Repository: incubator-ranger Updated Branches: refs/heads/master 53709aad8 -> b253a4e2d
Created Version-2 of Public APIs. Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b253a4e2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b253a4e2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b253a4e2 Branch: refs/heads/master Commit: b253a4e2d19dd7bcc38870edb732ba8d9d73e220 Parents: 53709aa Author: Abhay Kulkarni <[email protected]> Authored: Wed Apr 1 12:49:08 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Apr 7 12:35:38 2015 -0700 ---------------------------------------------------------------------- .../java/org/apache/ranger/rest/PublicAPIs.java | 91 +---- .../org/apache/ranger/rest/PublicAPIsv2.java | 404 +++++++++++++++++++ 2 files changed, 414 insertions(+), 81 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b253a4e2/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java index c6856b3..cd31f69 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java @@ -17,49 +17,18 @@ * under the License. */ - package org.apache.ranger.rest; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; +package org.apache.ranger.rest; import org.apache.log4j.Logger; -import org.apache.ranger.biz.AssetMgr; -import org.apache.ranger.biz.ServiceDBStore; -import org.apache.ranger.common.RESTErrorUtil; -import org.apache.ranger.common.RangerConstants; -import org.apache.ranger.common.RangerSearchUtil; -import org.apache.ranger.common.SearchCriteria; -import org.apache.ranger.common.ServiceUtil; -import org.apache.ranger.common.StringUtil; +import org.apache.ranger.common.*; import org.apache.ranger.common.annotation.RangerAnnotationClassName; import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; -import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.service.RangerPolicyService; import org.apache.ranger.service.XAssetService; -import org.apache.ranger.service.XPolicyService; -import org.apache.ranger.service.XRepositoryService; -import org.apache.ranger.service.XResourceService; -import org.apache.ranger.view.VXAsset; -import org.apache.ranger.view.VXLong; -import org.apache.ranger.view.VXPolicy; -import org.apache.ranger.view.VXPolicyList; -import org.apache.ranger.view.VXRepository; -import org.apache.ranger.view.VXRepositoryList; -import org.apache.ranger.view.VXResource; -import org.apache.ranger.view.VXResponse; +import org.apache.ranger.view.*; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.security.access.prepost.PreAuthorize; @@ -67,6 +36,12 @@ import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Transactional; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.*; +import javax.ws.rs.core.Context; +import java.util.ArrayList; +import java.util.List; + @Path("public") @Component @Scope("request") @@ -79,44 +54,20 @@ public class PublicAPIs { RangerSearchUtil searchUtil; @Autowired - AssetMgr assetMgr; - - @Autowired XAssetService xAssetService; @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - XRepositoryService xRepositoryService; - - @Autowired - XResourceService xResourceService; - - @Autowired - XPolicyService xPolicyService; - - @Autowired RangerPolicyService policyService; @Autowired StringUtil stringUtil; @Autowired - RangerDaoManager xaDaoMgr; - - @Autowired ServiceUtil serviceUtil; @Autowired ServiceREST serviceREST; - @Autowired - AssetREST assetREST; - - @Autowired - ServiceDBStore svcStore; - @GET @Path("/api/repository/{id}") @@ -191,8 +142,6 @@ public class PublicAPIs { return ret; } - - @DELETE @@ -219,26 +168,6 @@ public class PublicAPIs { } } - - /*// @POST - // @Path("/api/repository/testConfig") - // @Produces({ "application/xml", "application/json" }) - public VXResponse testConfig(VXRepository vXRepository) { - VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository); - return assetMgr.testConfig(vXAsset); - }*/ - - - // @POST - // @Path("/api/repository/testConfig") - // @Produces({ "application/xml", "application/json" }) - public VXResponse testConfig(VXRepository vXRepository) { - VXAsset vXAsset = serviceUtil.publicObjecttoVXAsset(vXRepository); - return serviceREST.validateConfig(serviceUtil.toRangerService(vXAsset)); - } - - - @GET @Path("/api/repository/") @Produces({ "application/json", "application/xml" }) @@ -380,7 +309,7 @@ public class PublicAPIs { VXPolicy ret = serviceUtil.toVXPolicy(updatedPolicy, service); if(logger.isDebugEnabled()) { - logger.debug("<== AssetREST.updatePolicy(" + policy + "): " + ret); + logger.debug("<== PublicAPIs.updatePolicy(" + policy + "): " + ret); } return ret; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b253a4e2/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java new file mode 100644 index 0000000..4e641ad --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java @@ -0,0 +1,404 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.rest; + +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.util.SearchFilter; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Scope; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Propagation; +import org.springframework.transaction.annotation.Transactional; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.