Examples with RangerPerfTracer org.apache.ranger.plugin.util.RangerPerfTracer used on opensource projects

Example 56 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class RangerHBasePlugin method authorizeAccess.

Filter authorizeAccess(String operation, Action action, final RegionCoprocessorEnvironment env, final Map<byte[], NavigableSet<byte[]>> familyMap) throws AccessDeniedException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> authorizeAccess");
    }
    RangerPerfTracer perf = null;
    try {
        perf = RangerPerfTracer.getPerfTracer(PERF_HBASEAUTH_REQUEST_LOG, "RangerAuthorizationCoprocessor.authorizeAccess(request=Operation[" + operation + "]");
        ColumnFamilyAccessResult accessResult = evaluateAccess(operation, action, env, familyMap);
        RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
        if (accessResult._everythingIsAccessible) {
            auditHandler.logAuthzAudits(accessResult._accessAllowedEvents);
            auditHandler.logAuthzAudits(accessResult._familyLevelAccessEvents);
            LOG.debug("authorizeAccess: exiting: No filter returned since all access was allowed");
            // no filter needed since we are good to go.
            return null;
        } else if (accessResult._somethingIsAccessible) {
            // NOTE: audit logging is split beween logging here (in scope of preOp/preGet) and logging in the filter component for those that couldn't be determined
            auditHandler.logAuthzAudits(accessResult._accessAllowedEvents);
            LOG.debug("authorizeAccess: exiting: Filter returned since some access was allowed");
            return accessResult._filter;
        } else {
            // If we are here then it means nothing was accessible!  So let's log one denial (in our case, the last denial) and throw an exception
            auditHandler.logAuthzAudit(accessResult._accessDeniedEvent);
            LOG.debug("authorizeAccess: exiting: Throwing exception since nothing was accessible");
            throw new AccessDeniedException(accessResult._denialReason);
        }
    } finally {
        RangerPerfTracer.log(perf);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== authorizeAccess");
        }
    }
}

Example 57 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class RangerHBasePlugin method requirePermission.

void requirePermission(final String operation, final Action action, final RegionCoprocessorEnvironment regionServerEnv, final Map<byte[], ? extends Collection<?>> familyMap) throws AccessDeniedException {
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_HBASEAUTH_REQUEST_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_HBASEAUTH_REQUEST_LOG, "RangerAuthorizationCoprocessor.requirePermission(request=Operation[" + operation + "]");
        }
        ColumnFamilyAccessResult accessResult = evaluateAccess(operation, action, regionServerEnv, familyMap);
        RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
        if (accessResult._everythingIsAccessible) {
            auditHandler.logAuthzAudits(accessResult._accessAllowedEvents);
            auditHandler.logAuthzAudits(accessResult._familyLevelAccessEvents);
            LOG.debug("requirePermission: exiting: all access was allowed");
            return;
        } else {
            auditHandler.logAuthzAudit(accessResult._accessDeniedEvent);
            LOG.debug("requirePermission: exiting: throwing exception as everything wasn't accessible");
            throw new AccessDeniedException(accessResult._denialReason);
        }
    } finally {
        RangerPerfTracer.log(perf);
    }
}

Example 58 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class RangerPolicyEngineImpl method isAccessAllowed.

/*
	 * This API is used by ranger-admin
	 */
@Override
public boolean isAccessAllowed(RangerPolicy policy, String user, Set<String> userGroups, String accessType) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + policy.getId() + ", " + user + ", " + userGroups + ", " + accessType + ")");
    }
    boolean ret = false;
    RangerPerfTracer perf = null;
    if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYENGINE_REQUEST_LOG)) {
        perf = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_REQUEST_LOG, "RangerPolicyEngine.isAccessAllowed(user=" + user + "," + userGroups + ",accessType=" + accessType + ")");
    }
    for (RangerPolicyEvaluator evaluator : policyRepository.getPolicyEvaluators()) {
        ret = evaluator.isAccessAllowed(policy, user, userGroups, accessType);
        if (ret) {
            break;
        }
    }
    RangerPerfTracer.log(perf);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + policy.getId() + ", " + user + ", " + userGroups + ", " + accessType + "): " + ret);
    }
    return ret;
}

Example 59 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class RangerPolicyEngineImpl method reorderPolicyEvaluators.

@Override
public void reorderPolicyEvaluators() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> reorderEvaluators()");
    }
    RangerPerfTracer perf = null;
    if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYENGINE_REBALANCE_LOG)) {
        perf = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_REBALANCE_LOG, "RangerPolicyEngine.reorderEvaluators()");
    }
    if (MapUtils.isNotEmpty(policyEvaluatorsMap)) {
        for (Map.Entry<Long, RangerPolicyEvaluator> entry : policyEvaluatorsMap.entrySet()) {
            entry.getValue().setUsageCountImmutable();
        }
    }
    if (tagPolicyRepository != null) {
        tagPolicyRepository.reorderPolicyEvaluators();
    }
    if (policyRepository != null) {
        policyRepository.reorderPolicyEvaluators();
    }
    if (MapUtils.isNotEmpty(policyEvaluatorsMap)) {
        for (Map.Entry<Long, RangerPolicyEvaluator> entry : policyEvaluatorsMap.entrySet()) {
            entry.getValue().resetUsageCount();
        }
    }
    RangerPerfTracer.log(perf);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== reorderEvaluators()");
    }
}

Example 60 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class RangerPolicyEngineImpl method cleanup.

@Override
public void cleanup() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerPolicyEngineImpl.cleanup()");
    }
    RangerPerfTracer perf = null;
    if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYENGINE_INIT_LOG)) {
        perf = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_INIT_LOG, "RangerPolicyEngine.cleanUp(hashCode=" + Integer.toHexString(System.identityHashCode(this)) + ")");
    }
    preCleanup();
    if (CollectionUtils.isNotEmpty(allContextEnrichers)) {
        for (RangerContextEnricher contextEnricher : allContextEnrichers) {
            contextEnricher.cleanup();
        }
    }
    this.allContextEnrichers = null;
    RangerPerfTracer.log(perf);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyEngineImpl.cleanup()");
    }
}