Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-324

Phase-II - REST, Store: validation of policy/service/service-def

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.5.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Policy/Service/ServiceDef validation should be added during create/update/delete operation. Here are some of the validations to add:

      • values are provided for all mandatory fields (names, resources, etc)
      • values are valid (for example: based on validationRegEx in the resource def, enum values, no duplicate names for service-def/service/policy-within-a-service)
      • ensure that user has permissions to create/update/view policy/service/service-def
      • check for conflicting/overlapping policies

        Attachments

          Issue Links

          1.
          Policy validation: Prevent creation/update of policies for the same resource Sub-task Resolved Alok Lal
          2.
          Policy validation: only users with admin role should be able to create excludes policies Sub-task Resolved Alok Lal
          3.
          Policy validation: Creation of hive UDF policy fails Sub-task Resolved Alok Lal
          4.
          Policy validation: resource uniqueness: store resource signature of a policy in database for faster check Sub-task Resolved Alok Lal
          5.
          Policy validation: Assign generated name to a policy if one isn't specified before policy validation logic Sub-task Resolved Alok Lal
          6.
          Service def: Resource or Config list that is empty or contains duplicates Sub-task Resolved Alok Lal
          7.
          Service-def validation: Detect and flag illegal resource hierarchies Sub-task Resolved Alok Lal
          8.
          Policy validation: policy resource conflict signature check should be intra-service Sub-task Resolved Alok Lal
          9.
          Policy validation: resource hierarchies check does not work with single-node hierarchies as in HDFS Sub-task Resolved Alok Lal
          10.
          Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped. Sub-task Resolved Alok Lal
          11.
          Service validation: validate the data values sent in for parameters. Sub-task Open Unassigned
          12.
          Policy validation: validate policy information about conditions against condition definition Sub-task Open Unassigned
          13.
          All validations: validate that version of entity matches its current version to avoid loosing changes due to stale update. Sub-task Open Unassigned
          14.
          Service def: deletion: deny deletion if def is referenced elsewhere. Sub-task Open Alok Lal
          15.
          Service: deletion: deny deletion if def is referenced elsewhere. Sub-task Open Alok Lal
          16.
          Validation: validate context enhancers details in policies and service def Sub-task Open Unassigned
          17.
          Turning on new validation rules on an existing system/policies could cause problems. We need a way to mitigate those possible problems. Sub-task Open Unassigned
          18.
          Policy validation: resource uniqueness: to guard against someone editing the resource value directly, we should auto-heal the hash signatures of resources that are used for uniqueness check Sub-task Open Alok Lal
          19.
          REST API should return all of the the failure reasons contained in exception thrown by validation Sub-task Open Alok Lal

            Activity

              People

              • Assignee:
                aloklal99 Alok Lal
                Reporter:
                aloklal99 Alok Lal
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: