Repository: incubator-ranger Updated Branches: refs/heads/stack 3493c02f3 -> 84382d387
RANGER-203: Updated AssetREST to support policy-download by earlier plugins - from the policy data in the new model. Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/84382d38 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/84382d38 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/84382d38 Branch: refs/heads/stack Commit: 84382d38779b40b1e30e0dde6fe0559d2e975c99 Parents: 3493c02 Author: Madhan Neethiraj <[email protected]> Authored: Tue Jan 20 23:48:16 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Jan 20 23:48:16 2015 -0800 ---------------------------------------------------------------------- .../java/org/apache/ranger/biz/AssetMgr.java | 395 ++++++++----------- .../org/apache/ranger/common/ServiceUtil.java | 36 +- .../java/org/apache/ranger/rest/AssetREST.java | 96 ++--- 3 files changed, 228 insertions(+), 299 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java index 2f42868..e13b632 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java @@ -22,7 +22,6 @@ import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; -import java.sql.Timestamp; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -55,7 +54,6 @@ import org.apache.ranger.common.TimedEventUtil; import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXAsset; -import org.apache.ranger.entity.XXAuditMap; import org.apache.ranger.entity.XXGroup; import org.apache.ranger.entity.XXPermMap; import org.apache.ranger.entity.XXPolicyExportAudit; @@ -688,6 +686,11 @@ public class AssetMgr extends AssetMgrBase { MessageEnums.DATA_NOT_FOUND, id, "dataSourceId", "DataSource not found with " + "id " + id); } + + return getXResourceFile(xResource, fileType); + } + + public File getXResourceFile(VXResource xResource, String fileType) { File file = null; try { if (fileType != null) { @@ -778,11 +781,9 @@ public class AssetMgr extends AssetMgrBase { } } - public String getLatestRepoPolicy(String repository, + public String getLatestRepoPolicy(VXAsset xAsset, List<VXResource> xResourceList, Long updatedTime, X509Certificate[] certchain, boolean httpEnabled, String epoch, String ipAddress, boolean isSecure, String count, String agentId) { - - XXAsset xAsset = rangerDaoManager.getXXAsset().findByAssetName(repository); if(xAsset==null){ logger.error("Requested repository not found"); throw restErrorUtil.createRESTException("No Data Found.", @@ -793,9 +794,12 @@ public class AssetMgr extends AssetMgrBase { throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NO_EXPORT); } + + HashMap<String, Object> updatedRepo = new HashMap<String, Object>(); + updatedRepo.put("repository_name", xAsset.getName()); XXPolicyExportAudit policyExportAudit = new XXPolicyExportAudit(); - policyExportAudit.setRepositoryName(repository); + policyExportAudit.setRepositoryName(xAsset.getName()); if (agentId != null && !agentId.isEmpty()) { policyExportAudit.setAgentId(agentId); @@ -872,29 +876,6 @@ public class AssetMgr extends AssetMgrBase { } } - if (repository == null || repository.isEmpty()) { - - policyExportAudit - .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); - createPolicyAudit(policyExportAudit); - - logger.error("Repository name not provided"); - throw restErrorUtil.createRESTException("Unauthorized access.", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - - - - if (xAsset == null) { - policyExportAudit - .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); - createPolicyAudit(policyExportAudit); - - logger.error("Requested repository doesn't exist"); - throw restErrorUtil.createRESTException("Unauthorized access.", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - if (policyCount == null) { policyCount = 0l; } @@ -917,197 +898,168 @@ public class AssetMgr extends AssetMgrBase { } } - // ////////////////////////////////////// - // Get latest updated time of repository - // ////////////////////////////////////// - Timestamp luTime = rangerDaoManager.getXXResource() - .getMaxUpdateTimeForAssetName(repository); + long epochTime = epoch != null ? Long.parseLong(epoch) : 0; - HashMap<String, Object> updatedRepo = new HashMap<String, Object>(); - updatedRepo.put("repository_name", repository); + if(epochTime == updatedTime) { + int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ; + + if (policyCount == resourceListSz) { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED); + createPolicyAudit(policyExportAudit); - Long updatedTime = 0l; - List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String, Object>>(); - - if (luTime != null) { - updatedTime = luTime.getTime(); + throw restErrorUtil.createRESTException( + HttpServletResponse.SC_NOT_MODIFIED, + "No change since last update", false); + } } - - { - List<XXResource> xResourceList = new ArrayList<XXResource>(); - long epochTime = epoch != null ? Long.parseLong(epoch) : 0; + List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String, Object>>(); - if(epochTime == updatedTime) { - //TODO: instead of getting entire list, get just count(*) for the given repository - xResourceList = rangerDaoManager.getXXResource().findUpdatedResourcesByAssetName(repository, new Date(0L)); - - int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ; - - if (policyCount == resourceListSz) { - policyExportAudit - .