RANGER-594 User friendly error messages for policy validation error failures and unify error processing for all 3 types validations
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/cabac2cd Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/cabac2cd Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/cabac2cd Branch: refs/heads/HDP-2.3.2-groupid Commit: cabac2cd65e5ecc86cb57eb570d0b37d2c523713 Parents: 153e7a0 Author: Alok Lal <[email protected]> Authored: Tue Aug 4 10:38:44 2015 -0700 Committer: Alok Lal <[email protected]> Committed: Wed Sep 2 13:09:42 2015 -0700 ---------------------------------------------------------------------- .../plugin/errors/ValidationErrorCode.java | 25 ++ .../model/validation/RangerPolicyValidator.java | 361 +++++++------------ .../validation/RangerServiceDefValidator.java | 67 ++-- .../validation/RangerServiceValidator.java | 45 +-- .../validation/ValidationFailureDetails.java | 21 +- .../ValidationFailureDetailsBuilder.java | 2 +- .../TestValidationFailureDetails.java | 55 --- 7 files changed, 185 insertions(+), 391 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cabac2cd/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java index c40efc9..b458394 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java @@ -60,6 +60,31 @@ public enum ValidationErrorCode { SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NO_VALUES(2018, "enum [{0}] does not have any elements"), SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX(2019, "default index[{0}] for enum [{1}] is invalid"), SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT(2020, "An enum element in enum element collection of enum [{0}] is null"), + + // POLICY VALIDATION + POLICY_VALIDATION_ERR_UNSUPPORTED_ACTION(3001, "Internal error: method signature isValid(Long) is only supported for DELETE"), + POLICY_VALIDATION_ERR_MISSING_FIELD(3002, "Internal error: missing field[{0}]"), + POLICY_VALIDATION_ERR_NULL_POLICY_OBJECT(3003, "Internal error: policy object passed in was null"), + POLICY_VALIDATION_ERR_INVALID_POLICY_ID(3004, "Invalid policy id provided for update: no policy found for id[{0}]"), + POLICY_VALIDATION_ERR_POLICY_NAME_MULTIPLE_POLICIES_WITH_SAME_NAME(3005, "Internal error: multiple policies found with the name[{0}]"), + POLICY_VALIDATION_ERR_POLICY_NAME_CONFLICT(3006, "id/name conflict: another policy already exists with name[{0}] for service[{1}, its id is[{2}]"), + POLICY_VALIDATION_ERR_INVALID_SERVICE_NAME(3007, "no service found with name[{0}]"), + POLICY_VALIDATION_ERR_MISSING_POLICY_ITEMS(3008, "at least one policy item must be specified if audit isn't enabled"), + POLICY_VALIDATION_ERR_MISSING_SERVICE_DEF(3009, "Internal error: Service def[{0}] of policy's service[{1}] does not exist!"), + POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE(3010, "another policy[{0}] with matching resources[{1}] exists for service[{2}]!"), + POLICY_VALIDATION_ERR_INVALID_RESOURCE_NO_COMPATIBLE_HIERARCHY(3011, "policy resources [{0}] are not compatible with any resource hierarchy for service def[{1}]! Valid hierarchies are: {2}"), + POLICY_VALIDATION_ERR_INVALID_RESOURCE_MISSING_MANDATORY(3012, "policy is missing required resources. Mandatory resources of potential hierarchies are: {0}"), + POLICY_VALIDATION_ERR_NULL_RESOURCE_DEF(3013, "Internal error: a resource-def on resource def collection of service-def[{0}] was null"), + POLICY_VALIDATION_ERR_MISSING_RESOURCE_DEF_NAME(3014, "Internal error: name of a resource-def on resource def collection of service-def[{0}] was null"), + POLICY_VALIDATION_ERR_EXCLUDES_NOT_SUPPORTED(3015, "isExcludes specified as [{0}] for resource [{1}] which doesn't support isExcludes"), + POLICY_VALIDATION_ERR_EXCLUDES_REQUIRES_ADMIN(3016, "isExcludes specified as [{0}] for resource [{1}]. Insufficient permissions to create excludes policy."), + POLICY_VALIDATION_ERR_RECURSIVE_NOT_SUPPORTED(3017, "isRecursive specified as [{0}] for resource [{1}] which doesn't support isRecursive"), + POLICY_VALIDATION_ERR_INVALID_RESOURCE_VALUE_REGEX(3018, "Value[{0}] of resource[{1}] does not conform to the validation regex[{2}] defined on the service-def[{3}]"), + POLICY_VALIDATION_ERR_NULL_POLICY_ITEM(3019, "policy items object was null"), + POLICY_VALIDATION_ERR_MISSING_USER_AND_GROUPS(3020, "both users and user-groups collections on the policy item were null/empty"), + POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS(3021, "policy items access object was null"), + POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID(3022, "access type[{0}] not among valid types for service[{1}]"), + POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_DENY(3023, "access type is set to deny. Currently deny access types are not supported."), ; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cabac2cd/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java index 8817049..da817c6 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java @@ -25,6 +25,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.errors.ValidationErrorCode; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; @@ -71,19 +72,22 @@ public class RangerPolicyValidator extends RangerValidator { boolean valid = true; if (action != Action.DELETE) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_UNSUPPORTED_ACTION; + failures.add(new ValidationFailureDetailsBuilder() .isAnInternalError() - .becauseOf("method signature isValid(Long) is only supported for DELETE") - .errorCode(ErrorCode.InternalError_InvalidMethodInvocation) + .becauseOf(error.getMessage()) + .errorCode(error.getErrorCode()) .build()); valid = false; } else if (id == null) { - failures.add(new RangerPolicyValidationErrorBuilder() - .becauseOf("policy id was null/missing") - .field("id") - .isMissing() - .errorCode(ErrorCode.Missing_PolicyId_Delete) - .build()); + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD; + failures.add(new