Search in sources :

Example 41 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method getServicePolicies.

@GET
@Path("/policies/service/{id}")
@Produces({ "application/json", "application/xml" })
public RangerPolicyList getServicePolicies(@PathParam("id") Long serviceId, @Context HttpServletRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getServicePolicies(" + serviceId + ")");
    }
    RangerPolicyList ret = new RangerPolicyList();
    RangerPerfTracer perf = null;
    SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields);
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceId=" + serviceId + ")");
        }
        if (isAdminUserWithNoFilterParams(filter)) {
            PList<RangerPolicy> policies = svcStore.getPaginatedServicePolicies(serviceId, filter);
            ret = toRangerPolicyList(policies);
        } else {
            // get all policies from the store; pick the page to return after applying filter
            int savedStartIndex = filter == null ? 0 : filter.getStartIndex();
            int savedMaxRows = filter == null ? Integer.MAX_VALUE : filter.getMaxRows();
            if (filter != null) {
                filter.setStartIndex(0);
                filter.setMaxRows(Integer.MAX_VALUE);
            }
            List<RangerPolicy> servicePolicies = svcStore.getServicePolicies(serviceId, filter);
            if (filter != null) {
                filter.setStartIndex(savedStartIndex);
                filter.setMaxRows(savedMaxRows);
            }
            servicePolicies = applyAdminAccessFilter(servicePolicies);
            ret = toRangerPolicyList(servicePolicies, filter);
        }
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("getServicePolicies(" + serviceId + ") failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" + (ret == null ? 0 : ret.getListSize()));
    }
    return ret;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) SearchFilter(org.apache.ranger.plugin.util.SearchFilter) RangerPolicyList(org.apache.ranger.view.RangerPolicyList) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 42 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method deleteService.

@DELETE
@Path("/services/{id}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.DELETE_SERVICE + "\")")
public void deleteService(@PathParam("id") Long id) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.deleteService(" + id + ")");
    }
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteService(serviceId=" + id + ")");
        }
        RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore);
        validator.validate(id, Action.DELETE);
        bizUtil.hasAdminPermissions("Services");
        // TODO: As of now we are allowing SYS_ADMIN to create all the
        // services including KMS
        XXService service = daoManager.getXXService().getById(id);
        EmbeddedServiceDefsUtil embeddedServiceDefsUtil = EmbeddedServiceDefsUtil.instance();
        if (service.getType().equals(embeddedServiceDefsUtil.getTagServiceDefId())) {
            List<XXService> referringServices = daoManager.getXXService().findByTagServiceId(id);
            if (!CollectionUtils.isEmpty(referringServices)) {
                Set<String> referringServiceNames = new HashSet<String>();
                for (XXService xXService : referringServices) {
                    referringServiceNames.add(xXService.getName());
                    if (referringServiceNames.size() >= 10) {
                        break;
                    }
                }
                if (referringServices.size() <= 10) {
                    throw restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is being referenced by " + referringServices.size() + " services: " + referringServiceNames, MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
                } else {
                    throw restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is being referenced by " + referringServices.size() + " services: " + referringServiceNames + " and more..", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
                }
            }
        }
        XXServiceDef xxServiceDef = daoManager.getXXServiceDef().getById(service.getType());
        bizUtil.hasKMSPermissions("Service", xxServiceDef.getImplclassname());
        bizUtil.blockAuditorRoleUser();
        tagStore.deleteAllTagObjectsForService(service.getName());
        svcStore.deleteService(id);
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("deleteService(" + id + ") failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.deleteService(" + id + ")");
    }
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) EmbeddedServiceDefsUtil(org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil) VXString(org.apache.ranger.view.VXString) XXService(org.apache.ranger.entity.XXService) RangerServiceValidator(org.apache.ranger.plugin.model.validation.RangerServiceValidator) HashSet(java.util.HashSet) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Produces(javax.ws.rs.Produces) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 43 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method getSecureServicePoliciesIfUpdated.

