use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method getServiceDef.
@GET
@Path("/definitions/{id}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_SERVICE_DEF + "\")")
public RangerServiceDef getServiceDef(@PathParam("id") Long id) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getServiceDef(" + id + ")");
}
RangerServiceDef ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDef(serviceDefId=" + id + ")");
}
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(id);
if (!bizUtil.hasAccess(xServiceDef, null)) {
throw restErrorUtil.createRESTException("User is not allowed to access service-def, id: " + xServiceDef.getId(), MessageEnums.OPER_NO_PERMISSION);
}
ret = svcStore.getServiceDef(id);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("getServiceDef(" + id + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (ret == null) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getServiceDef(" + id + "): " + ret);
}
return ret;
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method getServiceDefs.
@GET
@Path("/definitions")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_SERVICE_DEFS + "\")")
public RangerServiceDefList getServiceDefs(@Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getServiceDefs()");
}
RangerServiceDefList ret = null;
RangerPerfTracer perf = null;
PList<RangerServiceDef> paginatedSvcDefs = null;
SearchFilter filter = searchUtil.getSearchFilter(request, serviceDefService.sortFields);
String pageSource = null;
pageSource = request.getParameter("pageSource");
if (pageSource != null)
filter.setParam("pageSource", pageSource);
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefs()");
}
paginatedSvcDefs = svcStore.getPaginatedServiceDefs(filter);
if (paginatedSvcDefs != null) {
ret = new RangerServiceDefList();
ret.setServiceDefs(paginatedSvcDefs.getList());
ret.setPageSize(paginatedSvcDefs.getPageSize());
ret.setResultSize(paginatedSvcDefs.getResultSize());
ret.setStartIndex(paginatedSvcDefs.getStartIndex());
ret.setTotalCount(paginatedSvcDefs.getTotalCount());
ret.setSortBy(paginatedSvcDefs.getSortBy());
ret.setSortType(paginatedSvcDefs.getSortType());
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("getServiceDefs() failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getServiceDefs(): count=" + (ret == null ? 0 : ret.getListSize()));
}
return ret;
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method importPoliciesFromFile.
@POST
@Path("/policies/importPoliciesFromFile")
@Consumes({ MediaType.MULTIPART_FORM_DATA, MediaType.APPLICATION_JSON })
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAdminOrKeyAdminRole()")
public void importPoliciesFromFile(@Context HttpServletRequest request, @FormDataParam("servicesMapJson") InputStream serviceMapStream, @FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @QueryParam("isOverride") Boolean isOverride) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.importPoliciesFromFile()");
}
RangerPerfTracer perf = null;
String metaDataInfo = null;
List<XXTrxLog> trxLogListError = new ArrayList<XXTrxLog>();
XXTrxLog xxTrxLogError = new XXTrxLog();
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.importPoliciesFromFile()");
}
List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
XXTrxLog xxTrxLog = new XXTrxLog();
xxTrxLog.setAction("IMPORT START");
xxTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
xxTrxLog.setPreviousValue("IMPORT START");
trxLogList.add(xxTrxLog);
bizUtil.createTrxLog(trxLogList);
if (isOverride == null) {
isOverride = false;
}
List<String> serviceNameList = new ArrayList<String>();
String serviceType = null;
List<String> serviceTypeList = null;
SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields);
if (StringUtils.isNotEmpty(request.getParameter(PARAM_SERVICE_TYPE))) {
serviceType = request.getParameter(PARAM_SERVICE_TYPE);
}
if (StringUtils.isNotEmpty(serviceType)) {
serviceTypeList = new ArrayList<String>(Arrays.asList(serviceType.split(",")));
}
List<RangerService> rangerServiceList = null;
List<RangerService> rangerServiceLists = new ArrayList<RangerService>();
if (CollectionUtils.isNotEmpty(serviceTypeList)) {
for (String s : serviceTypeList) {
filter.removeParam(PARAM_SERVICE_TYPE);
filter.setParam(PARAM_SERVICE_TYPE, s.trim());
rangerServiceList = getServices(filter);
rangerServiceLists.addAll(rangerServiceList);
}
}
if (!CollectionUtils.sizeIsEmpty(rangerServiceLists)) {
for (RangerService rService : rangerServiceLists) {
if (StringUtils.isNotEmpty(rService.getName())) {