ValidationFailureDetailsBuilder() + .becauseOf("policy id was null/missing") + .field("id") + .isMissing() + .errorCode(error.getErrorCode()) + .becauseOf(error.getMessage("id")) + .build()); valid = false; } else if (getPolicy(id) == null) { if (LOG.isDebugEnabled()) { @@ -107,34 +111,33 @@ public class RangerPolicyValidator extends RangerValidator { } boolean valid = true; if (policy == null) { - String message = "policy object passed in was null"; - LOG.debug(message); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_OBJECT; + failures.add(new ValidationFailureDetailsBuilder() .field("policy") .isMissing() - .becauseOf(message) - .errorCode(ErrorCode.Missing_PolicyObject) + .becauseOf(error.getMessage()) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { Long id = policy.getId(); if (action == Action.UPDATE) { // id is ignored for CREATE if (id == null) { - String message = "policy id was null/empty/blank"; - LOG.debug(message); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD; + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isMissing() - .becauseOf(message) - .errorCode(ErrorCode.Missing_PolicyId_Update) + .becauseOf(error.getMessage("id")) + .errorCode(error.getErrorCode()) .build()); valid = false; } else if (getPolicy(id) == null) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_POLICY_ID; + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isSemanticallyIncorrect() - .becauseOf("Invalid policy id provided for update: no policy found for id[" + id + "]") - .errorCode(ErrorCode.Invalid_PolicyId) + .becauseOf(error.getMessage(id)) + .errorCode(error.getErrorCode()) .build()); valid = false; } @@ -142,40 +145,42 @@ public class RangerPolicyValidator extends RangerValidator { String policyName = policy.getName(); String serviceName = policy.getService(); if (StringUtils.isBlank(policyName)) { - String message = "policy name was null/empty/blank[" + policyName + "]"; - LOG.debug(message); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD; + failures.add(new ValidationFailureDetailsBuilder() .field("name") .isMissing() - .becauseOf(message) - .errorCode(ErrorCode.Missing_PolicyName) + .becauseOf(error.getMessage("name")) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { List<RangerPolicy> policies = getPolicies(serviceName, policyName); if (CollectionUtils.isNotEmpty(policies)) { if (policies.size() > 1) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_NAME_MULTIPLE_POLICIES_WITH_SAME_NAME; + failures.add(new ValidationFailureDetailsBuilder() .field("name") .isAnInternalError() - .becauseOf("multiple policies found with the name[" + policyName + "]") - .errorCode(ErrorCode.InternalError_Data_MultiplePoliciesSameName) + .becauseOf(error.getMessage(policyName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } else if (action == Action.CREATE) { // size == 1 - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_NAME_CONFLICT; + failures.add(new ValidationFailureDetailsBuilder() .field("policy name") .isSemanticallyIncorrect() - .becauseOf("A policy already exists with name[" + policyName + "] for service[" + serviceName + "]; its id is[" + policies.iterator().next().getId() + "]") - .errorCode(ErrorCode.Duplicate_PolicyName_Create) + .becauseOf(error.getMessage(policyName, serviceName, policies.iterator().next().getId())) + .errorCode(error.getErrorCode()) .build()); valid = false; } else if (!policies.iterator().next().getId().equals(id)) { // size == 1 && action == UPDATE - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_NAME_CONFLICT; + failures.add(new ValidationFailureDetailsBuilder() .field("id/name") .isSemanticallyIncorrect() - .errorCode(ErrorCode.Duplicate_PolicyName_Update) - .becauseOf("id/name conflict: another policy already exists with name[" + policyName + "], its id is[" + policies.iterator().next().getId() + "]") + .becauseOf(error.getMessage(policyName, serviceName, policies.iterator().next().getId())) + .errorCode(error.getErrorCode()) .build()); valid = false; } @@ -184,21 +189,23 @@ public class RangerPolicyValidator extends RangerValidator { RangerService service = null; boolean serviceNameValid = false; if (StringUtils.isBlank(serviceName)) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD; + failures.add(new ValidationFailureDetailsBuilder() .field("service name") .isMissing() - .errorCode(ErrorCode.Missing_ServiceName) - .becauseOf("service name was null/empty/blank") + .becauseOf(error.getMessage("service name")) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { service = getService(serviceName); if (service == null) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_SERVICE_NAME; + failures.add(new ValidationFailureDetailsBuilder() .field("service name") .isSemanticallyIncorrect() - .becauseOf("no service found with name[" + serviceName + "]") - .errorCode(ErrorCode.Invalid_ServiceName) + .becauseOf(error.getMessage(serviceName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -210,24 +217,24 @@ public class RangerPolicyValidator extends RangerValidator { RangerServiceDef serviceDef = null; String serviceDefName = null; if (CollectionUtils.isEmpty(policyItems) && !isAuditEnabled) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_POLICY_ITEMS; + failures.add(new ValidationFailureDetailsBuilder() .field("policy items") .isMissing() - .becauseOf("at least one policy item must be specified if audit isn't enabled") - .errorCode(ErrorCode.Missing_PolicyItems) + .becauseOf(error.getMessage()) + .errorCode(error.getErrorCode()) .build()); valid = false; } else if (service != null) { serviceDefName = service.getType(); serviceDef = getServiceDef(serviceDefName); if (serviceDef == null) { - String message = String.format("Service def[%s] of policy's service[%s] does not exist!", serviceDefName, serviceName); - LOG.debug(message); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_SERVICE_DEF; + failures.add(new ValidationFailureDetailsBuilder() .field("policy