Example 1 with ServicePolicies
use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.
the class TestAssetREST method servicePolicies.
private ServicePolicies servicePolicies() {
RangerPolicy rangerPolicy = rangerPolicy(Id);
RangerServiceDef rangerServiceDef = rangerServiceDef();
ServicePolicies servicePolicies = new ServicePolicies();
List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
policies.add(rangerPolicy);
servicePolicies.setServiceId(Id);
servicePolicies.setServiceName("Hdfs_1");
servicePolicies.setPolicyVersion(1L);
servicePolicies.setPolicyUpdateTime(new Date());
servicePolicies.setServiceDef(rangerServiceDef);
servicePolicies.setPolicies(policies);
return servicePolicies;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
ArrayList(java.util.ArrayList)
Date(java.util.Date)
Example 2 with ServicePolicies
use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.
the class TestServiceREST method test24getServicePoliciesIfUpdated.
@Test
public void test24getServicePoliciesIfUpdated() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
String serviceName = "HDFS_1";
Long lastKnownVersion = 1L;
String pluginId = "1";
ServicePolicies dbServicePolicies = serviceREST.getServicePoliciesIfUpdated(serviceName, lastKnownVersion, 0L, pluginId, "", request);
Assert.assertNull(dbServicePolicies);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
VXString(org.apache.ranger.view.VXString)
Test(org.junit.Test)
Example 3 with ServicePolicies
use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.
the class RangerAdminRESTClient method getServicePoliciesIfUpdated.
@Override
public ServicePolicies getServicePoliciesIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + ")");
}
ServicePolicies ret = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
ClientResponse response = null;
if (isSecureMode) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated as user : " + user);
}
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName);
return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
};
response = user.doAs(action);
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated with old api call");
}
WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId).queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName);
response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
if (response == null) {
LOG.error("Error getting policies; Received NULL response!!. secureMode=" + isSecureMode + ", user=" + user + ", serviceName=" + serviceName);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
if (LOG.isDebugEnabled()) {
LOG.debug("No change in policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName);
}
}
ret = null;
} else if (response.getStatus() == HttpServletResponse.SC_OK) {
ret = response.getEntity(ServicePolicies.class);
} else if (response.getStatus() == HttpServletResponse.SC_NOT_FOUND) {
LOG.error("Error getting policies; service not found. secureMode=" + isSecureMode + ", user=" + user + ", response=" + response.getStatus() + ", serviceName=" + serviceName + ", " + "lastKnownVersion=" + lastKnownVersion + ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
String exceptionMsg = response.hasEntity() ? response.getEntity(String.class) : null;
RangerServiceNotFoundException.throwExceptionIfServiceNotFound(serviceName, exceptionMsg);
LOG.warn("Received 404 error code with body:[" + exceptionMsg + "], Ignoring");
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.warn("Error getting policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName);
ret = null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + ret);
}
return ret;
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
PrivilegedAction(java.security.PrivilegedAction)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
WebResource(com.sun.jersey.api.client.WebResource)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 4 with ServicePolicies
use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.
the class ServiceREST method filterServicePolicies.
