This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ebe1ca7c0d39126a5edced9bbe2e2d8279915a58 Author: Ramachandran Krishnan <[email protected]> AuthorDate: Tue Jan 24 11:12:33 2023 +0530 RANGER-4057: updated resetCache() APIs to handle invalid service-name with status code 400 Signed-off-by: Madhan Neethiraj <[email protected]> (cherry picked from commit 380ca0bd03a181a1b2b750f27bd1446724ab70f0) --- .../java/org/apache/ranger/rest/ServiceREST.java | 12 ++++- .../main/java/org/apache/ranger/rest/TagREST.java | 16 ++++-- .../org/apache/ranger/rest/TestServiceREST.java | 57 +++++++++++++++++++++- .../java/org/apache/ranger/rest/TestTagREST.java | 46 +++++++++++++++++ 4 files changed, 126 insertions(+), 5 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 191bc62c3..862a1d754 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -2000,13 +2000,23 @@ public class ServiceREST { throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA); } + RangerService rangerService = null; + try { + rangerService = svcStore.getServiceByName(serviceName); + } catch (Exception e) { + LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName ); + } + + if (rangerService == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid service name", true); + } + // check for ADMIN access if (!bizUtil.isAdmin()) { boolean isServiceAdmin = false; String loggedInUser = bizUtil.getCurrentUserLoginId(); try { - RangerService rangerService = svcStore.getServiceByName(serviceName); isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); } catch (Exception e) { LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e); diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 41b1504a8..6d0019f70 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -613,7 +613,7 @@ public class TagREST { */ @GET @Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset") - @Produces({ "application/json", "application/xml" }) + @Produces({ "application/json" }) public boolean resetTagCache(@QueryParam("serviceName") String serviceName) { if (LOG.isDebugEnabled()) { LOG.debug("==> TagREST.resetTagCache({})", serviceName); @@ -623,13 +623,23 @@ public class TagREST { throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA); } + RangerService rangerService = null; + try { + rangerService = svcStore.getServiceByName(serviceName); + } catch (Exception e) { + LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName ); + } + + if (rangerService == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid service name", true); + } + // check for ADMIN access if (!bizUtil.isAdmin()) { boolean isServiceAdmin = false; String loggedInUser = bizUtil.getCurrentUserLoginId(); try { - RangerService rangerService = svcStore.getServiceByName(serviceName); isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); } catch (Exception e) { LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e); @@ -655,7 +665,7 @@ public class TagREST { */ @GET @Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset-all") - @Produces({ "application/json", "application/xml" }) + @Produces({ "application/json" }) public boolean resetTagCacheAll() { if (LOG.isDebugEnabled()) { LOG.debug("==> TagREST.resetTagCacheAll()"); diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index 8fdcc43c8..5e3b1908d 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -2311,13 +2311,22 @@ public class TestServiceREST { } @Test - public void test67ResetPolicyCache(){ + public void test67ResetPolicyCacheForAdmin(){ boolean res = true; String serviceName = "HDFS_1"; Mockito.when(bizUtil.isAdmin()).thenReturn(true); + RangerService rangerService = rangerService(); + try { + Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService); + } catch (Exception e) { + } Mockito.when(svcStore.resetPolicyCache(serviceName)).thenReturn(res); boolean isReset = serviceREST.resetPolicyCache(serviceName); assert isReset == res; + try { + Mockito.verify(svcStore).getServiceByName(serviceName); + } catch (Exception e) { + } } @Test @@ -2620,4 +2629,50 @@ public class TestServiceREST { Mockito.verify(validatorFactory).getPolicyValidator(svcStore); Mockito.verify(svcStore).getPolicy(rangerPolicy.getGuid(), null, null); } + + @Test + public void test78ResetPolicyCacheByServiceNameForServiceAdmin() { + boolean isAdmin = false; + boolean res = true; + RangerService rangerService = rangerService(); + String serviceName = rangerService.getName(); + Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin); + String userName = "admin"; + Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName); + try { + Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService); + } catch (Exception e) { + } + Mockito.when(bizUtil.isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString())).thenReturn(true); + try { + Mockito.when(svcStore.resetPolicyCache(serviceName)).thenReturn(true); + } catch (Exception e) { + } + boolean isReset =serviceREST.resetPolicyCache(serviceName); + assert isReset == res; + Mockito.verify(bizUtil).isAdmin(); + Mockito.verify(bizUtil).isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString()); + try { + Mockito.verify(svcStore).getServiceByName(serviceName); + } catch (Exception e) { + } + try { + Mockito.verify(svcStore).resetPolicyCache(serviceName); + } catch (Exception e) { + } + + } + + @Test + public void test79ResetPolicyCacheWhenServiceNameIsInvalid(){ + String serviceName = "HDFS_1"; + try { + Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(null); + } catch (Exception e) { + } + Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + serviceREST.resetPolicyCache(serviceName); + Mockito.verify(restErrorUtil).createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean()); + } } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java index 5986d5182..570ce874b 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java @@ -1823,4 +1823,50 @@ public class TestTagREST { } Mockito.verify(restErrorUtil).createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean()); } + + @Test + public void test58resetTagCacheByServiceNameForServiceAdmin() { + boolean isAdmin = false; + boolean res = true; + RangerService rangerService = new RangerService(); + rangerService.setId(id); + rangerService.setName(serviceName); + String userName = "admin"; + Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName); + + Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin); + try { + Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService); + } catch (Exception e) { + } + Mockito.when(bizUtil.isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString())).thenReturn(true); + try { + Mockito.when(tagStore.resetTagCache(serviceName)).thenReturn(true); + } catch (Exception e) { + } + boolean isReset = tagREST.resetTagCache(serviceName); + assert isReset == res; + Mockito.verify(bizUtil).isAdmin(); + Mockito.verify(bizUtil).isUserServiceAdmin(Mockito.any(RangerService.class), Mockito.anyString()); + try { + Mockito.verify(svcStore).getServiceByName(serviceName); + } catch (Exception e) { + } + + try { + Mockito.verify(tagStore).resetTagCache(serviceName); + } catch (Exception e) { + } + } + @Test + public void test59resetTagCacheWhenServiceNameIsInvalid() { + try { + Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(null); + } catch (Exception e) { + } + Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + tagREST.resetTagCache(serviceName); + Mockito.verify(restErrorUtil).createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean()); + } }