service def") .isAnInternalError() - .becauseOf(message) - .errorCode(ErrorCode.InternalError_Data_MissingServiceDef) + .becauseOf(error.getMessage(serviceDefName, serviceName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -283,17 +290,16 @@ public class RangerPolicyValidator extends RangerValidator { String signature = policySignature.getSignature(); List<RangerPolicy> policies = getPoliciesForResourceSignature(policy.getService(), signature); if (CollectionUtils.isNotEmpty(policies)) { + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE; RangerPolicy matchedPolicy = policies.iterator().next(); // there shouldn't be a matching policy for create. During update only match should be to itself if (action == Action.CREATE || (action == Action.UPDATE && (policies.size() > 1 || !matchedPolicy.getId().equals(policy.getId())))) { - String message = String.format("another policy[%s] with matching resources[%s] exists for service[%s]!", - matchedPolicy.getName(), matchedPolicy.getResources(), policy.getService()); - failures.add(new RangerPolicyValidationErrorBuilder() - .field("resources") - .isSemanticallyIncorrect() - .becauseOf(message) - .errorCode(ErrorCode.Duplicate_PolicyResource) - .build()); + failures.add(new ValidationFailureDetailsBuilder() + .field("resources") + .isSemanticallyIncorrect() + .becauseOf(error.getMessage(matchedPolicy.getName(), matchedPolicy.getResources(), policy.getService())) + .errorCode(error.getErrorCode()) + .build()); valid = false; } } @@ -327,15 +333,13 @@ public class RangerPolicyValidator extends RangerValidator { */ Set<List<RangerResourceDef>> candidateHierarchies = filterHierarchies_hierarchyHasAllPolicyResources(policyResources, hierarchies, defHelper); if (candidateHierarchies.isEmpty()) { - // let's build a helpful message for user - String message = String.format("policy resources %s are not compatible with any resource hierarchy for service def[%s]! Valid hierarchies are: %s", - policyResources.toString(), serviceDef.getName(), toStringHierarchies_all(hierarchies, defHelper)); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_RESOURCE_NO_COMPATIBLE_HIERARCHY; + failures.add(new ValidationFailureDetailsBuilder() .field("policy resources") .subField("incompatible") .isSemanticallyIncorrect() - .becauseOf(message) - .errorCode(ErrorCode.Invalid_PolicyResource_NoCompatibleHierarchy) + .becauseOf(error.getMessage(policyResources.toString(), serviceDef.getName(), toStringHierarchies_all(hierarchies, defHelper))) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -349,12 +353,13 @@ public class RangerPolicyValidator extends RangerValidator { */ Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources, candidateHierarchies, defHelper); if (validHierarchies.isEmpty()) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_RESOURCE_MISSING_MANDATORY; + failures.add(new ValidationFailureDetailsBuilder() .field("policy resources") .subField("missing mandatory") .isSemanticallyIncorrect() - .errorCode(ErrorCode.Invalid_PolicyResource_MissingMandatory) - .becauseOf("policy is missing required resources. Mandatory resources of potential hierarchies are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper)) + .becauseOf(error.getMessage(toStringHierarchies_mandatory(candidateHierarchies, defHelper))) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -457,19 +462,21 @@ public class RangerPolicyValidator extends RangerValidator { Map<String, RangerPolicyResource> policyResources = getPolicyResourceWithLowerCaseKeys(inputPolicyResources); for (RangerResourceDef resourceDef : resourceDefs) { if (resourceDef == null) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_RESOURCE_DEF; + failures.add(new ValidationFailureDetailsBuilder() .field("resource-def") .isAnInternalError() - .errorCode(ErrorCode.InternalError_Data_NullResourceDef) - .becauseOf("a resource-def on resource def collection of service-def[" + serviceDefName + "] was null") + .becauseOf(error.getMessage(serviceDefName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } else if (StringUtils.isBlank(resourceDef.getName())) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_RESOURCE_DEF_NAME; + failures.add(new ValidationFailureDetailsBuilder() .field("resource-def-name") .isAnInternalError() - .errorCode(ErrorCode.InternalError_Data_NullResourceDefName) - .becauseOf("name of a resource-def on resource def collection of service-def[" + serviceDefName + "] was null") + .becauseOf(error.getMessage(serviceDefName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -483,34 +490,37 @@ public class RangerPolicyValidator extends RangerValidator { boolean excludesSupported = Boolean.TRUE.equals(resourceDef.getExcludesSupported()); // could be null boolean policyResourceIsExcludes = Boolean.TRUE.equals(policyResource.getIsExcludes()); // could be null if (policyResourceIsExcludes && !excludesSupported) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_NOT_SUPPORTED; + failures.add(new ValidationFailureDetailsBuilder() .field("isExcludes") .subField(resourceName) .isSemanticallyIncorrect() - .errorCode(ErrorCode.Invalid_Excludes_NotSupported) - .becauseOf("isExcludes specified as [" + policyResourceIsExcludes + "] for resource [" + resourceName + "] which doesn't support isExcludes") + .becauseOf(error.getMessage(policyResourceIsExcludes, resourceName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } if (policyResourceIsExcludes && !isAdmin) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_REQUIRES_ADMIN; + failures.add(new ValidationFailureDetailsBuilder() .field("isExcludes") .subField("isAdmin") .isSemanticallyIncorrect() - .becauseOf("isExcludes specified as [" + policyResourceIsExcludes + "] for resource [" + resourceName + "]. Insufficient permissions to create excludes policy.") - .errorCode(ErrorCode.Invalid_Excludes_RequiresAdmin) + .becauseOf(error.getMessage(policyResourceIsExcludes, resourceName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } boolean