commit c9da69b15faba0183d461fd4ed88012ce1a6e426
author prashant <prashantsatam998@gmail.com> Thu Dec 28 11:38:43 2023 +0530
committer Madhan Neethiraj <madhan@apache.org> Wed Jan 10 07:19:23 2024 -0800
tree 8a0f9e0362c4d0f52b966bf3a12dd168da876cdc
parent 12a1bf51c6857c9105228ac933a801e6388fbf73

RANGER-4628: updated validations for security-zone partial update API

Signed-off-by: Madhan Neethiraj <madhan@apache.org>

agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
index 72ec4a4..5c2f5ea 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
@@ -135,12 +135,18 @@
                     if (zoneServiceHelper.getResourceCount() == 0) {
                         removeService(serviceName);
                     }
+                } else {
+                    throw new Exception(serviceName + ": service not in zone");
                 }
             }
         }
 
         if (changeData.getTagServicesToAdd() != null) {
-            changeData.getTagServicesToAdd().forEach(tagService -> addIfAbsent(tagService, zone.getTagServices()));
+			for (String tagServiceToAdd : changeData.getTagServicesToAdd()) {
+				if (!addIfAbsent(tagServiceToAdd, zone.getTagServices())) {
+					throw new Exception(tagServiceToAdd + ": tag service already exists in zone");
+				}
+			}
         }
 
         if (changeData.getTagServicesToRemove() != null) {
@@ -170,14 +176,20 @@
         return zone;
     }
 
-    private void addPrincipals(List<RangerPrincipal> principals, List<String> users, List<String> groups, List<String> roles) {
+    private void addPrincipals(List<RangerPrincipal> principals, List<String> users, List<String> groups, List<String> roles) throws Exception {
         for (RangerPrincipal principal : principals) {
+            boolean isAdded = false;
+
             if (principal.getType() == RangerPrincipal.PrincipalType.USER) {
-                addIfAbsent(principal.getName(), users);
+                isAdded = addIfAbsent(principal.getName(), users);
             } else if (principal.getType() == RangerPrincipal.PrincipalType.GROUP) {
-                addIfAbsent(principal.getName(), groups);
+				isAdded = addIfAbsent(principal.getName(), groups);
             } else if (principal.getType() == RangerPrincipal.PrincipalType.ROLE) {
-                addIfAbsent(principal.getName(), roles);
+				isAdded = addIfAbsent(principal.getName(), roles);
+            }
+
+            if(!isAdded) {
+                throw new Exception(principal + ": principal already an admin or auditor in zone");
             }
         }
     }
@@ -200,10 +212,16 @@
         }
     }
 
-    private void addIfAbsent(String item, List<String> lst) {
+    private boolean addIfAbsent(String item, List<String> lst) {
+        final boolean ret;
+
         if (!lst.contains(item)) {
-            lst.add(item);
+            ret = lst.add(item);
+        } else {
+            ret = false;
         }
+
+        return ret;
     }
 
     public static class RangerSecurityZoneServiceHelper {