http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java deleted file mode 100644 index b51c160..0000000 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java +++ /dev/null @@ -1,1589 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.store.file; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; -import org.apache.commons.collections.Predicate; -import org.apache.commons.collections.PredicateUtils; -import org.apache.commons.lang.ObjectUtils; -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.fs.Path; -import org.apache.ranger.plugin.model.RangerBaseModelObject; -import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.model.RangerService; -import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; -import org.apache.ranger.plugin.store.ServiceStore; -import org.apache.ranger.plugin.util.SearchFilter; -import org.apache.ranger.plugin.util.ServicePolicies; - - -public class ServiceFileStore extends BaseFileStore implements ServiceStore { - private static final Log LOG = LogFactory.getLog(ServiceFileStore.class); - - private long nextServiceDefId = 0; - private long nextServiceId = 0; - private long nextPolicyId = 0; - - static Map<String, Long> legacyServiceDefs = new HashMap<String, Long>(); - - static { - legacyServiceDefs.put("hdfs", new Long(1)); - legacyServiceDefs.put("hbase", new Long(2)); - legacyServiceDefs.put("hive", new Long(3)); - legacyServiceDefs.put("knox", new Long(5)); - legacyServiceDefs.put("storm", new Long(6)); - } - - public ServiceFileStore() { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.ServiceFileStore()"); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.ServiceFileStore()"); - } - } - - @Override - public void init() throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.init()"); - } - - super.initStore(); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.init()"); - } - } - - @Override - public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDefFileStore.createServiceDef(" + serviceDef + ")"); - } - - RangerServiceDef existing = getServiceDefByName(serviceDef.getName()); - - if(existing != null) { - throw new Exception(serviceDef.getName() + ": service-def already exists (id=" + existing.getId() + ")"); - } - - RangerServiceDef ret = null; - - try { - preCreate(serviceDef); - - serviceDef.setId(nextServiceDefId++); - - ret = saveToFile(serviceDef, false); - - postCreate(ret); - } catch(Exception excp) { - LOG.warn("ServiceDefFileStore.createServiceDef(): failed to save service-def '" + serviceDef.getName() + "'", excp); - - throw new Exception("failed to save service-def '" + serviceDef.getName() + "'", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceDefFileStore.createServiceDef(" + serviceDef + ")"); - } - - return ret; - } - - @Override - public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDefFileStore.updateServiceDef(" + serviceDef + ")"); - } - - RangerServiceDef existing = getServiceDef(serviceDef.getId()); - - if(existing == null) { - throw new Exception(serviceDef.getId() + ": service-def does not exist"); - } - - if(isLegacyServiceDef(existing)) { - String msg = existing.getName() + ": is an in-built service-def. Update not allowed"; - - LOG.warn(msg); - - throw new Exception(msg); - } - - String existingName = existing.getName(); - - boolean renamed = !StringUtils.equalsIgnoreCase(serviceDef.getName(), existingName); - - // renaming service-def would require updating services that refer to this service-def - if(renamed) { - LOG.warn("ServiceDefFileStore.updateServiceDef(): service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName()); - - throw new Exception("service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName()); - } - - RangerServiceDef ret = null; - - try { - existing.updateFrom(serviceDef); - - preUpdate(existing); - - ret = saveToFile(existing, true); - - postUpdate(ret); - } catch(Exception excp) { - LOG.warn("ServiceDefFileStore.updateServiceDef(): failed to save service-def '" + existing.getName() + "'", excp); - - throw new Exception("failed to save service-def '" + existing.getName() + "'", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceDefFileStore.updateServiceDef(" + serviceDef + "): " + ret); - } - - return ret; - } - - @Override - public void deleteServiceDef(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDefFileStore.deleteServiceDef(" + id + ")"); - } - - RangerServiceDef existing = getServiceDef(id); - - if(existing == null) { - throw new Exception("service-def does not exist. id=" + id); - } - - if(isLegacyServiceDef(existing)) { - String msg = existing.getName() + ": is an in-built service-def. Update not allowed"; - - LOG.warn(msg); - - throw new Exception(msg); - } - - // TODO: deleting service-def would require deleting services that refer to this service-def - - try { - preDelete(existing); - - Path filePath = new Path(getServiceDefFile(id)); - - deleteFile(filePath); - - postDelete(existing); - } catch(Exception excp) { - throw new Exception("failed to delete service-def. id=" + id + "; name=" + existing.getName(), excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceDefFileStore.deleteServiceDef(" + id + ")"); - } - } - - @Override - public RangerServiceDef getServiceDef(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDefFileStore.getServiceDef(" + id + ")"); - } - - RangerServiceDef ret = null; - - if(id != null) { - SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE_ID, id.toString()); - - List<RangerServiceDef> serviceDefs = getServiceDefs(filter); - - ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceDefFileStore.getServiceDef(" + id + "): " + ret); - } - - return ret; - } - - @Override - public RangerServiceDef getServiceDefByName(String name) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDefFileStore.getServiceDefByName(" + name + ")"); - } - - RangerServiceDef ret = null; - - if(name != null) { - SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE, name); - - List<RangerServiceDef> serviceDefs = getServiceDefs(filter); - - ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceDefFileStore.getServiceDefByName(" + name + "): " + ret); - } - - return ret; - } - - @Override - public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDefFileStore.getServiceDefs()"); - } - - List<RangerServiceDef> ret = getAllServiceDefs(); - - if(ret != null && filter != null && !filter.isEmpty()) { - CollectionUtils.filter(ret, getPredicate(filter)); - - Comparator<RangerBaseModelObject> comparator = getSorter(filter); - - if(comparator != null) { - Collections.sort(ret, comparator); - } - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceDefFileStore.getServiceDefs(): count=" + (ret == null ? 