recursiveSupported = Boolean.TRUE.equals(resourceDef.getRecursiveSupported()); boolean policyIsRecursive = Boolean.TRUE.equals(policyResource.getIsRecursive()); if (policyIsRecursive && !recursiveSupported) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_RECURSIVE_NOT_SUPPORTED; + failures.add(new ValidationFailureDetailsBuilder() .field("isRecursive") .subField(resourceName) .isSemanticallyIncorrect() - .becauseOf("isRecursive specified as [" + policyIsRecursive + "] for resource [" + resourceName + "] which doesn't support isRecursive") - .errorCode(ErrorCode.Invalid_Recursive_NotSupported) + .becauseOf(error.getMessage(policyIsRecursive, resourceName)) + .errorCode(error.getErrorCode()) .build()); valid = false; } @@ -541,14 +551,13 @@ public class RangerPolicyValidator extends RangerValidator { if (StringUtils.isBlank(aValue)) { LOG.debug("resource value was blank"); } else if (!aValue.matches(regEx)) { - String message = String.format("Value[%s] of resource[%s] does not conform to the validation regex[%s] defined on the service-def[%s]", aValue, name, regEx, serviceDef.getName()); - LOG.debug(message); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_RESOURCE_VALUE_REGEX; + failures.add(new ValidationFailureDetailsBuilder() .field("resource-values") .subField(name) .isSemanticallyIncorrect() - .becauseOf(message) - .errorCode(ErrorCode.Invalid_ResourceValue_RegEx) + .becauseOf(error.getMessage(aValue, name, regEx, serviceDef.getName())) + .errorCode(error.getErrorCode()) .build()); valid = false; } @@ -573,11 +582,12 @@ public class RangerPolicyValidator extends RangerValidator { } else { for (RangerPolicyItem policyItem : policyItems) { if (policyItem == null) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM; + failures.add(new ValidationFailureDetailsBuilder() .field("policy item") .isMissing() - .becauseOf("policy items object was null") - .errorCode(ErrorCode.InternalError_Data_NullPolicyItem) + .becauseOf(error.getMessage()) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -605,11 +615,12 @@ public class RangerPolicyValidator extends RangerValidator { // access items collection can't be empty (unless delegated admin is true) and should be otherwise valid if (CollectionUtils.isEmpty(policyItem.getAccesses())) { if (!Boolean.TRUE.equals(policyItem.getDelegateAdmin())) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD; + failures.add(new ValidationFailureDetailsBuilder() .field("policy item accesses") .isMissing() - .becauseOf("policy items accesses collection was null") - .errorCode(ErrorCode.Missing_PolicyItemAccesses) + .becauseOf(error.getMessage("policy item accesses")) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -620,11 +631,12 @@ public class RangerPolicyValidator extends RangerValidator { } // both users and user-groups collections can't be empty if (CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups())) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_USER_AND_GROUPS; + failures.add(new ValidationFailureDetailsBuilder() .field("policy item users/user-groups") .isMissing() - .becauseOf("both users and user-groups collections on the policy item were null/empty") - .errorCode(ErrorCode.Missing_PolicyItemUserGroup) + .becauseOf(error.getMessage()) + .errorCode(error.getErrorCode()) .build()); valid = false; } @@ -648,11 +660,12 @@ public class RangerPolicyValidator extends RangerValidator { Set<String> accessTypes = getAccessTypes(serviceDef); for (RangerPolicyItemAccess access : accesses) { if (access == null) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS; + failures.add(new ValidationFailureDetailsBuilder() .field("policy item access") .isMissing() - .becauseOf("policy items access object was null") - .errorCode(ErrorCode.InternalError_Data_NullPolicyItemAccess) + .becauseOf(error.getMessage()) + .errorCode(error.getErrorCode()) .build()); valid = false; } else { @@ -681,34 +694,33 @@ public class RangerPolicyValidator extends RangerValidator { } else { String accessType = access.getType(); if (StringUtils.isBlank(accessType)) { - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD; + failures.add(new ValidationFailureDetailsBuilder() .field("policy item access type") .isMissing() - .becauseOf("policy items access type's name was null/empty/blank") - .errorCode(ErrorCode.Missing_PolicyItemAccessType) + .becauseOf(error.getMessage("policy item access type")) + .errorCode(error.getErrorCode()) .build()); valid = false; } else if (!accessTypes.contains(accessType.toLowerCase())) { - String message = String.format("access type[%s] not among valid types for service[%s]", accessType, accessTypes); - LOG.debug(message); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID; + failures.add(new ValidationFailureDetailsBuilder() .field("policy item access type") .isSemanticallyIncorrect() - .becauseOf(message) - .errorCode(ErrorCode.Invalid_PolicyItemAccessType) + .becauseOf(error.getMessage(accessType, accessTypes)) + .errorCode(error.getErrorCode()) .build()); valid = false; } Boolean isAllowed = access.getIsAllowed(); // it can be null (which is treated as allowed) but not false if (isAllowed != null && isAllowed == false) { - String message = "access type is set to deny. Currently deny access types are not supported."; - LOG.debug(message); - failures.add(new RangerPolicyValidationErrorBuilder() + ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_DENY; + failures.add(new ValidationFailureDetailsBuilder() .field("policy item access type allowed") .isSemanticallyIncorrect() - .becauseOf(message) - .errorCode(ErrorCode.Invalid_PolicyItemAccessType_Deny) + .becauseOf(error.getMessage()) + .errorCode(error.getErrorCode()) .build()); valid = false; } @@ -719,129 +731,4 @@ public class RangerPolicyValidator extends RangerValidator { } return valid; } - - static class RangerPolicyValidationErrorBuilder