Repository: incubator-ranger Updated Branches: refs/heads/master c5716e5db -> 35c490d60
RANGER-419 Assign generated name to policy if missing before validation logic is triggered Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/35c490d6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/35c490d6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/35c490d6 Branch: refs/heads/master Commit: 35c490d607b6f2f0f0c70cdf2da073d1cf41cf6e Parents: c5716e5 Author: Alok Lal <[email protected]> Authored: Tue Apr 21 20:34:54 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Apr 21 21:51:04 2015 -0700 ---------------------------------------------------------------------- .../model/validation/RangerPolicyValidator.java | 2 +- .../validation/RangerValidatorFactory.java | 36 ---------- .../org/apache/ranger/biz/RangerBizUtil.java | 5 +- .../java/org/apache/ranger/biz/UserMgr.java | 7 +- .../java/org/apache/ranger/common/GUIDUtil.java | 13 ++-- .../ranger/common/RangerValidatorFactory.java | 43 ++++++++++++ .../org/apache/ranger/common/ServiceUtil.java | 3 +- .../java/org/apache/ranger/rest/AssetREST.java | 5 +- .../org/apache/ranger/rest/ServiceREST.java | 31 +++++++-- .../RangerSecurityContextFormationFilter.java | 7 +- .../ranger/service/RangerPolicyServiceBase.java | 6 +- .../service/RangerServiceDefServiceBase.java | 5 +- .../service/RangerServiceServiceBase.java | 8 ++- .../java/org/apache/ranger/view/VXResource.java | 25 +++++++ .../org/apache/ranger/rest/TestServiceREST.java | 2 +- .../rest/TestServiceRESTForValidation.java | 70 +++++++++++++++----- .../TestRangerServiceDefServiceBase.java | 5 ++ 17 files changed, 196 insertions(+), 77 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java index 63bcdda..ae5bd68 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java @@ -278,7 +278,7 @@ public class RangerPolicyValidator extends RangerValidator { failures.add(new ValidationFailureDetailsBuilder() .field("resources") .isSemanticallyIncorrect() - .becauseOf("found another policy[" + policy.getName() + "] with matching resources[" + policy.getResources() + "]!") + .becauseOf("found another policy[" + otherPolicy.getName() + "] with matching resources[" + otherPolicy.getResources() + "]!") .build()); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java deleted file mode 100644 index f72e8df..0000000 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidatorFactory.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.model.validation; - -import org.apache.ranger.plugin.store.ServiceStore; - -public class RangerValidatorFactory { - public RangerServiceValidator getServiceValidator(ServiceStore store) { - return new RangerServiceValidator(store); - } - - public RangerPolicyValidator getPolicyValidator(ServiceStore store) { - return new RangerPolicyValidator(store); - } - - public RangerServiceDefValidator getServiceDefValidator(ServiceStore store) { - return new RangerServiceDefValidator(store); - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java index d408611..0ab9d17 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java @@ -77,6 +77,9 @@ public class RangerBizUtil { @Autowired UserMgr userMgr; + @Autowired + GUIDUtil guidUtil; + Set<Class<?>> groupEditableClasses; private Class<?>[] groupEditableClassesList = {}; @@ -1317,7 +1320,7 @@ public class RangerBizUtil { if (usb != null) { authSessionId = ContextUtil.getCurrentUserSession().getSessionId(); } - Long trxId = GUIDUtil.genLong(); + Long trxId = guidUtil.genLong(); for (XXTrxLog xTrxLog : trxLogList) { xTrxLog.setTransactionId(trxId.toString()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 52b6695..0b6281b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -110,6 +110,9 @@ public class UserMgr { @Autowired XUserMgr xUserMgr; + @Autowired + GUIDUtil guidUtil; + String publicRoles[] = new String[] { RangerConstants.ROLE_USER, RangerConstants.ROLE_OTHER }; @@ -203,7 +206,7 @@ public class UserMgr { // emailAddress String emailAddress = userProfile.getEmailAddress(); if (stringUtil.isEmpty(emailAddress)) { - String randomString = GUIDUtil.genGUI(); + String randomString = guidUtil.genGUID(); userProfile.setEmailAddress(randomString); updateUser = true; } else { @@ -1122,7 +1125,7 @@ public class UserMgr { MessageEnums.OPER_NOT_ALLOWED_FOR_STATE); } } else { - String randomEmail = GUIDUtil.genGUI(); + String randomEmail = guidUtil.genGUID(); userProfile.setEmailAddress(randomEmail); xXPortalUser = this.createUser(userProfile, RangerCommonEnums.STATUS_ENABLED); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java b/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java index c4e0403..6710088 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/GUIDUtil.java @@ -20,22 +20,27 @@ package org.apache.ranger.common; import java.io.Serializable; +import