0 : ret.size())); - } - - return ret; - } - - - @Override - public RangerService createService(RangerService service) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.createService(" + service + ")"); - } - - RangerService existing = getServiceByName(service.getName()); - - if(existing != null) { - throw new Exception("service already exists - '" + service.getName() + "'. ID=" + existing.getId()); - } - - RangerService ret = null; - - try { - preCreate(service); - - service.setId(nextServiceId++); - - ret = saveToFile(service, false); - - postCreate(service); - } catch(Exception excp) { - throw new Exception("failed to save service '" + service.getName() + "'", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.createService(" + service + "): " + ret); - } - - return ret; - } - - @Override - public RangerService updateService(RangerService service) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.updateService(" + service + ")"); - } - - RangerService existing = getService(service.getId()); - - if(existing == null) { - throw new Exception("no service exists with ID=" + service.getId()); - } - - String existingName = existing.getName(); - - boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName); - - if(renamed) { - RangerService newNameService = getServiceByName(service.getName()); - - if(newNameService != null) { - throw new Exception("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId()); - } - } - - RangerService ret = null; - - try { - existing.updateFrom(service); - - preUpdate(existing); - - ret = saveToFile(existing, true); - - postUpdate(ret); - - if(renamed) { - handleServiceRename(ret, existingName); - } - } catch(Exception excp) { - throw new Exception("failed to update service '" + existing.getName() + "'", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.updateService(" + service + "): " + ret); - } - - return ret; - } - - @Override - public void deleteService(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.deleteService(" + id + ")"); - } - - RangerService existing = getService(id); - - if(existing == null) { - throw new Exception("no service exists with ID=" + id); - } - - try { - Path filePath = new Path(getServiceFile(id)); - - preDelete(existing); - - handleServiceDelete(existing); - - deleteFile(filePath); - - postDelete(existing); - } catch(Exception excp) { - throw new Exception("failed to delete service with ID=" + id, excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.deleteService(" + id + ")"); - } - } - - @Override - public RangerService getService(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getService(" + id + ")"); - } - - RangerService ret = null; - - try { - Path filePath = new Path(getServiceFile(id)); - - ret = loadFromFile(filePath, RangerService.class); - } catch(Exception excp) { - LOG.error("ServiceFileStore.getService(" + id + "): failed to read service", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getService(" + id + "): " + ret); - } - - return ret; - } - - @Override - public RangerService getServiceByName(String name) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getServiceByName(" + name + ")"); - } - - RangerService ret = null; - - if(name != null) { - SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, name); - - List<RangerService> services = getServices(filter); - - ret = CollectionUtils.isEmpty(services) ? null : services.get(0); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getServiceByName(" + name + "): " + ret); - } - - return ret; - } - - @Override - public List<RangerService> getServices(SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getServices()"); - } - - List<RangerService> ret = getAllServices(); - - if(ret != null && filter != null && !filter.isEmpty()) { - CollectionUtils.filter(ret, getPredicate(filter)); - - Comparator<RangerBaseModelObject> comparator = getSorter(filter); - - if(comparator != null) { - Collections.sort(ret, comparator); - } - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getServices(): count=" + (ret == null ? 0 : ret.size())); - } - - return ret; - } - - @Override - public RangerPolicy createPolicy(RangerPolicy policy) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.createPolicy(" + policy + ")"); - } - - RangerService service = getServiceByName(policy.getService()); - - if(service == null) { - throw new Exception("service does not exist - name=" + policy.getService()); - } - - RangerPolicy existing = findPolicyByName(policy.getService(), policy.getName()); - - if(existing != null) { - throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId()); - } - - RangerPolicy ret = null; - - try { - preCreate(policy); - - policy.setId(nextPolicyId++); - - ret = saveToFile(policy, service.getId(), false); - - handlePolicyUpdate(service); - - postCreate(ret); - } catch(Exception excp) { - throw new Exception("failed to save policy: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName(), excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.createPolicy(" + policy + "): " + ret); - } - - return ret; - } - - @Override - public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.updatePolicy(" + policy + ")"); - } - - RangerPolicy existing = getPolicy(policy.getId()); - - if(existing == null) { - throw new Exception("no policy exists with ID=" + policy.getId()); - } - - RangerService service = getServiceByName(policy.getService()); - - if(service == null) { - throw new Exception("service does not exist - name=" + policy.getService()); - } - - if(! StringUtils.equalsIgnoreCase(existing.getService(), policy.getService())) { - throw new Exception("policy id=" + policy.getId() + " already exists in service " + existing.getService() + ". It can not be moved to service " + policy.getService()); - } - - boolean renamed = !StringUtils.equalsIgnoreCase(policy.getName(), existing.getName()); - - if(renamed) { - RangerPolicy newNamePolicy = findPolicyByName(service.getName(), policy.getName()); - - if(newNamePolicy != null) { - throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId()); - } - } - - RangerPolicy ret = null; - - try { - existing.updateFrom(policy); - - preUpdate(existing); - - ret = saveToFile(existing, service.getId(), true); - - handlePolicyUpdate(service); - - postUpdate(ret); - } catch(Exception excp) { - throw new Exception("failed to update policy - ID=" + existing.getId(), excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.updatePolicy(" + policy + "): " + ret); - } - - return ret; - } - - @Override - public void deletePolicy(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.deletePolicy(" + id + ")"); - } - - RangerPolicy existing = getPolicy(id); - - if(existing == null) { - throw new Exception("no policy exists with ID=" + id); - } - - RangerService service = getServiceByName(existing.getService()); - - if(service == null) { - throw new Exception("service does not exist - name='" + existing.getService()); - } - - try { - preDelete(existing); - - Path filePath = new Path(getPolicyFile(service.getId(), existing.getId())); - - deleteFile(filePath); - - handlePolicyUpdate(service); - - postDelete(existing); - } catch(Exception excp) { - throw new Exception(existing.getId() + ": failed to delete policy", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.deletePolicy(" + id + ")"); - } - } - - @Override - public RangerPolicy getPolicy(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getPolicy(" + id + ")"); - } - - RangerPolicy ret = null; - - if(id != null) { - SearchFilter filter = new SearchFilter(SearchFilter.POLICY_ID, id.toString()); - - List<RangerPolicy> policies = getPolicies(filter); - - ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getPolicy(" + id + "): " + ret); - } - - return ret; - } - - @Override - public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getPolicies()"); - } - - List<RangerPolicy> ret = getAllPolicies(); - - if(ret != null && filter != null && !filter.isEmpty()) { - CollectionUtils.filter(ret, getPredicate(filter)); - - Comparator<RangerBaseModelObject> comparator = getSorter(filter); - - if(comparator != null) { - Collections.sort(ret, comparator); - } - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getPolicies(): count=" + (ret == null ? 0 : ret.size())); - } - - return ret; - } - - @Override - public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceId + ")"); - } - - RangerService service = getService(serviceId); - - if(service == null) { - throw new Exception("service does not exist - id='" + serviceId); - } - - List<RangerPolicy> ret = getServicePolicies(service.getName(), filter); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceId + "): " + ((ret == null) ? 