serviceNameList.add(rService.getName());
}
}
}
Map<String, String> servicesMappingMap = new LinkedHashMap<String, String>();
List<String> sourceServices = new ArrayList<String>();
List<String> destinationServices = new ArrayList<String>();
if (serviceMapStream != null) {
servicesMappingMap = svcStore.getServiceMap(serviceMapStream);
}
if (!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
for (Entry<String, String> map : servicesMappingMap.entrySet()) {
String sourceServiceName = null;
String destinationServiceName = null;
if (StringUtils.isNotEmpty(map.getKey().trim()) && StringUtils.isNotEmpty(map.getValue().trim())) {
sourceServiceName = map.getKey().trim();
destinationServiceName = map.getValue().trim();
} else {
LOG.error("Source service or destonation service name is not provided!!");
throw restErrorUtil.createRESTException("Source service or destonation service name is not provided!!");
}
if (StringUtils.isNotEmpty(sourceServiceName) && StringUtils.isNotEmpty(destinationServiceName)) {
sourceServices.add(sourceServiceName);
destinationServices.add(destinationServiceName);
}
}
}
String fileName = fileDetail.getFileName();
int totalPolicyCreate = 0;
Map<String, RangerPolicy> policiesMap = new LinkedHashMap<String, RangerPolicy>();
List<String> dataFileSourceServices = new ArrayList<String>();
if (fileName.endsWith("json")) {
try {
RangerExportPolicyList rangerExportPolicyList = null;
List<RangerPolicy> policies = null;
Gson gson = new Gson();
String policiesString = IOUtils.toString(uploadedInputStream);
policiesString = policiesString.trim();
if (StringUtils.isNotEmpty(policiesString)) {
gson.fromJson(policiesString, RangerExportPolicyList.class);
rangerExportPolicyList = new ObjectMapper().readValue(policiesString, RangerExportPolicyList.class);
} else {
LOG.error("Provided json file is empty!!");
throw restErrorUtil.createRESTException("Provided json file is empty!!");
}
if (rangerExportPolicyList != null && !CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getMetaDataInfo())) {
metaDataInfo = new ObjectMapper().writeValueAsString(rangerExportPolicyList.getMetaDataInfo());
} else {
LOG.info("metadata info is not provided!!");
}
if (rangerExportPolicyList != null && !CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getPolicies())) {
policies = rangerExportPolicyList.getPolicies();
} else {
LOG.error("Provided json file does not contain any policy!!");
throw restErrorUtil.createRESTException("Provided json file does not contain any policy!!");
}
if (CollectionUtils.sizeIsEmpty(servicesMappingMap) && isOverride) {
if (policies != null && !CollectionUtils.sizeIsEmpty(policies)) {
for (RangerPolicy policyInJson : policies) {
if (policyInJson != null) {
if (StringUtils.isNotEmpty(policyInJson.getService().trim())) {
String serviceName = policyInJson.getService().trim();
if (CollectionUtils.isNotEmpty(serviceNameList) && serviceNameList.contains(serviceName)) {
sourceServices.add(serviceName);
destinationServices.add(serviceName);
} else if (CollectionUtils.isEmpty(serviceNameList)) {
sourceServices.add(serviceName);
destinationServices.add(serviceName);
}
} else {
LOG.error("Service Name or Policy Name is not provided!!");
throw restErrorUtil.createRESTException("Service Name or Policy Name is not provided!!");
}
}
}
}
} else if (!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
if (policies != null && !CollectionUtils.sizeIsEmpty(policies)) {
for (RangerPolicy policyInJson : policies) {
if (policyInJson != null) {
if (StringUtils.isNotEmpty(policyInJson.getService().trim())) {
dataFileSourceServices.add(policyInJson.getService().trim());
} else {
LOG.error("Service Name or Policy Name is not provided!!");
throw restErrorUtil.createRESTException("Service Name or Policy Name is not provided!!");
}
}
}
if (!dataFileSourceServices.containsAll(sourceServices)) {
LOG.error("Json File does not contain sepcified source service name.");
throw restErrorUtil.createRESTException("Json File does not contain sepcified source service name.");
}
}
}
String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
String polResource = request.getParameter(SearchFilter.POL_RESOURCE);
if (updateIfExists == null || updateIfExists.isEmpty()) {
updateIfExists = "false";
} else if (updateIfExists.equalsIgnoreCase("true")) {
isOverride = false;
}
if (isOverride && "false".equalsIgnoreCase(updateIfExists) && StringUtils.isEmpty(polResource)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting Policy from provided services in servicesMapJson file...");
