Example 21 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method grantAccess.
@POST
@Path("/services/grant/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse grantAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest grantRequest, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + ")");
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
if (grantRequest != null) {
if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.grantAccess(serviceName=" + serviceName + ")");
}
validateGrantRevokeRequest(grantRequest);
String userName = grantRequest.getGrantor();
Set<String> userGroups = CollectionUtils.isNotEmpty(grantRequest.getGrantorGroups()) ? grantRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(grantRequest.getResource()));
VXUser vxUser = xUserService.getXUserByUserName(userName);
if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
throw restErrorUtil.generateRESTException(vXResponse);
}
boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
if (!isAdmin) {
throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access");
}
RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
if (policy != null) {
boolean policyUpdated = false;
policyUpdated = ServiceRESTUtil.processGrantRequest(policy, grantRequest);
if (policyUpdated) {
svcStore.updatePolicy(policy);
} else {
LOG.error("processGrantRequest processing failed");
throw new Exception("processGrantRequest processing failed");
}
} else {
policy = new RangerPolicy();
policy.setService(serviceName);
// TODO: better policy name
policy.setName("grant-" + System.currentTimeMillis());
policy.setDescription("created by grant");
policy.setIsAuditEnabled(grantRequest.getEnableAudit());
policy.setCreatedBy(userName);
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
Set<String> resourceNames = resource.getKeys();
if (!CollectionUtils.isEmpty(resourceNames)) {
for (String resourceName : resourceNames) {
RangerPolicyResource policyResource = new RangerPolicyResource((String) resource.getValue(resourceName));
policyResource.setIsRecursive(grantRequest.getIsRecursive());
policyResources.put(resourceName, policyResource);
}
}
policy.setResources(policyResources);
RangerPolicyItem policyItem = new RangerPolicyItem();
policyItem.setDelegateAdmin(grantRequest.getDelegateAdmin());
policyItem.getUsers().addAll(grantRequest.getUsers());
policyItem.getGroups().addAll(grantRequest.getGroups());
for (String accessType : grantRequest.getAccessTypes()) {
policyItem.getAccesses().add(new RangerPolicyItemAccess(accessType, Boolean.TRUE));
}
policy.getPolicyItems().add(policyItem);
svcStore.createPolicy(policy);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("grantAccess(" + serviceName + ", " + grantRequest + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + "): " + ret);
}
return ret;
}
Also used :
VXResponse(org.apache.ranger.view.VXResponse)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
VXString(org.apache.ranger.view.VXString)
VXUser(org.apache.ranger.view.VXUser)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 22 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method countPolicies.
@GET
@Path("/policies/count")
@Produces({ "application/json", "application/xml" })
public Long countPolicies(@Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.countPolicies():");
}
Long ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countPolicies()");
}
List<RangerPolicy> policies = getPolicies(request).getPolicies();
policies = applyAdminAccessFilter(policies);
ret = Long.valueOf(policies == null ? 0 : policies.size());
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("countPolicies() failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.countPolicies(): " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 23 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method lookupResource.
@POST
@Path("/services/lookupResource/{serviceName}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.LOOKUP_RESOURCE + "\")")
public List<String> lookupResource(@PathParam("serviceName") String serviceName, ResourceLookupContext context) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.lookupResource(" + serviceName + ")");
}
List<String> ret = new ArrayList<String>();
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.lookupResource(serviceName=" + serviceName + ")");
}
ret = serviceMgr.lookupResource(serviceName, context, svcStore);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("lookupResource(" + serviceName + ", " + context + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.lookupResource(" + serviceName + "): " + ret);
}
return ret;
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
ArrayList(java.util.ArrayList)
VXString(org.apache.ranger.view.VXString)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Example 24 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method getServicePoliciesIfUpdated.
@GET
@Path("/policies/download/{serviceName}")
@Produces({ "application/json", "application/xml" })
public ServicePolicies getServicePoliciesIfUpdated(@PathParam("serviceName") String serviceName, @QueryParam("lastKnownVersion") Long lastKnownVersion, @DefaultValue("0") @QueryParam("lastActivationTime") Long lastActivationTime, @QueryParam("pluginId") String pluginId, @DefaultValue("") @QueryParam("clusterName") String clusterName, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ")");
}
ServicePolicies ret = null;
int httpCode = HttpServletResponse.SC_OK;
String logMsg = null;
RangerPerfTracer perf = null;
Long downloadedVersion = null;
boolean isValid = false;
try {
isValid = serviceUtil.isValidateHttpsAuthentication(serviceName, request);
} catch (WebApplicationException webException) {
httpCode = webException.getResponse().getStatus();
logMsg = webException.getResponse().getEntity().toString();
} catch (Exception e) {
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = e.getMessage();
}
if (isValid) {
if (lastKnownVersion == null) {
lastKnownVersion = Long.valueOf(-1);
}
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
}
ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
if (servicePolicies == null) {
downloadedVersion = lastKnownVersion;
httpCode = HttpServletResponse.SC_NOT_MODIFIED;
logMsg = "No change since last update";
} else {
downloadedVersion = servicePolicies.getPolicyVersion();
ret = filterServicePolicies(servicePolicies);
httpCode = HttpServletResponse.SC_OK;
logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
}
} catch (Throwable excp) {
LOG.error("getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed");
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = excp.getMessage();
} finally {
createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, httpCode, clusterName, request);
RangerPerfTracer.log(perf);
}
}
assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
if (httpCode != HttpServletResponse.SC_OK) {
boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
return ret;
}
Also used :
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
VXString(org.apache.ranger.view.VXString)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 25 with RangerPerfTracer
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method getPolicyLabels.
@GET
@Path("/policyLabels")
@Produces({ "application/json", "application/xml" })
public List<String> getPolicyLabels(@Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getPolicyLabels()");
}
List<String> ret = new ArrayList<String>();
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyLabels()");
}
SearchFilter filter = searchUtil.getSearchFilter(request, policyLabelsService.sortFields);
ret = svcStore.getPolicyLabels(filter);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("getPolicyLabels() failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getPolicyLabels()");
}
return ret;
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
ArrayList(java.util.ArrayList)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
VXString(org.apache.ranger.view.VXString)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Aggregations
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)75
WebApplicationException (javax.ws.rs.WebApplicationException)36
Path (javax.ws.rs.Path)33
Produces (javax.ws.rs.Produces)33
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)21
VXString (org.apache.ranger.view.VXString)18
GET (javax.ws.rs.GET)17
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)16
RangerService (org.apache.ranger.plugin.model.RangerService)11
POST (javax.ws.rs.POST)10
ArrayList (java.util.ArrayList)9
XXServiceDef (org.apache.ranger.entity.XXServiceDef)9
RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)9
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)9
JsonSyntaxException (com.google.gson.JsonSyntaxException)8
IOException (java.io.IOException)8
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)7
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)7
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)6
XXService (org.apache.ranger.entity.XXService)5