0 : ret.size())); - } - - return ret; - } - - @Override - public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceName + ")"); - } - - List<RangerPolicy> ret = new ArrayList<RangerPolicy>(); - - try { - if(filter == null) { - filter = new SearchFilter(); - } - - filter.setParam(SearchFilter.SERVICE_NAME, serviceName); - - ret = getPolicies(filter); - } catch(Exception excp) { - LOG.error("ServiceFileStore.getServicePolicies(" + serviceName + "): failed to read policies", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceName + "): count=" + ((ret == null) ? 0 : ret.size())); - } - - return ret; - } - - @Override - public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")"); - } - - RangerService service = getServiceByName(serviceName); - - if(service == null) { - throw new Exception("service does not exist - name=" + serviceName); - } - - RangerServiceDef serviceDef = getServiceDefByName(service.getType()); - - if(serviceDef == null) { - throw new Exception(service.getType() + ": unknown service-def)"); - } - - ServicePolicies ret = new ServicePolicies(); - ret.setServiceId(service.getId()); - ret.setServiceName(service.getName()); - ret.setPolicyVersion(service.getPolicyVersion()); - ret.setPolicyUpdateTime(service.getPolicyUpdateTime()); - ret.setServiceDef(serviceDef); - ret.setPolicies(new ArrayList<RangerPolicy>()); - - if(lastKnownVersion == null || service.getPolicyVersion() == null || lastKnownVersion.longValue() != service.getPolicyVersion().longValue()) { - SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, serviceName); - - List<RangerPolicy> policies = getPolicies(filter); - - ret.setPolicies(policies); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size())); - } - - if(ret != null && ret.getPolicies() != null) { - Collections.sort(ret.getPolicies(), idComparator); - } - - return ret; - } - - - private void handleServiceRename(RangerService service, String oldName) throws Exception { - List<RangerPolicy> policies = getAllPolicies(); - - if(policies != null) { - for(RangerPolicy policy : policies) { - if(StringUtils.equalsIgnoreCase(policy.getService(), oldName)) { - policy.setService(service.getName()); - - preUpdate(policy); - - saveToFile(policy, service.getId(), true); - - postUpdate(policy); - } - } - } - } - - private void handleServiceDelete(RangerService service) throws Exception { - List<RangerPolicy> policies = getAllPolicies(); - - if(policies != null) { - for(RangerPolicy policy : policies) { - if(! StringUtils.equals(policy.getService(), service.getName())) { - continue; - } - - preDelete(policy); - - Path filePath = new Path(getPolicyFile(service.getId(), policy.getId())); - - deleteFile(filePath); - - postDelete(policy); - } - } - } - - private void handlePolicyUpdate(RangerService service) throws Exception { - if(service == null) { - return; - } - - Long policyVersion = service.getPolicyVersion(); - - if(policyVersion == null) { - policyVersion = new Long(1); - } else { - policyVersion = new Long(policyVersion.longValue() + 1); - } - - service.setPolicyVersion(policyVersion); - service.setPolicyUpdateTime(new Date()); - - saveToFile(service, true); - } - - private RangerPolicy findPolicyByName(String serviceName, String policyName) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + ")"); - } - - RangerService service = getServiceByName(serviceName); - - if(service == null) { - throw new Exception("service does not exist - name='" + serviceName); - } - - RangerPolicy ret = null; - - SearchFilter filter = new SearchFilter(); - - filter.setParam(SearchFilter.SERVICE_NAME, serviceName); - filter.setParam(SearchFilter.POLICY_NAME, policyName); - - List<RangerPolicy> policies = getPolicies(filter); - - ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + "): " + ret); - } - - return ret; - } - - private boolean isLegacyServiceDef(RangerServiceDef sd) { - return sd == null ? false : (isLegacyServiceDef(sd.getName()) || isLegacyServiceDef(sd.getId())); - } - - private boolean isLegacyServiceDef(String name) { - return name == null ? false : legacyServiceDefs.containsKey(name); - } - - private boolean isLegacyServiceDef(Long id) { - return id == null ? false : legacyServiceDefs.containsValue(id); - } - - private List<RangerServiceDef> getAllServiceDefs() throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDefFileStore.getAllServiceDefs()"); - } - - List<RangerServiceDef> ret = new ArrayList<RangerServiceDef>(); - - try { - // load definitions for legacy services from embedded resources - String[] legacyServiceDefResources = { - "/service-defs/ranger-servicedef-hdfs.json", - "/service-defs/ranger-servicedef-hive.json", - "/service-defs/ranger-servicedef-hbase.json", - "/service-defs/ranger-servicedef-knox.json", - "/service-defs/ranger-servicedef-storm.json", - }; - - for(String resource : legacyServiceDefResources) { - RangerServiceDef sd = loadFromResource(resource, RangerServiceDef.class); - - if(sd != null) { - ret.add(sd); - } - } - nextServiceDefId = getMaxId(ret) + 1; - - // load service definitions from file system - List<RangerServiceDef> sds = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE_DEF, RangerServiceDef.class); - - if(sds != null) { - for(RangerServiceDef sd : sds) { - if(sd != null) { - if(isLegacyServiceDef(sd)) { - LOG.warn("Found in-built service-def '" + sd.getName() + "' under " + getDataDir() + ". Ignorning"); - - continue; - } - - // if the ServiceDef is already found, remove the earlier definition - for(int i = 0; i < ret.size(); i++) { - RangerServiceDef currSd = ret.get(i); - - if(StringUtils.equals(currSd.getName(), sd.getName()) || - ObjectUtils.equals(currSd.getId(), sd.getId())) { - ret.remove(i); - } - } - - ret.add(sd); - } - } - } - nextServiceDefId = getMaxId(ret) + 1; - } catch(Exception excp) { - LOG.error("ServiceDefFileStore.getAllServiceDefs(): failed to read service-defs", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceDefFileStore.getAllServiceDefs(): count=" + (ret == null ? 0 : ret.size())); - } - - if(ret != null) { - Collections.sort(ret, idComparator); - - for(RangerServiceDef sd : ret) { - Collections.sort(sd.getResources(), resourceLevelComparator); - } - } - - return ret; - } - - private List<RangerService> getAllServices() throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getAllServices()"); - } - - List<RangerService> ret = null; - - try { - ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class); - - nextServiceId = getMaxId(ret) + 1; - } catch(Exception excp) { - LOG.error("ServiceFileStore.getAllServices(): failed to read services", excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getAllServices(): count=" + (ret == null ? 