Example 1 with RESTResponse
use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.
the class TagAdminRESTSink method uploadServiceTags.
private ServiceTags uploadServiceTags(ServiceTags serviceTags) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> doUpload()");
}
ClientResponse response = null;
if (isRangerCookieEnabled) {
response = uploadServiceTagsUsingCookie(serviceTags);
} else {
WebResource webResource = createWebResource(REST_URL_IMPORT_SERVICETAGS_RESOURCE);
response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, tagRESTClient.toJson(serviceTags));
}
if (response == null || response.getStatus() != HttpServletResponse.SC_NO_CONTENT) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.error("Upload of service-tags failed with message " + resp.getMessage());
if (response == null || resp.getHttpStatusCode() != HttpServletResponse.SC_BAD_REQUEST) {
// NOT an application error
throw new Exception("Upload of service-tags failed with response: " + response);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== doUpload()");
}
return serviceTags;
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
WebResource(com.sun.jersey.api.client.WebResource)
IOException(java.io.IOException)
Example 2 with RESTResponse
use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.
the class TestServiceREST method test14grantAccess.
@Test
public void test14grantAccess() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
String serviceName = "HDFS_1";
GrantRevokeRequest grantRequestObj = new GrantRevokeRequest();
grantRequestObj.setAccessTypes(null);
grantRequestObj.setDelegateAdmin(true);
grantRequestObj.setEnableAudit(true);
grantRequestObj.setGrantor("read");
grantRequestObj.setIsRecursive(true);
Mockito.when(serviceUtil.isValidateHttpsAuthentication(serviceName, request)).thenReturn(false);
RESTResponse restResponse = serviceREST.grantAccess(serviceName, grantRequestObj, request);
Assert.assertNotNull(restResponse);
Mockito.verify(serviceUtil).isValidateHttpsAuthentication(serviceName, request);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
VXString(org.apache.ranger.view.VXString)
GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest)
Test(org.junit.Test)
Example 3 with RESTResponse
use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.
the class TestServiceREST method test15revokeAccess.
@Test
public void test15revokeAccess() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
String serviceName = "HDFS_1";
Set<String> userList = new HashSet<String>();
userList.add("user1");
userList.add("user2");
userList.add("user3");
Set<String> groupList = new HashSet<String>();
groupList.add("group1");
groupList.add("group2");
groupList.add("group3");
GrantRevokeRequest revokeRequest = new GrantRevokeRequest();
revokeRequest.setDelegateAdmin(true);
revokeRequest.setEnableAudit(true);
revokeRequest.setGrantor("read");
revokeRequest.setGroups(groupList);
revokeRequest.setUsers(userList);
RESTResponse restResponse = serviceREST.revokeAccess(serviceName, revokeRequest, request);
Assert.assertNotNull(restResponse);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
VXString(org.apache.ranger.view.VXString)
GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 4 with RESTResponse
use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.
the class RangerAdminRESTClient method grantAccess.
@Override
public void grantAccess(final GrantRevokeRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
}
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
}
};
if (LOG.isDebugEnabled()) {
LOG.debug("grantAccess as user " + user);
}
response = user.doAs(action);
} else {
WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
}
if (response != null && response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.error("grantAccess() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
throw new AccessControlException();
}
throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
} else if (response == null) {
throw new Exception("unknown error during grantAccess. serviceName=" + serviceName);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")");
}
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
WebResource(com.sun.jersey.api.client.WebResource)
AccessControlException(org.apache.hadoop.security.AccessControlException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
RangerServiceNotFoundException(org.apache.ranger.plugin.util.RangerServiceNotFoundException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 5 with RESTResponse
use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.
the class RangerAdminRESTClient method getServicePoliciesIfUpdated.
@Override
public ServicePolicies getServicePoliciesIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + ")");
}
ServicePolicies ret = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
ClientResponse response = null;
if (isSecureMode) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated as user : " + user);
}
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName);
return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
};
response = user.doAs(action);
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated with old api call");
}
WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName);
response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
if (response == null) {
LOG.error("Error getting policies; Received NULL response!!. secureMode=" + isSecureMode + ", user=" + user + ", serviceName=" + serviceName);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
if (LOG.isDebugEnabled()) {
LOG.debug("No change in policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName);
}
}
ret = null;
} else if (response.getStatus() == HttpServletResponse.SC_OK) {
ret = response.getEntity(ServicePolicies.class);
} else if (response.getStatus() == HttpServletResponse.SC_NOT_FOUND) {
LOG.error("Error getting policies; service not found. secureMode=" + isSecureMode + ", user=" + user + ", response=" + response.getStatus() + ", serviceName=" + serviceName + ", " + "lastKnownVersion=" + lastKnownVersion + ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
String exceptionMsg = response.hasEntity() ? response.getEntity(String.class) : null;
RangerServiceNotFoundException.throwExceptionIfServiceNotFound(serviceName, exceptionMsg);
LOG.warn("Received 404 error code with body:[" + exceptionMsg + "], Ignoring");
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.warn("Error getting policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName);
ret = null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + ret);
}
return ret;
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
WebResource(com.sun.jersey.api.client.WebResource)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Aggregations
RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)17
WebApplicationException (javax.ws.rs.WebApplicationException)9
ClientResponse (com.sun.jersey.api.client.ClientResponse)6
WebResource (com.sun.jersey.api.client.WebResource)6
POST (javax.ws.rs.POST)6
Path (javax.ws.rs.Path)6
Produces (javax.ws.rs.Produces)6
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6
GrantRevokeRequest (org.apache.ranger.plugin.util.GrantRevokeRequest)6
VXString (org.apache.ranger.view.VXString)6
IOException (java.io.IOException)5
PrivilegedAction (java.security.PrivilegedAction)5
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5
JsonSyntaxException (com.google.gson.JsonSyntaxException)4
RangerService (org.apache.ranger.plugin.model.RangerService)4
RangerAccessResource (org.apache.ranger.plugin.policyengine.RangerAccessResource)4
RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)4
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)4
Test (org.junit.Test)4
AccessControlException (org.apache.hadoop.security.AccessControlException)3
