RANGER-512: fixed policy create/update to fail when non-existing user or group is specified
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/fb6e94f1 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/fb6e94f1 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/fb6e94f1 Branch: refs/heads/tag-policy Commit: fb6e94f13e674988d7d237211f29a24a80fdc3d4 Parents: d79401b Author: Madhan Neethiraj <[email protected]> Authored: Thu May 28 14:28:13 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Thu May 28 20:27:57 2015 -0700 ---------------------------------------------------------------------- .../org/apache/ranger/biz/ServiceDBStore.java | 25 ++++++-------------- 1 file changed, 7 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb6e94f1/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 2c9ceff..b259be6 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1758,7 +1758,7 @@ public class ServiceDBStore implements ServiceStore { serviceDao.update(serviceDbObj); } - private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef) { + private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef) throws Exception { for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { RangerPolicyItem policyItem = policyItems.get(itemOrder); @@ -1778,9 +1778,7 @@ public class ServiceDBStore implements ServiceStore { .findByNameAndServiceId(access.getType(), xPolicy.getService()); if (xAccTypeDef == null) { - LOG.info("One of given accessType is not valid for this policy. access: " - + access.getType() + ", Ignoring this access"); - continue; + throw new Exception(access.getType() + ": is not a valid access-type. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); } XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess(); @@ -1799,9 +1797,7 @@ public class ServiceDBStore implements ServiceStore { XXUser xUser = daoMgr.getXXUser().findByUserName(user); if(xUser == null) { - LOG.info("User does not exists with username: " - + user + ", Ignoring permissions given to this user for policy"); - continue; + throw new Exception(user + ": user does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); } XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm(); xUserPerm = (XXPolicyItemUserPerm) rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem); @@ -1817,9 +1813,7 @@ public class ServiceDBStore implements ServiceStore { XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group); if(xGrp == null) { - LOG.info("Group does not exists with groupName: " - + group + ", Ignoring permissions given to this group for policy"); - continue; + throw new Exception(group + ": group does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); } XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm(); xGrpPerm = (XXPolicyItemGroupPerm) rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem); @@ -1836,10 +1830,7 @@ public class ServiceDBStore implements ServiceStore { xServiceDef.getId(), condition.getType()); if(xPolCond == null) { - LOG.info("PolicyCondition is not valid, condition: " - + condition.getType() - + ", Ignoring creation of this policy condition"); - continue; + throw new Exception(condition.getType() + ": is not a valid condition-type. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); } for(int i = 0; i < condition.getValues().size(); i++) { @@ -1856,7 +1847,7 @@ public class ServiceDBStore implements ServiceStore { } } - private void createNewResourcesForPolicy(RangerPolicy policy, XXPolicy xPolicy, Map<String, RangerPolicyResource> resources) { + private void createNewResourcesForPolicy(RangerPolicy policy, XXPolicy xPolicy, Map<String, RangerPolicyResource> resources) throws Exception { for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) { RangerPolicyResource policyRes = resource.getValue(); @@ -1864,9 +1855,7 @@ public class ServiceDBStore implements ServiceStore { XXResourceDef xResDef = daoMgr.getXXResourceDef() .findByNameAndPolicyId(resource.getKey(), policy.getId()); if (xResDef == null) { - LOG.info("No Such Resource found, resourceName : " - + resource.getKey() + ", Ignoring this resource."); - continue; + throw new Exception(resource.getKey() + ": is not a valid resource-type. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); } XXPolicyResource xPolRes = new XXPolicyResource();