0 : ret.size())); - } - - if(ret != null) { - Collections.sort(ret, idComparator); - } - - return ret; - } - - private List<RangerPolicy> getAllPolicies() throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceFileStore.getAllPolicies()"); - } - - List<RangerPolicy> ret = null; - - try { - ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class); - - nextPolicyId = getMaxId(ret) + 1; - } catch(Exception excp) { - LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp); - } - - if(ret != null) { - Collections.sort(ret, idComparator); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size())); - } - - return ret; - } - - private String getServiceType(String serviceName) { - RangerService service = null; - - try { - service = getServiceByName(serviceName); - } catch(Exception excp) { - // ignore - } - - return service != null ? service.getType() : null; - } - - private Long getServiceId(String serviceName) { - RangerService service = null; - - try { - service = getServiceByName(serviceName); - } catch(Exception excp) { - // ignore - } - - return service != null ? service.getId() : null; - } - - private final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() { - @Override - public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) { - Long val1 = (o1 != null) ? o1.getId() : null; - Long val2 = (o2 != null) ? o2.getId() : null; - - return ObjectUtils.compare(val1, val2); - } - }; - - private final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() { - @Override - public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) { - Date val1 = (o1 != null) ? o1.getCreateTime() : null; - Date val2 = (o2 != null) ? o2.getCreateTime() : null; - - return ObjectUtils.compare(val1, val2); - } - }; - - private final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() { - @Override - public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) { - Date val1 = (o1 != null) ? o1.getUpdateTime() : null; - Date val2 = (o2 != null) ? o2.getUpdateTime() : null; - - return ObjectUtils.compare(val1, val2); - } - }; - - private final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() { - @Override - public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) { - String val1 = null; - String val2 = null; - - if(o1 != null) { - if(o1 instanceof RangerServiceDef) { - val1 = ((RangerServiceDef)o1).getName(); - } else if(o1 instanceof RangerService) { - val1 = ((RangerService)o1).getType(); - } - } - - if(o2 != null) { - if(o2 instanceof RangerServiceDef) { - val2 = ((RangerServiceDef)o2).getName(); - } else if(o2 instanceof RangerService) { - val2 = ((RangerService)o2).getType(); - } - } - - return ObjectUtils.compare(val1, val2); - } - }; - - private final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() { - @Override - public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) { - String val1 = null; - String val2 = null; - - if(o1 != null) { - if(o1 instanceof RangerPolicy) { - val1 = ((RangerPolicy)o1).getService(); - } else if(o1 instanceof RangerService) { - val1 = ((RangerService)o1).getType(); - } - } - - if(o2 != null) { - if(o2 instanceof RangerPolicy) { - val2 = ((RangerPolicy)o2).getService(); - } else if(o2 instanceof RangerService) { - val2 = ((RangerService)o2).getType(); - } - } - - return ObjectUtils.compare(val1, val2); - } - }; - - private final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() { - @Override - public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) { - String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null; - String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null; - - return ObjectUtils.compare(val1, val2); - } - }; - - private final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() { - @Override - public int compare(RangerResourceDef o1, RangerResourceDef o2) { - Integer val1 = (o1 != null) ? o1.getLevel() : null; - Integer val2 = (o2 != null) ? o2.getLevel() : null; - - return ObjectUtils.compare(val1, val2); - } - }; - - private Predicate getPredicate(SearchFilter filter) { - if(filter == null || filter.isEmpty()) { - return null; - } - - List<Predicate> predicates = new ArrayList<Predicate>(); - - addPredicateForLoginUser(filter.getParam(SearchFilter.LOGIN_USER), predicates); - addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates); - addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates); - addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates); - addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates); - addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates); - addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates); - addPredicateForStatus(filter.getParam(SearchFilter.STATUS), predicates); - addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates); - addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates); - addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates); - - Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates); - - return ret; - } - - private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>(); - - static { - sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator); - sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator); - sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator); - sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator); - sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator); - sorterMap.put(SearchFilter.POLICY_ID, idComparator); - sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator); - sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator); - } - - private Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) { - String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY); - - if(StringUtils.isEmpty(sortBy)) { - return null; - } - - Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy); - - return ret; - } - - private Predicate addPredicateForLoginUser(final String loginUser, List<Predicate> predicates) { - if(StringUtils.isEmpty(loginUser)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - for(RangerPolicyItem policyItem : policy.getPolicyItems()) { - if(!policyItem.getDelegateAdmin()) { - continue; - } - - if(policyItem.getUsers().contains(loginUser)) { // TODO: group membership check - ret = true; - - break; - } - } - } else { - ret = true; - } - - return ret; - } - }; - - if(ret != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) { - if(StringUtils.isEmpty(serviceType)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - ret = StringUtils.equals(serviceType, getServiceType(policy.getService())); - } else if(object instanceof RangerService) { - RangerService service = (RangerService)object; - - ret = StringUtils.equals(serviceType, service.getType()); - } else if(object instanceof RangerServiceDef) { - RangerServiceDef serviceDef = (RangerServiceDef)object; - - ret = StringUtils.equals(serviceType, serviceDef.getName()); - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) { - if(StringUtils.isEmpty(serviceTypeId)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerServiceDef) { - RangerServiceDef serviceDef = (RangerServiceDef)object; - Long svcDefId = serviceDef.getId(); - - if(svcDefId != null) { - ret = StringUtils.equals(serviceTypeId, svcDefId.toString()); - } - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) { - if(StringUtils.isEmpty(serviceName)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - ret = StringUtils.equals(serviceName, policy.getService()); - } else if(object instanceof RangerService) { - RangerService service = (RangerService)object; - - ret = StringUtils.equals(serviceName, service.getName()); - } else { - ret = true; - } - - return ret; - } - }; - - if(ret != