Repository: incubator-ranger Updated Branches: refs/heads/stack 06ca85385 -> 2242c4418
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java new file mode 100644 index 0000000..da20ba2 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java @@ -0,0 +1,354 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.store.file; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; +import java.util.UUID; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FSDataInputStream; +import org.apache.hadoop.fs.FSDataOutputStream; +import org.apache.hadoop.fs.FileStatus; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.fs.PathFilter; +import org.apache.ranger.plugin.model.RangerBaseModelObject; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; + +public class BaseFileStore { + private static final Log LOG = LogFactory.getLog(BaseFileStore.class); + + private Gson gsonBuilder = null; + private String dataDir = null; + + protected static String FILE_PREFIX_SERVICE_DEF = "ranger-servicedef-"; + protected static String FILE_PREFIX_SERVICE = "ranger-service-"; + protected static String FILE_PREFIX_POLICY = "ranger-policy-"; + protected static String FILE_SUFFIX_JSON = ".json"; + + + protected void init() { + dataDir = System.getProperty("org.apache.ranger.datastore.dir", "/etc/ranger/data"); // TODO: read from configuration + + try { + gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create(); + } catch(Throwable excp) { + LOG.fatal("BaseFileStore.init(): failed to create GsonBuilder object", excp); + } + } + + protected String getDataDir() { + return dataDir; + } + + protected String getServiceDefFile(Long id) { + String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE_DEF + id + FILE_SUFFIX_JSON; + + return filePath; + } + + protected String getServiceFile(Long id) { + String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE + id + FILE_SUFFIX_JSON; + + return filePath; + } + + protected String getPolicyFile(Long serviceId, Long policyId) { + String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_POLICY + serviceId + "-" + policyId + FILE_SUFFIX_JSON; + + return filePath; + } + + protected <T> T loadFromResource(String resource, Class<T> cls) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> BaseFileStore.loadFromResource(" + resource + ")"); + } + + InputStream inStream = this.getClass().getResourceAsStream(resource); + + T ret = loadFromStream(inStream, cls); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== BaseFileStore.loadFromResource(" + resource + "): " + ret); + } + + return ret; + } + + protected <T> T loadFromStream(InputStream inStream, Class<T> cls) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> BaseFileStore.loadFromStream()"); + } + + InputStreamReader reader = new InputStreamReader(inStream); + + T ret = gsonBuilder.fromJson(reader, cls); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== BaseFileStore.loadFromStream(): " + ret); + } + + return ret; + } + + protected <T> T loadFromFile(Path filePath, Class<T> cls) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> BaseFileStore.loadFromFile(" + filePath + ")"); + } + + T ret = null; + InputStreamReader reader = null; + + try { + FileSystem fileSystem = getFileSystem(filePath); + FSDataInputStream inStream = fileSystem.open(filePath); + + ret = loadFromStream(inStream, cls); + } finally { + close(reader); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== BaseFileStore.loadFromFile(" + filePath + "): " + ret); + } + + return ret; + } + + protected <T> List<T> loadFromDir(Path dirPath, final String filePrefix, Class<T> cls) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> BaseFileStore.loadFromDir()"); + } + + List<T> ret = new ArrayList<T>(); + + try { + FileSystem fileSystem = getFileSystem(dirPath); + + if(fileSystem.exists(dirPath) && fileSystem.isDirectory(dirPath)) { + PathFilter filter = new PathFilter() { + @Override + public boolean accept(Path path) { + return path.getName().startsWith(filePrefix) && + path.getName().endsWith(FILE_SUFFIX_JSON); + } + }; + + FileStatus[] sdFiles = fileSystem.listStatus(dirPath, filter); + + if(sdFiles != null) { + for(FileStatus sdFile : sdFiles) { + T obj = loadFromFile(sdFile.getPath(), cls); + + if(obj != null) { + ret.add(obj); + } + } + } + } else { + LOG.error(dirPath + ": does not exists or not a directory"); + } + } catch(IOException excp) { + LOG.warn("error loading service-def in directory " + dirPath, excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== BaseFileStore.loadFromDir(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + protected <T> T saveToFile(T obj, Path filePath, boolean overWrite) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> BaseFileStore.saveToFile(" + filePath + ")"); + } + + OutputStreamWriter writer = null; + + try { + FileSystem fileSystem = getFileSystem(filePath); + FSDataOutputStream outStream = fileSystem.create(filePath, overWrite); + + writer = new OutputStreamWriter(outStream); + + gsonBuilder.toJson(obj, writer); + } finally { + close(writer); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== BaseFileStore.saveToFile(" + filePath + "): " + obj); + } + + return obj; + } + + protected boolean deleteFile(Path filePath) throws Exception { + LOG.debug("==> BaseFileStore.deleteFile(" + filePath + ")"); + + FileSystem fileSystem = getFileSystem(filePath); + + boolean ret = false; + + if(fileSystem.exists(filePath)) { + ret = fileSystem.delete(filePath, false); + } else { + ret = true; // nothing to delete + } + + LOG.debug("<== BaseFileStore.deleteFile(" + filePath + "): " + ret); + + return ret; + } + + protected boolean renamePath(Path oldPath, Path newPath) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> BaseFileStore.renamePath(" + oldPath + "," + newPath + ")"); + } + + FileSystem fileSystem = getFileSystem(oldPath); + + boolean