RANGER-4782: Implement best coding practices for validating service c…

…onfigs

Signed-off-by: Dineshkumar Yadav <[email protected]>

security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java

@@ -155,7 +155,7 @@ public List<String> lookupResource(String serviceName, ResourceLookupContext con
 
 		return ret;
 	}
-	
+
 	public VXResponse validateConfig(RangerService service, ServiceStore svcStore) throws Exception {
 		VXResponse        ret = new VXResponse();
 		String authType = PropertiesUtil.getProperty(AUTHENTICATION_TYPE);
@@ -164,7 +164,7 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t
 		String nameRules = PropertiesUtil.getProperty(NAME_RULES);
 		String rangerPrincipal = SecureClientLogin.getPrincipal(PropertiesUtil.getProperty(ADMIN_USER_PRINCIPAL), PropertiesUtil.getProperty(HOST_NAME));
 		String rangerkeytab = PropertiesUtil.getProperty(ADMIN_USER_KEYTAB);
-		
+
 		if(!StringUtils.isEmpty(authType) && KERBEROS_TYPE.equalsIgnoreCase(authType.trim()) && SecureClientLogin.isKerberosCredentialExists(lookupPrincipal, lookupKeytab)){
 			if(service != null && service.getConfigs() != null){
 				service.getConfigs().put(HadoopConfigHolder.RANGER_LOOKUP_PRINCIPAL, lookupPrincipal);
@@ -178,7 +178,7 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t
 				service.getConfigs().put(HadoopConfigHolder.RANGER_PRINCIPAL, rangerPrincipal);
 				service.getConfigs().put(HadoopConfigHolder.RANGER_KEYTAB, rangerkeytab);
 				service.getConfigs().put(HadoopConfigHolder.RANGER_NAME_RULES, nameRules);
-				service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);				
+				service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
 			}
 		}
 		RangerBaseService svc=null;
@@ -191,6 +191,19 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t
 			LOG.debug("==> ServiceMgr.validateConfig for Service: (" + svc + ")");
 		}
 
+		// check if service configs contains localhost/127.0.0.1
+		if (service != null && service.getConfigs() != null) {
+			for (Map.Entry<String, String> entry : service.getConfigs().entrySet()) {
+				if (entry.getValue() != null && StringUtils.containsIgnoreCase(entry.getValue(), "localhost")
+						|| StringUtils.containsIgnoreCase(entry.getValue(), "127.0.0.1")) {
+					URL url = getValidURL(entry.getValue());
+					if ((url != null) && (url.getHost().equalsIgnoreCase("localhost") || url.getHost().equals("127.0.0.1"))) {
+						throw new Exception("Invalid value for configuration " + entry.getKey() + ": host " + url.getHost() + " is not allowed");
+					}
+				}
+			}
+		}
+
 		if(svc != null) {
 			try {
 				// Timeout value use during validate config is 10 times that used during lookup
@@ -221,7 +234,15 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t
 
 		return ret;
 	}
-
+
+	private static URL getValidURL(String urlString) {
+		try {
+			return new URL(urlString);
+		} catch (Exception e) {
+			return null;
+		}
+	}
+
 	public boolean isZoneAdmin(String zoneName) {
 		boolean            isZoneAdmin  = false;
 		RangerSecurityZone securityZone = null;

security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx

@@ -49,7 +49,9 @@ function TestConnection(props) {
   };
 
   const validateConfig = async () => {
-    let testConnResp;
+    let testConnResp = {},
+      msgModal = "",
+      msgListModal = [];
 
     try {
       testConnResp = await fetchApi({
@@ -61,8 +63,6 @@ function TestConnection(props) {
       let respMsg = testConnResp.data.msgDesc;
       let respStatusCode = testConnResp.data.statusCode;
       let respMsgList = testConnResp.data.messageList;
-      let msgModal,
-        msgListModal = [];
 
       if (respStatusCode !== undefined && respStatusCode === 1) {
         msgModal = [
@@ -100,6 +100,17 @@ function TestConnection(props) {
         showMoreModalContent: msgListModal
       });
     } catch (error) {
+      if (error?.response?.data?.msgDesc) {
+        msgModal = error.response.data.msgDesc;
+      }
+      setModalState({
+        showTestConnModal: true,
+        showMore: true
+      });
+      setModalContent({
+        testConnModalContent: msgModal,
+        showMoreModalContent: msgListModal
+      });
       console.error(`Error occurred while validating the configs!  ${error}`);
     }
   };