Repository: incubator-ranger Updated Branches: refs/heads/tag-policy f360a3ba3 -> c6133b7e7
RANGER-274: Update policyVersion only if tag_service is changed in updateService(). Added validation checks for tag_service attribute Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c6133b7e Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c6133b7e Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c6133b7e Branch: refs/heads/tag-policy Commit: c6133b7e70b6bee237d4f339156538d783af61a1 Parents: f360a3b Author: Abhay Kulkarni <[email protected]> Authored: Fri Jun 5 23:33:03 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Jun 8 11:37:35 2015 -0700 ---------------------------------------------------------------------- .../validation/RangerServiceValidator.java | 113 +++++++++++++------ .../org/apache/ranger/biz/ServiceDBStore.java | 31 ++++- 2 files changed, 107 insertions(+), 37 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c6133b7e/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java index 659249e..5518e9f 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java @@ -28,6 +28,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.store.ServiceStore; import com.google.common.collect.Sets; @@ -112,20 +113,20 @@ public class RangerServiceValidator extends RangerValidator { Long id = service.getId(); if (action == Action.UPDATE) { // id is ignored for CREATE if (id == null) { - String message = "service id was null/empty/blank"; + String message = "service id was null/empty/blank"; LOG.debug(message); failures.add(new ValidationFailureDetailsBuilder() - .field("id") - .isMissing() - .becauseOf(message) - .build()); + .field("id") + .isMissing() + .becauseOf(message) + .build()); valid = false; } else if (getService(id) == null) { failures.add(new ValidationFailureDetailsBuilder() - .field("id") - .isSemanticallyIncorrect() - .becauseOf("no service exists with id[" + id +"]") - .build()); + .field("id") + .isSemanticallyIncorrect() + .becauseOf("no service exists with id[" + id + "]") + .build()); valid = false; } } @@ -133,29 +134,29 @@ public class RangerServiceValidator extends RangerValidator { boolean nameSpecified = StringUtils.isNotBlank(name); RangerServiceDef serviceDef = null; if (!nameSpecified) { - String message = "service name[" + name + "] was null/empty/blank"; + String message = "service name[" + name + "] was null/empty/blank"; LOG.debug(message); failures.add(new ValidationFailureDetailsBuilder() - .field("name") - .isMissing() - .becauseOf(message) - .build()); + .field("name") + .isMissing() + .becauseOf(message) + .build()); valid = false; } else { RangerService otherService = getService(name); if (otherService != null && action == Action.CREATE) { failures.add(new ValidationFailureDetailsBuilder() - .field("name") - .isSemanticallyIncorrect() - .becauseOf("service with the name[" + name + "] already exists") - .build()); + .field("name") + .isSemanticallyIncorrect() + .becauseOf("service with the name[" + name + "] already exists") + .build()); valid = false; - } else if (otherService != null && otherService.getId() !=null && otherService.getId() != id) { + } else if (otherService != null && otherService.getId() != null && otherService.getId() != id) { failures.add(new ValidationFailureDetailsBuilder() - .field("id/name") - .isSemanticallyIncorrect() - .becauseOf("id/name conflict: another service already exists with name[" + name + "], its id is [" + otherService.getId() + "]") - .build()); + .field("id/name") + .isSemanticallyIncorrect() + .becauseOf("id/name conflict: another service already exists with name[" + name + "], its id is [" + otherService.getId() + "]") + .build()); valid = false; } } @@ -163,19 +164,19 @@ public class RangerServiceValidator extends RangerValidator { boolean typeSpecified = StringUtils.isNotBlank(type); if (!typeSpecified) { failures.add(new ValidationFailureDetailsBuilder() - .field("type") - .isMissing() - .becauseOf("service def [" + type + "] was null/empty/blank") - .build()); + .field("type") + .isMissing() + .becauseOf("service def [" + type + "] was null/empty/blank") + .build()); valid = false; } else { serviceDef = getServiceDef(type); if (serviceDef == null) { failures.add(new ValidationFailureDetailsBuilder() - .field("type") - .isSemanticallyIncorrect() - .becauseOf("service def named[" + type + "] not found") - .build()); + .field("type") + .isSemanticallyIncorrect() + .becauseOf("service def named[" + type + "] not found") + .build()); valid = false; } } @@ -186,16 +187,56 @@ public class RangerServiceValidator extends RangerValidator { Set<String> missingParameters = Sets.difference(reqiredParameters, inputParameters); if (!missingParameters.isEmpty()) { failures.add(new ValidationFailureDetailsBuilder() - .field("configuration") - .subField(missingParameters.iterator().next()) // we return any one parameter! - .isMissing() - .becauseOf("required configuration parameter is missing; missing parameters: " + missingParameters) + .field("configuration") + .subField(missingParameters.iterator().next()) // we return any one parameter! + .isMissing() + .becauseOf("required configuration parameter is missing; missing parameters: " + missingParameters) + .build()); + valid = false; + } + } + + String tagServiceName = service.getTagService(); + + if (StringUtils.isNotBlank(tagServiceName) && StringUtils.equals(type, EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { + failures.add(new ValidationFailureDetailsBuilder() + .field("tag_service") + .isSemanticallyIncorrect() + .becauseOf("tag service cannot be part of any other service") .build()); + valid = false; + } + + boolean needToEnsureServiceType = false; + + if (action == Action.UPDATE) { + RangerService otherService = getService(name); + String otherTagServiceName = otherService == null ? null : otherService.getTagService(); + + if (StringUtils.isNotBlank(tagServiceName)) { + if (!StringUtils.equals(tagServiceName, otherTagServiceName)) { + needToEnsureServiceType = true; + } + } + } else { // action == Action.CREATE + if (StringUtils.isNotBlank(tagServiceName)) { + needToEnsureServiceType = true; + } + } + + if (needToEnsureServiceType) { + RangerService maybeTagService = getService(tagServiceName); + if (maybeTagService == null || !StringUtils.equals(maybeTagService.getType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { + failures.add(new ValidationFailureDetailsBuilder() + .field("tag_service") + .isSemanticallyIncorrect() + .becauseOf("tag service name does not refer to existing tag service:" + tagServiceName) + .build()); valid = false; } } } - + if(LOG.isDebugEnabled()) { LOG.debug("<== RangerServiceValidator.isValid(" + service + "): " + valid); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c6133b7e/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index a3fa5a5..7cd1f77 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1134,7 +1134,36 @@ public class ServiceDBStore extends AbstractServiceStore { service.setVersion(version); - service.setPolicyVersion(getNextVersion(service.getPolicyVersion())); + boolean hasTagServiceValueChanged = false; + Long existingTagServiceValue = existing.getTagService(); + String newTagServiceName = service.getTagService(); + Long newTagServiceValue = null; + + if (StringUtils.isNotBlank(newTagServiceName)) { + RangerService tmp = getServiceByName(newTagServiceName); + + if (tmp == null || !tmp.getType().equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { + if (LOG.isDebugEnabled()) { + LOG.debug("ServiceDBStore.updateService() - " + newTagServiceName + " does not refer to a valid tag service.(" + service + ")"); + } + throw restErrorUtil.createRESTException("Invalid tag service name " + newTagServiceName, MessageEnums.ERROR_CREATING_OBJECT); + + } else { + newTagServiceValue = tmp.getId(); + } + } + + if (existingTagServiceValue == null) { + if (newTagServiceValue != null) { + hasTagServiceValueChanged = true; + } + } else if (!existingTagServiceValue.equals(newTagServiceValue)) { + hasTagServiceValueChanged = true; + } + + if (hasTagServiceValueChanged) { + service.setPolicyVersion(getNextVersion(service.getPolicyVersion())); + } if(populateExistingBaseFields) { svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