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) { - if(StringUtils.isEmpty(serviceId)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - Long svcId = getServiceId(policy.getService()); - - if(svcId != null) { - ret = StringUtils.equals(serviceId, svcId.toString()); - } - } else if(object instanceof RangerService) { - RangerService service = (RangerService)object; - - if(service.getId() != null) { - ret = StringUtils.equals(serviceId, service.getId().toString()); - } - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) { - if(StringUtils.isEmpty(policyName)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - ret = StringUtils.equals(policyName, policy.getName()); - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) { - if(StringUtils.isEmpty(policyId)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - if(policy.getId() != null) { - ret = StringUtils.equals(policyId, policy.getId().toString()); - } - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) { - if(StringUtils.isEmpty(userName)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - for(RangerPolicyItem policyItem : policy.getPolicyItems()) { - if(policyItem.getUsers().contains(userName)) { // TODO: group membership check - ret = true; - - break; - } - } - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) { - if(StringUtils.isEmpty(groupName)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - for(RangerPolicyItem policyItem : policy.getPolicyItems()) { - if(policyItem.getGroups().contains(groupName)) { - ret = true; - - break; - } - } - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForStatus(final String status, List<Predicate> predicates) { - if(StringUtils.isEmpty(status)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerBaseModelObject) { - RangerBaseModelObject obj = (RangerBaseModelObject)object; - - if(StringUtils.equals(status, "enabled")) { - ret = obj.getIsEnabled(); - } else if(StringUtils.equals(status, "disabled")) { - ret = !obj.getIsEnabled(); - } - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } - - private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) { - if(MapUtils.isEmpty(resources)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - if(object == null) { - return false; - } - - boolean ret = false; - - if(object instanceof RangerPolicy) { - RangerPolicy policy = (RangerPolicy)object; - - if(! MapUtils.isEmpty(policy.getResources())) { - int numFound = 0; - for(String name : resources.keySet()) { - boolean isMatch = false; - - RangerPolicyResource policyResource = policy.getResources().get(name); - - if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) { - String val = resources.get(name); - - if(policyResource.getValues().contains(val)) { - isMatch = true; - } else { - for(String policyResourceValue : policyResource.getValues()) { - if(policyResourceValue.contains(val)) { // TODO: consider match for wildcard in policyResourceValue? - isMatch = true; - break; - } - } - } - } - - if(isMatch) { - numFound++; - } else { - break; - } - } - - ret = numFound == resources.size(); - } - } else { - ret = true; - } - - return ret; - } - }; - - if(predicates != null) { - predicates.add(ret); - } - - return ret; - } -}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java deleted file mode 100644 index dd3624b..0000000 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java +++ /dev/null @@ -1,609 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.store.rest; - -import java.util.List; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.admin.client.datatype.RESTResponse; -import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerService; -import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.store.ServiceStore; -import org.apache.ranger.plugin.util.RangerRESTClient; -import org.apache.ranger.plugin.util.SearchFilter; -import org.apache.ranger.plugin.util.ServicePolicies; - -import com.sun.jersey.api.client.ClientResponse; -import com.sun.jersey.api.client.GenericType; -import com.sun.jersey.api.client.WebResource; - - -public class ServiceRESTStore implements ServiceStore { - private static final Log LOG = LogFactory.getLog(ServiceRESTStore.class); - - - public final String REST_URL_SERVICEDEF_CREATE = "/service/plugins/definitions"; - public final String REST_URL_SERVICEDEF_UPDATE = "/service/plugins/definitions/"; - public final String REST_URL_SERVICEDEF_DELETE = "/service/plugins/definitions/"; - public final String REST_URL_SERVICEDEF_GET = "/service/plugins/definitions/"; - public final String REST_URL_SERVICEDEF_GET_BY_NAME = "/service/plugins/definitions/name/"; - public final String REST_URL_SERVICEDEF_GET_ALL = "/service/plugins/definitions"; - - public final String REST_URL_SERVICE_CREATE = "/service/plugins/services"; - public final String REST_URL_SERVICE_UPDATE = "/service/plugins/services/"; - public final String REST_URL_SERVICE_DELETE = "/service/plugins/services/"; - public final String REST_URL_SERVICE_GET = "/service/plugins/services/"; - public final String REST_URL_SERVICE_GET_BY_NAME = "/service/plugins/services/name/"; - public final String REST_URL_SERVICE_GET_ALL = "/service/plugins/services"; - - public final String REST_URL_POLICY_CREATE = "/service/plugins/policies"; - public final String REST_URL_POLICY_UPDATE = "/service/plugins/policies/"; - public final String REST_URL_POLICY_DELETE = "/service/plugins/policies/"; - public final String REST_URL_POLICY_GET = "/service/plugins/policies/"; - public final String REST_URL_POLICY_GET_BY_NAME = "/service/plugins/policies/name/"; - public final String REST_URL_POLICY_GET_ALL = "/service/plugins/policies"; - public final String REST_URL_POLICY_GET_FOR_SERVICE = "/service/plugins/policies/service/"; - public final String REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME = "/service/plugins/policies/service/name/"; - public final String REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED = "/service/plugins/policies/service/name/"; - - public static final String REST_MIME_TYPE_JSON = "application/json" ; - - private RangerRESTClient restClient; - - public ServiceRESTStore() { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.ServiceRESTStore()"); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.ServiceRESTStore()"); - } - } - - @Override - public void init() throws Exception { - String restUrl = RangerConfiguration.getInstance().get("ranger.service.store.rest.url", "http://localhost:6080";); - String restUsername = RangerConfiguration.getInstance().get("ranger.service.store.rest.username", "admin"); - String restPassword = RangerConfiguration.getInstance().get("ranger.service.store.rest.password", "admin"); - String sslConfigFile = RangerConfiguration.getInstance().get("ranger.service.store.rest.ssl.config.file", ""); - - restClient = new RangerRESTClient(restUrl, sslConfigFile); - restClient.setBasicAuthInfo(restUsername, restPassword); - } - - @Override - public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.createServiceDef(" + serviceDef + ")"); - } - - RangerServiceDef ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICEDEF_CREATE); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(serviceDef)); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerServiceDef.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.createServiceDef(" + serviceDef + "): " + ret); - } - - return ret; - } - - @Override - public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.updateServiceDef(" + serviceDef + ")"); - } - - RangerServiceDef ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICEDEF_UPDATE + serviceDef.getId()); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(serviceDef)); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerServiceDef.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.updateServiceDef(" + serviceDef + "): " + ret); - } - - return ret; - } - - @Override - public void deleteServiceDef(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.deleteServiceDef(" + id + ")"); - } - - WebResource webResource = createWebResource(REST_URL_SERVICEDEF_DELETE + id); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class); - - if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.deleteServiceDef(" + id + ")"); - } - } - - @Override - public RangerServiceDef getServiceDef(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServiceDef(" + id + ")"); - } - - RangerServiceDef ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET + id); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerServiceDef.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getServiceDef(" + id + "): " + ret); - } - - return ret; - } - - @Override - public RangerServiceDef getServiceDefByName(String name) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServiceDefByName(" + name + ")"); - } - - RangerServiceDef ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_BY_NAME + name); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerServiceDef.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getServiceDefByName(" + name + "): " + ret); - } - - return ret; - } - - @Override - public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServiceDefs()"); - } - - List<RangerServiceDef> ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_ALL, filter); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(new GenericType<List<RangerServiceDef>>() { }); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getAllServiceDefs(): " + ret); - } - - return ret; - } - - @Override - public RangerService createService(RangerService service) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.createService(" + service + ")"); - } - - RangerService ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICE_CREATE); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(service)); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerService.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.createService(" + service + "): " + ret); - } - - return ret; - } - - @Override - public RangerService updateService(RangerService service) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.updateService(" + service + ")"); - } - - RangerService ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICE_UPDATE + service.getId()); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(service)); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerService.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.updateService(" + service + "): " + ret); - } - - return ret; - } - - @Override - public void deleteService(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.deleteService(" + id + ")"); - } - - WebResource webResource = createWebResource(REST_URL_SERVICE_DELETE + id); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class); - - if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.deleteService(" + id + ")"); - } - } - - @Override - public RangerService getService(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getService(" + id + ")"); - } - - RangerService ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICE_GET + id); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerService.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getService(" + id + "): " + ret); - } - - return ret; - } - - @Override - public RangerService getServiceByName(String name) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServiceByName(" + name + ")"); - } - - RangerService ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICE_GET_BY_NAME + name); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerService.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getServiceByName(" + name + "): " + ret); - } - - return ret; - } - - @Override - public List<RangerService> getServices(SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServices()"); - } - - List<RangerService> ret = null; - - WebResource webResource = createWebResource(REST_URL_SERVICE_GET_ALL, filter); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(new GenericType<List<RangerService>>() { }); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getServices(): " + ret); - } - - return ret; - } - - @Override - public RangerPolicy createPolicy(RangerPolicy policy) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.createPolicy(" + policy + ")"); - } - - RangerPolicy ret = null; - - WebResource webResource = createWebResource(REST_URL_POLICY_CREATE); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(policy)); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerPolicy.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.createPolicy(" + policy + "): " + ret); - } - - return ret; - } - - @Override - public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.updatePolicy(" + policy + ")"); - } - - RangerPolicy ret = null; - - WebResource webResource = createWebResource(REST_URL_POLICY_UPDATE + policy.getId()); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(policy)); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerPolicy.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.updatePolicy(" + policy + "): " + ret); - } - - return ret; - } - - @Override - public void deletePolicy(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.deletePolicy(" + id + ")"); - } - - WebResource webResource = createWebResource(REST_URL_POLICY_DELETE + id); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class); - - if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.deletePolicy(" + id + ")"); - } - } - - @Override - public RangerPolicy getPolicy(Long id) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getPolicy(" + id + ")"); - } - - RangerPolicy ret = null; - - WebResource webResource = createWebResource(REST_URL_POLICY_GET + id); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(RangerPolicy.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getPolicy(" + id + "): " + ret); - } - - return ret; - } - - @Override - public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getPolicies()"); - } - - List<RangerPolicy> ret = null; - - WebResource webResource = createWebResource(REST_URL_POLICY_GET_ALL, filter); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(new GenericType<List<RangerPolicy>>() { }); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getPolicies(): " + ret); - } - - return ret; - } - - @Override - public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceId + ")"); - } - - List<RangerPolicy> ret = null; - - WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE + serviceId, filter); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(new GenericType<List<RangerPolicy>>() { }); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceId + "): " + ret); - } - - return ret; - } - - @Override - public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceName + ")"); - } - - List<RangerPolicy> ret = null; - - WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME + serviceName, filter); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(new GenericType<List<RangerPolicy>>() { }); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceName + "): " + ret); - } - - return ret; - } - - @Override - public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")"); - } - - ServicePolicies ret = null; - - WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName + "/" + lastKnownVersion); - ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class); - - if(response != null && response.getStatus() == 200) { - ret = response.getEntity(ServicePolicies.class); - } else { - RESTResponse resp = RESTResponse.fromClientResponse(response); - - throw new Exception(resp.getMessage()); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): " + ret); - } - - return ret; - } - - private WebResource createWebResource(String url) { - return createWebResource(url, null); - } - - private WebResource createWebResource(String url, SearchFilter filter) { - WebResource ret = restClient.getResource(url); - - if(filter != null) { - // TODO: add query params for filter - } - - return ret; - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java deleted file mode 100644 index 7112562..0000000 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.util; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.policyengine.RangerPolicyEngine; -import org.apache.ranger.plugin.store.ServiceStore; - - -public