You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/12/14 20:59:10 UTC
[1/2] incubator-ranger git commit: RANGER-1248: Knox plugin does not
report policy activation time correctly
Repository: incubator-ranger
Updated Branches:
refs/heads/master ebcf9dd5e -> a1dd7be65
RANGER-1248: Knox plugin does not report policy activation time correctly
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/83674c7d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/83674c7d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/83674c7d
Branch: refs/heads/master
Commit: 83674c7d54d78821edc4a5e72e9ec8dae68fb4ea
Parents: ebcf9dd
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Fri Dec 9 12:20:55 2016 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Wed Dec 14 12:39:17 2016 -0800
----------------------------------------------------------------------
.../ranger/plugin/util/RangerRESTUtils.java | 11 +++
.../client/RangerAdminJersey2RESTClient.java | 84 +++++++++++++++++++-
2 files changed, 93 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83674c7d/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
index fa81f0b..609f717 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
@@ -93,6 +93,17 @@ public class RangerRESTUtils {
return url;
}
+ public String getUrlForTagUpdate(String baseUrl, String serviceName) {
+ String url = baseUrl + REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceName;
+
+ return url;
+ }
+
+ public String getSecureUrlForTagUpdate(String baseUrl, String serviceName) {
+ String url = baseUrl + REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceName;
+ return url;
+ }
+
public boolean isSsl(String _baseUrl) {
return StringUtils.isEmpty(_baseUrl) ? false : _baseUrl.toLowerCase().startsWith("https");
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83674c7d/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index 6c0b3e9..1c649de 100644
--- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -113,6 +113,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
public Response run() {
return _client.target(secureUrl)
.queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
.request(MediaType.APPLICATION_JSON_TYPE)
.get();
@@ -126,6 +127,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
url = _utils.getUrlForPolicyUpdate(_baseUrl, _serviceName);
response = _client.target(url)
.queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
.request(MediaType.APPLICATION_JSON_TYPE)
.get();
@@ -242,8 +244,86 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
}
@Override
- public ServiceTags getServiceTagsIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
- throw new Exception("RangerAdminjersey2RESTClient.getServiceTagsIfUpdated() -- *** NOT IMPLEMENTED *** ");
+ public ServiceTags getServiceTagsIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + ")");
+ }
+
+ UserGroupInformation user = MiscUtil.getUGILoginUser();
+ boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+
+ String url = null;
+ try {
+ ServiceTags serviceTags = null;
+ Response response = null;
+ if(isSecureMode){
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("Checking Service tags if updated as user : " + user);
+ }
+ url = _utils.getSecureUrlForTagUpdate(_baseUrl, _serviceName);
+ final String secureUrl = url;
+ PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
+ public Response run() {
+ return _client.target(secureUrl)
+ .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
+ .request(MediaType.APPLICATION_JSON_TYPE)
+ .get();
+ };
+ };
+ response = user.doAs(action);
+ }else{
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("Checking Service tags if updated with old api call");
+ }
+ url = _utils.getUrlForTagUpdate(_baseUrl, _serviceName);
+ response = _client.target(url)
+ .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
+ .request(MediaType.APPLICATION_JSON_TYPE)
+ .get();
+ }
+
+ int httpResponseCode = response == null ? -1 : response.getStatus();
+ String body = null;
+
+ switch (httpResponseCode) {
+ case 200:
+ body = response.readEntity(String.class);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Response from 200 server: " + body);
+ }
+
+ Gson gson = getGson();
+ serviceTags = gson.fromJson(body, ServiceTags.class);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Deserialized response to: " + serviceTags);
+ }
+ break;
+ case 304:
+ LOG.debug("Got response: 304. Ok. Returning null");
+ break;
+ case -1:
+ LOG.warn("Unexpected: Null response from tag server while trying to get tags! Returning null!");
+ break;
+ default:
+ body = response.readEntity(String.class);
+ LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url));
+ break;
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + serviceTags);
+ }
+ return serviceTags;
+ } catch (Exception ex) {
+ LOG.error("Failed getting tags from server. url=" + url + ", pluginId=" + _pluginId + ", lastKnownVersion=" + lastKnownVersion + ", " + lastActivationTimeInMillis);
+ throw ex;
+ }
}
@Override
[2/2] incubator-ranger git commit: RANGER-1256: plugin-status report
has incorrect plugin IP address when Ranger Admin is in HA mode
Posted by ma...@apache.org.
RANGER-1256: plugin-status report has incorrect plugin IP address when Ranger Admin is in HA mode
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a1dd7be6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a1dd7be6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a1dd7be6
Branch: refs/heads/master
Commit: a1dd7be65d9e0ac82b45aa6cb357a657ecab8c4f
Parents: 83674c7
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Tue Dec 13 16:11:26 2016 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Wed Dec 14 12:43:29 2016 -0800
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/AssetMgr.java | 21 +++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a1dd7be6/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 479099d..d32d796 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -672,7 +672,7 @@ public class AssetMgr extends AssetMgrBase {
public void createPluginInfo(String serviceName, String pluginId, HttpServletRequest request, int entityType, long downloadedVersion, long lastKnownVersion, long lastActivationTime, int httpCode) {
RangerRESTUtils restUtils = new RangerRESTUtils();
- final String ipAddress = request != null ? request.getRemoteAddr() : null;
+ final String ipAddress = getRemoteAddress(request);
final String appType = restUtils.getAppIdFromPluginId(pluginId);
String tmpHostName = null;
@@ -830,6 +830,25 @@ public class AssetMgr extends AssetMgrBase {
return ret;
}
+ private String getRemoteAddress(final HttpServletRequest request) {
+ String ret = null;
+
+ if (request != null) {
+ String xForwardedAddress = request.getHeader("X-Forwarded-For");
+ if (StringUtils.isNotBlank(xForwardedAddress)) {
+ String[] forwardedAddresses = xForwardedAddress.split(",");
+ if (forwardedAddresses.length > 0) {
+ // Use first one. Hope it is the IP of the originating client
+ ret = forwardedAddresses[0].trim();
+ }
+ }
+ if (ret == null) {
+ ret = request.getRemoteAddr();
+ }
+ }
+ return ret;
+ }
+
public VXTrxLogList getReportLogs(SearchCriteria searchCriteria) {
if (!xaBizUtil.isAdmin()) {
throw restErrorUtil.create403RESTException("Permission Denied !");