private ServicePolicies filterServicePolicies(ServicePolicies servicePolicies) {
ServicePolicies ret = null;
boolean containsDisabledResourcePolicies = false;
boolean containsDisabledTagPolicies = false;
if (servicePolicies != null) {
List<RangerPolicy> policies = null;
policies = servicePolicies.getPolicies();
if (CollectionUtils.isNotEmpty(policies)) {
for (RangerPolicy policy : policies) {
if (!policy.getIsEnabled()) {
containsDisabledResourcePolicies = true;
break;
}
}
}
if (servicePolicies.getTagPolicies() != null) {
policies = servicePolicies.getTagPolicies().getPolicies();
if (CollectionUtils.isNotEmpty(policies)) {
for (RangerPolicy policy : policies) {
if (!policy.getIsEnabled()) {
containsDisabledTagPolicies = true;
break;
}
}
}
}
if (!containsDisabledResourcePolicies && !containsDisabledTagPolicies) {
ret = servicePolicies;
} else {
ret = new ServicePolicies();
ret.setServiceDef(servicePolicies.getServiceDef());
ret.setServiceId(servicePolicies.getServiceId());
ret.setServiceName(servicePolicies.getServiceName());
ret.setPolicyVersion(servicePolicies.getPolicyVersion());
ret.setPolicyUpdateTime(servicePolicies.getPolicyUpdateTime());
ret.setPolicies(servicePolicies.getPolicies());
ret.setTagPolicies(servicePolicies.getTagPolicies());
if (containsDisabledResourcePolicies) {
List<RangerPolicy> filteredPolicies = new ArrayList<RangerPolicy>();
for (RangerPolicy policy : servicePolicies.getPolicies()) {
if (policy.getIsEnabled()) {
filteredPolicies.add(policy);
}
}
ret.setPolicies(filteredPolicies);
}
if (containsDisabledTagPolicies) {
ServicePolicies.TagPolicies tagPolicies = new ServicePolicies.TagPolicies();
tagPolicies.setServiceDef(servicePolicies.getTagPolicies().getServiceDef());
tagPolicies.setServiceId(servicePolicies.getTagPolicies().getServiceId());
tagPolicies.setServiceName(servicePolicies.getTagPolicies().getServiceName());
tagPolicies.setPolicyVersion(servicePolicies.getTagPolicies().getPolicyVersion());
tagPolicies.setPolicyUpdateTime(servicePolicies.getTagPolicies().getPolicyUpdateTime());
List<RangerPolicy> filteredPolicies = new ArrayList<RangerPolicy>();
for (RangerPolicy policy : servicePolicies.getTagPolicies().getPolicies()) {
if (policy.getIsEnabled()) {
filteredPolicies.add(policy);
}
}
tagPolicies.setPolicies(filteredPolicies);
ret.setTagPolicies(tagPolicies);
}
}
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
ArrayList(java.util.ArrayList)
Example 5 with ServicePolicies
use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.
the class ServiceREST method getServicePoliciesIfUpdated.
@GET
@Path("/policies/download/{serviceName}")
@Produces({ "application/json", "application/xml" })
public ServicePolicies getServicePoliciesIfUpdated(@PathParam("serviceName") String serviceName, @QueryParam("lastKnownVersion") Long lastKnownVersion, @DefaultValue("0") @QueryParam("lastActivationTime") Long lastActivationTime, @QueryParam("pluginId") String pluginId, @DefaultValue("") @QueryParam("clusterName") String clusterName, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ")");
}
ServicePolicies ret = null;
int httpCode = HttpServletResponse.SC_OK;
String logMsg = null;
RangerPerfTracer perf = null;
Long downloadedVersion = null;
boolean isValid = false;
try {
isValid = serviceUtil.isValidateHttpsAuthentication(serviceName, request);
} catch (WebApplicationException webException) {
httpCode = webException.getResponse().getStatus();
logMsg = webException.getResponse().getEntity().toString();
} catch (Exception e) {
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = e.getMessage();
}
if (isValid) {
if (lastKnownVersion == null) {
lastKnownVersion = Long.valueOf(-1);
}
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
}
ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
if (servicePolicies == null) {
downloadedVersion = lastKnownVersion;
httpCode = HttpServletResponse.SC_NOT_MODIFIED;
logMsg = "No change since last update";
} else {
downloadedVersion = servicePolicies.getPolicyVersion();
ret = filterServicePolicies(servicePolicies);
httpCode = HttpServletResponse.SC_OK;
logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
}
} catch (Throwable excp) {
LOG.error("getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed");
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = excp.getMessage();
} finally {
createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, httpCode, clusterName, request);
RangerPerfTracer.log(perf);
}
}
assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
if (httpCode != HttpServletResponse.SC_OK) {
boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
return ret;
}
Also used :
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
VXString(org.apache.ranger.view.VXString)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Aggregations
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)31
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)16
ArrayList (java.util.ArrayList)13
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)13
Test (org.junit.Test)13
HashMap (java.util.HashMap)10
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)8
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)8
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)8
VXString (org.apache.ranger.view.VXString)7
IOException (java.io.IOException)5
Date (java.util.Date)4
WebApplicationException (javax.ws.rs.WebApplicationException)4
UnknownHostException (java.net.UnknownHostException)3
GET (javax.ws.rs.GET)3
Path (javax.ws.rs.Path)3
AccessPolicy (org.apache.nifi.authorization.AccessPolicy)3
XXService (org.apache.ranger.entity.XXService)3
RangerService (org.apache.ranger.plugin.model.RangerService)3
RangerPolicyEngineImpl (org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl)3
