use of org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef in project ranger by apache.
the class TestRangerServiceDefServiceBase method test8populateRangerAccessTypeDefToXXNullValue.
@Test
public void test8populateRangerAccessTypeDefToXXNullValue() {
RangerAccessTypeDef rangerAccessTypeDefObj = null;
XXAccessTypeDef accessTypeDefObj = null;
XXServiceDef serviceDefObj = null;
Mockito.when(restErrorUtil.createRESTException("RangerServiceDef cannot be null.", MessageEnums.DATA_NOT_FOUND)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
XXAccessTypeDef dbAccessTypeDef = rangerServiceDefService.populateRangerAccessTypeDefToXX(rangerAccessTypeDefObj, accessTypeDefObj, serviceDefObj, 1);
Assert.assertNull(dbAccessTypeDef);
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef in project ranger by apache.
the class TestRangerServiceDefServiceBase method test9populateXXToRangerAccessTypeDef.
@Test
public void test9populateXXToRangerAccessTypeDef() {
XXAccessTypeDef accessTypeDefObj = new XXAccessTypeDef();
accessTypeDefObj.setAddedByUserId(Id);
accessTypeDefObj.setCreateTime(new Date());
accessTypeDefObj.setDefid(Id);
accessTypeDefObj.setId(Id);
accessTypeDefObj.setLabel("Read");
accessTypeDefObj.setName("read");
accessTypeDefObj.setOrder(null);
accessTypeDefObj.setRbkeylabel(null);
accessTypeDefObj.setUpdatedByUserId(Id);
accessTypeDefObj.setUpdateTime(new Date());
RangerAccessTypeDef dbRangerAccessTypeDef = rangerServiceDefService.populateXXToRangerAccessTypeDef(accessTypeDefObj, Collections.emptyList());
Assert.assertNotNull(dbRangerAccessTypeDef);
Assert.assertEquals(dbRangerAccessTypeDef.getName(), accessTypeDefObj.getName());
Assert.assertEquals(dbRangerAccessTypeDef.getLabel(), accessTypeDefObj.getLabel());
Assert.assertEquals(dbRangerAccessTypeDef.getRbKeyLabel(), accessTypeDefObj.getRbkeylabel());
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef in project ranger by apache.
the class RangerServiceDefValidator method isValidAccessTypes.
boolean isValidAccessTypes(final List<RangerAccessTypeDef> accessTypeDefs, final List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerServiceDefValidator.isValidAccessTypes(%s, %s)", accessTypeDefs, failures));
}
boolean valid = true;
if (CollectionUtils.isEmpty(accessTypeDefs)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
failures.add(new ValidationFailureDetailsBuilder().field("access types").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage("access types")).build());
valid = false;
} else {
List<RangerAccessTypeDef> defsWithImpliedGrants = new ArrayList<>();
Set<String> accessNames = new HashSet<>();
Set<Long> ids = new HashSet<>();
for (RangerAccessTypeDef def : accessTypeDefs) {
String name = def.getName();
valid = isUnique(name, accessNames, "access type name", "access types", failures) && valid;
valid = isUnique(def.getItemId(), ids, "access type itemId", "access types", failures) && valid;
if (CollectionUtils.isNotEmpty(def.getImpliedGrants())) {
defsWithImpliedGrants.add(def);
}
}
// validate implied grants
for (RangerAccessTypeDef def : defsWithImpliedGrants) {
Collection<String> impliedGrants = getImpliedGrants(def);
Set<String> unknownAccessTypes = Sets.difference(Sets.newHashSet(impliedGrants), accessNames);
if (!unknownAccessTypes.isEmpty()) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_UNKNOWN_ACCESS_TYPE;
failures.add(new ValidationFailureDetailsBuilder().field("implied grants").subField(// we return just on item here. Message has all unknow items
unknownAccessTypes.iterator().next()).isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(impliedGrants, unknownAccessTypes)).build());
valid = false;
}
// implied grant should not imply itself!
// note: this name could be null/blank/empty!
String name = def.getName();
if (impliedGrants.contains(name)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_IMPLIES_ITSELF;
failures.add(new ValidationFailureDetailsBuilder().field("implied grants").subField(name).isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(impliedGrants, name)).build());
valid = false;
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerServiceDefValidator.isValidAccessTypes(%s, %s): %s", accessTypeDefs, failures, valid));
}
return valid;
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef in project ranger by apache.
the class RangerSecurityZoneValidatorTest method rangerServiceDef.
private RangerServiceDef rangerServiceDef() {
RangerResourceDef rangerResourceDef = new RangerResourceDef();
rangerResourceDef.setName("hdfs");
List<RangerServiceConfigDef> configs = new ArrayList<RangerServiceConfigDef>();
List<RangerResourceDef> resources = new ArrayList<RangerResourceDef>();
resources.add(rangerResourceDef);
List<RangerAccessTypeDef> accessTypes = new ArrayList<RangerAccessTypeDef>();
List<RangerPolicyConditionDef> policyConditions = new ArrayList<RangerPolicyConditionDef>();
List<RangerContextEnricherDef> contextEnrichers = new ArrayList<RangerContextEnricherDef>();
List<RangerEnumDef> enums = new ArrayList<RangerEnumDef>();
RangerServiceDef rangerServiceDef = new RangerServiceDef();
rangerServiceDef.setId(1L);
rangerServiceDef.setImplClass("RangerServiceHdfs");
rangerServiceDef.setName("HDFS Repository");
rangerServiceDef.setLabel("HDFS Repository");
rangerServiceDef.setDescription("HDFS Repository");
rangerServiceDef.setRbKeyDescription(null);
rangerServiceDef.setUpdatedBy("Admin");
rangerServiceDef.setUpdateTime(new Date());
rangerServiceDef.setConfigs(configs);
rangerServiceDef.setResources(resources);
rangerServiceDef.setAccessTypes(accessTypes);
rangerServiceDef.setPolicyConditions(policyConditions);
rangerServiceDef.setContextEnrichers(contextEnrichers);
rangerServiceDef.setEnums(enums);
return rangerServiceDef;
}
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef in project ranger by apache.
the class ValidationTestUtils method createServiceDefWithAccessTypes.
RangerServiceDef createServiceDefWithAccessTypes(String[] accesses) {
RangerServiceDef serviceDef = mock(RangerServiceDef.class);
List<RangerAccessTypeDef> accessTypeDefs = new ArrayList<>();
for (String access : accesses) {
RangerAccessTypeDef accessTypeDef = mock(RangerAccessTypeDef.class);
when(accessTypeDef.getName()).thenReturn(access);
accessTypeDefs.add(accessTypeDef);
}
when(serviceDef.getAccessTypes()).thenReturn(accessTypeDefs);
return serviceDef;
}
Aggregations