Example 1 with RangerBaseService
use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.
the class ServiceMgr method getRangerServiceByService.
public RangerBaseService getRangerServiceByService(RangerService service, ServiceStore svcStore) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceMgr.getRangerServiceByService(" + service + ")");
}
RangerBaseService ret = null;
String serviceType = service == null ? null : service.getType();
if (!StringUtils.isEmpty(serviceType)) {
RangerServiceDef serviceDef = svcStore == null ? null : svcStore.getServiceDefByName(serviceType);
if (serviceDef != null) {
Class<RangerBaseService> cls = getClassForServiceType(serviceDef);
if (cls != null) {
ret = cls.newInstance();
ret.init(serviceDef, service);
if (ret instanceof RangerServiceTag) {
((RangerServiceTag) ret).setTagStore(tagStore);
}
} else {
LOG.warn("ServiceMgr.getRangerServiceByService(" + service + "): could not find service class '" + serviceDef.getImplClass() + "' for the service type '" + serviceType + "'");
}
} else {
LOG.warn("ServiceMgr.getRangerServiceByService(" + service + "): could not find the service-def for the service type '" + serviceType + "'");
}
} else {
LOG.warn("ServiceMgr.getRangerServiceByService(" + service + "): could not find the service-type '" + serviceType + "'");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceMgr.getRangerServiceByService(" + service + "): " + ret);
}
return ret;
}
Also used :
RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerServiceTag(org.apache.ranger.services.tag.RangerServiceTag)
Example 2 with RangerBaseService
use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.
the class ServiceDBStore method createDefaultPolicies.
void createDefaultPolicies(RangerService createdService) throws Exception {
RangerBaseService svc = serviceMgr.getRangerServiceByService(createdService, this);
if (svc != null) {
List<String> serviceCheckUsers = getServiceCheckUsers(createdService);
List<RangerPolicy> defaultPolicies = svc.getDefaultRangerPolicies();
if (CollectionUtils.isNotEmpty(defaultPolicies)) {
createDefaultPolicyUsersAndGroups(defaultPolicies);
for (RangerPolicy defaultPolicy : defaultPolicies) {
if (CollectionUtils.isNotEmpty(serviceCheckUsers) && StringUtils.equalsIgnoreCase(defaultPolicy.getService(), createdService.getName())) {
RangerPolicyItem defaultAllowPolicyItem = CollectionUtils.isNotEmpty(defaultPolicy.getPolicyItems()) ? defaultPolicy.getPolicyItems().get(0) : null;
if (defaultAllowPolicyItem == null) {
LOG.error("There is no allow-policy-item in the default-policy:[" + defaultPolicy + "]");
} else {
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
policyItem.setUsers(serviceCheckUsers);
policyItem.setAccesses(defaultAllowPolicyItem.getAccesses());
policyItem.setDelegateAdmin(true);
defaultPolicy.getPolicyItems().add(policyItem);
}
}
boolean isPolicyItemValid = validatePolicyItems(defaultPolicy.getPolicyItems()) && validatePolicyItems(defaultPolicy.getDenyPolicyItems()) && validatePolicyItems(defaultPolicy.getAllowExceptions()) && validatePolicyItems(defaultPolicy.getDenyExceptions()) && validatePolicyItems(defaultPolicy.getDataMaskPolicyItems()) && validatePolicyItems(defaultPolicy.getRowFilterPolicyItems());
if (isPolicyItemValid) {
createPolicy(defaultPolicy);
} else {
LOG.warn("Default policy won't be created,since policyItems not valid-either users/groups not present or access not present in policy.");
}
}
}
}
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
VXString(org.apache.ranger.view.VXString)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Example 3 with RangerBaseService
use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.
the class ServiceMgr method validateConfig.
public VXResponse validateConfig(RangerService service, ServiceStore svcStore) throws Exception {
VXResponse ret = new VXResponse();
rangerBizUtil.blockAuditorRoleUser();
String authType = PropertiesUtil.getProperty(AUTHENTICATION_TYPE);
String lookupPrincipal = SecureClientLogin.getPrincipal(PropertiesUtil.getProperty(LOOKUP_PRINCIPAL), PropertiesUtil.getProperty(HOST_NAME));
String lookupKeytab = PropertiesUtil.getProperty(LOOKUP_KEYTAB);
String nameRules = PropertiesUtil.getProperty(NAME_RULES);
String rangerPrincipal = SecureClientLogin.getPrincipal(PropertiesUtil.getProperty(ADMIN_USER_PRINCIPAL), PropertiesUtil.getProperty(HOST_NAME));
String rangerkeytab = PropertiesUtil.getProperty(ADMIN_USER_KEYTAB);
if (!StringUtils.isEmpty(authType) && KERBEROS_TYPE.equalsIgnoreCase(authType.trim()) && SecureClientLogin.isKerberosCredentialExists(lookupPrincipal, lookupKeytab)) {
if (service != null && service.getConfigs() != null) {
service.getConfigs().put(HadoopConfigHolder.RANGER_LOOKUP_PRINCIPAL, lookupPrincipal);
service.getConfigs().put(HadoopConfigHolder.RANGER_LOOKUP_KEYTAB, lookupKeytab);
service.getConfigs().put(HadoopConfigHolder.RANGER_NAME_RULES, nameRules);
service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
}
}
if (!StringUtils.isEmpty(authType) && KERBEROS_TYPE.equalsIgnoreCase(authType.trim()) && SecureClientLogin.isKerberosCredentialExists(rangerPrincipal, rangerkeytab)) {
if (service != null && service.getConfigs() != null) {
service.getConfigs().put(HadoopConfigHolder.RANGER_PRINCIPAL, rangerPrincipal);
service.getConfigs().put(HadoopConfigHolder.RANGER_KEYTAB, rangerkeytab);
service.getConfigs().put(HadoopConfigHolder.RANGER_NAME_RULES, nameRules);
service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
}
}