ret = false; + + if(fileSystem.exists(oldPath)) { + if(! fileSystem.exists(newPath)) { + ret = fileSystem.rename(oldPath, newPath); + } else { + LOG.warn("target of rename '" + newPath + "' already exists"); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== BaseFileStore.renamePath(" + oldPath + "," + newPath + "): " + ret); + } + + return ret; + } + + protected long getMaxId(List<? extends RangerBaseModelObject> objs) { + long ret = -1; + + if(objs != null) { + for(RangerBaseModelObject obj : objs) { + if(obj.getId() > ret) { + ret = obj.getId(); + } + } + } + + return ret; + } + protected FileSystem getFileSystem(Path filePath) throws Exception { + Configuration conf = new Configuration(); + FileSystem fileSystem = filePath.getFileSystem(conf); + + return fileSystem; + } + + protected void close(FileSystem fs) { + if(fs != null) { + try { + fs.close(); + } catch(IOException excp) { + // ignore + } + } + } + + protected void close(InputStreamReader reader) { + if(reader != null) { + try { + reader.close(); + } catch(IOException excp) { + // ignore + } + } + } + + protected void close(OutputStreamWriter writer) { + if(writer != null) { + try { + writer.close(); + } catch(IOException excp) { + // ignore + } + } + } + + protected void preCreate(RangerBaseModelObject obj) { + obj.setId(new Long(0)); + obj.setGuid(UUID.randomUUID().toString()); + obj.setCreateTime(new Date()); + obj.setUpdateTime(obj.getCreateTime()); + obj.setVersion(new Long(1)); + } + + protected void postCreate(RangerBaseModelObject obj) { + // TODO: + } + + protected void preUpdate(RangerBaseModelObject obj) { + if(obj.getId() == null) { + obj.setId(new Long(0)); + } + + if(obj.getGuid() == null) { + obj.setGuid(UUID.randomUUID().toString()); + } + + if(obj.getCreateTime() == null) { + obj.setCreateTime(new Date()); + } + + Long version = obj.getVersion(); + + if(version == null) { + version = new Long(1); + } else { + version = new Long(version.longValue() + 1); + } + + obj.setVersion(version); + obj.setUpdateTime(new Date()); + } + + protected void postUpdate(RangerBaseModelObject obj) { + // TODO: + } + + protected void preDelete(RangerBaseModelObject obj) { + // TODO: + } + + protected void postDelete(RangerBaseModelObject obj) { + // TODO: + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java new file mode 100644 index 0000000..08c253f --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java @@ -0,0 +1,357 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.store.file; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.fs.Path; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.store.ServiceDefStore; + + +public class ServiceDefFileStore extends BaseFileStore implements ServiceDefStore { + private static final Log LOG = LogFactory.getLog(ServiceDefFileStore.class); + + private List<RangerServiceDef> serviceDefs = null; + private long nextServiceDefId = 0; + + static Map<String, Long> legacyServiceTypes = new HashMap<String, Long>(); + + static { + legacyServiceTypes.put("hdfs", new Long(1)); + legacyServiceTypes.put("hbase", new Long(2)); + legacyServiceTypes.put("hive", new Long(3)); + legacyServiceTypes.put("knox", new Long(5)); + legacyServiceTypes.put("storm", new Long(6)); + } + + public ServiceDefFileStore() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.ServiceDefManagerFile()"); + } + + init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.ServiceDefManagerFile()"); + } + } + + @Override + public RangerServiceDef create(RangerServiceDef serviceDef) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.create(" + serviceDef + ")"); + } + + RangerServiceDef existing = findServiceDefByName(serviceDef.getName()); + + if(existing != null) { + throw new Exception(serviceDef.getName() + ": service-def already exists (id=" + existing.getId() + ")"); + } + + RangerServiceDef ret = null; + + try { + preCreate(serviceDef); + + serviceDef.setId(nextServiceDefId++); + + Path filePath = new Path(getServiceDefFile(serviceDef.getId())); + + ret = saveToFile(serviceDef, filePath, false); + + addServiceDef(ret); + + postCreate(ret); + } catch(Exception excp) { + LOG.warn("ServiceDefFileStore.create(): failed to save service-def '" + serviceDef.getName() + "'", excp); + + throw new Exception("failed to save service-def '" + serviceDef.getName() + "'", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.create(" + serviceDef + ")"); + } + + return ret; + } + + @Override + public RangerServiceDef update(RangerServiceDef serviceDef) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.update(" + serviceDef + ")"); + } + + RangerServiceDef existing = findServiceDefById(serviceDef.getId()); + + if(existing == null) { + throw new Exception(serviceDef.getId() + ": service-def does not exist"); + } + + if(isLegacyServiceType(existing)) { + String msg = existing.getName() + ": is an in-built service-def. Update not allowed"; + + LOG.warn(msg); + + throw new Exception(msg); + } + + String existingName = existing.getName(); + + boolean renamed = !serviceDef.getName().equalsIgnoreCase(existingName); + + // renaming service-def would require updating services that refer to this service-def + if(renamed) { + LOG.warn("ServiceDefFileStore.update(): service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName()); + + throw new Exception("service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName()); + } + + RangerServiceDef ret = null; + + try { + existing.updateFrom(serviceDef); + + preUpdate(existing); + + Path filePath = new Path(getServiceDefFile(existing.getId())); + + ret = saveToFile(existing, filePath, true); + + postUpdate(ret); + } catch(Exception excp) { + LOG.warn("ServiceDefFileStore.update(): failed to save service-def '" + existing.getName() + "'", excp); + + throw new Exception("failed to save service-def '" + existing.getName() + "'", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.update(" + serviceDef + "): " + ret); + } + + return ret; + } + + @Override + public void delete(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.delete(" + id + ")"); + } + + RangerServiceDef existing = findServiceDefById(id); + + if(existing == null) { + throw new Exception("service-def does not exist. id=" + id); + } + + if(isLegacyServiceType(existing)) { + String msg = existing.getName() + ": is an in-built service-def. Update not allowed"; + + LOG.warn(msg); + + throw new Exception(msg); + } + + // TODO: deleting service-def would require deleting services that refer to this service-def + + try { + preDelete(existing); + + Path filePath = new Path(getServiceDefFile(id)); + + deleteFile(filePath); + + removeServiceDef(existing); + + postDelete(existing); + } catch(Exception excp) { + throw new Exception("failed to delete service-def. id=" + id + "; name=" + existing.getName(), excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.delete(" + id + ")"); + } + } + + @Override + public RangerServiceDef get(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.get(" + id + ")"); + } + + RangerServiceDef ret = findServiceDefById(id); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.get(" + id + "): " + ret); + } + + return ret; + } + + @Override + public RangerServiceDef getByName(String name) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.getByName(" + name + ")"); + } + + RangerServiceDef ret = findServiceDefByName(name); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.getByName(" + name + "): " + ret); + } + + return ret; + } + + @Override + public List<RangerServiceDef> getAll() throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.getAll()"); + } + + List<RangerServiceDef> ret = serviceDefs; + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.getAll(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + @Override + protected void init() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefFileStore.init()"); + } + + super.init(); + + try { + serviceDefs = new ArrayList<RangerServiceDef>(); + + // load definitions for legacy services from embedded resources + String[] legacyServiceDefResources = { + "/service-defs/ranger-servicedef-hdfs.json", + "/service-defs/ranger-servicedef-hive.json", + "/service-defs/ranger-servicedef-hbase.json", + "/service-defs/ranger-servicedef-knox.json", + "/service-defs/ranger-servicedef-storm.json", + }; + + for(String resource : legacyServiceDefResources) { + RangerServiceDef sd = loadFromResource(resource, RangerServiceDef.class); + + if(sd != null) { + serviceDefs.add(sd); + } + } + nextServiceDefId = getMaxId(serviceDefs) + 1; + + // load service definitions from file system + List<RangerServiceDef> sds = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE_DEF, RangerServiceDef.class); + + if(sds != null) { + for(RangerServiceDef sd : sds) { + if(sd != null) { + if(isLegacyServiceType(sd)) { + LOG.warn("Found in-built service-def '" + sd.getName() + "' under " + getDataDir() + ". Ignorning"); + + continue; + } + + RangerServiceDef existingSd = findServiceDefByName(sd.getName()); + + if(existingSd != null) { + removeServiceDef(existingSd); + } + + existingSd = findServiceDefById(sd.getId()); + + if(existingSd != null) { + removeServiceDef(existingSd); + } + + serviceDefs.add(sd); + } + } + } + nextServiceDefId = getMaxId(serviceDefs) + 1; + } catch(Exception excp) { + LOG.error("ServiceDefFileStore.init(): failed to read service-defs", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefFileStore.init()"); + } + } + + private RangerServiceDef findServiceDefById(long id) { + RangerServiceDef ret = null; + + for(RangerServiceDef sd : serviceDefs) { + if(sd != null && sd.getId() != null && sd.getId().longValue() == id) { + ret = sd; + + break; + } + } + + return ret; + } + + private RangerServiceDef findServiceDefByName(String sdName) { + RangerServiceDef ret = null; + + for(RangerServiceDef sd : serviceDefs) { + if(sd != null && sd.getName() != null && sd.getName().equalsIgnoreCase(sdName)) { + ret = sd; + + break; + } + } + + return ret; + } + + private void addServiceDef(RangerServiceDef sd) { + serviceDefs.add(sd); + } + + private void removeServiceDef(RangerServiceDef sd) { + serviceDefs.remove(sd); + } + + private boolean isLegacyServiceType(RangerServiceDef sd) { + return sd == null ? false : (isLegacyServiceType(sd.getName()) || isLegacyServiceType(sd.getId())); + } + + private boolean isLegacyServiceType(String name) { + return name == null ? false : legacyServiceTypes.containsKey(name); + } + + private boolean isLegacyServiceType(Long id) { + return id == null ? false : legacyServiceTypes.containsValue(id); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java new file mode 100644 index 0000000..789cc3a --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java @@ -0,0 +1,577 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.store.file; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.fs.Path; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.store.ServiceStore; + + +public class ServiceFileStore extends BaseFileStore implements ServiceStore { + private static final Log LOG = LogFactory.getLog(ServiceFileStore.class); + + private long nextServiceId = 0; + private long nextPolicyId = 0; + + public ServiceFileStore() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.ServiceManagerFile()"); + } + + init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.ServiceManagerFile()"); + } + } + + @Override + public RangerService create(RangerService service) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.create(" + service + ")"); + } + + RangerService existing = getByName(service.getName()); + + if(existing != null) { + throw new Exception("service already exists - '" + service.getName() + "'. ID=" + existing.getId()); + } + + RangerService ret = null; + + try { + preCreate(service); + + service.setId(nextServiceId++); + + Path filePath = new Path(getServiceFile(service.getId())); + + ret = saveToFile(service, filePath, false); + + postCreate(service); + } catch(Exception excp) { + throw new Exception("failed to save service '" + service.getName() + "'", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.create(" + service + "): " + ret); + } + + return ret; + } + + @Override + public RangerService update(RangerService service) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.update(" + service + ")"); + } + + RangerService existing = get(service.getId()); + + if(existing == null) { + throw new Exception("no service exists with ID=" + service.getId()); + } + + String existingName = existing.getName(); + + boolean renamed = !service.getName().equalsIgnoreCase(existingName); + + if(renamed) { + RangerService newNameService = getByName(service.getName()); + + if(newNameService != null) { + throw new Exception("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId()); + } + } + + RangerService ret = null; + + try { + existing.updateFrom(service); + + preUpdate(existing); + + Path filePath = new Path(getServiceFile(existing.getId())); + + ret = saveToFile(existing, filePath, true); + + postUpdate(ret); + + if(renamed) { + handleServiceRename(ret, existingName); + } + } catch(Exception excp) { + throw new Exception("failed to update service '" + existing.getName() + "'", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.update(" + service + "): " + ret); + } + + return ret; + } + + @Override + public void delete(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.delete(" + id + ")"); + } + + RangerService existing = get(id); + + if(existing == null) { + throw new Exception("no service exists with ID=" + id); + } + + try { + Path filePath = new Path(getServiceFile(id)); + + preDelete(existing); + + handleServiceDelete(existing); + + deleteFile(filePath); + + postDelete(existing); + } catch(Exception excp) { + throw new Exception("failed to delete service with ID=" + id, excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.delete(" + id + ")"); + } + } + + @Override + public RangerService get(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.get(" + id + ")"); + } + + RangerService ret = null; + + try { + Path filePath = new Path(getServiceFile(id)); + + ret = loadFromFile(filePath, RangerService.class); + } catch(Exception excp) { + LOG.error("ServiceFileStore.get(" + id + "): failed to read service", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.get(" + id + "): " + ret); + } + + return ret; + } + + @Override + public RangerService getByName(String name) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.getByName(" + name + ")"); + } + + RangerService ret = null; + + try { + List<RangerService> services = getAll(); + + if(services != null) { + for(RangerService service : services) { + if(service.getName().equalsIgnoreCase(name)) { + ret = service; + + break; + } + } + } + } catch(Exception excp) { + LOG.error("ServiceFileStore.getByName(" + name + "): failed to read service", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.getByName(" + name + "): " + ret); + } + + return ret; + } + + @Override + public List<RangerService> getAll() throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.getAll()"); + } + + List<RangerService> ret = null; + + try { + ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class); + } catch(Exception excp) { + LOG.error("ServiceFileStore.getAll(): failed to read services", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.getAll(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + @Override + public RangerPolicy createPolicy(RangerPolicy policy) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.createPolicy(" + policy + ")"); + } + + RangerService service = getByName(policy.getService()); + + if(service == null) { + throw new Exception("service does not exist - name=" + policy.getService()); + } + + RangerPolicy existing = getPolicyByName(policy.getService(), policy.getName()); + + if(existing != null) { + throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId()); + } + + RangerPolicy ret = null; + + try { + preCreate(policy); + + policy.setId(nextPolicyId++); + + Path filePath = new Path(getPolicyFile(service.getId(), policy.getId())); + + ret = saveToFile(policy, filePath, false); + + postCreate(ret); + } catch(Exception excp) { + throw new Exception("failed to save policy: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName(), excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.createPolicy(" + policy + "): " + ret); + } + + return ret; + } + + @Override + public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.updatePolicy(" + policy + ")"); + } + + RangerPolicy existing = getPolicy(policy.getId()); + + if(existing == null) { + throw new Exception("no policy exists with ID=" + policy.getId()); + } + + RangerService service = getByName(policy.getService()); + + if(service == null) { + throw new Exception("service does not exist - name=" + policy.getService()); + } + + if(! existing.getService().equalsIgnoreCase(policy.getService())) { + throw new Exception("policy id=" + policy.getId() + " already exists in service " + existing.getService() + ". It can not be moved to service " + policy.getService()); + } + + boolean renamed = !policy.getName().equalsIgnoreCase(existing.getName()); + + if(renamed) { + RangerPolicy newNamePolicy = getPolicyByName(service.getName(), policy.getName()); + + if(newNamePolicy != null) { + throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId()); + } + } + + RangerPolicy ret = null; + + try { + existing.updateFrom(policy); + + preUpdate(existing); + + Path filePath = new Path(getPolicyFile(service.getId(), existing.getId())); + + ret = saveToFile(existing, filePath, true); + + postUpdate(ret); + } catch(Exception excp) { + throw new Exception("failed to update policy - ID=" + existing.getId(), excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.updatePolicy(" + policy + "): " + ret); + } + + return ret; + } + + @Override + public void deletePolicy(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.deletePolicy(" + id + ")"); + } + + RangerPolicy existing = getPolicy(id); + + if(existing == null) { + throw new Exception("no policy exists with ID=" + id); + } + + RangerService service = getByName(existing.getService()); + + if(service == null) { + throw new Exception("service does not exist - name='" + existing.getService()); + } + + try { + preDelete(existing); + + Path filePath = new Path(getPolicyFile(service.getId(), existing.getId())); + + deleteFile(filePath); + + postDelete(existing); + } catch(Exception excp) { + throw new Exception(existing.getId() + ": failed to delete policy", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.deletePolicy(" + id + ")"); + } + } + + @Override + public RangerPolicy getPolicy(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.getPolicy(" + id + ")"); + } + + RangerPolicy ret = null; + + try { + List<RangerPolicy> policies = getAllPolicies(); + + if(policies != null) { + for(RangerPolicy policy : policies) { + if(policy.getId().equals(id)) { + ret = policy; + + break; + } + } + } + } catch(Exception excp) { + throw new Exception(id + ": failed to read policy", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.getPolicy(" + id + "): " + ret); + } + + return ret; + } + + @Override + public RangerPolicy getPolicyByName(String serviceName, String policyName) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + ")"); + } + + RangerService service = getByName(serviceName); + + if(service == null) { + throw new Exception("service does not exist - name='" + serviceName); + } + + RangerPolicy ret = null; + + try { + List<RangerPolicy> policies = getServicePolicies(service.getId()); + + if(policies != null) { + for(RangerPolicy policy : policies) { + if(policy.getName().equals(policyName)) { + ret = policy; + + break; + } + } + } + } catch(Exception excp) { + LOG.error("ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + "): failed to read policies", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + "): " + ret); + } + + return ret; + } + + @Override + public List<RangerPolicy> getServicePolicies(String serviceName) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.getPolicies(" + serviceName + ")"); + } + + RangerService service = getByName(serviceName); + + if(service == null) { + throw new Exception("service does not exist - name='" + serviceName); + } + + List<RangerPolicy> ret = new ArrayList<RangerPolicy>(); + + try { + List<RangerPolicy> policies = getAllPolicies(); + + if(policies != null) { + for(RangerPolicy policy : policies) { + if(policy.getService().equals(serviceName)) { + ret.add(policy); + } + } + } + } catch(Exception excp) { + LOG.error("ServiceFileStore.getPolicies(" + serviceName + "): failed to read policies", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.getPolicies(" + serviceName + "): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + @Override + public List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.getPolicies(" + serviceId + ")"); + } + + RangerService service = get(serviceId); + + if(service == null) { + throw new Exception("service does not exist - id='" + serviceId); + } + + List<RangerPolicy> ret = getServicePolicies(service.getName()); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.getPolicies(" + serviceId + "): " + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + @Override + public List<RangerPolicy> getAllPolicies() throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.getAllPolicies()"); + } + + List<RangerPolicy> ret = null; + + try { + ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class); + } catch(Exception excp) { + LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + @Override + protected void init() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceFileStore.init()"); + } + + super.init(); + + try { + List<RangerService> services = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class); + List<RangerPolicy> policies = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class); + + nextServiceId = getMaxId(services) + 1; + nextPolicyId = getMaxId(policies) + 1; + } catch(Exception excp) { + LOG.error("ServiceDefFileStore.init() failed", excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceFileStore.init()"); + } + } + + private void handleServiceRename(RangerService service, String oldName) throws Exception { + List<RangerPolicy> policies = getAllPolicies(); + + if(policies != null) { + for(RangerPolicy policy : policies) { + if(policy.getService().equalsIgnoreCase(oldName)) { + policy.setService(service.getName()); + + preUpdate(policy); + + Path filePath = new Path(getPolicyFile(service.getId(), policy.getId())); + + saveToFile(policy, filePath, true); + + postUpdate(policy); + } + } + } + } + + private void handleServiceDelete(RangerService service) throws Exception { + List<RangerPolicy> policies = getServicePolicies(service.getName()); + + if(policies != null) { + for(RangerPolicy policy : policies) { + preDelete(policy); + + Path filePath = new Path(getPolicyFile(service.getId(), policy.getId())); + + deleteFile(filePath); + + postDelete(policy); + } + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json new file mode 100644 index 0000000..10b84bb --- /dev/null +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json @@ -0,0 +1,51 @@ +{ + "id":2, + "name":"hbase", + "implClass":"org.apache.ranger.services.hbase.RangerServiceHBase", + "label":"HBase", + "description":"HBase", + "guid":"d6cea1f0-2509-4791-8fc1-7b092399ba3b", + "createTime":"20141208-22:50:22.426--0800", + "updateTime":"20141208-22:50:22.426--0800", + "version":1, + "enums": + [ + { + "name":"authnType", + "elements": + [ + {"name":"simple","label":"Simple"}, + {"name":"kerberos","label":"Kerberos"}, + ], + "defaultIndex":0 + } + ], + "configs": + [ + {"name":"username","type":"string","mandatory":true,"label":"Username"}, + {"name":"password","type":"password","mandatory":true,"label":"Password"}, + {"name":"hadoop.security.authentication","type":"enum","subtype":"authnType","mandatory":true,"defaultValue":"simple"}, + {"name":"hbase.master.kerberos.principal","type":"string","mandatory":false,"defaultValue":""}, + {"name":"hbase.security.authentication","type":"enum","subtype":"authnType","mandatory":true,"defaultValue":"simple"}, + {"name":"hbase.zookeeper.property.clientPort","type":"int","mandatory":true,"defaultValue":"2181"}, + {"name":"hbase.zookeeper.quorum","type":"string","mandatory":true,"defaultValue":""}, + {"name":"zookeeper.znode.parent","type":"string","mandatory":true,"defaultValue":"/hbase"} + ], + "resources": + [ + {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"label":"HBase Table","description":"HBase Table"}, + {"name":"column-family","level":2,"parent":"table","mandatory":true,"lookupSupported":true,"label":"HBase Column-family","description":"HBase Column-family"}, + {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"label":"HBase Column","description":"HBase Column"} + ], + "accessTypes": + [ + {"name":"read","label":"Read"}, + {"name":"write","label":"Write"}, + {"name":"create","label":"Create"} + ], + "policyConditions": + [ + { + } + ] +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json new file mode 100644 index 0000000..f8a90a2 --- /dev/null +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json @@ -0,0 +1,61 @@ +{ + "id":1, + "name":"hdfs", + "implClass":"org.apache.ranger.services.hdfs.RangerServiceHdfs", + "label":"HDFS Repository", + "description":"HDFS Repository", + "guid":"0d047247-bafe-4cf8-8e9b-d5d377284b2d", + "createTime":"20141208-22:04:25.233--0800", + "updateTime":"20141208-22:04:25.233--0800", + "version":1, + "enums": + [ + { + "name":"authnType", + "elements": + [ + {"name":"simple","label":"Simple"}, + {"name":"kerberos","label":"Kerberos"} + ], + "defaultIndex":0 + }, + { + "name":"rpcProtection", + "elements": + [ + {"name":"authentication","label":"Authentication"}, + {"name":"integrity","label":"Integrity"}, + {"name":"privacy","label":"Privacy"} + ], + "defaultIndex":0 + }, + ], + "configs": + [ + {"name":"username","type":"string","mandatory":true,"label":"Username"}, + {"name":"password","type":"password","mandatory":true,"label":"Password"}, + {"name":"hadoop.security.authorization","type":"bool","mandatory":true,"defaultValue":"false"}, + {"name":"hadoop.security.authentication","type":"enum","subtype":"authnType","mandatory":true,"defaultValue":"simple"}, + {"name":"hadoop.security.auth_to_local","type":"string","mandatory":false}, + {"name":"dfs.datanode.kerberos.principal","type":"string","mandatory":false}, + {"name":"dfs.namenode.kerberos.principal","type":"string","mandatory":false}, + {"name":"dfs.secondary.namenode.kerberos.principal","type":"string","mandatory":false}, + {"name":"hadoop.rpc.protection","type":"rpcProtection","mandatory":false,"defaultValue":"authentication"}, + {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"} + ], + "resources": + [ + {"name":"path","level":1,"mandatory":true,"lookupSupported":true,"label":"Resource Path","description":"HDFS file or directory path"} + ], + "accessTypes": + [ + {"name":"read","label":"Read"}, + {"name":"write","label":"Write"}, + {"name":"execute","label":"Execute"} + ], + "policyConditions": + [ + { + } + ] +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json new file mode 100644 index 0000000..c6df80c --- /dev/null +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -0,0 +1,45 @@ +{ + "id":3, + "name":"hive", + "implClass":"org.apache.ranger.services.hive.RangerServiceHive", + "label":"Hive Server2", + "description":"Hive Server2", + "guid":"3e1afb5a-184a-4e82-9d9c-87a5cacc243c", + "createTime":"20141208-22:51:20.732--0800", + "updateTime":"20141208-22:51:20.732--0800", + "version":1, + "enums": + [ + ], + "configs": + [ + {"name":"username","type":"string","mandatory":true,"label":"Username"}, + {"name":"password","type":"password","mandatory":true,"label":"Password"}, + {"name":"jdbc.driverClassName","type":"string","mandatory":true,"defaultValue":"org.apache.hive.jdbc.HiveDriver"}, + {"name":"jdbc.url","type":"string","mandatory":true,"defaultValue":""}, + {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"} + ], + "resources": + [ + {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"label":"Hive Database","description":"Hive Database"}, + {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"label":"Hive Table","description":"Hive Table"}, + {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"label":"Hive UDF","description":"Hive UDF"}, + {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"label":"Hive Column","description":"Hive Column"} + ], + "accessTypes": + [ + {"name":"select","label":"select"}, + {"name":"update","label":"update"}, + {"name":"create","label":"Create"}, + {"name":"drop","label":"Drop"}, + {"name":"alter","label":"Alter"}, + {"name":"index","label":"Index"}, + {"name":"lock","label":"Lock"}, + {"name":"all","label":"All"} + ], + "policyConditions": + [ + { + } + ] +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json new file mode 100644 index 0000000..81621e6 --- /dev/null +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json @@ -0,0 +1,34 @@ +{ + "id":5, + "name":"knox", + "implClass":"org.apache.ranger.services.knox.RangerServiceKnox", + "label":"Knox Gateway", + "description":"Knox Gateway", + "guid":"84b481b5-f23b-4f71-b8b6-ab33977149ca", + "createTime":"20141208-22:48:42.238--0800", + "updateTime":"20141208-22:48:42.238--0800", + "version":1, + "enums": + [ + ], + "configs": + [ + {"name":"username","type":"string","mandatory":true,"label":"Username"}, + {"name":"password","type":"password","mandatory":true,"label":"Password"}, + {"name":"knox.url","type":"string","mandatory":true,"defaultValue":""}, + {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"} + ], + "resources": + [ + {"name":"topology","level":1,"mandatory":true,"lookupSupported":true,"label":"Knox Topology","description":"Knox Topology"}, + {"name":"service","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"label":"Knox Service","description":"Knox Service"} + ], + "accessTypes": + [ + {"name":"allow","label":"Allow"} + ], + "policyConditions": + [ + {"name":"ip-range","evalClass":"org.apache.ranger.knox.IpRangeCondition","label":"IP Address Range","description":"IP Address Range"} + ] +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json new file mode 100644 index 0000000..ed10459 --- /dev/null +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json @@ -0,0 +1,46 @@ +{ + "id":6, + "name":"storm", + "implClass":"org.apache.ranger.services.storm.RangerServiceStorm", + "label":"Storm", + "description":"Storm", + "guid":"2a60f427-edcf-4e20-834c-a9a267b5b963", + "createTime":"20141208-22:55:47.095--0800", + "updateTime":"20141208-22:55:47.095--0800", + "version":1, + "enums": + [ + ], + "configs": + [ + {"name":"username","type":"string","mandatory":true,"label":"Username"}, + {"name":"password","type":"password","mandatory":true,"label":"Password"}, + {"name":"nimbus.url","type":"string","mandatory":true,"defaultValue":"","label":"Nimbus URL"}, + {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"} + ], + "resources": + [ + {"name":"topology","level":1,"mandatory":true,"lookupSupported":true,"label":"Storm Topology","description":"Storm Topology"} + ], + "accessTypes": + [ + {"name":"topology-submit","label":"Submit Topology"}, + {"name":"file-upload","label":"File Upload"}, + {"name":"nimbus-conf-get","label":"Get Nimbus Conf"}, + {"name":"cluster-conf-get","label":"Get Cluster Conf"}, + {"name":"cluster-info-get","label":"Get Cluster Info"}, + {"name":"file-download","label":"File Download"}, + {"name":"topology-kill","label":"Kill Topology"}, + {"name":"rebalance","label":"Rebalance"}, + {"name":"activate","label":"Activate"}, + {"name":"deactivate","label":"Deactivate"}, + {"name":"topology-conf-get","label":"Get Topology Conf"}, + {"name":"topology-get","label":"Get Topology"}, + {"name":"topology-user-get","label":"Get User Topology"}, + {"name":"topology-info-get","label":"Get Topology Info"}, + {"name":"new-credential-upload","label":"Upload New Credential"} + ], + "policyConditions": + [ + ] +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java new file mode 100644 index 0000000..b2e12a1 --- /dev/null +++ b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java @@ -0,0 +1,203 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.manager; + +import static org.junit.Assert.*; + +import java.util.List; + +import org.apache.ranger.plugin.manager.ServiceDefManager; +import org.apache.ranger.plugin.manager.ServiceManager; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.junit.BeforeClass; +import org.junit.Test; + +public class TestServiceManager { + static ServiceDefManager sdMgr = null; + static ServiceManager svcMgr = null; + + static String sdName = "HdfsTest"; + static String serviceName = "HdfsTest-dev"; + static String policyName = "testPolicy-1"; + + @BeforeClass + public static void setupTest() { + sdMgr = new ServiceDefManager(); + svcMgr = new ServiceManager(); + } + + @Test + public void testServiceManager() throws Exception { + List<RangerServiceDef> sds = sdMgr.getAll(); + + int initSdCount = sds == null ? 0 : sds.size(); + + RangerServiceDef sd = new RangerServiceDef(sdName, "org.apache.ranger.services.TestService", "TestService", "test servicedef description", null, null, null, null, null); + + RangerServiceDef createdSd = sdMgr.create(sd); + assertNotNull("createServiceDef() failed", createdSd != null); + + sds = sdMgr.getAll(); + assertEquals("createServiceDef() failed", initSdCount + 1, sds == null ? 0 : sds.size()); + + String updatedDescription = sd.getDescription() + ": updated"; + createdSd.setDescription(updatedDescription); + RangerServiceDef updatedSd = sdMgr.update(createdSd); + assertNotNull("updateServiceDef(updatedDescription) failed", updatedSd); + assertEquals("updateServiceDef(updatedDescription) failed", updatedDescription, updatedSd.getDescription()); + + sds = sdMgr.getAll(); + assertEquals("updateServiceDef(updatedDescription) failed", initSdCount + 1, sds == null ? 0 : sds.size()); + + String updatedName = sd.getName() + "-Renamed"; + /* + updatedSd.setName(updatedName); + updatedSd = sdMgr.update(updatedSd); + assertNotNull("updateServiceDef(updatedName) failed", updatedSd); + assertEquals("updateServiceDef(updatedName) failed", updatedName, updatedSd.getName()); + + sds = getAllServiceDef(); + assertEquals("updateServiceDef(updatedName) failed", initSdCount + 1, sds == null ? 0 : sds.size()); + */ + + List<RangerService> services = svcMgr.getAll(); + + int initServiceCount = services == null ? 0 : services.size(); + + RangerService svc = new RangerService(sdName, serviceName, "test service description", Boolean.TRUE, null); + + RangerService createdSvc = svcMgr.create(svc); + assertNotNull("createService() failed", createdSvc); + + services = svcMgr.getAll(); + assertEquals("createServiceDef() failed", initServiceCount + 1, services == null ? 