Examples with RangerRole org.apache.ranger.plugin.model.RangerRole used on opensource projects

Search in sources :

Example 1 with RangerRole

use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.

the class RangerAdminRESTClient method createRole.

@Override
public RangerRole createRole(final RangerRole request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.createRole(" + request + ")");
    }
    RangerRole ret = null;
    ClientResponse response = null;
    UserGroupInformation user = MiscUtil.getUGILoginUser();
    boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
    String relativeURL = RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE;
    Map<String, String> queryParams = new HashMap<String, String>();
    queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
    if (isSecureMode) {
        PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {

            public ClientResponse run() {
                ClientResponse clientRes = null;
                try {
                    clientRes = restClient.post(relativeURL, queryParams, request);
                } catch (Exception e) {
                    LOG.error("Failed to get response, Error is : " + e.getMessage());
                }
                return clientRes;
            }
        };
        if (LOG.isDebugEnabled()) {
            LOG.debug("create role as user " + user);
        }
        response = user.doAs(action);
    } else {
        response = restClient.post(relativeURL, queryParams, request);
    }
    if (response != null && response.getStatus() != HttpServletResponse.SC_OK) {
        RESTResponse resp = RESTResponse.fromClientResponse(response);
        LOG.error("createRole() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
        if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
            throw new AccessControlException();
        }
        throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
    } else if (response == null) {
        throw new Exception("unknown error during createRole. roleName=" + request.getName());
    } else {
        ret = response.getEntity(RangerRole.class);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.createRole(" + request + ")");
    }
    return ret;
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) RangerRole(org.apache.ranger.plugin.model.RangerRole) HashMap(java.util.HashMap) PrivilegedAction(java.security.PrivilegedAction) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) AccessControlException(org.apache.hadoop.security.AccessControlException) AccessControlException(org.apache.hadoop.security.AccessControlException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 2 with RangerRole

use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.

the class RangerAdminRESTClient method getRole.

@Override
public RangerRole getRole(final String execUser, final String roleName) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.getPrincipalsForRole(" + roleName + ")");
    }
    RangerRole ret = null;
    ClientResponse response = null;
    UserGroupInformation user = MiscUtil.getUGILoginUser();
    boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
    String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_ROLE_INFO + roleName;
    Map<String, String> queryParams = new HashMap<String, String>();
    queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
    queryParams.put(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
    if (isSecureMode) {
        PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {

            public ClientResponse run() {
                ClientResponse clientResp = null;
                try {
                    clientResp = restClient.get(relativeURL, queryParams);
                } catch (Exception e) {
                    LOG.error("Failed to get response, Error is : " + e.getMessage());
                }
                return clientResp;
            }
        };
        if (LOG.isDebugEnabled()) {
            LOG.debug("get role info as user " + user);
        }
        response = user.doAs(action);
    } else {
        response = restClient.get(relativeURL, queryParams);
    }
    if (response != null) {
        if (response.getStatus() != HttpServletResponse.SC_OK) {
            RESTResponse resp = RESTResponse.fromClientResponse(response);
            LOG.error("getPrincipalsForRole() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));
            if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
                throw new AccessControlException();
            }
            throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
        } else {
            ret = response.getEntity(RangerRole.class);
        }
    } else {
        throw new Exception("unknown error during getPrincipalsForRole. roleName=" + roleName);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.getPrincipalsForRole(" + roleName + ")");
    }
    return ret;
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) RangerRole(org.apache.ranger.plugin.model.RangerRole) HashMap(java.util.HashMap) PrivilegedAction(java.security.PrivilegedAction) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) AccessControlException(org.apache.hadoop.security.AccessControlException) AccessControlException(org.apache.hadoop.security.AccessControlException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 3 with RangerRole

use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.

the class RangerHivePlugin method createRole.