*; +import javax.ws.rs.core.Context; +import java.util.List; + +@Path("public/v2") +@Component +@Scope("request") +@RangerAnnotationJSMgrName("PublicMgr") +@Transactional(propagation = Propagation.REQUIRES_NEW) +public class PublicAPIsv2 { + static Logger logger = Logger.getLogger(PublicAPIsv2.class); + + @Autowired + ServiceREST serviceREST; + + @Autowired + RESTErrorUtil restErrorUtil; + + /* + * ServiceDef Manipulation APIs + */ + + @GET + @Path("/api/servicedef/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerServiceDef getServiceDef(@PathParam("id") Long id) { + return serviceREST.getServiceDef(id); + } + + @GET + @Path("/api/servicedef/name/{name}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerServiceDef getServiceDefByName(@PathParam("name") String name) { + return serviceREST.getServiceDefByName(name); + } + + @GET + @Path("/api/servicedef/") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public List<RangerServiceDef> searchServiceDefs(@Context HttpServletRequest request) { + return serviceREST.getServiceDefs(request); + } + + @POST + @Path("/api/servicedef/") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) { + return serviceREST.createServiceDef(serviceDef); + } + + @PUT + @Path("/api/servicedef/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef, @PathParam("id") Long id) { + // if serviceDef.id is specified, it should be same as param 'id' + if(serviceDef.getId() == null) { + serviceDef.setId(id); + } else if(!serviceDef.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef id mismatch", true); + } + + return serviceREST.updateServiceDef(serviceDef); + } + + + @PUT + @Path("/api/servicedef/name/{name}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerServiceDef updateServiceDefByName(RangerServiceDef serviceDef, + @PathParam("name") String name) { + // serviceDef.name is immutable + // if serviceDef.name is specified, it should be same as the param 'name' + if(serviceDef.getName() == null) { + serviceDef.setType(name); + } else if(!serviceDef.getName().equals(name)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef name mismatch", true); + } + + // ignore serviceDef.id - if specified. Retrieve using the given name and use id from the retrieved object + RangerServiceDef existingServiceDef = getServiceDefByName(name); + serviceDef.setId(existingServiceDef.getId()); + if(StringUtils.isEmpty(serviceDef.getGuid())) { + serviceDef.setGuid(existingServiceDef.getGuid()); + } + + return serviceREST.updateServiceDef(serviceDef); + } + + /* + * Should add this back when guid is used for search and delete operations as well + @PUT + @Path("/api/servicedef/guid/{guid}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerServiceDef updateServiceDefByGuid(RangerServiceDef serviceDef, + @PathParam("guid") String guid) { + // ignore serviceDef.id - if specified. Retrieve using the given guid and use id from the retrieved object + RangerServiceDef existingServiceDef = getServiceDefByGuid(guid); + serviceDef.setId(existingServiceDef.getId()); + if(StringUtils.isEmpty(serviceDef.getGuid())) { + serviceDef.setGuid(existingServiceDef.getGuid()); + } + + return serviceREST.updateServiceDef(serviceDef); + } + */ + + + @DELETE + @Path("/api/servicedef/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteServiceDef(@PathParam("id") Long id) { + serviceREST.deleteServiceDef(id); + } + + @DELETE + @Path("/api/servicedef/name/{name}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteServiceDefByName(@PathParam("name") String name) { + RangerServiceDef serviceDef = serviceREST.getServiceDefByName(name); + serviceREST.deleteServiceDef(serviceDef.getId()); + } + + /* + * Service Manipulation APIs + */ + + @GET + @Path("/api/service/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerService getService(@PathParam("id") Long id) { + return serviceREST.getService(id); + } + + @GET + @Path("/api/service/name/{name}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerService getServiceByName(@PathParam("name") String name) { + return serviceREST.getServiceByName(name); + } + + @GET + @Path("/api/service/") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public List<RangerService> searchServices(@Context HttpServletRequest request) { + return serviceREST.getServices(request); + } + + @POST + @Path("/api/service/") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerService createService(RangerService service) { + return serviceREST.createService(service); + } + + @PUT + @Path("/api/service/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerService updateService(RangerService service, @PathParam("id") Long id) { + // if service.id is specified, it should be same as the param 'id' + if(service.getId() == null) { + service.setId(id); + } else if(!service.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "service id mismatch", true); + } + + return serviceREST.updateService(service); + } + + + @PUT + @Path("/api/service/name/{name}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerService updateServiceByName(RangerService service, + @PathParam("name") String name) { + // ignore service.id - if specified. Retrieve using the given name and use id from the retrieved object + RangerService existingService = getServiceByName(name); + service.setId(existingService.getId()); + if(StringUtils.isEmpty(service.getGuid())) { + service.setGuid(existingService.getGuid()); + } + if (StringUtils.isEmpty(service.getName())) { + service.setName(existingService.getName()); + } + + return serviceREST.updateService(service); + } + + /* + * Should add this back when guid is used for search and delete operations as well + @PUT + @Path("/api/service/guid/{guid}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + @Produces({ "application/json", "application/xml" }) + public RangerService updateServiceByGuid(RangerService service, + @PathParam("guid") String guid) { + // ignore service.id - if specified. Retrieve using the given guid and use id from the retrieved object + RangerService existingService = getServiceByGuid(guid); + service.setId(existingService.getId()); + if(StringUtils.isEmpty(service.getGuid())) { + service.setGuid(existingService.getGuid()); + } + + return serviceREST.updateService(service); + } + */ + + @DELETE + @Path("/api/service/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteService(@PathParam("id") Long id) { + serviceREST.deleteService(id); + } + + @DELETE + @Path("/api/service/name/{name}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteServiceByName(@PathParam("name") String name) { + RangerService service = serviceREST.getServiceByName(name); + serviceREST.deleteService(service.getId()); + } + + /* + * Policy Manipulation APIs + */ + + @GET + @Path("/api/policy/{id}") + @Produces({ "application/json", "application/xml" }) + public RangerPolicy getPolicy(@PathParam("id") Long id) { + return serviceREST.getPolicy(id); + } + + @GET + @Path("/api/service/{servicename}/policy/{policyname}") + @Produces({ "application/json", "application/xml" }) + public RangerPolicy getPolicyByName(@PathParam("servicename") String serviceName, + @PathParam("policyname") String policyName, + @Context HttpServletRequest request) { + if(logger.isDebugEnabled()) { + logger.debug("==> PublicAPIsv2.getPolicyByName(" + serviceName + "," + policyName + ")"); + } + + SearchFilter filter = new SearchFilter(); + filter.setParam(SearchFilter.SERVICE_NAME, serviceName); + filter.setParam(SearchFilter.POLICY_NAME, policyName); + List<RangerPolicy> policies = serviceREST.getPolicies(filter); + + if (policies.size() != 1) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + } + RangerPolicy policy = policies.get(0); + + if(logger.isDebugEnabled()) { + logger.debug("<== PublicAPIsv2.getPolicyByName(" + serviceName + "," + policyName + ")" + policy); + } + return policy; + } + + @GET + @Path("/api/service/{servicename}/policy/") + @Produces({ "application/json", "application/xml" }) + public List<RangerPolicy> searchPolicies(@PathParam("servicename") String serviceName, + @Context HttpServletRequest request) { + return serviceREST.getServicePolicies(serviceName, request); + } + + @POST + @Path("/api/policy/") + @Produces({ "application/json", "application/xml" }) + public RangerPolicy createPolicy(RangerPolicy policy) { + return serviceREST.createPolicy(policy); + } + + @PUT + @Path("/api/policy/{id}") + @Produces({ "application/json", "application/xml" }) + public RangerPolicy updatePolicy(RangerPolicy policy, @PathParam("id") Long id) { + // if policy.id is specified, it should be same as the param 'id' + if(policy.getId() == null) { + policy.setId(id); + } else if(!policy.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "policyID mismatch", true); + } + + return serviceREST.updatePolicy(policy); + } + + + @PUT + @Path("/api/service/{servicename}/policy/{policyname}") + @Produces({ "application/json", "application/xml" }) + public RangerPolicy updatePolicyByName(RangerPolicy policy, + @PathParam("servicename") String serviceName, + @PathParam("policyname") String policyName, + @Context HttpServletRequest request) { + if (policy.getService() == null || !policy.getService().equals(serviceName)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "service name mismatch", true); + } + RangerPolicy oldPolicy = getPolicyByName(serviceName, policyName, request); + + // ignore policy.id - if specified. Retrieve using the given serviceName+policyName and use id from the retrieved object + policy.setId(oldPolicy.getId()); + if(StringUtils.isEmpty(policy.getGuid())) { + policy.setGuid(oldPolicy.getGuid()); + } + + return serviceREST.updatePolicy(policy); + } + + + /* Should add this back when guid is used for search and delete operations as well + @PUT + @Path("/api/policy/guid/{guid}") + @Produces({ "application/json", "application/xml" }) + public RangerPolicy updatePolicyByGuid(RangerPolicy policy, + @PathParam("guid") String guid) { + // ignore policy.guid - if specified. Retrieve using the given guid and use id from the retrieved object + RangerPolicy existingPolicy = getPolicyByGuid(name); + policy.setId(existingPolicy.getId()); + if(StringUtils.isEmpty(policy.getGuid())) { + policy.setGuid(existingPolicy.getGuid()); + } + + return serviceREST.updatePolicy(policy); + } + */ + + + @DELETE + @Path("/api/policy/{id}") + public void deletePolicy(@PathParam("id") Long id) { + serviceREST.deletePolicy(id); + } + + @DELETE + @Path("/api/policy") + public void deletePolicyByName(@QueryParam("servicename") String serviceName, + @QueryParam("policyname") String policyName, + @Context HttpServletRequest request) { + if(logger.isDebugEnabled()) { + logger.debug("==> PublicAPIsv2.deletePolicyByName(" + serviceName + "," + policyName + ")"); + } + + if (serviceName == null || policyName == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid service name or policy name", true); + } + RangerPolicy policy = getPolicyByName(serviceName, policyName, request); + serviceREST.deletePolicy(policy.getId()); + if(logger.isDebugEnabled()) { + logger.debug("<== PublicAPIsv2.deletePolicyByName(" + serviceName + "," + policyName + ")"); + } + } +}
