[RANGER-324] Phase-II - REST, Store: validation of policy/service/service-def - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.5.0
Fix Version/s: None
Component/s: None
Labels:
None

Description

Policy/Service/ServiceDef validation should be added during create/update/delete operation. Here are some of the validations to add:

values are provided for all mandatory fields (names, resources, etc)
values are valid (for example: based on validationRegEx in the resource def, enum values, no duplicate names for service-def/service/policy-within-a-service)
ensure that user has permissions to create/update/view policy/service/service-def
check for conflicting/overlapping policies

Attachments

Issue Links

is a clone of

RANGER-278 REST, Store: validation of policy/service/service-def

Resolved

Sub-Tasks

1.	Policy validation: Prevent creation/update of policies for the same resource	Resolved	Alok Lal
2.	Policy validation: only users with admin role should be able to create excludes policies	Resolved	Alok Lal
3.	Policy validation: Creation of hive UDF policy fails	Resolved	Alok Lal
4.	Policy validation: resource uniqueness: store resource signature of a policy in database for faster check	Resolved	Alok Lal
5.	Policy validation: Assign generated name to a policy if one isn't specified before policy validation logic	Resolved	Alok Lal
6.	Service def: Resource or Config list that is empty or contains duplicates	Resolved	Alok Lal
7.	Service-def validation: Detect and flag illegal resource hierarchies	Resolved	Alok Lal
8.	Policy validation: policy resource conflict signature check should be intra-service	Resolved	Alok Lal
9.	Policy validation: resource hierarchies check does not work with single-node hierarchies as in HDFS	Resolved	Alok Lal
10.	Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.	Resolved	Alok Lal
11.	Service validation: validate the data values sent in for parameters.	Open	Unassigned
12.	Policy validation: validate policy information about conditions against condition definition	Open	Unassigned
13.	All validations: validate that version of entity matches its current version to avoid loosing changes due to stale update.	Open	Unassigned
14.	Service def: deletion: deny deletion if def is referenced elsewhere.	Open	Alok Lal
15.	Service: deletion: deny deletion if def is referenced elsewhere.	Open	Alok Lal
16.	Validation: validate context enhancers details in policies and service def	Open	Unassigned
17.	Turning on new validation rules on an existing system/policies could cause problems. We need a way to mitigate those possible problems.	Open	Unassigned
18.	Policy validation: resource uniqueness: to guard against someone editing the resource value directly, we should auto-heal the hash signatures of resources that are used for uniqueness check	Open	Alok Lal
19.	REST API should return all of the the failure reasons contained in exception thrown by validation	Open	Alok Lal

Activity

People

Assignee:: Alok Lal

Reporter:: Alok Lal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Mar/15 04:54

Updated:: 19/May/15 07:32