}
if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) {
deletePoliciesProvidedInServiceMap(sourceServices, destinationServices);
}
}
if ("true".equalsIgnoreCase(updateIfExists) && StringUtils.isNotEmpty(polResource)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting Policy from provided services in servicesMapJson file for specific resource...");
}
if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) {
deletePoliciesForResource(sourceServices, destinationServices, polResource, request, policies);
}
}
if (policies != null && !CollectionUtils.sizeIsEmpty(policies)) {
for (RangerPolicy policyInJson : policies) {
if (policyInJson != null) {
policiesMap = svcStore.createPolicyMap(servicesMappingMap, sourceServices, destinationServices, policyInJson, policiesMap);
}
}
}
if (!CollectionUtils.sizeIsEmpty(policiesMap.entrySet())) {
for (Entry<String, RangerPolicy> entry : policiesMap.entrySet()) {
RangerPolicy policy = entry.getValue();
if (policy != null) {
if (!CollectionUtils.isEmpty(serviceNameList)) {
for (String service : serviceNameList) {
if (StringUtils.isNotEmpty(service.trim()) && StringUtils.isNotEmpty(policy.getService().trim())) {
if (policy.getService().trim().equalsIgnoreCase(service.trim())) {
if (updateIfExists != null && !updateIfExists.isEmpty()) {
request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
request.setAttribute(PARAM_POLICY_NAME, policy.getName());
}
createPolicy(policy, request);
totalPolicyCreate = totalPolicyCreate + 1;
if (LOG.isDebugEnabled()) {
LOG.debug("Policy " + policy.getName() + " created successfully.");
}
break;
}
} else {
LOG.error("Service Name or Policy Name is not provided!!");
throw restErrorUtil.createRESTException("Service Name or Policy Name is not provided!!");
}
}
} else {
if (updateIfExists != null && !updateIfExists.isEmpty()) {
request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
request.setAttribute(PARAM_POLICY_NAME, policy.getName());
}
createPolicy(policy, request);
totalPolicyCreate = totalPolicyCreate + 1;
if (LOG.isDebugEnabled()) {
LOG.debug("Policy " + policy.getName() + " created successfully.");
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Total Policy Created From Json file : " + totalPolicyCreate);
}
if (!(totalPolicyCreate > 0)) {
LOG.error("zero policy is created from provided data file!!");
throw restErrorUtil.createRESTException("zero policy is created from provided data file!!");
}
}
} catch (IOException e) {
LOG.error(e.getMessage());
throw restErrorUtil.createRESTException(e.getMessage());
}
} else {
LOG.error("Provided file format is not supported!!");
throw restErrorUtil.createRESTException("Provided file format is not supported!!");
}
} catch (JsonSyntaxException ex) {
LOG.error("Provided json file is not valid!!", ex);
xxTrxLogError.setAction("IMPORT ERROR");
xxTrxLogError.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
if (StringUtils.isNotEmpty(metaDataInfo)) {
xxTrxLogError.setPreviousValue(metaDataInfo);
}
trxLogListError.add(xxTrxLogError);
bizUtil.createTrxLog(trxLogListError);
throw restErrorUtil.createRESTException(ex.getMessage());
} catch (WebApplicationException excp) {
LOG.error("Error while importing policy from file!!", excp);
xxTrxLogError.setAction("IMPORT ERROR");
xxTrxLogError.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
if (StringUtils.isNotEmpty(metaDataInfo)) {
xxTrxLogError.setPreviousValue(metaDataInfo);
}
trxLogListError.add(xxTrxLogError);
bizUtil.createTrxLog(trxLogListError);
throw excp;
} catch (Throwable excp) {
LOG.error("Error while importing policy from file!!", excp);
xxTrxLogError.setAction("IMPORT ERROR");
xxTrxLogError.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
if (StringUtils.isNotEmpty(metaDataInfo)) {
xxTrxLogError.setPreviousValue(metaDataInfo);
}
trxLogListError.add(xxTrxLogError);
bizUtil.createTrxLog(trxLogListError);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
List<XXTrxLog> trxLogListEnd = new ArrayList<XXTrxLog>();
XXTrxLog xxTrxLogEnd = new XXTrxLog();
xxTrxLogEnd.setAction("IMPORT END");
xxTrxLogEnd.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
if (StringUtils.isNotEmpty(metaDataInfo)) {
xxTrxLogEnd.setPreviousValue(metaDataInfo);
}
trxLogListEnd.add(xxTrxLogEnd);
bizUtil.createTrxLog(trxLogListEnd);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.importPoliciesFromFile()");
}
}
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class RangerAtlasAuthorizer method isAccessAllowed.
