Example 76 with AccessControlException
use of org.apache.hadoop.security.AccessControlException in project ranger by apache.
the class RangerAdminRESTClient method createRole.
@Override
public RangerRole createRole(final RangerRole request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.createRole(" + request + ")");
}
RangerRole ret = null;
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE;
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
ClientResponse clientRes = null;
try {
clientRes = restClient.post(relativeURL, queryParams, request);
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
return clientRes;
}
};
if (LOG.isDebugEnabled()) {
LOG.debug("create role as user " + user);
}
response = user.doAs(action);
} else {
response = restClient.post(relativeURL, queryParams, request);
}
if (response != null && response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.error("createRole() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
throw new AccessControlException();
}
throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
} else if (response == null) {
throw new Exception("unknown error during createRole. roleName=" + request.getName());
} else {
ret = response.getEntity(RangerRole.class);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.createRole(" + request + ")");
}
return ret;
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
RangerRole(org.apache.ranger.plugin.model.RangerRole)
HashMap(java.util.HashMap)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
AccessControlException(org.apache.hadoop.security.AccessControlException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 77 with AccessControlException
use of org.apache.hadoop.security.AccessControlException in project ranger by apache.
the class RangerAdminRESTClient method getRole.
@Override
public RangerRole getRole(final String execUser, final String roleName) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.getPrincipalsForRole(" + roleName + ")");
}
RangerRole ret = null;
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_ROLE_INFO + roleName;
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
queryParams.put(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
ClientResponse clientResp = null;
try {
clientResp = restClient.get(relativeURL, queryParams);
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
return clientResp;
}
};
if (LOG.isDebugEnabled()) {
LOG.debug("get role info as user " + user);
}
response = user.doAs(action);
} else {
response = restClient.get(relativeURL, queryParams);
}
if (response != null) {
if (response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.error("getPrincipalsForRole() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
throw new AccessControlException();
}
throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
} else {
ret = response.getEntity(RangerRole.class);
}
} else {
throw new Exception("unknown error during getPrincipalsForRole. roleName=" + roleName);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.getPrincipalsForRole(" + roleName + ")");
}
return ret;
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
RangerRole(org.apache.ranger.plugin.model.RangerRole)
HashMap(java.util.HashMap)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
AccessControlException(org.apache.hadoop.security.AccessControlException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 78 with AccessControlException
use of org.apache.hadoop.security.AccessControlException in project ranger by apache.
the class RangerAdminRESTClient method grantAccess.
@Override
public void grantAccess(final GrantRevokeRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
}
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
String relativeURL = RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceNameUrlParam;
ClientResponse clientResp = null;
try {
clientResp = restClient.post(relativeURL, queryParams, request);
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
return clientResp;
}
};
if (LOG.isDebugEnabled()) {
LOG.debug("grantAccess as user " + user);
}
response = user.doAs(action);
} else {
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceNameUrlParam;
response = restClient.post(relativeURL, queryParams, request);
}
if (response != null && response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.error("grantAccess() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
throw new AccessControlException();
}
throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
} else if (response == null) {
throw new Exception("unknown error during grantAccess. serviceName=" + serviceName);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")");
}
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
HashMap(java.util.HashMap)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
AccessControlException(org.apache.hadoop.security.AccessControlException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 79 with AccessControlException
use of org.apache.hadoop.security.AccessControlException in project ranger by apache.
the class RangerAdminRESTClient method getUserRoles.
@Override
public List<String> getUserRoles(final String execUser) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.getUserRoles(" + execUser + ")");
}
List<String> ret = null;
String emptyString = "";
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_USER_ROLES + execUser;
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
ClientResponse clientRes = null;
try {
clientRes = restClient.get(relativeURL, null);
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
return clientRes;
}
};
if (LOG.isDebugEnabled()) {
LOG.debug("get roles as user " + user);
}
response = user.doAs(action);
} else {
response = restClient.get(relativeURL, null);
}
if (response != null) {
if (response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.error("getUserRoles() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
throw new AccessControlException();
}
throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
} else {
ret = response.getEntity(getGenericType(emptyString));
}
} else {
throw new Exception("unknown error during getUserRoles. execUser=" + execUser);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.getUserRoles(" + execUser + ")");
}
return ret;
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
AccessControlException(org.apache.hadoop.security.AccessControlException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 80 with AccessControlException
use of org.apache.hadoop.security.AccessControlException in project ranger by apache.
the class RangerAdminRESTClient method grantRole.
@Override
public void grantRole(final GrantRevokeRoleRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.grantRole(" + request + ")");
}
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GRANT_ROLE + serviceNameUrlParam;
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
ClientResponse clientResp = null;
try {
clientResp = restClient.put(relativeURL, null, request);
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
return clientResp;
}
};
if (LOG.isDebugEnabled()) {
LOG.debug("grant role as user " + user);
}
response = user.doAs(action);
} else {
response = restClient.put(relativeURL, null, request);
}
if (response != null && response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.error("grantRole() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
throw new AccessControlException();
}
throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
} else if (response == null) {
throw new Exception("unknown error during grantRole. serviceName=" + serviceName);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.grantRole(" + request + ")");
}
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
AccessControlException(org.apache.hadoop.security.AccessControlException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Aggregations
AccessControlException (org.apache.hadoop.security.AccessControlException)165
Path (org.apache.hadoop.fs.Path)72
IOException (java.io.IOException)69
Test (org.junit.Test)60
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)44
FsPermission (org.apache.hadoop.fs.permission.FsPermission)41
SnapshotAccessControlException (org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException)35
FileSystem (org.apache.hadoop.fs.FileSystem)33
Configuration (org.apache.hadoop.conf.Configuration)25
HdfsFileStatus (org.apache.hadoop.hdfs.protocol.HdfsFileStatus)21
FileNotFoundException (java.io.FileNotFoundException)19
DistributedFileSystem (org.apache.hadoop.hdfs.DistributedFileSystem)14
FSDataOutputStream (org.apache.hadoop.fs.FSDataOutputStream)13
UnsupportedEncodingException (java.io.UnsupportedEncodingException)11
HashMap (java.util.HashMap)10
FileStatus (org.apache.hadoop.fs.FileStatus)10
ClientResponse (com.sun.jersey.api.client.ClientResponse)9
PrivilegedAction (java.security.PrivilegedAction)9
ParentNotDirectoryException (org.apache.hadoop.fs.ParentNotDirectoryException)9
RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)9
