Search in sources :

Example 1 with RangerBaseService

use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.

the class ServiceMgr method getRangerServiceByService.

public RangerBaseService getRangerServiceByService(RangerService service, ServiceStore svcStore) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceMgr.getRangerServiceByService(" + service + ")");
    }
    RangerBaseService ret = null;
    String serviceType = service == null ? null : service.getType();
    if (!StringUtils.isEmpty(serviceType)) {
        RangerServiceDef serviceDef = svcStore == null ? null : svcStore.getServiceDefByName(serviceType);
        if (serviceDef != null) {
            Class<RangerBaseService> cls = getClassForServiceType(serviceDef);
            if (cls != null) {
                ret = cls.newInstance();
                ret.init(serviceDef, service);
                if (ret instanceof RangerServiceTag) {
                    ((RangerServiceTag) ret).setTagStore(tagStore);
                }
            } else {
                LOG.warn("ServiceMgr.getRangerServiceByService(" + service + "): could not find service class '" + serviceDef.getImplClass() + "' for the service type '" + serviceType + "'");
            }
        } else {
            LOG.warn("ServiceMgr.getRangerServiceByService(" + service + "): could not find the service-def for the service type '" + serviceType + "'");
        }
    } else {
        LOG.warn("ServiceMgr.getRangerServiceByService(" + service + "): could not find the service-type '" + serviceType + "'");
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceMgr.getRangerServiceByService(" + service + "): " + ret);
    }
    return ret;
}
Also used : RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerServiceTag(org.apache.ranger.services.tag.RangerServiceTag)

Example 2 with RangerBaseService

use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.

the class ServiceDBStore method createDefaultPolicies.

void createDefaultPolicies(RangerService createdService) throws Exception {
    RangerBaseService svc = serviceMgr.getRangerServiceByService(createdService, this);
    if (svc != null) {
        List<String> serviceCheckUsers = getServiceCheckUsers(createdService);
        List<RangerPolicy> defaultPolicies = svc.getDefaultRangerPolicies();
        if (CollectionUtils.isNotEmpty(defaultPolicies)) {
            createDefaultPolicyUsersAndGroups(defaultPolicies);
            for (RangerPolicy defaultPolicy : defaultPolicies) {
                if (CollectionUtils.isNotEmpty(serviceCheckUsers) && StringUtils.equalsIgnoreCase(defaultPolicy.getService(), createdService.getName())) {
                    RangerPolicyItem defaultAllowPolicyItem = CollectionUtils.isNotEmpty(defaultPolicy.getPolicyItems()) ? defaultPolicy.getPolicyItems().get(0) : null;
                    if (defaultAllowPolicyItem == null) {
                        LOG.error("There is no allow-policy-item in the default-policy:[" + defaultPolicy + "]");
                    } else {
                        RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
                        policyItem.setUsers(serviceCheckUsers);
                        policyItem.setAccesses(defaultAllowPolicyItem.getAccesses());
                        policyItem.setDelegateAdmin(true);
                        defaultPolicy.getPolicyItems().add(policyItem);
                    }
                }
                boolean isPolicyItemValid = validatePolicyItems(defaultPolicy.getPolicyItems()) && validatePolicyItems(defaultPolicy.getDenyPolicyItems()) && validatePolicyItems(defaultPolicy.getAllowExceptions()) && validatePolicyItems(defaultPolicy.getDenyExceptions()) && validatePolicyItems(defaultPolicy.getDataMaskPolicyItems()) && validatePolicyItems(defaultPolicy.getRowFilterPolicyItems());
                if (isPolicyItemValid) {
                    createPolicy(defaultPolicy);
                } else {
                    LOG.warn("Default policy won't be created,since policyItems not valid-either users/groups not present or access not present in policy.");
                }
            }
        }
    }
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) VXString(org.apache.ranger.view.VXString) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 3 with RangerBaseService

use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.

the class ServiceMgr method validateConfig.

