Example 1 with RangerPolicyValidator
use of org.apache.ranger.plugin.model.validation.RangerPolicyValidator in project ranger by apache.
the class ServiceREST method deletePolicy.
@DELETE
@Path("/policies/{id}")
@Produces({ "application/json", "application/xml" })
public void deletePolicy(@PathParam("id") Long id) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.deletePolicy(" + id + ")");
}
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicy(policyId=" + id + ")");
}
RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
validator.validate(id, Action.DELETE);
RangerPolicy policy = svcStore.getPolicy(id);
ensureAdminAccess(policy);
bizUtil.blockAuditorRoleUser();
svcStore.deletePolicy(id);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("deletePolicy(" + id + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.deletePolicy(" + id + ")");
}
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
RangerPolicyValidator(org.apache.ranger.plugin.model.validation.RangerPolicyValidator)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Produces(javax.ws.rs.Produces)
Example 2 with RangerPolicyValidator
use of org.apache.ranger.plugin.model.validation.RangerPolicyValidator in project ranger by apache.
the class ServiceREST method deletePoliciesProvidedInServiceMap.
private void deletePoliciesProvidedInServiceMap(List<String> sourceServices, List<String> destinationServices) {
int totalDeletedPilicies = 0;
if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) {
RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
for (int i = 0; i < sourceServices.size(); i++) {
if (!destinationServices.get(i).isEmpty()) {
final RangerPolicyList servicePolicies = getServicePolicies(destinationServices.get(i), new SearchFilter());
if (servicePolicies != null) {
List<RangerPolicy> rangerPolicyList = servicePolicies.getPolicies();
if (CollectionUtils.isNotEmpty(rangerPolicyList)) {
for (RangerPolicy rangerPolicy : rangerPolicyList) {
if (rangerPolicy != null) {
try {
validator.validate(rangerPolicy.getId(), Action.DELETE);
ensureAdminAccess(rangerPolicy);
bizUtil.blockAuditorRoleUser();
svcStore.deletePolicy(rangerPolicy);
totalDeletedPilicies = totalDeletedPilicies + 1;
if (LOG.isDebugEnabled()) {
LOG.debug("Policy " + rangerPolicy.getName() + " deleted successfully.");
LOG.debug("TotalDeletedPilicies: " + totalDeletedPilicies);
}
} catch (Throwable excp) {
LOG.error("deletePolicy(" + rangerPolicy.getId() + ") failed", excp);
}
}
}
}
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Total Deleted Policy : " + totalDeletedPilicies);
}
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
RangerPolicyList(org.apache.ranger.view.RangerPolicyList)
RangerPolicyValidator(org.apache.ranger.plugin.model.validation.RangerPolicyValidator)
Example 3 with RangerPolicyValidator
use of org.apache.ranger.plugin.model.validation.RangerPolicyValidator in project ranger by apache.
the class ServiceREST method createPolicy.
@POST
@Path("/policies")
@Produces({ "application/json", "application/xml" })
public RangerPolicy createPolicy(RangerPolicy policy, @Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.createPolicy(" + policy + ")");
}
RangerPolicy ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createPolicy(policyName=" + policy.getName() + ")");
}
if (request != null) {
String serviceName = request.getParameter(PARAM_SERVICE_NAME);
String policyName = request.getParameter(PARAM_POLICY_NAME);
String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
if (serviceName == null && policyName == null && updateIfExists != null && updateIfExists.equalsIgnoreCase("true")) {
serviceName = (String) request.getAttribute(PARAM_SERVICE_NAME);
policyName = (String) request.getAttribute(PARAM_POLICY_NAME);
}
if (StringUtils.isNotEmpty(serviceName)) {
policy.setService(serviceName);
}
if (StringUtils.isNotEmpty(policyName)) {
policy.setName(StringUtils.trim(policyName));
}
if (updateIfExists != null && Boolean.valueOf(updateIfExists)) {
RangerPolicy existingPolicy = null;
try {
if (StringUtils.isNotEmpty(policy.getGuid())) {
existingPolicy = getPolicyByGuid(policy.getGuid());
}
if (existingPolicy == null && StringUtils.isNotEmpty(serviceName) && StringUtils.isNotEmpty(policyName)) {
existingPolicy = getPolicyByName(policy.getService(), policy.getName());
}
if (existingPolicy != null) {
policy.setId(existingPolicy.getId());
ret = updatePolicy(policy);
}
} catch (Exception excp) {
LOG.info("ServiceREST.createPolicy(): Failed to find/update exising policy, will attempt to create the policy", excp);
}
}
}
if (ret == null) {
// set name of policy if unspecified
if (StringUtils.isBlank(policy.getName())) {
// use of isBlank over isEmpty is deliberate as a blank string does not strike us as a particularly useful policy name!
String guid = policy.getGuid();
if (StringUtils.isBlank(guid)) {
// use of isBlank is deliberate. External parties could send the guid in, perhaps to sync between dev/test/prod instances?
guid = guidUtil.genGUID();
policy.setGuid(guid);
if (LOG.isDebugEnabled()) {
LOG.debug("No GUID supplied on the policy! Ok, setting GUID to [" + guid + "].");
}
}
String name = policy.getService() + "-" + guid;
policy.setName(name);
if (LOG.isDebugEnabled()) {
LOG.debug("Policy did not have its name set! Ok, setting name to [" + name + "]");
}
}
RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
ensureAdminAccess(policy);
bizUtil.blockAuditorRoleUser();
ret = svcStore.createPolicy(policy);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("createPolicy(" + policy + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.createPolicy(" + policy + "): " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
VXString(org.apache.ranger.view.VXString)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
RangerPolicyValidator(org.apache.ranger.plugin.model.validation.RangerPolicyValidator)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 4 with RangerPolicyValidator
use of org.apache.ranger.plugin.model.validation.RangerPolicyValidator in project ranger by apache.
the class ServiceREST method updatePolicy.
@PUT
@Path("/policies/{id}")
@Produces({ "application/json", "application/xml" })
public RangerPolicy updatePolicy(RangerPolicy policy) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.updatePolicy(" + policy + ")");
}
RangerPolicy ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updatePolicy(policyId=" + policy.getId() + ")");
}
RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
validator.validate(policy, Action.UPDATE, bizUtil.isAdmin());
ensureAdminAccess(policy);
bizUtil.blockAuditorRoleUser();
ret = svcStore.updatePolicy(policy);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("updatePolicy(" + policy + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.updatePolicy(" + policy + "): " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
RangerPolicyValidator(org.apache.ranger.plugin.model.validation.RangerPolicyValidator)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
PUT(javax.ws.rs.PUT)
Aggregations
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)4
RangerPolicyValidator (org.apache.ranger.plugin.model.validation.RangerPolicyValidator)4
Path (javax.ws.rs.Path)3
Produces (javax.ws.rs.Produces)3
WebApplicationException (javax.ws.rs.WebApplicationException)3
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)3
JsonSyntaxException (com.google.gson.JsonSyntaxException)1
IOException (java.io.IOException)1
DELETE (javax.ws.rs.DELETE)1
POST (javax.ws.rs.POST)1
PUT (javax.ws.rs.PUT)1
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)1
RangerPolicyList (org.apache.ranger.view.RangerPolicyList)1
VXString (org.apache.ranger.view.VXString)1
