Search in sources :

Example 21 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method grantAccess.

@POST
@Path("/services/grant/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse grantAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest grantRequest, @Context HttpServletRequest request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + ")");
    }
    RESTResponse ret = new RESTResponse();
    RangerPerfTracer perf = null;
    if (grantRequest != null) {
        if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.grantAccess(serviceName=" + serviceName + ")");
                }
                validateGrantRevokeRequest(grantRequest);
                String userName = grantRequest.getGrantor();
                Set<String> userGroups = CollectionUtils.isNotEmpty(grantRequest.getGrantorGroups()) ? grantRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
                RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(grantRequest.getResource()));
                VXUser vxUser = xUserService.getXUserByUserName(userName);
                if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
                    VXResponse vXResponse = new VXResponse();
                    vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
                    vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
                    throw restErrorUtil.generateRESTException(vXResponse);
                }
                boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
                if (!isAdmin) {
                    throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access");
                }
                RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
                if (policy != null) {
                    boolean policyUpdated = false;
                    policyUpdated = ServiceRESTUtil.processGrantRequest(policy, grantRequest);
                    if (policyUpdated) {
                        svcStore.updatePolicy(policy);
                    } else {
                        LOG.error("processGrantRequest processing failed");
                        throw new Exception("processGrantRequest processing failed");
                    }
                } else {
                    policy = new RangerPolicy();
                    policy.setService(serviceName);
                    // TODO: better policy name
                    policy.setName("grant-" + System.currentTimeMillis());
                    policy.setDescription("created by grant");
                    policy.setIsAuditEnabled(grantRequest.getEnableAudit());
                    policy.setCreatedBy(userName);
                    Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
                    Set<String> resourceNames = resource.getKeys();
                    if (!CollectionUtils.isEmpty(resourceNames)) {
                        for (String resourceName : resourceNames) {
                            RangerPolicyResource policyResource = new RangerPolicyResource((String) resource.getValue(resourceName));
                            policyResource.setIsRecursive(grantRequest.getIsRecursive());
                            policyResources.put(resourceName, policyResource);
                        }
                    }
                    policy.setResources(policyResources);
                    RangerPolicyItem policyItem = new RangerPolicyItem();
                    policyItem.setDelegateAdmin(grantRequest.getDelegateAdmin());
                    policyItem.getUsers().addAll(grantRequest.getUsers());
                    policyItem.getGroups().addAll(grantRequest.getGroups());
                    for (String accessType : grantRequest.getAccessTypes()) {
                        policyItem.getAccesses().add(new RangerPolicyItemAccess(accessType, Boolean.TRUE));
                    }
                    policy.getPolicyItems().add(policyItem);
                    svcStore.createPolicy(policy);
                }
            } catch (WebApplicationException excp) {
                throw excp;
            } catch (Throwable excp) {
                LOG.error("grantAccess(" + serviceName + ", " + grantRequest + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            } finally {
                RangerPerfTracer.log(perf);
            }
            ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + "): " + ret);
    }
    return ret;
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) LinkedHashMap(java.util.LinkedHashMap) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) VXString(org.apache.ranger.view.VXString) VXUser(org.apache.ranger.view.VXUser) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) JsonSyntaxException(com.google.gson.JsonSyntaxException) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 22 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method countPolicies.

@GET
@Path("/policies/count")
@Produces({ "application/json", "application/xml" })
public Long countPolicies(@Context HttpServletRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.countPolicies():");
    }
    Long ret = null;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countPolicies()");
        }
        List<RangerPolicy> policies = getPolicies(request).getPolicies();
        policies = applyAdminAccessFilter(policies);
        ret = Long.valueOf(policies == null ? 0 : policies.size());
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("countPolicies() failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.countPolicies(): " + ret);
    }
    return ret;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 23 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method lookupResource.

@POST
@Path("/services/lookupResource/{serviceName}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.LOOKUP_RESOURCE + "\")")
public List<String> lookupResource(@PathParam("serviceName") String serviceName, ResourceLookupContext context) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.lookupResource(" + serviceName + ")");
    }
    List<String> ret = new ArrayList<String>();
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.lookupResource(serviceName=" + serviceName + ")");
        }
        ret = serviceMgr.lookupResource(serviceName, context, svcStore);
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("lookupResource(" + serviceName + ", " + context + ") failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.lookupResource(" + serviceName + "): " + ret);
    }
    return ret;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) ArrayList(java.util.ArrayList) VXString(org.apache.ranger.view.VXString) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 24 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method getServicePoliciesIfUpdated.

@GET
@Path("/policies/download/{serviceName}")
@Produces({ "application/json", "application/xml" })
public ServicePolicies getServicePoliciesIfUpdated(@PathParam("serviceName") String serviceName, @QueryParam("lastKnownVersion") Long lastKnownVersion, @DefaultValue("0") @QueryParam("lastActivationTime") Long lastActivationTime, @QueryParam("pluginId") String pluginId, @DefaultValue("") @QueryParam("clusterName") String clusterName, @Context HttpServletRequest request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ")");
    }
    ServicePolicies ret = null;
    int httpCode = HttpServletResponse.SC_OK;
    String logMsg = null;
    RangerPerfTracer perf = null;
    Long downloadedVersion = null;
    boolean isValid = false;
    try {
        isValid = serviceUtil.isValidateHttpsAuthentication(serviceName, request);
    } catch (WebApplicationException webException) {
        httpCode = webException.getResponse().getStatus();
        logMsg = webException.getResponse().getEntity().toString();
    } catch (Exception e) {
        httpCode = HttpServletResponse.SC_BAD_REQUEST;
        logMsg = e.getMessage();
    }
    if (isValid) {
        if (lastKnownVersion == null) {
            lastKnownVersion = Long.valueOf(-1);
        }
        try {
            if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
            }
            ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
            if (servicePolicies == null) {
                downloadedVersion = lastKnownVersion;
                httpCode = HttpServletResponse.SC_NOT_MODIFIED;
                logMsg = "No change since last update";
            } else {
                downloadedVersion = servicePolicies.getPolicyVersion();
                ret = filterServicePolicies(servicePolicies);
                httpCode = HttpServletResponse.SC_OK;
                logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
            }
        } catch (Throwable excp) {
            LOG.error("getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed");
            httpCode = HttpServletResponse.SC_BAD_REQUEST;
            logMsg = excp.getMessage();
        } finally {
            createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, httpCode, clusterName, request);
            RangerPerfTracer.log(perf);
        }
    }
    assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
    if (httpCode != HttpServletResponse.SC_OK) {
        boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
        throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
    }
    return ret;
}
Also used : ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) VXString(org.apache.ranger.view.VXString) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) JsonSyntaxException(com.google.gson.JsonSyntaxException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 25 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method getPolicyLabels.

@GET
@Path("/policyLabels")
@Produces({ "application/json", "application/xml" })
public List<String> getPolicyLabels(@Context HttpServletRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getPolicyLabels()");
    }
    List<String> ret = new ArrayList<String>();
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyLabels()");
        }
        SearchFilter filter = searchUtil.getSearchFilter(request, policyLabelsService.sortFields);
        ret = svcStore.getPolicyLabels(filter);
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("getPolicyLabels() failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getPolicyLabels()");
    }
    return ret;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) ArrayList(java.util.ArrayList) SearchFilter(org.apache.ranger.plugin.util.SearchFilter) VXString(org.apache.ranger.view.VXString) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Aggregations

RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)75 WebApplicationException (javax.ws.rs.WebApplicationException)36 Path (javax.ws.rs.Path)33 Produces (javax.ws.rs.Produces)33 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)21 VXString (org.apache.ranger.view.VXString)18 GET (javax.ws.rs.GET)17 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)16 RangerService (org.apache.ranger.plugin.model.RangerService)11 POST (javax.ws.rs.POST)10 ArrayList (java.util.ArrayList)9 XXServiceDef (org.apache.ranger.entity.XXServiceDef)9 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)9 SearchFilter (org.apache.ranger.plugin.util.SearchFilter)9 JsonSyntaxException (com.google.gson.JsonSyntaxException)8 IOException (java.io.IOException)8 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)7 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)7 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)6 XXService (org.apache.ranger.entity.XXService)5