use of org.apache.ranger.plugin.util.ServiceTags in project ranger by apache.
the class TestTagREST method test52getSecureServiceTagsIfUpdatedIsKeyAdminTrue.
@Test
public void test52getSecureServiceTagsIfUpdatedIsKeyAdminTrue() {
boolean isAdmin = false;
boolean isKeyAdmin = true;
ServiceTags oldServiceTag = new ServiceTags();
oldServiceTag.setServiceName(serviceName);
oldServiceTag.setTagVersion(5L);
XXService xService = new XXService();
xService.setId(id);
xService.setName(serviceName);
xService.setType(5L);
XXServiceDef xServiceDef = new XXServiceDef();
xServiceDef.setId(id);
xServiceDef.setVersion(5L);
xServiceDef.setImplclassname("org.apache.ranger.services.kms.RangerServiceKMS");
RangerService rangerService = new RangerService();
rangerService.setId(id);
rangerService.setName(serviceName);
XXServiceDao xXServiceDao = Mockito.mock(XXServiceDao.class);
XXServiceDefDao xXServiceDefDao = Mockito.mock(XXServiceDefDao.class);
Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin);
Mockito.when(bizUtil.isKeyAdmin()).thenReturn(isKeyAdmin);
Mockito.when(daoManager.getXXService()).thenReturn(xXServiceDao);
Mockito.when(xXServiceDao.findByName(serviceName)).thenReturn(xService);
Mockito.when(daoManager.getXXServiceDef()).thenReturn(xXServiceDefDao);
Mockito.when(xXServiceDefDao.getById(xService.getType())).thenReturn(xServiceDef);
try {
Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService);
} catch (Exception e) {
}
try {
Mockito.when(tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion)).thenReturn(oldServiceTag);
} catch (Exception e) {
}
ServiceTags result = tagREST.getSecureServiceTagsIfUpdated(serviceName, lastKnownVersion, 0L, pluginId, null);
Assert.assertNotNull(result.getServiceName());
Assert.assertEquals(result.getServiceName(), oldServiceTag.getServiceName());
Assert.assertEquals(result.getTagVersion(), oldServiceTag.getTagVersion());
Mockito.verify(bizUtil).isAdmin();
Mockito.verify(bizUtil).isKeyAdmin();
Mockito.verify(daoManager).getXXService();
Mockito.verify(xXServiceDao).findByName(serviceName);
Mockito.verify(daoManager).getXXServiceDef();
Mockito.verify(xXServiceDefDao).getById(xService.getType());
try {
Mockito.verify(svcStore).getServiceByName(serviceName);
} catch (Exception e) {
}
try {
Mockito.verify(tagStore).getServiceTagsIfUpdated(serviceName, lastKnownVersion);
} catch (Exception e) {
}
}
use of org.apache.ranger.plugin.util.ServiceTags in project ranger by apache.
the class TestTagREST method test50getServiceTagsIfUpdated.
@Test
public void test50getServiceTagsIfUpdated() {
ServiceTags oldServiceTag = null;
try {
Mockito.when(tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion)).thenReturn(oldServiceTag);
} catch (Exception e) {
}
Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
tagREST.getServiceTagsIfUpdated(serviceName, lastKnownVersion, 0L, pluginId, null);
try {
Mockito.verify(tagStore).getServiceTagsIfUpdated(serviceName, lastKnownVersion);
} catch (Exception e) {
}
Mockito.verify(restErrorUtil).createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean());
}
use of org.apache.ranger.plugin.util.ServiceTags in project ranger by apache.
the class TestTagEnricher method runTests.
private void runTests(InputStreamReader reader, String testName) {
TagEnricherTestCase testCase = gsonBuilder.fromJson(reader, TagEnricherTestCase.class);
assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.serviceResources != null && testCase.tests != null);
ServiceTags serviceTags = new ServiceTags();
serviceTags.setServiceName(testCase.serviceName);
serviceTags.setTagDefinitions(testCase.tagDefinitions);
serviceTags.setTags(testCase.tags);
serviceTags.setServiceResources(testCase.serviceResources);
serviceTags.setResourceToTagIds(testCase.resourceToTagIds);
RangerTagEnricher tagEnricher = new RangerTagEnricher();
tagEnricher.setServiceName(testCase.serviceName);
tagEnricher.setServiceDef(testCase.serviceDef);
tagEnricher.setServiceTags(serviceTags);
List<String> expectedTags = new ArrayList<>();
List<String> resultTags = new ArrayList<>();
for (TestData test : testCase.tests) {
RangerAccessRequestImpl request = new RangerAccessRequestImpl(test.resource, test.accessType, "testUser", null);
tagEnricher.enrich(request);
List<RangerTag> expected = test.result;
Set<RangerTagForEval> result = RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext());
expectedTags.clear();
if (expected != null) {
for (RangerTag tag : expected) {
expectedTags.add(tag.getType());
}
Collections.sort(expectedTags);
}
resultTags.clear();
if (result != null) {
for (RangerTagForEval tag : result) {
resultTags.add(tag.getType());
}
Collections.sort(resultTags);
}
assertEquals(test.name, expectedTags, resultTags);
}
}
use of org.apache.ranger.plugin.util.ServiceTags in project ranger by apache.
the class RangerAdminRESTClient method getServiceTagsIfUpdated.