class PolicyRefresher extends Thread { - private static final Log LOG = LogFactory.getLog(PolicyRefresher.class); - - private RangerPolicyEngine policyEngine = null; - private String serviceType = null; - private String serviceName = null; - private ServiceStore serviceStore = null; - private long pollingIntervalMs = 30 * 1000; - - private boolean shutdownFlag = false; - private ServicePolicies lastKnownPolicies = null; - - - public PolicyRefresher(RangerPolicyEngine policyEngine, String serviceType, String serviceName, ServiceStore serviceStore, long pollingIntervalMs, String cacheDir) { - if(LOG.isDebugEnabled()) { - LOG.debug("==> PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")"); - } - - this.policyEngine = policyEngine; - this.serviceType = serviceType; - this.serviceName = serviceName; - this.serviceStore = serviceStore; - this.pollingIntervalMs = pollingIntervalMs; - - if(LOG.isDebugEnabled()) { - LOG.debug("<== PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")"); - } - } - - /** - * @return the policyEngine - */ - public RangerPolicyEngine getPolicyEngine() { - return policyEngine; - } - - /** - * @return the serviceType - */ - public String getServiceType() { - return serviceType; - } - - /** - * @return the serviceName - */ - public String getServiceName() { - return serviceName; - } - - /** - * @return the serviceStore - */ - public ServiceStore getServiceStore() { - return serviceStore; - } - - /** - * @return the pollingIntervalMilliSeconds - */ - public long getPollingIntervalMs() { - return pollingIntervalMs; - } - - /** - * @param pollingIntervalMilliSeconds the pollingIntervalMilliSeconds to set - */ - public void setPollingIntervalMilliSeconds(long pollingIntervalMilliSeconds) { - this.pollingIntervalMs = pollingIntervalMilliSeconds; - } - - public void startRefresher() { - shutdownFlag = false; - - super.start(); - } - - public void stopRefresher() { - shutdownFlag = true; - } - - public void run() { - if(LOG.isDebugEnabled()) { - LOG.debug("==> PolicyRefresher.run()"); - } - - while(! shutdownFlag) { - try { - long lastKnownVersion = (lastKnownPolicies == null || lastKnownPolicies.getPolicyVersion() == null) ? 0 : lastKnownPolicies.getPolicyVersion().longValue(); - - ServicePolicies svcPolicies = serviceStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion); - - long newVersion = (svcPolicies == null || svcPolicies.getPolicyVersion() == null) ? 0 : svcPolicies.getPolicyVersion().longValue(); - - boolean isUpdated = newVersion != 0 && lastKnownVersion != newVersion; - - if(isUpdated) { - if(LOG.isDebugEnabled()) { - LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): found updated version. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion); - } - - policyEngine.setPolicies(serviceName, svcPolicies.getServiceDef(), svcPolicies.getPolicies()); - - lastKnownPolicies = svcPolicies; - } else { - if(LOG.isDebugEnabled()) { - LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): no update found. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion); - } - } - } catch(Exception excp) { - LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): ", excp); - } - - try { - Thread.sleep(pollingIntervalMs); - } catch(Exception excp) { - LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): error while sleep. exiting thread", excp); - - throw new RuntimeException(excp); - } - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== PolicyRefresher.run()"); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java deleted file mode 100644 index cfff4b7..0000000 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java +++ /dev/null @@ -1,376 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.util; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider; -import org.apache.ranger.authorization.utils.StringUtil; -import org.codehaus.jackson.jaxrs.JacksonJsonProvider; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.sun.jersey.api.client.Client; -import com.sun.jersey.api.client.WebResource; -import com.sun.jersey.api.client.config.ClientConfig; -import com.sun.jersey.api.client.config.DefaultClientConfig; -import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter; -import com.sun.jersey.client.urlconnection.HTTPSProperties; - - -public class RangerRESTClient { - private static final Log LOG = LogFactory.getLog(RangerRESTClient.class); - - public static final String RANGER_PROP_POLICYMGR_URL = "xasecure.policymgr.url"; - public static final String RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME = "xasecure.policymgr.sslconfig.filename"; - - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks"; - - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks"; - - public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = "SunX509" ; - public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = "SunX509" ; - public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "SSL" ; - - - private String mUrl = null; - private String mSslConfigFileName = null; - private String mUsername = null; - private String mPassword = null; - private boolean mIsSSL = false; - - private String mKeyStoreURL = null; - private String mKeyStoreAlias = null; - private String mKeyStoreFile = null; - private String mKeyStoreType = null; - private String mTrustStoreURL = null; - private String mTrustStoreAlias = null; - private String mTrustStoreFile = null; - private String mTrustStoreType = null; - - private Gson gsonBuilder = null; - private Client client = null; - - public RangerRESTClient() { - this(RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_URL), - RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME)); - } - - public RangerRESTClient(String url, String sslConfigFileName) { - mUrl = url; - mSslConfigFileName = sslConfigFileName; - - init(); - } - - public String getUrl() { - return mUrl; - } - - public void setUrl(String url) { - this.mUrl = url; - } - - public String getUsername() { - return mUsername; - } - - public String getPassword() { - return mPassword; - } - - public void setBasicAuthInfo(String username, String password) { - mUsername = username; - mPassword = password; - } - - public WebResource getResource(String relativeUrl) { - WebResource ret = getClient().resource(getUrl() + relativeUrl); - - return ret; - } - - public String toJson(Object obj) { - return gsonBuilder.toJson(obj); - } - - public <T> T fromJson(String json, Class<T> cls) { - return gsonBuilder.fromJson(json, cls); - } - - public Client getClient() { - if(client == null) { - synchronized(this) { - if(client == null) { - client = buildClient(); - } - } - } - - return client; - } - - private Client buildClient() { - Client client = null; - - if (mIsSSL) { - KeyManager[] kmList = getKeyManagers(); - TrustManager[] tmList = getTrustManagers(); - SSLContext sslContext = getSSLContext(kmList, tmList); - ClientConfig config = new DefaultClientConfig(); - - config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling - - HostnameVerifier hv = new HostnameVerifier() { - public boolean verify(String urlHostName, SSLSession session) { - return session.getPeerHost().equals(urlHostName); - } - }; - - config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext)); - - client = Client.create(config); - } - - if(client == null) { - ClientConfig config = new DefaultClientConfig(); - - config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling - - client = Client.create(config); - } - - // TODO: for testing only - if(!StringUtils.isEmpty(mUsername) || !StringUtils.isEmpty(mPassword)) { - client.addFilter(new HTTPBasicAuthFilter(mUsername, mPassword)); - } - - return client; - } - - private void