@Override
public boolean isAccessAllowed(AtlasEntityAccessRequest request) throws AtlasAuthorizationException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> isAccessAllowed(" + request + ")");
}
boolean ret = false;
RangerPerfTracer perf = null;
RangerAtlasAuditHandler auditHandler = new RangerAtlasAuditHandler(request, getServiceDef());
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerAtlasAuthorizer.isAccessAllowed(" + request + ")");
}
final String action = request.getAction() != null ? request.getAction().getType() : null;
final Set<String> entityTypes = request.getEntityTypeAndAllSuperTypes();
final String entityId = request.getEntityId();
final String classification = request.getClassification() != null ? request.getClassification().getTypeName() : null;
RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl();
rangerRequest.setAccessType(action);
rangerRequest.setAction(action);
rangerRequest.setUser(request.getUser());
rangerRequest.setUserGroups(request.getUserGroups());
rangerRequest.setClientIPAddress(request.getClientIPAddress());
rangerRequest.setAccessTime(request.getAccessTime());
rangerRequest.setClusterName(getClusterName());
final Set<String> classificationsToAuthorize;
if (classification != null) {
if (request.getEntityClassifications() == null) {
classificationsToAuthorize = Collections.singleton(classification);
} else {
classificationsToAuthorize = new HashSet<>(request.getEntityClassifications());
classificationsToAuthorize.add(classification);
}
} else {
classificationsToAuthorize = request.getEntityClassifications();
}
if (CollectionUtils.isNotEmpty(classificationsToAuthorize)) {
// check authorization for each classification
for (String classificationToAuthorize : classificationsToAuthorize) {
RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
rangerResource.setValue(RESOURCE_ENTITY_TYPE, entityTypes);
rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, request.getClassificationTypeAndAllSuperTypes(classificationToAuthorize));
rangerResource.setValue(RESOURCE_ENTITY_ID, entityId);
rangerRequest.setResource(rangerResource);
ret = checkAccess(rangerRequest, auditHandler);
if (!ret) {
break;
}
}
} else {
// no classifications to authorize
RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
rangerResource.setValue(RESOURCE_ENTITY_TYPE, entityTypes);
rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, Collections.<String>emptySet());
rangerResource.setValue(RESOURCE_ENTITY_ID, entityId);
rangerRequest.setResource(rangerResource);
ret = checkAccess(rangerRequest, auditHandler);
}
} finally {
auditHandler.flushAudit();
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== isAccessAllowed(" + request + "): " + ret);
}
return ret;
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class RangerAtlasAuthorizer method isAccessAllowed.
@Override
public boolean isAccessAllowed(AtlasTypeAccessRequest request) throws AtlasAuthorizationException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> isAccessAllowed(" + request + ")");
}
final boolean ret;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerAtlasAuthorizer.isAccessAllowed(" + request + ")");
}
final String typeName = request.getTypeDef() != null ? request.getTypeDef().getName() : null;
final String typeCategory = request.getTypeDef() != null && request.getTypeDef().getCategory() != null ? request.getTypeDef().getCategory().name() : null;
final String action = request.getAction() != null ? request.getAction().getType() : null;
RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
rangerResource.setValue(RESOURCE_TYPE_NAME, typeName);
rangerResource.setValue(RESOURCE_TYPE_CATEGORY, typeCategory);
RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl(rangerResource, action, request.getUser(), request.getUserGroups());
rangerRequest.setClientIPAddress(request.getClientIPAddress());
rangerRequest.setAccessTime(request.getAccessTime());
rangerRequest.setClusterName(getClusterName());
rangerRequest.setAction(action);
ret = checkAccess(rangerRequest);
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== isAccessAllowed(" + request + "): " + ret);
}
return ret;
}
Aggregations