extends ValidationFailureDetailsBuilder { - - @Override - ValidationFailureDetails build() { - return new RangerPolicyValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason); - } - } - - static class RangerPolicyValidationFailure extends ValidationFailureDetails { - - public RangerPolicyValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) { - super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason); - } - - // TODO remove and move to baseclass when all 3 move to new message framework - @Override - public String toString() { - LOG.debug("RangerPolicyValidationFailure.toString"); - String result = null; - if (_ErrorCode2MessageTemplate.containsKey(_errorCode)) { - Integer templateId = _ErrorCode2MessageTemplate.get(_errorCode); - if (templateId != null && _TemplateId2Template.containsKey(templateId)) { - String messageTemplate = _TemplateId2Template.get(templateId); - if (StringUtils.isNotBlank(messageTemplate)) { - // in the worst case result should be at least same as the messageTemplate which we know is not blank - result = substituteVariables(messageTemplate); - } else { - LOG.warn("Internal error: Message template string for template [" + templateId + "] was empty!"); - } - } else { - LOG.warn("Internal error: template id for error code [" + templateId + "] was null or template id to message map did not comtain the templateid"); - } - } else { - LOG.warn("Internal error: error code [" + _errorCode + "] not found in errorcode to message template map"); - } - if (result == null) { - result = super.toString(); - } - return "Policy validation failure: " + result; - } - } - - static class ErrorCode { - public static final int InternalError_InvalidMethodInvocation = 1001; - public static final int Missing_PolicyId_Delete = 1002; - public static final int Missing_PolicyObject = 1003; - public static final int Missing_PolicyId_Update = 1004; - public static final int Invalid_PolicyId = 1005; - public static final int Missing_PolicyName = 1006; - public static final int InternalError_Data_MultiplePoliciesSameName = 1007; - public static final int Duplicate_PolicyName_Create = 1008; - public static final int Duplicate_PolicyName_Update = 1009; - public static final int Missing_ServiceName = 1010; - public static final int Invalid_ServiceName = 1011; - public static final int Missing_PolicyItems = 1012; - public static final int InternalError_Data_MissingServiceDef = 1013; - public static final int Duplicate_PolicyResource = 1014; - public static final int Invalid_PolicyResource_NoCompatibleHierarchy = 1015; - public static final int Invalid_PolicyResource_MissingMandatory = 1016; - public static final int InternalError_Data_NullResourceDef = 1017; - public static final int InternalError_Data_NullResourceDefName = 1018; - public static final int Invalid_Excludes_NotSupported = 1019; - public static final int Invalid_Excludes_RequiresAdmin = 1020; - public static final int Invalid_Recursive_NotSupported = 1021; - public static final int Invalid_ResourceValue_RegEx = 1022; - public static final int InternalError_Data_NullPolicyItem = 1023; - public static final int Missing_PolicyItemAccesses = 1024; - public static final int Missing_PolicyItemUserGroup = 1025; - public static final int InternalError_Data_NullPolicyItemAccess = 1026; - public static final int Missing_PolicyItemAccessType = 1027; - public static final int Invalid_PolicyItemAccessType = 1028; - public static final int Invalid_PolicyItemAccessType_Deny = 1029; - } - static class MessageId { - public static final int InternalError = 1; - public static final int MissingField = 2; - public static final int InternalError_BadData = 3; - public static final int DuplicateValue = 4; - public static final int InvalidField = 5; - } - - static Object[][] MessageTemplateData = new Object[][] { - { MessageId.InternalError, "Internal error: {reason}."}, - { MessageId.InternalError_BadData, "Internal error: bad data encountered [{field}]: {reason}"}, - { MessageId.MissingField, "Missing Required field [{field}]: {reason}"}, - { MessageId.InvalidField, "Invalid value specified for field [{field}]: {reason}"}, - { MessageId.DuplicateValue, "Duplicate value for [{field}]: {reason}"}, - }; - static final Map<Integer, String> _TemplateId2Template = createMap(MessageTemplateData); - - static int[][] ErrorCode2MessageTemplateData = new int[][] { - { ErrorCode.InternalError_InvalidMethodInvocation, MessageId.InternalError}, - { ErrorCode.Missing_PolicyId_Delete, MessageId.MissingField}, - { ErrorCode.Missing_PolicyObject, MessageId.InternalError}, - { ErrorCode.Missing_PolicyId_Update, MessageId.MissingField}, - { ErrorCode.Invalid_PolicyId, MessageId.InvalidField}, - { ErrorCode.Missing_PolicyName, MessageId.MissingField}, - { ErrorCode.InternalError_Data_MultiplePoliciesSameName, MessageId.InternalError_BadData}, - { ErrorCode.Duplicate_PolicyName_Create, MessageId.DuplicateValue}, - { ErrorCode.Duplicate_PolicyName_Update, MessageId.DuplicateValue}, - { ErrorCode.Missing_ServiceName, MessageId.MissingField}, - { ErrorCode.Invalid_ServiceName, MessageId.InvalidField}, - { ErrorCode.Missing_PolicyItems, MessageId.MissingField}, - { ErrorCode.InternalError_Data_MissingServiceDef, MessageId.InternalError_BadData}, - { ErrorCode.Duplicate_PolicyResource, MessageId.DuplicateValue}, - { ErrorCode.Invalid_PolicyResource_NoCompatibleHierarchy, MessageId.InvalidField}, - { ErrorCode.Invalid_PolicyResource_MissingMandatory, MessageId.MissingField}, - { ErrorCode.InternalError_Data_NullResourceDef, MessageId.InternalError_BadData}, - { ErrorCode.InternalError_Data_NullResourceDefName, MessageId.InternalError_BadData}, - { ErrorCode.Invalid_Excludes_NotSupported, MessageId.InvalidField}, - { ErrorCode.Invalid_Excludes_RequiresAdmin, MessageId.InvalidField}, - { ErrorCode.Invalid_Recursive_NotSupported, MessageId.InvalidField}, - { ErrorCode.Invalid_ResourceValue_RegEx, MessageId.InvalidField}, - { ErrorCode.InternalError_Data_NullPolicyItem, MessageId.InternalError_BadData}, - { ErrorCode.Missing_PolicyItemAccesses, MessageId.MissingField}, - { ErrorCode.Missing_PolicyItemUserGroup, MessageId.MissingField}, - { ErrorCode.InternalError_Data_NullPolicyItemAccess, MessageId.InternalError_BadData}, - { ErrorCode.Missing_PolicyItemAccessType, MessageId.MissingField}, - { ErrorCode.Invalid_PolicyItemAccessType, MessageId.InvalidField}, - { ErrorCode.Invalid_PolicyItemAccessType_Deny, MessageId.InvalidField}, - - }; - static final Map<Integer, Integer> _ErrorCode2MessageTemplate = createMap(ErrorCode2MessageTemplateData); - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cabac2cd/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java index 75372c2..0507fc4 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java @@ -80,7 +80,7 @@ public class RangerServiceDefValidator extends RangerValidator { boolean valid = true; if (action != Action.DELETE) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_UNSUPPORTED_ACTION; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .isAnInternalError() .errorCode(error.getErrorCode()) .becauseOf(error.getMessage(action)) @@ -88,7 +88,7 @@ public class RangerServiceDefValidator extends RangerValidator { valid = false; } else if (id == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isMissing() .errorCode(error.getErrorCode()) @@ -118,7 +118,7 @@ public class RangerServiceDefValidator extends RangerValidator { boolean valid = true; if (serviceDef == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_NULL_SERVICE_DEF_OBJECT; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("service def") .isMissing() .errorCode(error.getErrorCode()) @@ -161,7 +161,7 @@ public class RangerServiceDefValidator extends RangerValidator { if (action == Action.UPDATE) { // id is ignored for CREATE if (id == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_EMPTY_SERVICE_DEF_ID; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isMissing() .errorCode(error.getErrorCode()) @@ -170,7 +170,7 @@ public class RangerServiceDefValidator extends RangerValidator { valid = false; } else if (getServiceDef(id) == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_ID; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -194,7 +194,7 @@ public class RangerServiceDefValidator extends RangerValidator { if (StringUtils.isBlank(name)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_NAME; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("name") .isMissing() .errorCode(error.getErrorCode()) @@ -205,7 +205,7 @@ public class RangerServiceDefValidator extends RangerValidator { RangerServiceDef otherServiceDef = getServiceDef(name); if (otherServiceDef != null && action == Action.CREATE) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("name") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -214,7 +214,7 @@ public class RangerServiceDefValidator extends RangerValidator { valid = false; } else if (otherServiceDef != null && !Objects.equals(id, otherServiceDef.getId())) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ID_NAME_CONFLICT; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id/name") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -238,7 +238,7 @@ public class RangerServiceDefValidator extends RangerValidator { boolean valid = true; if (CollectionUtils.isEmpty(accessTypeDefs)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("access types") .isMissing() .errorCode(error.getErrorCode()) @@ -263,7 +263,7 @@ public class RangerServiceDefValidator extends RangerValidator { Set<String> unknownAccessTypes = Sets.difference(Sets.newHashSet(impliedGrants), accessNames); if (!unknownAccessTypes.isEmpty()) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_UNKNOWN_ACCESS_TYPE; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("implied grants") .subField(unknownAccessTypes.iterator().next()) // we return just on item here. Message has all unknow items .isSemanticallyIncorrect() @@ -276,7 +276,7 @@ public class RangerServiceDefValidator extends RangerValidator { String name = def.getName(); // note: this name could be null/blank/empty! if (impliedGrants.contains(name)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_IMPLIES_ITSELF; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("implied grants") .subField(name) .isSemanticallyIncorrect() @@ -311,7 +311,7 @@ public class RangerServiceDefValidator extends RangerValidator { valid = isUnique(name, names, "policy condition def name", "policy condition defs", failures) && valid; if (StringUtils.isBlank(conditionDef.getEvaluator())) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("policy condition def evaluator") .subField(name) .isMissing() @@ -374,7 +374,7 @@ public class RangerServiceDefValidator extends RangerValidator { if (!enumTypes.contains(subType)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("config def subtype") .subField(configName) .isSemanticallyIncorrect() @@ -390,7 +390,7 @@ public class RangerServiceDefValidator extends RangerValidator { Set<String> enumValues = getEnumValues(enumDef); if (!enumValues.contains(defaultValue)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM_VALUE; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("config def default value") .subField(configName) .isSemanticallyIncorrect() @@ -418,7 +418,7 @@ public class RangerServiceDefValidator extends RangerValidator { Set<String> validTypes = ImmutableSet.of("bool", "enum", "int", "string", "password", "path"); if (StringUtils.isBlank(type)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_MISSING_TYPE; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("config def type") .subField(configName) .isMissing() @@ -428,7 +428,7 @@ public class RangerServiceDefValidator extends RangerValidator { valid = false; } else if (!validTypes.contains(type)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_INVALID_TYPE; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("config