for (Map.Entry<String, RangerSecurityZoneService> serviceResourceMapEntry : securityZone.getServices().entrySet()) {
if (serviceResourceMapEntry.getValue().getResources() != null) {
for (Map<String, List<String>> resource : serviceResourceMapEntry.getValue().getResources()) {
if (resource != null) {
for (Map.Entry<String, List<String>> entry : resource.entrySet()) {
if (CollectionUtils.isEmpty(entry.getValue())) {
ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_RESOURCES;
failures.add(new ValidationFailureDetailsBuilder().field("security zone resources").subField("resources").isMissing().becauseOf(error.getMessage(serviceResourceMapEntry.getKey())).errorCode(error.getErrorCode()).build());
ret = false;
}
}
}
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerPolicyValidator.validateWithinSecurityZone(%s, %s, %s) : %s", securityZone, action, failures, ret));
}
return ret;
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
RangerSecurityZoneService(org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)
RangerSecurityZoneService(org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
Example 62 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class TestSecurityZoneDBStore method test6getSecurityZones.
@Test
public void test6getSecurityZones() throws Exception {
SearchFilter filter = new SearchFilter();
filter.setParam(SearchFilter.ZONE_NAME, "sz1");
List<RangerSecurityZone> ret = new ArrayList<>();
List<XXSecurityZone> xxSecurityZones = new ArrayList<XXSecurityZone>();
XXSecurityZone xxSecurityZone = new XXSecurityZone();
xxSecurityZone.setId(2L);
xxSecurityZone.setName("sz1");
xxSecurityZones.add(xxSecurityZone);
RangerSecurityZone rangerSecurityZone = new RangerSecurityZone();
rangerSecurityZone.setId(3L);
ret.add(rangerSecurityZone);
List<RangerSecurityZone> copy = new ArrayList<>(ret);
XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class);
Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao);
Mockito.when(xXSecurityZoneDao.getAll()).thenReturn(xxSecurityZones);
Mockito.when(securityZoneService.read(xxSecurityZone.getId())).thenReturn(rangerSecurityZone);
Mockito.doNothing().when(predicateUtil).applyFilter(copy, filter);
securityZoneDBStore.getSecurityZones(filter);
Assert.assertNotNull(xxSecurityZone);
Assert.assertNotNull(xxSecurityZones);
Mockito.verify(daoManager).getXXSecurityZoneDao();
Mockito.verify(securityZoneService).read(xxSecurityZone.getId());
Mockito.verify(predicateUtil).applyFilter(copy, filter);
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
XXSecurityZoneDao(org.apache.ranger.db.XXSecurityZoneDao)
ArrayList(java.util.ArrayList)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
XXSecurityZone(org.apache.ranger.entity.XXSecurityZone)
Test(org.junit.Test)
Example 63 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class TestSecurityZoneDBStore method test8createSecurityZoneWithExistingName.
@Test
public void test8createSecurityZoneWithExistingName() throws Exception {
XXSecurityZone xxSecurityZone = new XXSecurityZone();
xxSecurityZone.setId(2L);
RangerSecurityZone securityZone = new RangerSecurityZone();
RangerSecurityZone createdSecurityZone = new RangerSecurityZone();
createdSecurityZone.setId(2L);
XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class);
Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao);
Mockito.when(xXSecurityZoneDao.findByZoneName(securityZone.getName())).thenReturn(xxSecurityZone);
Mockito.when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.any(MessageEnums.class))).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
securityZoneDBStore.createSecurityZone(securityZone);
Mockito.verify(daoManager, times(1)).getXXSecurityZoneDao();
Mockito.verify(xXSecurityZoneDao, times(1)).findByZoneName(securityZone.getName());
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
XXSecurityZoneDao(org.apache.ranger.db.XXSecurityZoneDao)
WebApplicationException(javax.ws.rs.WebApplicationException)
MessageEnums(org.apache.ranger.common.MessageEnums)
XXSecurityZone(org.apache.ranger.entity.XXSecurityZone)
Test(org.junit.Test)
Example 64 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class TestSecurityZoneDBStore method test10deleteSecurityZoneByWrongName.