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED); - createPolicyAudit(policyExportAudit); - - throw restErrorUtil.createRESTException( - HttpServletResponse.SC_NOT_MODIFIED, - "No change since last update", false); + // HDFS Repository + if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) { + for (VXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + resourceMap.put("id", xResource.getId()); + resourceMap.put("resource", xResource.getName()); + resourceMap.put("isRecursive", + getBooleanValue(xResource.getIsRecursive())); + resourceMap.put("policyStatus", RangerCommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + // resourceMap.put("isEncrypt", + // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); + populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS); + List<VXAuditMap> xAuditMaps = xResource.getAuditList(); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); } - - } else { - xResourceList = rangerDaoManager.getXXResource().findUpdatedResourcesByAssetName(repository, new Date(0L)); - } - - - // HDFS Repository - if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) { - for (XXResource xResource : xResourceList) { - HashMap<String, Object> resourceMap = new HashMap<String, Object>(); - resourceMap.put("id", xResource.getId()); - resourceMap.put("resource", xResource.getName()); - resourceMap.put("isRecursive", - getBooleanValue(xResource.getIsRecursive())); - resourceMap.put("policyStatus", RangerCommonEnums - .getLabelFor_ActiveStatus(xResource - .getResourceStatus())); - // resourceMap.put("isEncrypt", - // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); - populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS); - List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap() - .findByResourceId(xResource.getId()); - if (xAuditMaps.size() != 0) { - resourceMap.put("audit", 1); - } else { - resourceMap.put("audit", 0); - } - resourceList.add(resourceMap); + resourceList.add(resourceMap); + } + } else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) { + for (VXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + resourceMap.put("id", xResource.getId()); + resourceMap.put("database_name", xResource.getDatabases()); + resourceMap.put("policyStatus", RangerCommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + resourceMap.put("tablePolicyType", AppConstants + .getLabelFor_PolicyType(xResource.getTableType())); + resourceMap.put("columnPolicyType", AppConstants + .getLabelFor_PolicyType(xResource.getColumnType())); + int resourceType = xResource.getResourceType(); + if (resourceType == AppConstants.RESOURCE_UDF) { + resourceMap.put("udf_name", xResource.getUdfs()); + } else if (resourceType == AppConstants.RESOURCE_COLUMN) { + resourceMap.put("table_name", xResource.getTables()); + resourceMap.put("column_name", xResource.getColumns()); + } else if (resourceType == AppConstants.RESOURCE_TABLE) { + resourceMap.put("table_name", xResource.getTables()); } - } else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) { - for (XXResource xResource : xResourceList) { - HashMap<String, Object> resourceMap = new HashMap<String, Object>(); - resourceMap.put("id", xResource.getId()); - resourceMap.put("database_name", xResource.getDatabases()); - resourceMap.put("policyStatus", RangerCommonEnums - .getLabelFor_ActiveStatus(xResource - .getResourceStatus())); - resourceMap.put("tablePolicyType", AppConstants - .getLabelFor_PolicyType(xResource.getTableType())); - resourceMap.put("columnPolicyType", AppConstants - .getLabelFor_PolicyType(xResource.getColumnType())); - int resourceType = xResource.getResourceType(); - if (resourceType == AppConstants.RESOURCE_UDF) { - resourceMap.put("udf_name", xResource.getUdfs()); - } else if (resourceType == AppConstants.RESOURCE_COLUMN) { - resourceMap.put("table_name", xResource.getTables()); - resourceMap.put("column_name", xResource.getColumns()); - } else if (resourceType == AppConstants.RESOURCE_TABLE) { - resourceMap.put("table_name", xResource.getTables()); - } - populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE); - List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap() - .findByResourceId(xResource.getId()); - if (xAuditMaps.size() != 0) { - resourceMap.put("audit", 1); - } else { - resourceMap.put("audit", 0); - } - resourceList.add(resourceMap); + populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE); + + List<VXAuditMap> xAuditMaps = xResource.getAuditList(); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); } + resourceList.add(resourceMap); } + } - else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) { - for (XXResource xResource : xResourceList) { - HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) { + for (VXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); - resourceMap.put("id", xResource.getId()); - resourceMap.put("table_name", xResource.getTables()); - resourceMap.put("column_name", xResource.getColumns()); - resourceMap.put("column_families", - xResource.getColumnFamilies()); - resourceMap.put("policyStatus", RangerCommonEnums - .getLabelFor_ActiveStatus(xResource - .getResourceStatus())); - if (xResource.getIsEncrypt() == 1) { - resourceMap.put("encrypt", 1); - } else { - resourceMap.put("encrypt", 0); - } - // resourceMap.put("isEncrypt", - // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); - populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE); - List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap() - .findByResourceId(xResource.getId()); - if (xAuditMaps.size() != 0) { - resourceMap.put("audit", 1); - } else { - resourceMap.put("audit", 0); - } - resourceList.add(resourceMap); + resourceMap.put("id", xResource.getId()); + resourceMap.put("table_name", xResource.getTables()); + resourceMap.put("column_name", xResource.getColumns()); + resourceMap.put("column_families", + xResource.getColumnFamilies()); + resourceMap.put("policyStatus", RangerCommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + if (xResource.getIsEncrypt() == 1) { + resourceMap.put("encrypt", 1); + } else { + resourceMap.put("encrypt", 0); } + // resourceMap.put("isEncrypt", + // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); + populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE); + List<VXAuditMap> xAuditMaps = xResource.getAuditList(); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + resourceList.add(resourceMap); } - else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) { - for (XXResource xResource : xResourceList) { - HashMap<String, Object> resourceMap = new HashMap<String, Object>(); - - resourceMap.put("id", xResource.getId()); - resourceMap.put("topology_name", xResource.getTopologies()) ; - resourceMap.put("service_name", xResource.getServices()) ; - resourceMap.put("policyStatus", RangerCommonEnums - .getLabelFor_ActiveStatus(xResource - .getResourceStatus())); - if (xResource.getIsEncrypt() == 1) { - resourceMap.put("encrypt", 1); - } else { - resourceMap.put("encrypt", 0); - } - // resourceMap.put("isEncrypt", - // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); - populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX); - List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap() - .findByResourceId(xResource.getId()); - if (xAuditMaps.size() != 0) { - resourceMap.put("audit", 1); - } else { - resourceMap.put("audit", 0); - } - resourceList.add(resourceMap); + } + else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) { + for (VXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + + resourceMap.put("id", xResource.getId()); + resourceMap.put("topology_name", xResource.getTopologies()) ; + resourceMap.put("service_name", xResource.getServices()) ; + resourceMap.put("policyStatus", RangerCommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + if (xResource.getIsEncrypt() == 1) { + resourceMap.put("encrypt", 1); + } else { + resourceMap.put("encrypt", 0); } - - } - else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) { - for (XXResource xResource : xResourceList) { - HashMap<String, Object> resourceMap = new HashMap<String, Object>(); - - resourceMap.put("id", xResource.getId()); - resourceMap.put("topology_name", xResource.getTopologies()) ; - resourceMap.put("policyStatus", RangerCommonEnums - .getLabelFor_ActiveStatus(xResource - .getResourceStatus())); - if (xResource.getIsEncrypt() == 1) { - resourceMap.put("encrypt", 1); - } else { - resourceMap.put("encrypt", 0); - } - populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM); - List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap() - .findByResourceId(xResource.getId()); - if (xAuditMaps.size() != 0) { - resourceMap.put("audit", 1); - } else { - resourceMap.put("audit", 0); - } - resourceList.add(resourceMap); - } - } else { - policyExportAudit - .