public VXResponse validateConfig(RangerService service, ServiceStore svcStore) throws Exception {
    VXResponse ret = new VXResponse();
    rangerBizUtil.blockAuditorRoleUser();
    String authType = PropertiesUtil.getProperty(AUTHENTICATION_TYPE);
    String lookupPrincipal = SecureClientLogin.getPrincipal(PropertiesUtil.getProperty(LOOKUP_PRINCIPAL), PropertiesUtil.getProperty(HOST_NAME));
    String lookupKeytab = PropertiesUtil.getProperty(LOOKUP_KEYTAB);
    String nameRules = PropertiesUtil.getProperty(NAME_RULES);
    String rangerPrincipal = SecureClientLogin.getPrincipal(PropertiesUtil.getProperty(ADMIN_USER_PRINCIPAL), PropertiesUtil.getProperty(HOST_NAME));
    String rangerkeytab = PropertiesUtil.getProperty(ADMIN_USER_KEYTAB);
    if (!StringUtils.isEmpty(authType) && KERBEROS_TYPE.equalsIgnoreCase(authType.trim()) && SecureClientLogin.isKerberosCredentialExists(lookupPrincipal, lookupKeytab)) {
        if (service != null && service.getConfigs() != null) {
            service.getConfigs().put(HadoopConfigHolder.RANGER_LOOKUP_PRINCIPAL, lookupPrincipal);
            service.getConfigs().put(HadoopConfigHolder.RANGER_LOOKUP_KEYTAB, lookupKeytab);
            service.getConfigs().put(HadoopConfigHolder.RANGER_NAME_RULES, nameRules);
            service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
        }
    }
    if (!StringUtils.isEmpty(authType) && KERBEROS_TYPE.equalsIgnoreCase(authType.trim()) && SecureClientLogin.isKerberosCredentialExists(rangerPrincipal, rangerkeytab)) {
        if (service != null && service.getConfigs() != null) {
            service.getConfigs().put(HadoopConfigHolder.RANGER_PRINCIPAL, rangerPrincipal);
            service.getConfigs().put(HadoopConfigHolder.RANGER_KEYTAB, rangerkeytab);
            service.getConfigs().put(HadoopConfigHolder.RANGER_NAME_RULES, nameRules);
            service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
        }
    }
    RangerBaseService svc = null;
    if (service != null) {
        Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service);
        service.setConfigs(newConfigs);
        svc = getRangerServiceByService(service, svcStore);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceMgr.validateConfig for Service: (" + svc + ")");
    }
    if (svc != null) {
        try {
            // Timeout value use during validate config is 10 times that used during lookup
            long time = getTimeoutValueForValidateConfigInMilliSeconds(svc);
            ValidateCallable callable = new ValidateCallable(svc);
            Map<String, Object> responseData = timedExecutor.timedTask(callable, time, TimeUnit.MILLISECONDS);
            ret = generateResponseForTestConn(responseData, "");
        } catch (Exception e) {
            String msg = "Unable to connect repository with given config for " + svc.getServiceName();
            HashMap<String, Object> respData = new HashMap<String, Object>();
            if (e instanceof HadoopException) {
                respData = ((HadoopException) e).getResponseData();
            }
            ret = generateResponseForTestConn(respData, msg);
            LOG.error("==> ServiceMgr.validateConfig Error:" + e);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceMgr.validateConfig for Response: (" + ret + ")");
    }
    return ret;
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService) HashMap(java.util.HashMap) HadoopException(org.apache.ranger.plugin.client.HadoopException) HadoopException(org.apache.ranger.plugin.client.HadoopException)

Example 4 with RangerBaseService

use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.

the class ServiceMgr method getRangerServiceByName.

public RangerBaseService getRangerServiceByName(String serviceName, ServiceStore svcStore) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceMgr.getRangerServiceByName(" + serviceName + ")");
    }
    RangerBaseService ret = null;
    RangerService service = svcStore == null ? null : svcStore.getServiceByName(serviceName);
    if (service != null) {
        ret = getRangerServiceByService(service, svcStore);
    } else {
        LOG.warn("ServiceMgr.getRangerServiceByName(" + serviceName + "): could not find the service");
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceMgr.getRangerServiceByName(" + serviceName + "): " + ret);
    }
    return ret;
}
Also used : RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService) RangerService(org.apache.ranger.plugin.model.RangerService)

Example 5 with RangerBaseService

use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.

the class ServiceMgr method getClassForServiceType.

@SuppressWarnings("unchecked")
private Class<RangerBaseService> getClassForServiceType(RangerServiceDef serviceDef) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceMgr.getClassForServiceType(" + serviceDef + ")");
    }
    Class<RangerBaseService> ret = null;
    if (serviceDef != null) {
        String serviceType = serviceDef.getName();
        ret = serviceTypeClassMap.get(serviceType);
        if (ret == null) {
            synchronized (serviceTypeClassMap) {
                ret = serviceTypeClassMap.get(serviceType);
                if (ret == null) {
                    String clsName = serviceDef.getImplClass();
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + clsName + " not found in cache");
                    }
                    try {
                        Class<?> cls;
                        if (StringUtils.isEmpty(clsName)) {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("No service-class configured for service-type:[" + serviceType + "], using RangerDefaultService");
                            }
                            clsName = RANGER_DEFAULT_SERVICE_NAME;
                            cls = Class.forName(clsName);
                        } else {
                            URL[] pluginFiles = getPluginFilesForServiceType(serviceType);
                            URLClassLoader clsLoader = new URLClassLoader(pluginFiles, Thread.currentThread().getContextClassLoader());
                            cls = Class.forName(clsName, true, clsLoader);
                        }
                        ret = (Class<RangerBaseService>) cls;
                        serviceTypeClassMap.put(serviceType, ret);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + clsName + " added to cache");
                        }
                    } catch (Exception excp) {
                        LOG.warn("ServiceMgr.getClassForServiceType(" + serviceType + "): failed to find service-class '" + clsName + "'. Resource lookup will not be available", excp);
                        // Let's propagate the error
                        throw new Exception(serviceType + " failed to find service class " + clsName + ". Resource lookup will not be available. Please make sure plugin jar is in the correct place.");
                    }
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + ret.getCanonicalName() + " found in cache");
                    }
                }
            }
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + ret.getCanonicalName() + " found in cache");
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceMgr.getClassForServiceType(" + serviceDef + "): " + ret);
    }
    return ret;
}
Also used : RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService) URLClassLoader(java.net.URLClassLoader) URL(java.net.URL) HadoopException(org.apache.ranger.plugin.client.HadoopException)

Aggregations

RangerBaseService (org.apache.ranger.plugin.service.RangerBaseService)6 HadoopException (org.apache.ranger.plugin.client.HadoopException)2 RangerService (org.apache.ranger.plugin.model.RangerService)2 URL (java.net.URL)1 URLClassLoader (java.net.URLClassLoader)1 HashMap (java.util.HashMap)1 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)1 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)1 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)1 RangerServiceTag (org.apache.ranger.services.tag.RangerServiceTag)1 VXResponse (org.apache.ranger.view.VXResponse)1 VXString (org.apache.ranger.view.VXString)1