ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject incubator-ranger git commit: RANGER-551 Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped
Date Mon, 15 Jun 2015 06:37:15 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master aa695b17a -> eb01a1d06


RANGER-551 Policy Validation: If resource levels are not valid for any hierarchy then checks
about missing mandatory levels should be skipped

Signed-off-by: Madhan Neethiraj <madhan@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/eb01a1d0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/eb01a1d0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/eb01a1d0

Branch: refs/heads/master
Commit: eb01a1d062605b3c7bfc8394685287030a752070
Parents: aa695b1
Author: Alok Lal <alal@hortonworks.com>
Authored: Fri Jun 12 16:29:04 2015 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Sun Jun 14 22:54:36 2015 -0700

----------------------------------------------------------------------
 .../model/validation/RangerPolicyValidator.java | 38 ++++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/eb01a1d0/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index d27b667..84f750d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -322,26 +322,26 @@ public class RangerPolicyValidator extends RangerValidator {
 				valid = false;
 			} else {
 				if (LOG.isDebugEnabled()) {
-					LOG.debug("isValidResourceNames: Found compatible hierarchies: " + toStringHierarchies_all(candidateHierarchies,
defHelper));
+					LOG.debug("isValidResourceNames: Found [" + candidateHierarchies.size() + "] compatible
hierarchies: " + toStringHierarchies_all(candidateHierarchies, defHelper));
 				}
-			}
-			/*
-			 * Among the candidate hierarchies there should be at least one for which policy specifies
all of the mandatory resources.  Note that there could be multiple 
-			 * hierarchies that meet that criteria, e.g. a hive policy that specified only DB.  It
is not clear if it belongs to DB->UDF or DB->TBL->COL hierarchy.
-			 * However, if both UDF and TBL were required then we can detect that policy does not
specify mandatory levels for any of the candidate hierarchies.
-			 */
-			Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources,
candidateHierarchies, defHelper);
-			if (validHierarchies.isEmpty()) {
-				failures.add(new ValidationFailureDetailsBuilder()
-					.field("resources")
-					.subField("missing mandatory")
-					.isSemanticallyIncorrect()
-					.becauseOf("policy is missing required resources. Mandatory fields of potential hierarchies
are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper))
-					.build());
-				valid = false;
-			} else {
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("isValidResourceNames: Found hierarchies with all mandatory fields specified:
" + toStringHierarchies_mandatory(validHierarchies, defHelper));
+				/*
+				 * Among the candidate hierarchies there should be at least one for which policy specifies
all of the mandatory resources.  Note that there could be multiple
+				 * hierarchies that meet that criteria, e.g. a hive policy that specified only DB.  It
is not clear if it belongs to DB->UDF or DB->TBL->COL hierarchy.
+				 * However, if both UDF and TBL were required then we can detect that policy does not
specify mandatory levels for any of the candidate hierarchies.
+				 */
+				Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources,
candidateHierarchies, defHelper);
+				if (validHierarchies.isEmpty()) {
+					failures.add(new ValidationFailureDetailsBuilder()
+						.field("resources")
+						.subField("missing mandatory")
+						.isSemanticallyIncorrect()
+						.becauseOf("policy is missing required resources. Mandatory fields of potential hierarchies
are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper))
+						.build());
+					valid = false;
+				} else {
+					if (LOG.isDebugEnabled()) {
+						LOG.debug("isValidResourceNames: Found hierarchies with all mandatory fields specified:
" + toStringHierarchies_mandatory(validHierarchies, defHelper));
+					}
 				}
 			}
 		}


Mime
View raw message