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); - createPolicyAudit(policyExportAudit); - throw restErrorUtil.createRESTException( - "The operation isn't yet supported for the repository", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + // resourceMap.put("isEncrypt", + // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); + populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX); + List<VXAuditMap> xAuditMaps = xResource.getAuditList(); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + resourceList.add(resourceMap); } + + } + else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) { + for (VXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + + resourceMap.put("id", xResource.getId()); + resourceMap.put("topology_name", xResource.getTopologies()) ; + resourceMap.put("policyStatus", RangerCommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + if (xResource.getIsEncrypt() == 1) { + resourceMap.put("encrypt", 1); + } else { + resourceMap.put("encrypt", 0); + } + populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM); + List<VXAuditMap> xAuditMaps = xResource.getAuditList(); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + resourceList.add(resourceMap); + } + } else { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + throw restErrorUtil.createRESTException( + "The operation isn't yet supported for the repository", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); } policyCount = Long.valueOf(resourceList.size()); @@ -1963,20 +1915,19 @@ public class AssetMgr extends AssetMgrBase { } } @SuppressWarnings("unchecked") - private HashMap<String, Object> populatePermMap(XXResource xResource, + private HashMap<String, Object> populatePermMap(VXResource xResource, HashMap<String, Object> resourceMap, int assetType) { - List<XXPermMap> xPermMapList = rangerDaoManager.getXXPermMap() - .findByResourceId(xResource.getId()); + List<VXPermMap> xPermMapList = xResource.getPermMapList(); Set<Long> groupList = new HashSet<Long>(); - for (XXPermMap xPermMap : xPermMapList) { + for (VXPermMap xPermMap : xPermMapList) { groupList.add(xPermMap.getId()); } List<HashMap<String, Object>> sortedPermMapGroupList = new ArrayList<HashMap<String, Object>>(); // Loop for adding group perms - for (XXPermMap xPermMap : xPermMapList) { + for (VXPermMap xPermMap : xPermMapList) { String groupKey = xPermMap.getPermGroup(); if (groupKey != null) { boolean found = false; @@ -1988,21 +1939,17 @@ public class AssetMgr extends AssetMgrBase { Long userId = xPermMap.getUserId(); if (groupId != null) { - Set<String> groups = (Set<String>) sortedPermMap - .get("groups"); - XXGroup xGroup = rangerDaoManager.getXXGroup() - .getById(groupId); - if(xGroup!=null && groups != null){ - groups.add(xGroup.getName()); + Set<String> groups = (Set<String>) sortedPermMap.get("groups"); + + if(groups != null){ + groups.add(xPermMap.getGroupName()); sortedPermMap.put("groups", groups); } } else if (userId != null) { - Set<String> users = (Set<String>) sortedPermMap - .get("users"); - XXUser xUser = rangerDaoManager.getXXUser().getById( - userId); - if (users != null && xUser != null) { - users.add(xUser.getName()); + Set<String> users = (Set<String>) sortedPermMap.get("users"); + + if (users != null) { + users.add(xPermMap.getUserName()); sortedPermMap.put("users", users); } } @@ -2040,16 +1987,12 @@ public class AssetMgr extends AssetMgrBase { if (groupId != null) { Set<String> groupSet = new HashSet<String>(); - XXGroup xGroup = rangerDaoManager.getXXGroup().getById( - xPermMap.getGroupId()); - String group = xGroup.getName(); + String group = xPermMap.getGroupName(); groupSet.add(group); sortedPermMap.put("groups", groupSet); } else if (userId != null) { Set<String> userSet = new HashSet<String>(); - XXUser xUser = rangerDaoManager.getXXUser() - .getById(userId); - String user = xUser.getName(); + String user = xPermMap.getUserName(); userSet.add(user); sortedPermMap.put("users", userSet); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index 94d174f..fa74642 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -244,7 +244,7 @@ public class ServiceUtil { VXAuditMap auditMap = new VXAuditMap(); auditMap.setResourceId(policy.getId()); - auditMap.setAuditType(1); + auditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL); auditList = new ArrayList<VXAuditMap>(); auditList.add(auditMap); @@ -296,6 +296,10 @@ public class ServiceUtil { for(String userName : policyItem.getUsers()) { for(RangerPolicyItemAccess access : policyItem.getAccesses()) { + if(! access.getIsAllowed()) { + continue; + } + VXPermMap permMap = new VXPermMap(); permMap.setPermFor(AppConstants.XA_PERM_FOR_USER); @@ -307,11 +311,28 @@ public class ServiceUtil { permMapList.add(permMap); } + + if(policyItem.getDelegateAdmin()) { + VXPermMap permMap = new VXPermMap(); + + permMap.setPermFor(AppConstants.XA_PERM_FOR_USER); + permMap.setPermGroup(new Integer(permGroup).toString()); + permMap.setUserName(userName); + permMap.setUserId(getUserId(userName)); + permMap.setPermType(toPermType("Admin")); + permMap.setIpAddress(ipAddress); + + permMapList.add(permMap); + } } permGroup++; for(String groupName : policyItem.getGroups()) { for(RangerPolicyItemAccess access : policyItem.getAccesses()) { + if(! access.getIsAllowed()) { + continue; + } + VXPermMap permMap = new VXPermMap(); permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP); @@ -323,6 +344,19 @@ public class ServiceUtil { permMapList.add(permMap); } + + if(policyItem.getDelegateAdmin()) { + VXPermMap permMap = new VXPermMap(); + + permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP); + permMap.setPermGroup(new