java.nio.ByteBuffer; import java.security.SecureRandom; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Service; + +@Service +@Scope("singleton") public class GUIDUtil implements Serializable { private static final long serialVersionUID = -7284237762948427019L; - static SecureRandom secureRandom = new SecureRandom(); + static SecureRandom secureRandom = new SecureRandom(ByteBuffer.allocate(8).putLong(System.nanoTime()).array()); static int counter = 0; - static public String genGUI() { + public String genGUID() { return System.currentTimeMillis() + "_" + secureRandom.nextInt(1000) + "_" + counter++; } - public static long genLong() { + public long genLong() { return secureRandom.nextLong(); } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java b/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java new file mode 100644 index 0000000..ebe20b2 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerValidatorFactory.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.common; + +import org.apache.ranger.plugin.model.validation.RangerPolicyValidator; +import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; +import org.apache.ranger.plugin.model.validation.RangerServiceValidator; +import org.apache.ranger.plugin.store.ServiceStore; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Service; + +@Service +@Scope("singleton") +public class RangerValidatorFactory { + public RangerServiceValidator getServiceValidator(ServiceStore store) { + return new RangerServiceValidator(store); + } + + public RangerPolicyValidator getPolicyValidator(ServiceStore store) { + return new RangerPolicyValidator(store); + } + + public RangerServiceDefValidator getServiceDefValidator(ServiceStore store) { + return new RangerServiceDefValidator(store); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index 3c48e4c..cd54fd6 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -54,9 +54,9 @@ import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermObj; import org.apache.ranger.view.VXPolicy; import org.apache.ranger.view.VXPolicyList; +import org.apache.ranger.view.VXRepository; import org.apache.ranger.view.VXRepositoryList; import org.apache.ranger.view.VXResource; -import org.apache.ranger.view.VXRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -288,6 +288,7 @@ public class ServiceUtil { ret.setAssetType(toAssetType(service.getType())); ret.setPolicyName(policy.getName()); ret.setDescription(policy.getDescription()); + ret.setGuid(policy.getGuid()); ret.setResourceStatus(policy.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED); List<VXAuditMap> auditList = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index 0fc0094..bc2c988 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -48,12 +48,11 @@ import org.apache.ranger.common.RangerSearchUtil; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.ServiceUtil; import org.apache.ranger.common.StringUtil; +import org.apache.ranger.common.annotation.RangerAnnotationClassName; +import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.util.GrantRevokeRequest; -import org.apache.ranger.common.annotation.RangerAnnotationClassName; -import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; -import org.apache.ranger.service.AbstractBaseResourceService; import org.apache.ranger.service.XAccessAuditService; import org.apache.ranger.service.XAgentService; import org.apache.ranger.service.XAssetService; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 4ffbabd..ad04a26 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -49,10 +49,12 @@ import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.biz.ServiceMgr; import org.apache.ranger.biz.XUserMgr; +import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerConfigUtil; import org.apache.ranger.common.RangerSearchUtil; +import org.apache.ranger.common.RangerValidatorFactory; import org.apache.ranger.common.ServiceUtil; import org.apache.ranger.entity.XXPolicyExportAudit; import org.apache.ranger.plugin.model.RangerPolicy; @@ -61,11 +63,9 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.validation.RangerPolicyValidator; import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; import org.apache.ranger.plugin.model.validation.RangerServiceValidator; import org.apache.ranger.plugin.model.validation.RangerValidator.Action; -import org.apache.ranger.plugin.model.validation.RangerValidatorFactory; import org.apache.ranger.plugin.policyengine.RangerAccessResource; import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl; import org.apache.ranger.plugin.policyengine.RangerPolicyEngine; @@ -134,9 +134,11 @@ public class ServiceREST { @Autowired RangerBizUtil bizUtil; - // this indirection for validation via a factory exists only for testability - // TODO move the instantiation to DI