RangerBaseService svc = null;
if (service != null) {
Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service);
service.setConfigs(newConfigs);
svc = getRangerServiceByService(service, svcStore);
}
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceMgr.validateConfig for Service: (" + svc + ")");
}
if (svc != null) {
try {
// Timeout value use during validate config is 10 times that used during lookup
long time = getTimeoutValueForValidateConfigInMilliSeconds(svc);
ValidateCallable callable = new ValidateCallable(svc);
Map<String, Object> responseData = timedExecutor.timedTask(callable, time, TimeUnit.MILLISECONDS);
ret = generateResponseForTestConn(responseData, "");
} catch (Exception e) {
String msg = "Unable to connect repository with given config for " + svc.getServiceName();
HashMap<String, Object> respData = new HashMap<String, Object>();
if (e instanceof HadoopException) {
respData = ((HadoopException) e).getResponseData();
}
ret = generateResponseForTestConn(respData, msg);
LOG.error("==> ServiceMgr.validateConfig Error:" + e);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceMgr.validateConfig for Response: (" + ret + ")");
}
return ret;
}
Also used :
VXResponse(org.apache.ranger.view.VXResponse)
RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService)
HashMap(java.util.HashMap)
HadoopException(org.apache.ranger.plugin.client.HadoopException)
HadoopException(org.apache.ranger.plugin.client.HadoopException)
Example 4 with RangerBaseService
use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.
the class ServiceMgr method getRangerServiceByName.
public RangerBaseService getRangerServiceByName(String serviceName, ServiceStore svcStore) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceMgr.getRangerServiceByName(" + serviceName + ")");
}
RangerBaseService ret = null;
RangerService service = svcStore == null ? null : svcStore.getServiceByName(serviceName);
if (service != null) {
ret = getRangerServiceByService(service, svcStore);
} else {
LOG.warn("ServiceMgr.getRangerServiceByName(" + serviceName + "): could not find the service");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceMgr.getRangerServiceByName(" + serviceName + "): " + ret);
}
return ret;
}
Also used :
RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService)
RangerService(org.apache.ranger.plugin.model.RangerService)
Example 5 with RangerBaseService
use of org.apache.ranger.plugin.service.RangerBaseService in project ranger by apache.
the class ServiceMgr method getClassForServiceType.
@SuppressWarnings("unchecked")
private Class<RangerBaseService> getClassForServiceType(RangerServiceDef serviceDef) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceMgr.getClassForServiceType(" + serviceDef + ")");
}
Class<RangerBaseService> ret = null;
if (serviceDef != null) {
String serviceType = serviceDef.getName();
ret = serviceTypeClassMap.get(serviceType);
if (ret == null) {
synchronized (serviceTypeClassMap) {
ret = serviceTypeClassMap.get(serviceType);
if (ret == null) {
String clsName = serviceDef.getImplClass();
if (LOG.isDebugEnabled()) {
LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + clsName + " not found in cache");
}
try {
Class<?> cls;
if (StringUtils.isEmpty(clsName)) {
if (LOG.isDebugEnabled()) {
LOG.debug("No service-class configured for service-type:[" + serviceType + "], using RangerDefaultService");
}
clsName = RANGER_DEFAULT_SERVICE_NAME;
cls = Class.forName(clsName);
} else {
URL[] pluginFiles = getPluginFilesForServiceType(serviceType);
URLClassLoader clsLoader = new URLClassLoader(pluginFiles, Thread.currentThread().getContextClassLoader());
cls = Class.forName(clsName, true, clsLoader);
}
ret = (Class<RangerBaseService>) cls;
serviceTypeClassMap.put(serviceType, ret);
if (LOG.isDebugEnabled()) {
LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + clsName + " added to cache");
}
} catch (Exception excp) {
LOG.warn("ServiceMgr.getClassForServiceType(" + serviceType + "): failed to find service-class '" + clsName + "'. Resource lookup will not be available", excp);
// Let's propagate the error
throw new Exception(serviceType + " failed to find service class " + clsName + ". Resource lookup will not be available. Please make sure plugin jar is in the correct place.");
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + ret.getCanonicalName() + " found in cache");
}
}
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("ServiceMgr.getClassForServiceType(" + serviceType + "): service-class " + ret.getCanonicalName() + " found in cache");
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceMgr.getClassForServiceType(" + serviceDef + "): " + ret);
}
return ret;
}
Also used :
RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService)
URLClassLoader(java.net.URLClassLoader)
URL(java.net.URL)
HadoopException(org.apache.ranger.plugin.client.HadoopException)
Aggregations
RangerBaseService (org.apache.ranger.plugin.service.RangerBaseService)6
HadoopException (org.apache.ranger.plugin.client.HadoopException)2
RangerService (org.apache.ranger.plugin.model.RangerService)2
URL (java.net.URL)1
URLClassLoader (java.net.URLClassLoader)1
HashMap (java.util.HashMap)1
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)1
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)1
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)1
RangerServiceTag (org.apache.ranger.services.tag.RangerServiceTag)1
VXResponse (org.apache.ranger.view.VXResponse)1
VXString (org.apache.ranger.view.VXString)1