Integer(permGroup).toString()); + permMap.setGroupName(groupName); + permMap.setGroupId(getGroupId(groupName)); + permMap.setPermType(toPermType("Admin")); + permMap.setIpAddress(ipAddress); + + permMapList.add(permMap); + } } permGroup++; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index f160382..4fd4cc8 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -70,7 +70,6 @@ import org.apache.ranger.view.VXPolicyExportAuditList; import org.apache.ranger.view.VXResource; import org.apache.ranger.view.VXResourceList; import org.apache.ranger.view.VXResponse; -import org.apache.ranger.view.VXStringList; import org.apache.ranger.view.VXTrxLogList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; @@ -420,57 +419,6 @@ public class AssetREST { } @GET - @Path("/hdfs/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullHdfsResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String baseDir = request.getParameter("baseDirectory"); - return assetMgr.getHdfsResources(dataSourceName, baseDir); - } - - @GET - @Path("/hive/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullHiveResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String databaseName = request.getParameter("databaseName"); - String tableName = request.getParameter("tableName"); - String columnName = request.getParameter("columnName"); - return assetMgr.getHiveResources(dataSourceName, databaseName, - tableName, columnName); - } - - @GET - @Path("/hbase/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullHBaseResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String tableName = request.getParameter("tableName"); - String columnFamiles = request.getParameter("columnFamilies"); - return assetMgr.getHBaseResources(dataSourceName, tableName, - columnFamiles); - } - - @GET - @Path("/knox/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullKnoxResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String topologyName = request.getParameter("topologyName"); - String serviceName = request.getParameter("serviceName"); - return assetMgr.getKnoxResources(dataSourceName, topologyName, serviceName); - } - - @GET - @Path("/storm/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullStormResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String topologyName = request.getParameter("topologyName"); - return assetMgr.getStormResources(dataSourceName, topologyName); - } - - @GET @Path("/credstores/{id}") @Produces({ "application/xml", "application/json" }) public VXCredentialStore getXCredentialStore(@PathParam("id") Long id) { @@ -530,7 +478,10 @@ public class AssetREST { new SearchCriteria(), "fileType", "File type", StringUtil.VALIDATION_TEXT); - File file = assetMgr.getXResourceFile(id, fileType); + VXResource resource = getXResource(id); + + File file = assetMgr.getXResourceFile(resource, fileType); + return Response .ok(file, MediaType.APPLICATION_OCTET_STREAM) .header("Content-Disposition", @@ -543,32 +494,33 @@ public class AssetREST { public String getResourceJSON(@Context HttpServletRequest request, @PathParam("repository") String repository) { - boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true); - String epoch = request.getParameter("epoch"); + String epoch = request.getParameter("epoch"); + X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); + String ipAddress = request.getHeader("X-FORWARDED-FOR"); + boolean isSecure = request.isSecure(); + String policyCount = request.getParameter("policyCount"); + String agentId = request.getParameter("agentId"); - X509Certificate[] certchain = (X509Certificate[]) request.getAttribute( - "javax.servlet.request.X509Certificate"); - - String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { ipAddress = request.getRemoteAddr(); } - boolean isSecure = request.isSecure(); - - String policyCount = request.getParameter("policyCount"); - String agentId = request.getParameter("agentId"); - -// File file = assetMgr.getLatestRepoPolicy(repository, -// certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId); - + boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true); -// return Response -// .ok(file, MediaType.APPLICATION_OCTET_STREAM) -// .header("Content-Disposition", -// "attachment;filename=" + file.getName()).build(); + RangerService service = serviceREST.getServiceByName(repository); + List<RangerPolicy> policies = serviceREST.getServicePolicies(repository, request); + + long policyUpdTime = (service != null && service.getPolicyUpdateTime() != null) ? service.getPolicyUpdateTime().getTime() : 0l; + VXAsset vAsset = serviceUtil.toVXAsset(service); + List<VXResource> vResourceList = new ArrayList<VXResource>(); - String file = assetMgr.getLatestRepoPolicy(repository, + if(policies != null) { + for(RangerPolicy policy : policies) { + vResourceList.add(serviceUtil.toVXResource(policy, service)); + } + } + + String file = assetMgr.getLatestRepoPolicy(vAsset, vResourceList, policyUpdTime, certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId); return file;