framework? - RangerValidatorFactory validatorFactory = new RangerValidatorFactory(); + @Autowired + GUIDUtil guidUtil; + + @Autowired + RangerValidatorFactory validatorFactory; public ServiceREST() { } @@ -864,6 +866,23 @@ public class ServiceREST { RangerPolicy ret = null; try { + // this needs to happen before validator is called + // set name of policy if unspecified + if (StringUtils.isBlank(policy.getName())) { // use of isBlank over isEmpty is deliberate as a blank string does not strike us as a particularly useful policy name! + String guid = policy.getGuid(); + if (StringUtils.isBlank(guid)) { // use of isBlank is deliberate. External parties could send the guid in, perhaps to sync between dev/test/prod instances? + guid = guidUtil.genGUID(); + policy.setGuid(guid); + if (LOG.isDebugEnabled()) { + LOG.debug("No GUID supplied on the policy! Ok, setting GUID to [" + guid + "]."); + } + } + String name = policy.getService() + "-" + guid; + policy.setName(name); + if (LOG.isDebugEnabled()) { + LOG.debug("Policy did not have its name set! Ok, setting name to [" + name + "]"); + } + } // RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore); // validator.validate(policy, Action.CREATE, bizUtil.isAdmin()); @@ -1400,7 +1419,7 @@ public class ServiceREST { } } - private void ensureAdminAccess(String serviceName, Map<String, RangerPolicyResource> resources) { + void ensureAdminAccess(String serviceName, Map<String, RangerPolicyResource> resources) { boolean isAdmin = bizUtil.isAdmin(); if(!isAdmin) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index ad8c95e..52ea841 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -64,8 +64,11 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { HTTPUtil httpUtil; @Autowired - XUserMgr xUserMgr; + XUserMgr xUserMgr; + @Autowired + GUIDUtil guidUtil; + String testIP = null; public RangerSecurityContextFormationFilter() { @@ -113,7 +116,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { requestContext.setUserAgent(userAgent); requestContext.setDeviceType(httpUtil .getDeviceType(httpRequest)); - requestContext.setServerRequestId(GUIDUtil.genGUI()); + requestContext.setServerRequestId(guidUtil.genGUID()); requestContext.setRequestURL(httpRequest.getRequestURI()); requestContext.setClientTimeOffsetInMinute(clientTimeOffset); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java index 319ca29..9584c3d 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java @@ -50,10 +50,14 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.view.RangerPolicyList; +import org.springframework.beans.factory.annotation.Autowired; public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends RangerPolicy> extends RangerBaseModelService<T, V> { + @Autowired + GUIDUtil guidUtil; + public RangerPolicyServiceBase() { super(); searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE, "xSvcDef.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL, @@ -89,7 +93,7 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends @Override @SuppressWarnings("unchecked") protected XXPolicyBase mapViewToEntityBean(RangerPolicy vObj, XXPolicyBase xObj, int OPERATION_CONTEXT) { - String guid = (StringUtils.isEmpty(vObj.getGuid())) ? GUIDUtil.genGUI() : vObj.getGuid(); + String guid = (StringUtils.isEmpty(vObj.getGuid())) ? guidUtil.genGUID() : vObj.getGuid(); xObj.setGuid(guid); xObj.setVersion(vObj.getVersion()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java index 3cdd1e7..d3f0d7b 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java @@ -60,11 +60,14 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte @Autowired JSONUtil jsonUtil; + @Autowired + GUIDUtil guidUtil; + @SuppressWarnings("unchecked") @Override protected XXServiceDef mapViewToEntityBean(RangerServiceDef vObj, XXServiceDef xObj, int operationContext) { - String guid = (StringUtils.isEmpty(vObj.getGuid())) ? GUIDUtil.genGUI() : vObj.getGuid(); + String guid = (StringUtils.isEmpty(vObj.getGuid())) ? guidUtil.genGUID() : vObj.getGuid(); xObj.setGuid(guid); xObj.setVersion(vObj.getVersion()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java index 5505a88..6883d98 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java @@ -24,9 +24,9 @@ import org.apache.commons.lang.StringUtils; import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.SearchField; -import org.apache.ranger.common.SortField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; +import org.apache.ranger.common.SortField; import org.apache.ranger.common.SortField.SORT_ORDER; import org.apache.ranger.entity.XXService; import org.apache.ranger.entity.XXServiceBase; @@ -34,9 +34,13 @@ import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.view.RangerServiceList; +import org.springframework.beans.factory.annotation.Autowired; public abstract class