def type") .subField(configName) .isSemanticallyIncorrect() @@ -453,7 +453,7 @@ public class RangerServiceDefValidator extends RangerValidator { List<RangerResourceDef> resources = serviceDef.getResources(); if (CollectionUtils.isEmpty(resources)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("resources") .isMissing() .errorCode(error.getErrorCode()) @@ -487,7 +487,7 @@ public class RangerServiceDefValidator extends RangerValidator { RangerServiceDefHelper defHelper = _factory.createServiceDefHelper(serviceDef, false); if (!defHelper.isResourceGraphValid()) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_RESOURCE_GRAPH_INVALID; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("resource graph") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -524,7 +524,7 @@ public class RangerServiceDefValidator extends RangerValidator { for (RangerEnumDef enumDef : enumDefs) { if (enumDef == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_OBJECT; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("enum def") .isMissing() .errorCode(error.getErrorCode()) @@ -539,7 +539,7 @@ public class RangerServiceDefValidator extends RangerValidator { // enum must contain at least one valid value and those values should be non-blank and distinct if (CollectionUtils.isEmpty(enumDef.getElements())) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NO_VALUES; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("enum values") .subField(enumName) .isMissing() @@ -553,7 +553,7 @@ public class RangerServiceDefValidator extends RangerValidator { int defaultIndex = getEnumDefaultIndex(enumDef); if (defaultIndex < 0 || defaultIndex >= enumDef.getElements().size()) { // max index is one less than the size of the elements list ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("enum default index") .subField(enumName) .isSemanticallyIncorrect() @@ -588,7 +588,7 @@ public class RangerServiceDefValidator extends RangerValidator { for (RangerEnumElementDef elementDef : enumElementsDefs) { if (elementDef == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT; - failures.add(new RangerServiceDefValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("enum element") .subField(enumName) .isMissing() @@ -608,27 +608,4 @@ public class RangerServiceDefValidator extends RangerValidator { } return valid; } - - static class RangerServiceDefValidationErrorBuilder extends ValidationFailureDetailsBuilder { - - @Override - ValidationFailureDetails build() { - return new RangerServiceDefValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason); - } - } - - static class RangerServiceDefValidationFailure extends ValidationFailureDetails { - - public RangerServiceDefValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) { - super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason); - } - - // TODO remove and move to baseclass when all 3 move to new message framework - @Override - public String toString() { - LOG.debug("RangerServiceDefValidationFailure.toString"); - return String.format("%s: %d, %s", "Policy validation failure", _errorCode, _reason); - } - } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cabac2cd/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java index 3cfaa3e..847bc9a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java @@ -69,7 +69,7 @@ public class RangerServiceValidator extends RangerValidator { boolean valid = true; if (action != Action.DELETE) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .isAnInternalError() .errorCode(error.getErrorCode()) .becauseOf(error.getMessage(action)) @@ -77,7 +77,7 @@ public class RangerServiceValidator extends RangerValidator { valid = false; } else if (id == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_FIELD; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isMissing() .errorCode(error.getErrorCode()) @@ -107,7 +107,7 @@ public class RangerServiceValidator extends RangerValidator { boolean valid = true; if (service == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("service") .isMissing() .errorCode(error.getErrorCode()) @@ -119,7 +119,7 @@ public class RangerServiceValidator extends RangerValidator { if (action == Action.UPDATE) { // id is ignored for CREATE if (id == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_EMPTY_SERVICE_ID; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isMissing() .errorCode(error.getErrorCode()) @@ -128,7 +128,7 @@ public class RangerServiceValidator extends RangerValidator { valid = false; } else if (getService(id) == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_ID; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -142,7 +142,7 @@ public class RangerServiceValidator extends RangerValidator { RangerServiceDef serviceDef = null; if (!nameSpecified) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_NAME; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("name") .isMissing() .errorCode(error.getErrorCode()) @@ -153,7 +153,7 @@ public class RangerServiceValidator extends RangerValidator { RangerService otherService = getService(name); if (otherService != null && action == Action.CREATE) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_SERVICE_NAME_CONFICT; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("name") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -162,7 +162,7 @@ public class RangerServiceValidator extends RangerValidator { valid = false; } else if (otherService != null && otherService.getId() !