@Test
public void test10deleteSecurityZoneByWrongName() throws Exception {
XXSecurityZone xxSecurityZone = new XXSecurityZone();
xxSecurityZone.setId(2L);
RangerSecurityZone securityZone = new RangerSecurityZone();
securityZone.setId(2L);
securityZone.setName("sz1");
XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class);
Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao);
Mockito.when(xXSecurityZoneDao.findByZoneName(securityZone.getName())).thenReturn(null);
Mockito.when(restErrorUtil.createRESTException(Mockito.anyString())).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
securityZoneDBStore.deleteSecurityZoneByName(securityZone.getName());
Mockito.verify(xXSecurityZoneDao, times(1)).findByZoneName(xxSecurityZone.getName());
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
XXSecurityZoneDao(org.apache.ranger.db.XXSecurityZoneDao)
WebApplicationException(javax.ws.rs.WebApplicationException)
XXSecurityZone(org.apache.ranger.entity.XXSecurityZone)
Test(org.junit.Test)
Example 65 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class TestSecurityZoneDBStore method test3deleteSecurityZoneByName.
@Test
public void test3deleteSecurityZoneByName() throws Exception {
XXSecurityZone xxSecurityZone = new XXSecurityZone();
xxSecurityZone.setId(2L);
RangerSecurityZone securityZone = new RangerSecurityZone();
securityZone.setId(2L);
securityZone.setName("sz1");
XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class);
XXGlobalStateDao xXGlobalStateDao = Mockito.mock(XXGlobalStateDao.class);
Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao);
Mockito.when(xXSecurityZoneDao.findByZoneName(securityZone.getName())).thenReturn(xxSecurityZone);
Mockito.when(securityZoneService.read(securityZone.getId())).thenReturn(securityZone);
Mockito.when(daoManager.getXXGlobalState()).thenReturn(xXGlobalStateDao);
Mockito.doNothing().when(xXGlobalStateDao).onGlobalStateChange(RANGER_GLOBAL_STATE_NAME);
Mockito.when(securityZoneRefUpdater.cleanupRefTables(securityZone)).thenReturn(true);
Mockito.when(securityZoneService.delete(securityZone)).thenReturn(true);
List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
Mockito.doNothing().when(bizUtil).createTrxLog(trxLogList);
securityZoneDBStore.deleteSecurityZoneByName(securityZone.getName());
Assert.assertNotNull(xxSecurityZone);
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
XXSecurityZoneDao(org.apache.ranger.db.XXSecurityZoneDao)
XXGlobalStateDao(org.apache.ranger.db.XXGlobalStateDao)
ArrayList(java.util.ArrayList)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXSecurityZone(org.apache.ranger.entity.XXSecurityZone)
Test(org.junit.Test)
Aggregations
RangerSecurityZone (org.apache.ranger.plugin.model.RangerSecurityZone)68
Test (org.junit.Test)40
ArrayList (java.util.ArrayList)27
XXSecurityZone (org.apache.ranger.entity.XXSecurityZone)16
WebApplicationException (javax.ws.rs.WebApplicationException)14
XXSecurityZoneDao (org.apache.ranger.db.XXSecurityZoneDao)12
RangerService (org.apache.ranger.plugin.model.RangerService)11
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)10
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)10
XXTrxLog (org.apache.ranger.entity.XXTrxLog)9
RangerSecurityZoneService (org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)7
HashMap (java.util.HashMap)6
ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)5
HashSet (java.util.HashSet)4
List (java.util.List)4
XXGlobalStateDao (org.apache.ranger.db.XXGlobalStateDao)4
Map (java.util.Map)3
Path (javax.ws.rs.Path)3
XXServiceDao (org.apache.ranger.db.XXServiceDao)3
XXServiceDefDao (org.apache.ranger.db.XXServiceDefDao)3