RangerServiceServiceBase<T extends XXServiceBase, V extends RangerService> extends RangerBaseModelService<T, V> { + @Autowired + GUIDUtil guidUtil; + public RangerServiceServiceBase() { super(); @@ -57,7 +61,7 @@ public abstract class RangerServiceServiceBase<T extends XXServiceBase, V extend @Override @SuppressWarnings("unchecked") protected XXServiceBase mapViewToEntityBean(RangerService vObj, XXServiceBase xObj, int OPERATION_CONTEXT) { - String guid = (StringUtils.isEmpty(vObj.getGuid())) ? GUIDUtil.genGUI() : vObj.getGuid(); + String guid = (StringUtils.isEmpty(vObj.getGuid())) ? guidUtil.genGUID() : vObj.getGuid(); xObj.setGuid(guid); xObj.setVersion(vObj.getVersion()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/main/java/org/apache/ranger/view/VXResource.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXResource.java b/security-admin/src/main/java/org/apache/ranger/view/VXResource.java index 23d3e4a..334c3c4 100644 --- a/security-admin/src/main/java/org/apache/ranger/view/VXResource.java +++ b/security-admin/src/main/java/org/apache/ranger/view/VXResource.java @@ -146,6 +146,11 @@ public class VXResource extends VXDataObject implements java.io.Serializable { protected String services; /** + * guid + */ + protected String guid; + + /** * Default constructor. This will set all the attributes to default value. */ public VXResource ( ) { @@ -583,6 +588,25 @@ public class VXResource extends VXDataObject implements java.io.Serializable { } /** + * Returns the value for the member attribute <b>guid</b> + * + * @return String - value of member attribute <b>guid</b>. + */ + public String getGuid() { + return guid; + } + + /** + * This method sets the value to the member attribute <b>guid</b>. You + * cannot set null to the attribute. + * + * @param guid - Value to set member attribute <b>guid</b> + */ + public void setGuid(String guid) { + this.guid = guid; + } + + /** * This return the bean content in string format * @return formatedStr */ @@ -590,6 +614,7 @@ public class VXResource extends VXDataObject implements java.io.Serializable { String str = "VXResource={"; str += super.toString(); str += "name={" + name + "} "; + str += "guid={" + guid + "} "; str += "policyName={" + policyName + "} "; str += "description={" + description + "} "; str += "resourceType={" + resourceType + "} "; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index 102c006..c043389 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -35,6 +35,7 @@ import org.apache.ranger.biz.XUserMgr; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerSearchUtil; +import org.apache.ranger.common.RangerValidatorFactory; import org.apache.ranger.common.ServiceUtil; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; @@ -56,7 +57,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.model.validation.RangerPolicyValidator; import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; import org.apache.ranger.plugin.model.validation.RangerServiceValidator; -import org.apache.ranger.plugin.model.validation.RangerValidatorFactory; import org.apache.ranger.plugin.service.ResourceLookupContext; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.SearchFilter; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java index bcf587a..c81f2e9 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java @@ -23,11 +23,7 @@ import static org.junit.Assert.fail; import static org.mockito.Matchers.anyBoolean; import static org.mockito.Matchers.anyInt; import static org.mockito.Matchers.anyString; -import static org.mockito.Mockito.doThrow; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.never; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; +import static org.mockito.Mockito.*; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.WebApplicationException; @@ -36,7 +32,9 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.biz.ServiceDBStore; +import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerValidatorFactory; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; @@ -44,13 +42,11 @@ import org.apache.ranger.plugin.model.validation.RangerPolicyValidator; import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; import org.apache.ranger.plugin.model.validation.RangerServiceValidator; import org.apache.ranger.plugin.model.validation.RangerValidator.Action; -import org.apache.ranger.plugin.model.validation.RangerValidatorFactory; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; import org.mockito.Mockito; -@Ignore("tests to be reviewed") public class TestServiceRESTForValidation { private static final Log LOG = LogFactory.getLog(TestServiceRESTForValidation.class); @@ -79,6 +75,11 @@ public class TestServiceRESTForValidation { WebApplicationException webApplicationException = new