Search in sources :

Example 1 with RESTResponse

use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.

the class TagAdminRESTSink method uploadServiceTags.

private ServiceTags uploadServiceTags(ServiceTags serviceTags) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> doUpload()");
    }
    ClientResponse response = null;
    if (isRangerCookieEnabled) {
        response = uploadServiceTagsUsingCookie(serviceTags);
    } else {
        WebResource webResource = createWebResource(REST_URL_IMPORT_SERVICETAGS_RESOURCE);
        response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, tagRESTClient.toJson(serviceTags));
    }
    if (response == null || response.getStatus() != HttpServletResponse.SC_NO_CONTENT) {
        RESTResponse resp = RESTResponse.fromClientResponse(response);
        LOG.error("Upload of service-tags failed with message " + resp.getMessage());
        if (response == null || resp.getHttpStatusCode() != HttpServletResponse.SC_BAD_REQUEST) {
            // NOT an application error
            throw new Exception("Upload of service-tags failed with response: " + response);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== doUpload()");
    }
    return serviceTags;
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) WebResource(com.sun.jersey.api.client.WebResource) IOException(java.io.IOException)

Example 2 with RESTResponse

use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.

the class TestServiceREST method test14grantAccess.

@Test
public void test14grantAccess() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    String serviceName = "HDFS_1";
    GrantRevokeRequest grantRequestObj = new GrantRevokeRequest();
    grantRequestObj.setAccessTypes(null);
    grantRequestObj.setDelegateAdmin(true);
    grantRequestObj.setEnableAudit(true);
    grantRequestObj.setGrantor("read");
    grantRequestObj.setIsRecursive(true);
    Mockito.when(serviceUtil.isValidateHttpsAuthentication(serviceName, request)).thenReturn(false);
    RESTResponse restResponse = serviceREST.grantAccess(serviceName, grantRequestObj, request);
    Assert.assertNotNull(restResponse);
    Mockito.verify(serviceUtil).isValidateHttpsAuthentication(serviceName, request);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) VXString(org.apache.ranger.view.VXString) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) Test(org.junit.Test)

Example 3 with RESTResponse

use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.

the class TestServiceREST method test15revokeAccess.

@Test
public void test15revokeAccess() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    String serviceName = "HDFS_1";
    Set<String> userList = new HashSet<String>();
    userList.add("user1");
    userList.add("user2");
    userList.add("user3");
    Set<String> groupList = new HashSet<String>();
    groupList.add("group1");
    groupList.add("group2");
    groupList.add("group3");
    GrantRevokeRequest revokeRequest = new GrantRevokeRequest();
    revokeRequest.setDelegateAdmin(true);
    revokeRequest.setEnableAudit(true);
    revokeRequest.setGrantor("read");
    revokeRequest.setGroups(groupList);
    revokeRequest.setUsers(userList);
    RESTResponse restResponse = serviceREST.revokeAccess(serviceName, revokeRequest, request);
    Assert.assertNotNull(restResponse);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) VXString(org.apache.ranger.view.VXString) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with RESTResponse

use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.

the class RangerAdminRESTClient method grantAccess.

@Override
public void grantAccess(final GrantRevokeRequest request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
    }
    ClientResponse response = null;
    UserGroupInformation user = MiscUtil.getUGILoginUser();
    boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
    if (isSecureMode) {
        PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {

            public ClientResponse run() {
                WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
                return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
            }
        };
        if (LOG.isDebugEnabled()) {
            LOG.debug("grantAccess as user " + user);
        }
        response = user.doAs(action);
    } else {
        WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceName).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
        response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
    }
    if (response != null && response.getStatus() != HttpServletResponse.SC_OK) {
        RESTResponse resp = RESTResponse.fromClientResponse(response);
        LOG.error("grantAccess() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
        if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
            throw new AccessControlException();
        }
        throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
    } else if (response == null) {
        throw new Exception("unknown error during grantAccess. serviceName=" + serviceName);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")");
    }
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) PrivilegedAction(java.security.PrivilegedAction) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) WebResource(com.sun.jersey.api.client.WebResource) AccessControlException(org.apache.hadoop.security.AccessControlException) AccessControlException(org.apache.hadoop.security.AccessControlException) RangerServiceNotFoundException(org.apache.ranger.plugin.util.RangerServiceNotFoundException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 5 with RESTResponse

use of org.apache.ranger.admin.client.datatype.RESTResponse in project ranger by apache.

the class RangerAdminRESTClient method getServicePoliciesIfUpdated.

@Override
public ServicePolicies getServicePoliciesIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + ")");
    }
    ServicePolicies ret = null;
    UserGroupInformation user = MiscUtil.getUGILoginUser();
    boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
    ClientResponse response = null;
    if (isSecureMode) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking Service policy if updated as user : " + user);
        }
        PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {

            public ClientResponse run() {
                WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName);
                return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
            }
        };
        response = user.doAs(action);
    } else {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking Service policy if updated with old api call");
        }
        WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName);
        response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
    }
    if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
        if (response == null) {
            LOG.error("Error getting policies; Received NULL response!!. secureMode=" + isSecureMode + ", user=" + user + ", serviceName=" + serviceName);
        } else {
            RESTResponse resp = RESTResponse.fromClientResponse(response);
            if (LOG.isDebugEnabled()) {
                LOG.debug("No change in policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName);
            }
        }
        ret = null;
    } else if (response.getStatus() == HttpServletResponse.SC_OK) {
        ret = response.getEntity(ServicePolicies.class);
    } else if (response.getStatus() == HttpServletResponse.SC_NOT_FOUND) {
        LOG.error("Error getting policies; service not found. secureMode=" + isSecureMode + ", user=" + user + ", response=" + response.getStatus() + ", serviceName=" + serviceName + ", " + "lastKnownVersion=" + lastKnownVersion + ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
        String exceptionMsg = response.hasEntity() ? response.getEntity(String.class) : null;
        RangerServiceNotFoundException.throwExceptionIfServiceNotFound(serviceName, exceptionMsg);
        LOG.warn("Received 404 error code with body:[" + exceptionMsg + "], Ignoring");
    } else {
        RESTResponse resp = RESTResponse.fromClientResponse(response);
        LOG.warn("Error getting policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName);
        ret = null;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + ret);
    }
    return ret;
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) PrivilegedAction(java.security.PrivilegedAction) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) WebResource(com.sun.jersey.api.client.WebResource) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Aggregations

RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)17 WebApplicationException (javax.ws.rs.WebApplicationException)9 ClientResponse (com.sun.jersey.api.client.ClientResponse)6 WebResource (com.sun.jersey.api.client.WebResource)6 POST (javax.ws.rs.POST)6 Path (javax.ws.rs.Path)6 Produces (javax.ws.rs.Produces)6 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6 GrantRevokeRequest (org.apache.ranger.plugin.util.GrantRevokeRequest)6 VXString (org.apache.ranger.view.VXString)6 IOException (java.io.IOException)5 PrivilegedAction (java.security.PrivilegedAction)5 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5 JsonSyntaxException (com.google.gson.JsonSyntaxException)4 RangerService (org.apache.ranger.plugin.model.RangerService)4 RangerAccessResource (org.apache.ranger.plugin.policyengine.RangerAccessResource)4 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)4 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)4 Test (org.junit.Test)4 AccessControlException (org.apache.hadoop.security.AccessControlException)3