@GET
@Path("/secure/policies/download/{serviceName}")
@Produces({ "application/json", "application/xml" })
public ServicePolicies getSecureServicePoliciesIfUpdated(@PathParam("serviceName") String serviceName, @QueryParam("lastKnownVersion") Long lastKnownVersion, @DefaultValue("0") @QueryParam("lastActivationTime") Long lastActivationTime, @QueryParam("pluginId") String pluginId, @DefaultValue("") @QueryParam("clusterName") String clusterName, @Context HttpServletRequest request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
    }
    ServicePolicies ret = null;
    int httpCode = HttpServletResponse.SC_OK;
    String logMsg = null;
    RangerPerfTracer perf = null;
    boolean isAllowed = false;
    boolean isAdmin = bizUtil.isAdmin();
    boolean isKeyAdmin = bizUtil.isKeyAdmin();
    request.setAttribute("downloadPolicy", "secure");
    Long downloadedVersion = null;
    boolean isValid = false;
    try {
        isValid = serviceUtil.isValidService(serviceName, request);
    } catch (WebApplicationException webException) {
        httpCode = webException.getResponse().getStatus();
        logMsg = webException.getResponse().getEntity().toString();
    } catch (Exception e) {
        httpCode = HttpServletResponse.SC_BAD_REQUEST;
        logMsg = e.getMessage();
    }
    if (isValid) {
        if (lastKnownVersion == null) {
            lastKnownVersion = Long.valueOf(-1);
        }
        try {
            if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getSecureServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
            }
            XXService xService = daoManager.getXXService().findByName(serviceName);
            XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
            RangerService rangerService = null;
            if (StringUtils.equals(xServiceDef.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
                rangerService = svcStore.getServiceByNameForDP(serviceName);
                if (isKeyAdmin) {
                    isAllowed = true;
                } else {
                    if (rangerService != null) {
                        isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
                        if (!isAllowed) {
                            isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
                        }
                    }
                }
            } else {
                rangerService = svcStore.getServiceByName(serviceName);
                if (isAdmin) {
                    isAllowed = true;
                } else {
                    if (rangerService != null) {
                        isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
                        if (!isAllowed) {
                            isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
                        }
                    }
                }
            }
            if (isAllowed) {
                ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
                if (servicePolicies == null) {
                    downloadedVersion = lastKnownVersion;
                    httpCode = HttpServletResponse.SC_NOT_MODIFIED;
                    logMsg = "No change since last update";
                } else {
                    downloadedVersion = servicePolicies.getPolicyVersion();
                    ret = filterServicePolicies(servicePolicies);
                    httpCode = HttpServletResponse.SC_OK;
                    logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
                }
            } else {
                LOG.error("getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ") failed as User doesn't have permission to download Policy");
                httpCode = HttpServletResponse.SC_UNAUTHORIZED;
                logMsg = "User doesn't have permission to download policy";
            }
        } catch (Throwable excp) {
            LOG.error("getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed");
            httpCode = HttpServletResponse.SC_BAD_REQUEST;
            logMsg = excp.getMessage();
        } finally {
            createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, httpCode, clusterName, request);
            RangerPerfTracer.log(perf);
        }
    }
    assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
    if (httpCode != HttpServletResponse.SC_OK) {
        boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
        throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
    }
    return ret;
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) VXString(org.apache.ranger.view.VXString) RangerService(org.apache.ranger.plugin.model.RangerService) XXService(org.apache.ranger.entity.XXService) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) JsonSyntaxException(com.google.gson.JsonSyntaxException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 44 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method countServices.

@GET
@Path("/services/count")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.COUNT_SERVICES + "\")")
public Long countServices(@Context HttpServletRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.countServices():");
    }
    Long ret = null;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countService()");
        }
        List<RangerService> services = getServices(request).getServices();
        ret = Long.valueOf(services == null ? 0 : services.size());
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("countServices() failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.countServices(): " + ret);
    }
    return ret;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) RangerService(org.apache.ranger.plugin.model.RangerService) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 45 with RangerPerfTracer

use of org.apache.ranger.plugin.util.RangerPerfTracer in project ranger by apache.

the class ServiceREST method getPolicy.

@GET
@Path("/policies/{id}")
@Produces({ "application/json", "application/xml" })
public RangerPolicy getPolicy(@PathParam("id") Long id) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.getPolicy(" + id + ")");
    }
    RangerPolicy ret = null;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicy(policyId=" + id + ")");
        }
        ret = svcStore.getPolicy(id);
        if (ret != null) {
            ensureAdminAndAuditAccess(ret);
        }
    } catch (WebApplicationException excp) {
        throw excp;
    } catch (Throwable excp) {
        LOG.error("getPolicy(" + id + ") failed", excp);
        throw restErrorUtil.createRESTException(excp.getMessage());
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (ret == null) {
        throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.getPolicy(" + id + "): " + ret);
    }
    return ret;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Aggregations

RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)75 WebApplicationException (javax.ws.rs.WebApplicationException)36 Path (javax.ws.rs.Path)33 Produces (javax.ws.rs.Produces)33 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)21 VXString (org.apache.ranger.view.VXString)18 GET (javax.ws.rs.GET)17 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)16 RangerService (org.apache.ranger.plugin.model.RangerService)11 POST (javax.ws.rs.POST)10 ArrayList (java.util.ArrayList)9 XXServiceDef (org.apache.ranger.entity.XXServiceDef)9 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)9 SearchFilter (org.apache.ranger.plugin.util.SearchFilter)9 JsonSyntaxException (com.google.gson.JsonSyntaxException)8 IOException (java.io.IOException)8 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)7 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)7 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)6 XXService (org.apache.ranger.entity.XXService)5