WebApplicationException(); when(_restErrorUtil.createRESTException(anyInt(), anyString(), anyBoolean())).thenReturn(webApplicationException); _serviceRest.restErrorUtil = _restErrorUtil; + + _guidUtil = mock(GUIDUtil.class); + when(_guidUtil.genGUID()).thenReturn("a-guid"); + _serviceRest.guidUtil = _guidUtil; + // other object of use in multiple tests _service = mock(RangerService.class); _policy = mock(RangerPolicy.class); @@ -204,6 +205,7 @@ public class TestServiceRESTForValidation { } } + @Ignore("Disabled pending with hive policy creation-failure") @Test public void testPolicy_happyPath() { setupBizUtils(); @@ -212,9 +214,6 @@ public class TestServiceRESTForValidation { _serviceRest.updatePolicy(_policy); verify(_policyValidator).validate(_policy, Action.UPDATE, true); - _serviceRest.deletePolicy(3L); - verify(_policyValidator).validate(3L, Action.DELETE); - _serviceRest.createPolicy(_policy); verify(_policyValidator).validate(_policy, Action.CREATE, true); } catch (Exception e) { @@ -223,6 +222,23 @@ public class TestServiceRESTForValidation { } } + @Ignore("Disabled pending with hive policy creation-failure") + @Test + public void testPolicy_happyPath_deletion() { + setupBizUtils(); + + try { + long id = 3; + ServiceREST spy = setupForDelete(id); + spy.deletePolicy(id); + verify(_policyValidator).validate(id, Action.DELETE); + } catch (Exception e) { + LOG.debug(e); + fail("unexpected exception"); + } + } + + @Ignore("Disabled pending with hive policy creation-failure") @Test public void testPolicy_validatorFailure() throws Exception { @@ -266,6 +282,7 @@ public class TestServiceRESTForValidation { } } + @Ignore("Disabled pending with hive policy creation-failure") @Test public void testPolicy_storeFailure() throws Exception { @@ -295,14 +312,24 @@ public class TestServiceRESTForValidation { LOG.debug(t); fail("Unexpected exception!"); } + } + + @Ignore("Disabled pending with hive policy creation-failure") + @Test + public void testPolicy_storeFailure_forDelete() throws Exception { + + // let's have bizutils return true for now + setupBizUtils(); - doThrow(_exception).when(_store).deletePolicy(5L); + Long id = 5L; + ServiceREST spy = setupForDelete(id); + doThrow(_exception).when(_store).deletePolicy(id); try { - _serviceRest.deletePolicy(5L); + spy.deletePolicy(id); fail("Should have thrown exception!"); } catch (WebApplicationException e) { - verify(_policyValidator).validate(5L, Action.DELETE); - verify(_store).deletePolicy(5L); + verify(_policyValidator).validate(id, Action.DELETE); + verify(_store).deletePolicy(id); } catch (Throwable t) { LOG.debug(t); fail("Unexpected exception!"); @@ -400,14 +427,14 @@ public class TestServiceRESTForValidation { fail("Unexpected exception!"); } - doThrow(_exception).when(_store).deleteServiceDef(5L); + doThrow(_exception).when(_store).deleteServiceDef(5L, false); try { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); _serviceRest.deleteServiceDef(5L, request); fail("Should have thrown exception!"); } catch (WebApplicationException e) { verify(_serviceDefValidator).validate(5L, Action.DELETE); - verify(_store).deleteServiceDef(5L); + verify(_store).deleteServiceDef(5L, false); } catch (Throwable t) { LOG.debug(t); fail("Unexpected exception!"); @@ -418,6 +445,16 @@ public class TestServiceRESTForValidation { when(_bizUtils.isAdmin()).thenReturn(true); } + @SuppressWarnings("unchecked") + ServiceREST setupForDelete(long id) throws Exception { + // deletion now asserts admin privileges. Ensure that it will find the policy from the store + when(_store.getPolicy(id)).thenReturn(_policy); + // now we have to ensure that real admin check never gets called -- we are not interested in its working + ServiceREST spy = spy(_serviceRest); + doNothing().when(spy).ensureAdminAccess(anyString(), anyMap()); + return spy; + } + private RangerValidatorFactory _factory; private RangerServiceValidator _serviceValidator; private RangerPolicyValidator _policyValidator; @@ -432,4 +469,5 @@ public class TestServiceRESTForValidation { private RangerService _service; private RangerPolicy _policy; private RangerServiceDef _serviceDef; + private GUIDUtil _guidUtil; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35c490d6/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java index db3d044..72f5597 100644 --- a/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java +++ b/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefServiceBase.java @@ -22,8 +22,10 @@ import java.util.List; import javax.persistence.EntityManager; import javax.ws.rs.WebApplicationException; + import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerSearchUtil; @@ -93,6 +95,9 @@ public class TestRangerServiceDefServiceBase { @Mock RangerSearchUtil searchUtil; + + @Mock + GUIDUtil guidUtil; @Rule public ExpectedException thrown = ExpectedException.none();