init() { - try { - gsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").setPrettyPrinting().create(); - } catch(Throwable excp) { - LOG.fatal("RangerRESTClient.init(): failed to create GsonBuilder object", excp); - } - - mIsSSL = StringUtil.containsIgnoreCase(mUrl, "https"); - - InputStream in = null ; - - try { - Configuration conf = new Configuration() ; - - in = getFileInputStream(mSslConfigFileName) ; - - if (in != null) { - conf.addResource(in); - } - - mKeyStoreURL = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL); - mKeyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS; - mKeyStoreType = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT); - mKeyStoreFile = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE); - - mTrustStoreURL = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL); - mTrustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS; - mTrustStoreType = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT); - mTrustStoreFile = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE); - } - catch(IOException ioe) { - LOG.error("Unable to load SSL Config FileName: [" + mSslConfigFileName + "]", ioe); - } - finally { - close(in, mSslConfigFileName); - } - } - - private KeyManager[] getKeyManagers() { - KeyManager[] kmList = null; - - String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias); - - if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) { - InputStream in = null ; - - try { - in = getFileInputStream(mKeyStoreFile) ; - - if (in != null) { - KeyStore keyStore = KeyStore.getInstance(mKeyStoreType); - - keyStore.load(in, keyStoreFilepwd.toCharArray()); - - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE); - - keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray()); - - kmList = keyManagerFactory.getKeyManagers(); - } else { - LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]"); - } - } catch (KeyStoreException e) { - LOG.error("Unable to obtain from KeyStore", e); - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is available in the environment", e); - } catch (CertificateException e) { - LOG.error("Unable to obtain the requested certification ", e); - } catch (FileNotFoundException e) { - LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e); - } catch (IOException e) { - LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e); - } catch (UnrecoverableKeyException e) { - LOG.error("Unable to recover the key from keystore", e); - } finally { - close(in, mKeyStoreFile); - } - } - - return kmList; - } - - private TrustManager[] getTrustManagers() { - TrustManager[] tmList = null; - - String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias); - - if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) { - InputStream in = null ; - - try { - in = getFileInputStream(mTrustStoreFile) ; - - if (in != null) { - KeyStore trustStore = KeyStore.getInstance(mTrustStoreType); - - trustStore.load(in, trustStoreFilepwd.toCharArray()); - - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE); - - trustManagerFactory.init(trustStore); - - tmList = trustManagerFactory.getTrustManagers(); - } else { - LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]"); - } - } catch (KeyStoreException e) { - LOG.error("Unable to obtain from KeyStore", e); - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is available in the environment", e); - } catch (CertificateException e) { - LOG.error("Unable to obtain the requested certification ", e); - } catch (FileNotFoundException e) { - LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e); - } catch (IOException e) { - LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e); - } finally { - close(in, mTrustStoreFile); - } - } - - return tmList; - } - - private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) { - try { - if(kmList != null && tmList != null) { - SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE); - - sslContext.init(kmList, tmList, new SecureRandom()); - - return sslContext; - } - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is available in the environment", e); - } catch (KeyManagementException e) { - LOG.error("Unable to initials the SSLContext", e); - } - - return null; - } - - private String getCredential(String url, String alias) { - char[] credStr = RangerCredentialProvider.getInstance().getCredentialString(url, alias); - - return credStr == null ? null : new String(credStr); - } - - private InputStream getFileInputStream(String fileName) throws IOException { - InputStream in = null ; - - if(! StringUtil.isEmpty(fileName)) { - File f = new File(fileName) ; - - if (f.exists()) { - in = new FileInputStream(f) ; - } - else { - in = ClassLoader.getSystemResourceAsStream(fileName) ; - } - } - - return in ; - } - - private void close(InputStream str, String filename) { - if (str != null) { - try { - str.close() ; - } catch (IOException excp) { - LOG.error("Error while closing file: [" + filename + "]", excp) ; - } - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java deleted file mode 100644 index ab8384c..0000000 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.util; - -import java.util.HashMap; -import java.util.Map; - -import org.apache.commons.collections.MapUtils; -import org.apache.commons.lang.StringUtils; - - -public class SearchFilter { - public static final String LOGIN_USER = "loginUser"; // search - public static final String SERVICE_TYPE = "serviceType"; // search, sort - public static final String SERVICE_TYPE_ID = "serviceTypeId"; // search, sort - public static final String SERVICE_NAME = "serviceName"; // search, sort - public static final String SERVICE_ID = "serviceId"; // search, sort - public static final String POLICY_NAME = "policyName"; // search, sort - public static final String POLICY_ID = "policyId"; // search, sort - public static final String STATUS = "status"; // search - public static final String USER = "user"; // search - public static final String GROUP = "group"; // search - public static final String RESOURCE_PREFIX = "resource:"; // search - public static final String CREATE_TIME = "createTime"; // sort - public static final String UPDATE_TIME = "updateTime"; // sort - public static final String START_INDEX = "startIndex"; - public static final String PAGE_SIZE = "pageSize"; - public static final String SORT_BY = "sortBy"; - - private Map<String, String> params = null; - - public SearchFilter() { - this(null); - } - - public SearchFilter(String name, String value) { - setParam(name, value); - } - - public SearchFilter(Map<String, String> values) { - setParams(values); - } - - public Map<String, String> getParams() { - return params; - } - - public void setParams(Map<String, String> params) { - this.params = params; - } - - public String getParam(String name) { - return params == null ? null : params.get(name); - } - - public void setParam(String name, String value) { - if(StringUtils.isEmpty(name) || StringUtils.isEmpty(value)) { - return; - } - - if(params == null) { - params = new HashMap<String, String>(); - } - - params.put(name, value); - } - - public Map<String, String> getParamsWithPrefix(String prefix, boolean stripPrefix) { - Map<String, String> ret = null; - - if(prefix == null) { - prefix = StringUtils.EMPTY; - } - - if(params != null) { - for(Map.Entry<String, String> e : params.entrySet()) { - String name = e.getKey(); - - if(name.startsWith(prefix)) { - if(ret == null) { - ret = new HashMap<String, String>(); - } - - if(stripPrefix) { - name = name.substring(prefix.length()); - } - - ret.put(name, e.getValue()); - } - } - } - - return ret; - } - - public boolean isEmpty() { - return MapUtils.isEmpty(params); - } -}
