ranger git commit: RANGER-2108: Ensure that resource names in service definition contain only lowercase, hyphens or underscore characters

Tue, 05 Jun 2018 00:02:26 -0700 

Repository: ranger
Updated Branches:
  refs/heads/ranger-1.0 f6d24f301 -> b64b66e37


RANGER-2108: Ensure that resource names in service definition contain only 
lowercase, hyphens or underscore characters


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/b64b66e3
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/b64b66e3
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/b64b66e3

Branch: refs/heads/ranger-1.0
Commit: b64b66e3751921c43e443fc623ed4cf68f035281
Parents: f6d24f3
Author: Abhay Kulkarni <[email protected]>
Authored: Mon Jun 4 23:31:22 2018 -0700
Committer: Abhay Kulkarni <[email protected]>
Committed: Tue Jun 5 00:02:02 2018 -0700

----------------------------------------------------------------------
 .../plugin/errors/ValidationErrorCode.java      |  2 +-
 .../validation/RangerServiceDefValidator.java   |  3 +--
 .../model/validation/RangerValidator.java       | 23 ++++++++++++++++----
 .../TestRangerServiceDefValidator.java          | 13 -----------
 4 files changed, 21 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/b64b66e3/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
----------------------------------------------------------------------
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index 5b32199..d1923e1 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -61,7 +61,7 @@ public enum ValidationErrorCode {
     SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX(2019, "default 
index[{0}] for enum [{1}] is invalid"),
     SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT(2020, "An enum 
element in enum element collection of enum [{0}] is null"),
     SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_RESOURCE_LEVELS(2021, 
"Resource-def levels are not in increasing order in an hierarchy"),
-       SERVICE_DEF_VALIDATION_ERR_NOT_LOWERCASE_NAME(2022, "{0}:[{1}] Invalid 
name. Name should consist of only lower case characters"),
+       SERVICE_DEF_VALIDATION_ERR_NOT_LOWERCASE_NAME(2022, "{0}:[{1}] Invalid 
resource name. Resource name should consist of only lowercase, hyphen or 
underscore characters"),
 
     // POLICY VALIDATION
     POLICY_VALIDATION_ERR_UNSUPPORTED_ACTION(3001, "Internal error: method 
signature isValid(Long) is only supported for DELETE"),

http://git-wip-us.apache.org/repos/asf/ranger/blob/b64b66e3/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
----------------------------------------------------------------------
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
index 3f9315a..d73210e 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
@@ -259,7 +259,6 @@ public class RangerServiceDefValidator extends 
RangerValidator {
                        Set<Long> ids = new HashSet<>();
                        for (RangerAccessTypeDef def : accessTypeDefs) {
                                String name = def.getName();
-                               valid = isInLowerCase(name, "access type name", 
failures) && valid;
                                valid = isUnique(name, accessNames, "access 
type name", "access types", failures) && valid;
                                valid = isUnique(def.getItemId(), ids, "access 
type itemId", "access types", failures) && valid;
                                if 
(CollectionUtils.isNotEmpty(def.getImpliedGrants())) {
@@ -473,7 +472,7 @@ public class RangerServiceDefValidator extends 
RangerValidator {
                        Set<String> names = new 
HashSet<String>(resources.size());
                        Set<Long> ids = new HashSet<Long>(resources.size());
                        for (RangerResourceDef resource : resources) {
-                               valid = isInLowerCase(resource.getName(), 
"resource type name", failures) && valid;
+                               valid = isValidResourceName(resource.getName(), 
"resource type name", failures) && valid;
 
                                /*
                                 * While id is the natural key, name is a 
surrogate key.  At several places code expects resource name to be unique 
within a service.

http://git-wip-us.apache.org/repos/asf/ranger/blob/b64b66e3/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
----------------------------------------------------------------------
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
index daf24b7..96ab8c0 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
@@ -589,18 +589,33 @@ public abstract class RangerValidator {
                return valid;
        }
 
-       boolean isInLowerCase(final String value, final String valueContext, 
final List<ValidationFailureDetails> failures) {
-               if (!StringUtils.isAllLowerCase(value)) {
+       boolean isValidResourceName(final String value, final String 
valueContext, final List<ValidationFailureDetails> failures) {
+               boolean ret = true;
+
+               if (value != null && !StringUtils.isEmpty(value)) {
+                       int sz = value.length();
+
+                       for(int i = 0; i < sz; ++i) {
+                               char c = value.charAt(i);
+                               if (!(Character.isLowerCase(c) || c == '-' || c 
== '_')) { // Allow only lowercase, hyphen or underscore characters
+                                       ret = false;
+                                       break;
+                               }
+                       }
+               } else {
+                       ret = false;
+               }
+               if (!ret) {
                        ValidationErrorCode errorCode = 
ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_NOT_LOWERCASE_NAME;
                        failures.add(new ValidationFailureDetailsBuilder()
                                        .errorCode(errorCode.getErrorCode())
                                        .field(value)
                                        
.becauseOf(errorCode.getMessage(valueContext, value))
                                        .build());
-                       return false;
                }
-               return true;
+               return ret;
        }
+
        boolean isUnique(final String value, final Set<String> alreadySeen, 
final String valueName, final String collectionName, final 
List<ValidationFailureDetails> failures) {
                return isUnique(value, null, alreadySeen, valueName, 
collectionName, failures);
        }

http://git-wip-us.apache.org/repos/asf/ranger/blob/b64b66e3/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
----------------------------------------------------------------------
diff --git 
a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
 
b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
index 1fafb12..decf07c 100644
--- 
a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
+++ 
b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
@@ -209,12 +209,6 @@ public class TestRangerServiceDefValidator {
                        { 3L, "admin", new String[] { "write", "admin" } }  // 
non-existent access type (execute)
        };
 
-       final Object[][] accessTypes_mixed_case_names = new Object[][] {
-                       { 1L, "Read",  null },
-                       { 2L, "WRITE", new String[] {   } },
-                       { 3L, "adminPrivilege", new String[] { "write", "admin" 
} }
-       };
-
        @Test
        public final void test_isValidAccessTypes_happyPath() {
                List<RangerAccessTypeDef> input = 
_utils.createAccessTypeDefs(accessTypes_good);
@@ -258,13 +252,6 @@ public class TestRangerServiceDefValidator {
                accessTypeDefs = 
_utils.createAccessTypeDefs(accessTypes_bad_selfReference);
                _failures.clear(); 
assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures));
                _utils.checkFailureForSemanticError(_failures, "implied 
grants", "admin");
-
-               // Mixed case access types
-               accessTypeDefs = 
_utils.createAccessTypeDefs(accessTypes_mixed_case_names);
-               _failures.clear(); 
assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures));
-               _utils.checkFailure(_failures, null, null, null, "Read",null);
-               _utils.checkFailure(_failures, null, null, null, "WRITE",null);
-               _utils.checkFailure(_failures, null, null, null, 
"adminPrivilege",null);
        }
        
        final Object[][] enums_bad_enumName_null = new Object[][] {

Reply via email to