@Override
public void createRole(String roleName, HivePrincipal adminGrantor) throws HiveAuthzPluginException, HiveAccessControlException {
    if (LOG.isDebugEnabled()) {
        LOG.debug(" ==> RangerHiveAuthorizer.createRole()");
    }
    RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler(hivePlugin.getConfig());
    String currentUserName = getGrantorUsername(adminGrantor);
    List<String> roleNames = Arrays.asList(roleName);
    List<String> userNames = Arrays.asList(currentUserName);
    boolean result = false;
    if (RESERVED_ROLE_NAMES.contains(roleName.trim().toUpperCase())) {
        throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " + RESERVED_ROLE_NAMES);
    }
    try {
        RangerRole role = new RangerRole();
        role.setName(roleName);
        role.setCreatedByUser(currentUserName);
        role.setCreatedBy(currentUserName);
        role.setUpdatedBy(currentUserName);
        // Add grantor as the member to this role with grant option.
        RangerRole.RoleMember userMember = new RangerRole.RoleMember(currentUserName, true);
        List<RangerRole.RoleMember> userMemberList = new ArrayList<>();
        userMemberList.add(userMember);
        role.setUsers(userMemberList);
        RangerRole ret = hivePlugin.createRole(role, auditHandler);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== createRole(): " + ret);
        }
        result = true;
    } catch (Exception excp) {
        throw new HiveAccessControlException(excp);
    } finally {
        RangerAccessResult accessResult = createAuditEvent(hivePlugin, currentUserName, userNames, HiveOperationType.CREATEROLE, HiveAccessType.CREATE, roleNames, result);
        auditHandler.processResult(accessResult);
        auditHandler.flushAudit();
    }
}
Also used : ArrayList(java.util.ArrayList) RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) SemanticException(org.apache.hadoop.hive.ql.parse.SemanticException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) IOException(java.io.IOException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) RangerRole(org.apache.ranger.plugin.model.RangerRole)

Example 4 with RangerRole

use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.

the class RangerHivePlugin method getRangerRoleForRoleName.

private RangerRole getRangerRoleForRoleName(String roleName) {
    RangerRole ret = null;
    RangerRoles rangerRoles = hivePlugin.getRangerRoles();
    if (rangerRoles != null) {
        Set<RangerRole> roles = rangerRoles.getRangerRoles();
        for (RangerRole role : roles) {
            if (roleName.equals(role.getName())) {
                ret = role;
                break;
            }
        }
    }
    return ret;
}
Also used : RangerRoles(org.apache.ranger.plugin.util.RangerRoles) RangerRole(org.apache.ranger.plugin.model.RangerRole)

Example 5 with RangerRole

use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.

the class RangerBasePlugin method getRangerRoleForPrincipal.

public Set<RangerRole> getRangerRoleForPrincipal(String principal, String type) {
    Set<RangerRole> ret = new HashSet<>();
    Set<RangerRole> rangerRoles = null;
    Map<String, Set<String>> roleMapping = null;
    RangerRoles roles = getRangerRoles();
    if (roles != null) {
        rangerRoles = roles.getRangerRoles();
    }
    if (rangerRoles != null) {
        RangerPluginContext rangerPluginContext = policyEngine.getPluginContext();
        if (rangerPluginContext != null) {
            RangerAuthContext rangerAuthContext = rangerPluginContext.getAuthContext();
            if (rangerAuthContext != null) {
                RangerRolesUtil rangerRolesUtil = rangerAuthContext.getRangerRolesUtil();
                if (rangerRolesUtil != null) {
                    switch(type) {
                        case "USER":
                            roleMapping = rangerRolesUtil.getUserRoleMapping();
                            break;
                        case "GROUP":
                            roleMapping = rangerRolesUtil.getGroupRoleMapping();
                            break;
                        case "ROLE":
                            roleMapping = rangerRolesUtil.getRoleRoleMapping();
                            break;
                    }
                }
            }
        }
        if (roleMapping != null) {
            Set<String> principalRoles = roleMapping.get(principal);
            if (CollectionUtils.isNotEmpty(principalRoles)) {
                for (String role : principalRoles) {
                    for (RangerRole rangerRole : rangerRoles) {
                        if (rangerRole.getName().equals(role)) {
                            ret.add(rangerRole);
                        }
                    }
                }
            }
        }
    }
    return ret;
}
Also used : RangerPluginContext(org.apache.ranger.plugin.policyengine.RangerPluginContext) RangerRole(org.apache.ranger.plugin.model.RangerRole)

Aggregations

RangerRole (org.apache.ranger.plugin.model.RangerRole)37 Predicate (org.apache.commons.collections.Predicate)7 ArrayList (java.util.ArrayList)6 HashSet (java.util.HashSet)5 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5 IOException (java.io.IOException)4 SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)4 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)4 HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)4 RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)4 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)4 RangerRoles (org.apache.ranger.plugin.util.RangerRoles)4 UserSessionBase (org.apache.ranger.common.UserSessionBase)3 Gson (com.google.gson.Gson)2 GsonBuilder (com.google.gson.GsonBuilder)2 ClientResponse (com.sun.jersey.api.client.ClientResponse)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 PrivilegedAction (java.security.PrivilegedAction)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial