use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method getServicePolicies.
@GET
@Path("/policies/service/{id}")
@Produces({ "application/json", "application/xml" })
public RangerPolicyList getServicePolicies(@PathParam("id") Long serviceId, @Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getServicePolicies(" + serviceId + ")");
}
RangerPolicyList ret = new RangerPolicyList();
RangerPerfTracer perf = null;
SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields);
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceId=" + serviceId + ")");
}
if (isAdminUserWithNoFilterParams(filter)) {
PList<RangerPolicy> policies = svcStore.getPaginatedServicePolicies(serviceId, filter);
ret = toRangerPolicyList(policies);
} else {
// get all policies from the store; pick the page to return after applying filter
int savedStartIndex = filter == null ? 0 : filter.getStartIndex();
int savedMaxRows = filter == null ? Integer.MAX_VALUE : filter.getMaxRows();
if (filter != null) {
filter.setStartIndex(0);
filter.setMaxRows(Integer.MAX_VALUE);
}
List<RangerPolicy> servicePolicies = svcStore.getServicePolicies(serviceId, filter);
if (filter != null) {
filter.setStartIndex(savedStartIndex);
filter.setMaxRows(savedMaxRows);
}
servicePolicies = applyAdminAccessFilter(servicePolicies);
ret = toRangerPolicyList(servicePolicies, filter);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("getServicePolicies(" + serviceId + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" + (ret == null ? 0 : ret.getListSize()));
}
return ret;
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method deleteService.
@DELETE
@Path("/services/{id}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.DELETE_SERVICE + "\")")
public void deleteService(@PathParam("id") Long id) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.deleteService(" + id + ")");
}
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteService(serviceId=" + id + ")");
}
RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore);
validator.validate(id, Action.DELETE);
bizUtil.hasAdminPermissions("Services");
// TODO: As of now we are allowing SYS_ADMIN to create all the
// services including KMS
XXService service = daoManager.getXXService().getById(id);
EmbeddedServiceDefsUtil embeddedServiceDefsUtil = EmbeddedServiceDefsUtil.instance();
if (service.getType().equals(embeddedServiceDefsUtil.getTagServiceDefId())) {
List<XXService> referringServices = daoManager.getXXService().findByTagServiceId(id);
if (!CollectionUtils.isEmpty(referringServices)) {
Set<String> referringServiceNames = new HashSet<String>();
for (XXService xXService : referringServices) {
referringServiceNames.add(xXService.getName());
if (referringServiceNames.size() >= 10) {
break;
}
}
if (referringServices.size() <= 10) {
throw restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is being referenced by " + referringServices.size() + " services: " + referringServiceNames, MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
} else {
throw restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is being referenced by " + referringServices.size() + " services: " + referringServiceNames + " and more..", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
}
}
}
XXServiceDef xxServiceDef = daoManager.getXXServiceDef().getById(service.getType());
bizUtil.hasKMSPermissions("Service", xxServiceDef.getImplclassname());
bizUtil.blockAuditorRoleUser();
tagStore.deleteAllTagObjectsForService(service.getName());
svcStore.deleteService(id);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("deleteService(" + id + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.deleteService(" + id + ")");
}
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method getSecureServicePoliciesIfUpdated.
@GET
@Path("/secure/policies/download/{serviceName}")
@Produces({ "application/json", "application/xml" })
public ServicePolicies getSecureServicePoliciesIfUpdated(@PathParam("serviceName") String serviceName, @QueryParam("lastKnownVersion") Long lastKnownVersion, @DefaultValue("0") @QueryParam("lastActivationTime") Long lastActivationTime, @QueryParam("pluginId") String pluginId, @DefaultValue("") @QueryParam("clusterName") String clusterName, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
}
ServicePolicies ret = null;
int httpCode = HttpServletResponse.SC_OK;
String logMsg = null;
RangerPerfTracer perf = null;
boolean isAllowed = false;
boolean isAdmin = bizUtil.isAdmin();
boolean isKeyAdmin = bizUtil.isKeyAdmin();
request.setAttribute("downloadPolicy", "secure");
Long downloadedVersion = null;
boolean isValid = false;
try {
isValid = serviceUtil.isValidService(serviceName, request);
} catch (WebApplicationException webException) {
httpCode = webException.getResponse().getStatus();
logMsg = webException.getResponse().getEntity().toString();
} catch (Exception e) {
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = e.getMessage();
}
if (isValid) {
if (lastKnownVersion == null) {
lastKnownVersion = Long.valueOf(-1);
}
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getSecureServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
}
XXService xService = daoManager.getXXService().findByName(serviceName);
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
RangerService rangerService = null;
if (StringUtils.equals(xServiceDef.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
rangerService = svcStore.getServiceByNameForDP(serviceName);
if (isKeyAdmin) {
isAllowed = true;
} else {
if (rangerService != null) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
if (!isAllowed) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
}
}
}
} else {
rangerService = svcStore.getServiceByName(serviceName);
if (isAdmin) {
isAllowed = true;
} else {
if (rangerService != null) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
if (!isAllowed) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
}
}
}
}
if (isAllowed) {
ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
if (servicePolicies == null) {
downloadedVersion = lastKnownVersion;
httpCode = HttpServletResponse.SC_NOT_MODIFIED;
logMsg = "No change since last update";
} else {
downloadedVersion = servicePolicies.getPolicyVersion();
ret = filterServicePolicies(servicePolicies);
httpCode = HttpServletResponse.SC_OK;
logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
}
} else {
LOG.error("getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ") failed as User doesn't have permission to download Policy");
httpCode = HttpServletResponse.SC_UNAUTHORIZED;
logMsg = "User doesn't have permission to download policy";
}
} catch (Throwable excp) {
LOG.error("getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed");
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = excp.getMessage();
} finally {
createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, httpCode, clusterName, request);
RangerPerfTracer.log(perf);
}
}
assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
if (httpCode != HttpServletResponse.SC_OK) {
boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
return ret;
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method countServices.
@GET
@Path("/services/count")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.COUNT_SERVICES + "\")")
public Long countServices(@Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.countServices():");
}
Long ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countService()");
}
List<RangerService> services = getServices(request).getServices();
ret = Long.valueOf(services == null ? 0 : services.size());
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("countServices() failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.countServices(): " + ret);
}
return ret;
}
use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.
the class ServiceREST method getPolicy.
@GET
@Path("/policies/{id}")
@Produces({ "application/json", "application/xml" })
public RangerPolicy getPolicy(@PathParam("id") Long id) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getPolicy(" + id + ")");
}
RangerPolicy ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicy(policyId=" + id + ")");
}
ret = svcStore.getPolicy(id);
if (ret != null) {
ensureAdminAndAuditAccess(ret);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("getPolicy(" + id + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (ret == null) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getPolicy(" + id + "): " + ret);
}
return ret;
}
Aggregations