=null && !otherService.getId().equals(id)) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_ID_NAME_CONFLICT; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("id/name") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -175,7 +175,7 @@ public class RangerServiceValidator extends RangerValidator { boolean typeSpecified = StringUtils.isNotBlank(type); if (!typeSpecified) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_SERVICE_DEF; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("type") .isMissing() .errorCode(error.getErrorCode()) @@ -186,7 +186,7 @@ public class RangerServiceValidator extends RangerValidator { serviceDef = getServiceDef(type); if (serviceDef == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_DEF; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("type") .isSemanticallyIncorrect() .errorCode(error.getErrorCode()) @@ -202,7 +202,7 @@ public class RangerServiceValidator extends RangerValidator { Set<String> missingParameters = Sets.difference(reqiredParameters, inputParameters); if (!missingParameters.isEmpty()) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_REQUIRED_PARM_MISSING; - failures.add(new RangerServiceValidationErrorBuilder() + failures.add(new ValidationFailureDetailsBuilder() .field("configuration") .subField(missingParameters.iterator().next()) // we return any one parameter! .isMissing() @@ -219,27 +219,4 @@ public class RangerServiceValidator extends RangerValidator { } return valid; } - - static class RangerServiceValidationErrorBuilder extends ValidationFailureDetailsBuilder { - - @Override - ValidationFailureDetails build() { - return new RangerPolicyValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason); - } - } - - static class RangerPolicyValidationFailure extends ValidationFailureDetails { - - public RangerPolicyValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) { - super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason); - } - - // TODO remove and move to baseclass when all 3 move to new message framework - @Override - public String toString() { - LOG.debug("RangerServiceValidationFailure.toString"); - return String.format("%s: %d, %s", "Policy validation failure", _errorCode, _reason); - } - } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cabac2cd/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java index 64e7e50..a0e8573 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java @@ -48,11 +48,6 @@ public class ValidationFailureDetails { _reason = reason; } - // TODO - legacy signature remove after all 3 are ported over to new message framework - public ValidationFailureDetails(String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) { - this(-1, fieldName, subFieldName, missing, semanticError, internalError, reason); - } - public String getFieldName() { return _fieldName; } @@ -76,23 +71,11 @@ public class ValidationFailureDetails { return _subFieldName; } - // matches "{blah}", "{{blah}", "{ }" and yields variables names like "blah", "{blah", " ", etc. for substitution - static final Pattern _Pattern = Pattern.compile("\\{([^\\}]+)\\}"); - - public String substituteVariables(String template) { - return template.replace("{field}", _fieldName == null ? "" : _fieldName) - .replace("{sub-field}", _subFieldName == null ? "" : _subFieldName) - .replace("{reason}", _reason == null ? "" : _reason); - } - - // TODO legacy implementation. Remove when all @Override public String toString() { LOG.debug("ValidationFailureDetails.toString()"); - return String.format("Field[%s]%s is %s: reason[%s]", - _fieldName, - _subFieldName == null ? "" : ", subField[" + _subFieldName + "]", - getType(), _reason); + return String.format("%s: error code[%d], reason[%s], field[%s], subfield[%s], type[%s]", "Policy validation failure", + _errorCode, _reason, _fieldName, _subFieldName, getType()); } @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cabac2cd/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java index ab67f1f..b39e572 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java @@ -49,7 +49,7 @@ public class ValidationFailureDetailsBuilder { } ValidationFailureDetails build() { - return new ValidationFailureDetails(_fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason); + return new ValidationFailureDetails(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason); } ValidationFailureDetailsBuilder subField(String missingParameter) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cabac2cd/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java deleted file mode 100644 index 815d41c..0000000 --- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.model.validation; - -import junit.framework.TestCase; -import org.junit.Test; - -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import static org.junit.Assert.assertEquals; - -public class TestValidationFailureDetails { - - @Test - public void test1() { - String[] templates = new String[] { - "The {field}, was missing and sub-field {sub-field} was mssing, too. Validation failed due to {reason}", // pattern at end. - "{field}, was missing and sub-field {sub-field} was mssing, too. Validation failed due to {reason}.", // pattern at start but not end. - "The {field}, was missing and sub-field {sub-field} was mssing, too. Validation failed due to {missing}.", // unknown substitute - "Template does not have field, but had {sub-field} along with a {reason} and a sprious field named {missing}.", // unknown substitute - }; - - ValidationFailureDetails failureDetails = new ValidationFailureDetails("id", "subType", false, false, false, "foo-bar"); - - String[] results = new String[] { - "The id, was missing and sub-field subType was mssing, too. Validation failed due to foo-bar", // pattern at end. - "id, was missing and sub-field subType was mssing, too. Validation failed due to foo-bar.", // pattern at start but not end. - "The id, was missing and sub-field subType was mssing, too. Validation failed due to {missing}.", // unknown substitute - "Template does not have field, but had subType along with a foo-bar and a sprious field named {missing}.", // unknown substitute - }; - - for (int i = 0; i < templates.length; i++) { - String result = failureDetails.substituteVariables(templates[i]); - assertEquals(results[i], result); - } - } -} \ No newline at end of file