0 : services.size()); + + updatedDescription = createdSvc.getDescription() + ": updated"; + createdSvc.setDescription(updatedDescription); + RangerService updatedSvc = svcMgr.update(createdSvc); + assertNotNull("updateService(updatedDescription) failed", updatedSvc); + assertEquals("updateService(updatedDescription) failed", updatedDescription, updatedSvc.getDescription()); + + services = svcMgr.getAll(); + assertEquals("updateService(updatedDescription) failed", initServiceCount + 1, services == null ? 0 : services.size()); + + updatedName = serviceName + "-Renamed"; + updatedSvc.setName(updatedName); + updatedSvc = svcMgr.update(updatedSvc); + assertNotNull("updateService(updatedName) failed", updatedSvc); + assertEquals("updateService(updatedName) failed", updatedName, updatedSvc.getName()); + + services = svcMgr.getAll(); + assertEquals("updateService(updatedName) failed", initServiceCount + 1, services == null ? 0 : services.size()); + + List<RangerPolicy> policies = svcMgr.getAllPolicies(); + + int initPolicyCount = policies == null ? 0 : policies.size(); + + RangerPolicy policy = new RangerPolicy(updatedSvc.getName(), policyName, "test policy description", Boolean.TRUE, null, null); + policy.getResources().add(new RangerPolicyResource("path", "/demo/test/finance", Boolean.FALSE, Boolean.TRUE)); + + RangerPolicyItem item1 = new RangerPolicyItem(); + item1.getAccesses().add(new RangerPolicyItemAccess("read", Boolean.TRUE)); + item1.getAccesses().add(new RangerPolicyItemAccess("write", Boolean.TRUE)); + item1.getAccesses().add(new RangerPolicyItemAccess("execute", Boolean.TRUE)); + item1.getUsers().add("admin"); + item1.getGroups().add("finance"); + + RangerPolicyItem item2 = new RangerPolicyItem(); + item2.getAccesses().add(new RangerPolicyItemAccess("read", Boolean.TRUE)); + item2.getGroups().add("public"); + + policy.getPolicyItems().add(item1); + policy.getPolicyItems().add(item2); + + RangerPolicy createdPolicy = svcMgr.createPolicy(policy); + assertNotNull(createdPolicy); + assertNotNull(createdPolicy.getPolicyItems()); + assertEquals(createdPolicy.getPolicyItems().size(), 2); + + RangerPolicyItem createItem1 = createdPolicy.getPolicyItems().get(0); + RangerPolicyItem createItem2 = createdPolicy.getPolicyItems().get(1); + + assertNotNull(createItem1.getAccesses()); + assertEquals(createItem1.getAccesses().size(), 3); + assertNotNull(createItem1.getUsers()); + assertEquals(createItem1.getUsers().size(), 1); + assertNotNull(createItem1.getGroups()); + assertEquals(createItem1.getGroups().size(), 1); + + assertNotNull(createItem2.getAccesses()); + assertEquals(createItem2.getAccesses().size(), 1); + assertNotNull(createItem2.getUsers()); + assertEquals(createItem2.getUsers().size(), 0); + assertNotNull(createItem2.getGroups()); + assertEquals(createItem2.getGroups().size(), 1); + + policies = svcMgr.getAllPolicies(); + assertEquals("createPolicy() failed", initPolicyCount + 1, policies == null ? 0 : policies.size()); + + updatedDescription = policy.getDescription() + ":updated"; + createdPolicy.setDescription(updatedDescription); + RangerPolicy updatedPolicy = svcMgr.updatePolicy(createdPolicy); + assertNotNull("updatePolicy(updatedDescription) failed", updatedPolicy != null); + + policies = svcMgr.getAllPolicies(); + assertEquals("updatePolicy(updatedDescription) failed", initPolicyCount + 1, policies == null ? 0 : policies.size()); + + updatedName = policyName + "-Renamed"; + updatedPolicy.setName(updatedName); + updatedPolicy = svcMgr.updatePolicy(updatedPolicy); + assertNotNull("updatePolicy(updatedName) failed", updatedPolicy); + + policies = svcMgr.getAllPolicies(); + assertEquals("updatePolicy(updatedName) failed", initPolicyCount + 1, policies == null ? 0 : policies.size()); + + // rename the service; all the policies for this service should reflect the new service name + updatedName = serviceName + "-Renamed2"; + updatedSvc.setName(updatedName); + updatedSvc = svcMgr.update(updatedSvc); + assertNotNull("updateService(updatedName2) failed", updatedSvc); + assertEquals("updateService(updatedName2) failed", updatedName, updatedSvc.getName()); + + services = svcMgr.getAll(); + assertEquals("updateService(updatedName2) failed", initServiceCount + 1, services == null ? 0 : services.size()); + + updatedPolicy = svcMgr.getPolicy(createdPolicy.getId()); + assertNotNull("updateService(updatedName2) failed", updatedPolicy); + assertEquals("updateService(updatedName2) failed", updatedPolicy.getService(), updatedSvc.getName()); + + svcMgr.deletePolicy(policy.getId()); + policies = svcMgr.getAllPolicies(); + assertEquals("deletePolicy() failed", initPolicyCount, policies == null ? 0 : policies.size()); + + svcMgr.delete(svc.getId()); + services = svcMgr.getAll(); + assertEquals("deleteService() failed", initServiceCount, services == null ? 0 : services.size()); + + sdMgr.delete(sd.getId()); + sds = sdMgr.getAll(); + assertEquals("deleteServiceDef() failed", initSdCount, sds == null ? 0 : sds.size()); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 38590d5..6dc5247 100644 --- a/pom.xml +++ b/pom.xml @@ -49,6 +49,7 @@ <module>ugsync</module> <module>unixauthclient</module> <module>unixauthservice</module> + <module>plugin-common</module> </modules> <properties> <antlr.version>3.5.2</antlr.version> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/security-admin/pom.xml ---------------------------------------------------------------------- diff --git a/security-admin/pom.xml b/security-admin/pom.xml index ba0e68b..264c53d 100644 --- a/security-admin/pom.xml +++ b/security-admin/pom.xml @@ -417,6 +417,11 @@ <artifactId>oracle-ojdbc6</artifactId> <version>11.2.0.3.0</version> </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>plugin-common</artifactId> + <version>0.4.0</version> + </dependency> </dependencies> <build> <pluginManagement>
