This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3efbbc782 RANGER-4998: Add validations to Ensure Non-Empty Resource
Values in GDS Resource Creation and Edit APIs
3efbbc782 is described below
commit 3efbbc7821d733d4639202a6035fbc2dd43f0d86
Author: Radhika Kundam <[email protected]>
AuthorDate: Fri Nov 15 11:54:32 2024 -0800
RANGER-4998: Add validations to Ensure Non-Empty Resource Values in GDS
Resource Creation and Edit APIs
Signed-off-by: Ramesh Mani <[email protected]>
---
.../ranger/plugin/errors/ValidationErrorCode.java | 1 +
.../ranger/validation/RangerGdsValidator.java | 24 +++++++++++++++++++---
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index 00855458d..13a362437 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -169,6 +169,7 @@ public enum ValidationErrorCode {
GDS_DATASHARE_NAME_TOO_LONG(4130, "Invalid datashare name=[{0}]. Datashare
name should not be longer than 512 characters"),
GDS_PROJECT_NAME_TOO_LONG(4131, "Invalid project name=[{0}]. Project name
should not be longer than 512 characters"),
GDS_VALIDATION_ERR_SHARED_RESOURCE_RESOURCE_NULL(4132, "Resource value in
SharedResource [{0}] is null"),
+ GDS_VALIDATION_ERR_SHARED_RESOURCE_MISSING_VALUE(4133, "Invalid resource:
empty or no value provided for {0}"),
;
diff --git
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
index 3632f9de4..c5d8200fc 100755
---
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
+++
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
@@ -36,6 +36,7 @@ import org.apache.ranger.plugin.model.RangerGds.RangerProject;
import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource;
import org.apache.ranger.plugin.model.RangerGds.RangerTagDataMaskInfo;
import
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
import org.apache.ranger.plugin.model.validation.ValidationFailureDetails;
import org.apache.ranger.view.VXResponse;
@@ -306,7 +307,7 @@ public class RangerGdsValidator {
} else if (MapUtils.isEmpty(resource.getResource())) {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_SHARED_RESOURCE_RESOURCE_NULL,
"resource", resource.getName()));
} else {
- validateSharedResourceCreateAndUpdate(dataShare, result);
+ validateSharedResourceCreateAndUpdate(resource, dataShare,
result);
if (result.isSuccess()) {
existing =
dataProvider.getSharedResourceId(resource.getDataShareId(), new
RangerPolicyResourceSignature(resource));
@@ -340,7 +341,7 @@ public class RangerGdsValidator {
} else if (MapUtils.isEmpty(resource.getResource())) {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_SHARED_RESOURCE_RESOURCE_NULL,
"resource", resource.getName()));
} else {
- validateSharedResourceCreateAndUpdate(dataShare, result);
+ validateSharedResourceCreateAndUpdate(resource, dataShare,
result);
if (result.isSuccess()) {
boolean renamed =
!StringUtils.equalsIgnoreCase(resource.getName(), existing.getName());
@@ -810,7 +811,7 @@ public class RangerGdsValidator {
}
}
- private void validateSharedResourceCreateAndUpdate(RangerDataShare
dataShare, ValidationResult result) {
+ private void validateSharedResourceCreateAndUpdate(RangerSharedResource
resource, RangerDataShare dataShare, ValidationResult result) {
if (!dataProvider.isAdminUser()) {
validateAdmin(dataProvider.getCurrentUserLoginId(), "datashare",
dataShare.getName(), dataShare.getAcl(), result);
@@ -818,6 +819,23 @@ public class RangerGdsValidator {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_DATA_SHARE_NOT_SERVICE_OR_ZONE_ADMIN,
null, dataShare.getService(), dataShare.getZone()));
}
}
+ validatePolicyResourceValuesNotEmpty(resource.getResource(), result);
+ }
+
+ private void validatePolicyResourceValuesNotEmpty(Map<String,
RangerPolicyResource> resourceMap, ValidationResult result) {
+ for (String resourceName : resourceMap.keySet()) {
+ List<String> resourceValues =
resourceMap.get(resourceName).getValues();
+ if (CollectionUtils.isEmpty(resourceValues)) {
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_SHARED_RESOURCE_MISSING_VALUE,
null, resourceName));
+ } else {
+ for (String value : resourceValues) {
+ if (StringUtils.isEmpty(value) ||
StringUtils.isBlank(value)) {
+ result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_SHARED_RESOURCE_MISSING_VALUE,
null, resourceName));
+ break;
+ }
+ }
+ }
+ }
}
private void validateAcl(RangerGdsObjectACL acl, String fieldName,
ValidationResult result) {
