This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.5
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.5 by this push:
new 7510b8211 RANGER-4373: incorrect error message when deleting a role
referenced in policies
7510b8211 is described below
commit 7510b8211007d39a65fc542ced47fab43b892e5a
Author: Sanket-Shelar <[email protected]>
AuthorDate: Tue Jul 23 13:32:17 2024 +0530
RANGER-4373: incorrect error message when deleting a role referenced in
policies
Signed-off-by: Madhan Neethiraj <[email protected]>
---
.../main/java/org/apache/ranger/rest/RoleREST.java | 13 ++--
.../java/org/apache/ranger/rest/TestRoleREST.java | 72 ++++++++++++++++++++++
2 files changed, 81 insertions(+), 4 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index ec57488d8..7be7127cb 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -58,6 +58,7 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXTrxLogV2;
+import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerPluginInfo;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.model.RangerService;
@@ -286,10 +287,14 @@ public class RoleREST {
} catch(Throwable excp) {
LOG.error("deleteRole(" + roleId + ") failed", excp);
- throw restErrorUtil.createRESTException(
- "Data Not Found for given Id",
- MessageEnums.DATA_NOT_FOUND, roleId,
null,
- "readResource : No Object found with
given id.");
+ if
(excp.getMessage().contains(String.valueOf(ValidationErrorCode.ROLE_VALIDATION_ERR_INVALID_ROLE_ID.getErrorCode())))
{
+ throw restErrorUtil.createRESTException(
+ "Data Not Found for given Id",
+ MessageEnums.DATA_NOT_FOUND, roleId, null,
+ "readResource : No Object found with given id.");
+ } else {
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ }
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== deleteRole(id=" + roleId + ")");
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
index 74e611cbc..0b400bed0 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
@@ -22,6 +22,9 @@ import
org.apache.ranger.biz.ServiceDBStore.JSON_FILE_NAME_TYPE;
import org.apache.ranger.common.*;
import org.apache.ranger.db.*;
import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.model.validation.RangerRoleValidator;
import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
@@ -60,6 +63,7 @@ public class TestRoleREST {
private static final String adminLoginID = "admin";
private static final JSON_FILE_NAME_TYPE ROLE = JSON_FILE_NAME_TYPE.ROLE;
String importRoleTestFilePath =
"./src/test/java/org/apache/ranger/rest/importRole/import_role_test_file.json";
+ private static Long Id = 7L;
@Mock
RangerRole role;
@@ -1327,4 +1331,72 @@ public class TestRoleREST {
rangerRole.setId(roleId);
return rangerRole;
}
+
+ @Test(expected = Throwable.class)
+ public void test21deleteRoleWithinPolicy() {
+ RangerRole rangerRole = createRole();
+ rangerPolicy(rangerRole);
+ try {
+ Mockito.doThrow(new
Throwable()).when(roleStore).deleteRole(Mockito.anyLong());
+ } catch (Throwable e) {
+ throw new RuntimeException(e);
+ }
+
+ try {
+ Assert.assertThrows(Throwable.class, () ->
roleRest.deleteRole(rangerRole.getId()));
+ Mockito.verify(restErrorUtil,
Mockito.times(1)).createRESTException(Mockito.anyString());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Test(expected = Throwable.class)
+ public void test22deleteRoleWithValidationError() {
+ RangerRole rangerRole = createRole();
+ try {
+
Mockito.when(validatorFactory.getRangerRoleValidator(roleStore)).thenThrow(new
Exception());
+ } catch (Throwable e) {
+ throw new RuntimeException(e);
+ }
+
+ try {
+ Assert.assertThrows(Throwable.class,() ->
roleRest.deleteRole(rangerRole.getId()));
+ Mockito.verify(restErrorUtil,
Mockito.times(1)).createRESTException(Mockito.anyString());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private RangerPolicy rangerPolicy(RangerRole rangerRole) {
+ List<String> roles = new ArrayList<>();
+ roles.add(rangerRole.getName());
+
+ List<RangerPolicyItem> policyItems = new ArrayList<>();
+
+ policyItems.add(new RangerPolicyItem(new ArrayList<>(), new
ArrayList<>(), new ArrayList<>(), roles, new ArrayList<>(), false));
+
+ Map<String, RangerPolicyResource> policyResource = new HashMap<>();
+
+ policyResource.put("resource", new RangerPolicyResource("1", true,
true));
+
+ return getRangerPolicy(policyItems, policyResource);
+ }
+
+ private static RangerPolicy getRangerPolicy(List<RangerPolicyItem>
policyItems, Map<String, RangerPolicyResource> policyResource) {
+ RangerPolicy policy = new RangerPolicy();
+ policy.setId(Id);
+ policy.setCreateTime(new Date());
+ policy.setDescription("policy");
+ policy.setGuid("policyguid");
+ policy.setIsEnabled(true);
+ policy.setName("HDFS_1-1-20150316062453");
+ policy.setUpdatedBy("Admin");
+ policy.setUpdateTime(new Date());
+ policy.setService("HDFS_1-1-20150316062453");
+ policy.setIsAuditEnabled(true);
+ policy.setPolicyItems(policyItems);
+ policy.setResources(policyResource);
+ policy.setService("HDFS_1");
+ return policy;
+ }
}