@Override
public ServiceTags getServiceTagsIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): ");
}
ServiceTags ret = null;
ClientResponse response = null;
WebResource webResource = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
};
if (LOG.isDebugEnabled()) {
LOG.debug("getServiceTagsIfUpdated as user " + user);
}
response = user.doAs(action);
} else {
webResource = createWebResource(RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceName).queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion)).queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
if (response == null) {
LOG.error("Error getting tags; Received NULL response!!. secureMode=" + isSecureMode + ", user=" + user + ", serviceName=" + serviceName);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
if (LOG.isDebugEnabled()) {
LOG.debug("No change in tags. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName + ", " + "lastKnownVersion=" + lastKnownVersion + ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
}
}
ret = null;
} else if (response.getStatus() == HttpServletResponse.SC_OK) {
ret = response.getEntity(ServiceTags.class);
} else if (response.getStatus() == HttpServletResponse.SC_NOT_FOUND) {
LOG.error("Error getting tags; service not found. secureMode=" + isSecureMode + ", user=" + user + ", response=" + response.getStatus() + ", serviceName=" + serviceName + ", " + "lastKnownVersion=" + lastKnownVersion + ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
String exceptionMsg = response.hasEntity() ? response.getEntity(String.class) : null;
RangerServiceNotFoundException.throwExceptionIfServiceNotFound(serviceName, exceptionMsg);
LOG.warn("Received 404 error code with body:[" + exceptionMsg + "], Ignoring");
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
LOG.warn("Error getting tags. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp + ", serviceName=" + serviceName);
ret = null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAdminRESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): ");
}
return ret;
}
use of org.apache.ranger.plugin.util.ServiceTags in project ranger by apache.
the class TagREST method getSecureServiceTagsIfUpdated.
@GET
@Path(TagRESTConstants.TAGS_SECURE_DOWNLOAD + "{serviceName}")
@Produces({ "application/json", "application/xml" })
public ServiceTags getSecureServiceTagsIfUpdated(@PathParam("serviceName") String serviceName, @QueryParam(TagRESTConstants.LAST_KNOWN_TAG_VERSION_PARAM) Long lastKnownVersion, @DefaultValue("0") @QueryParam(TagRESTConstants.LAST_ACTIVATION_TIME) Long lastActivationTime, @QueryParam("pluginId") String pluginId, @Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> TagREST.getSecureServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ", " + pluginId + ")");
}
ServiceTags ret = null;
int httpCode = HttpServletResponse.SC_OK;
String logMsg = null;
boolean isAllowed = false;
boolean isAdmin = bizUtil.isAdmin();
boolean isKeyAdmin = bizUtil.isKeyAdmin();
Long downloadedVersion = null;
try {
XXService xService = daoManager.getXXService().findByName(serviceName);
if (xService == null) {
LOG.error("Requested Service not found. serviceName=" + serviceName);
throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Service:" + serviceName + " not found", false);
}
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
RangerService rangerService = svcStore.getServiceByName(serviceName);
if (StringUtils.equals(xServiceDef.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
if (isKeyAdmin) {
isAllowed = true;
} else {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Tag_Download);
}
} else {
if (isAdmin) {
isAllowed = true;
} else {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Tag_Download);
}
}
if (isAllowed) {
ret = tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion);
if (ret == null) {
downloadedVersion = lastKnownVersion;
httpCode = HttpServletResponse.SC_NOT_MODIFIED;
logMsg = "No change since last update";
} else {
downloadedVersion = ret.getTagVersion();
httpCode = HttpServletResponse.SC_OK;
logMsg = "Returning " + (ret.getTags() != null ? ret.getTags().size() : 0) + " tags. Tag version=" + ret.getTagVersion();
}
} else {
LOG.error("getSecureServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed as User doesn't have permission to download tags");
httpCode = HttpServletResponse.SC_UNAUTHORIZED;
logMsg = "User doesn't have permission to download tags";
}
} catch (WebApplicationException webException) {
httpCode = webException.getResponse().getStatus();
logMsg = webException.getResponse().getEntity().toString();
} catch (Exception excp) {
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = excp.getMessage();
} finally {
assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_TAGS, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
}
if (httpCode != HttpServletResponse.SC_OK) {
boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== TagREST.getSecureServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ", " + pluginId + ")");
}
return ret;
}
Aggregations