You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2016/03/31 03:22:22 UTC
incubator-ranger git commit: RANGER:904 : Update create-policy REST
API to support override values via query parameters
Repository: incubator-ranger
Updated Branches:
refs/heads/master da10d0995 -> 9264dd006
RANGER:904 : Update create-policy REST API to support override values via query parameters
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9264dd00
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9264dd00
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9264dd00
Branch: refs/heads/master
Commit: 9264dd00656a33f1cac0599788fbd362789a1145
Parents: da10d09
Author: rmani <rm...@hortonworks.com>
Authored: Wed Mar 30 18:20:32 2016 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Mar 30 18:20:32 2016 -0700
----------------------------------------------------------------------
.../apache/ranger/plugin/util/SearchFilter.java | 1 +
.../java/org/apache/ranger/rest/AssetREST.java | 2 +-
.../java/org/apache/ranger/rest/PublicAPIs.java | 2 +-
.../org/apache/ranger/rest/PublicAPIsv2.java | 4 +-
.../org/apache/ranger/rest/ServiceREST.java | 123 ++++++++++++++++---
.../ranger/service/RangerPolicyServiceBase.java | 1 +
.../org/apache/ranger/rest/TestServiceREST.java | 2 +-
.../rest/TestServiceRESTForValidation.java | 6 +-
8 files changed, 113 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
index 25d69f0..61e8b09 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
@@ -50,6 +50,7 @@ public class SearchFilter {
public static final String SORT_BY = "sortBy";
public static final String RESOURCE_SIGNATURE = "resourceSignature:"; // search
public static final String POLICY_TYPE = "policyType"; // search
+ public static final String GUID = "guid"; //search
public static final String TAG_DEF_ID = "tagDefId"; // search
public static final String TAG_DEF_GUID = "tagDefGuid"; // search
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index 827a69a..5a6203f 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -334,7 +334,7 @@ public class AssetREST {
RangerService service = serviceREST.getService(vXResource.getAssetId());
RangerPolicy policy = serviceUtil.toRangerPolicy(vXResource, service);
- RangerPolicy createdPolicy = serviceREST.createPolicy(policy);
+ RangerPolicy createdPolicy = serviceREST.createPolicy(policy,null);
VXResource ret = serviceUtil.toVXResource(createdPolicy, service);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
index ae407f1..21fdcd1 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
@@ -273,7 +273,7 @@ public class PublicAPIs {
logger.debug("RANGERPOLICY: " + policy.toString());
}
- RangerPolicy createdPolicy = serviceREST.createPolicy(policy);
+ RangerPolicy createdPolicy = serviceREST.createPolicy(policy,null);
ret = serviceUtil.toVXPolicy(createdPolicy, service);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 8601b95..b7c1b59 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -318,8 +318,8 @@ public class PublicAPIsv2 {
@POST
@Path("/api/policy/")
@Produces({ "application/json", "application/xml" })
- public RangerPolicy createPolicy(RangerPolicy policy) {
- return serviceREST.createPolicy(policy);
+ public RangerPolicy createPolicy(RangerPolicy policy , @Context HttpServletRequest request) {
+ return serviceREST.createPolicy(policy, request);
}
@POST
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index e1aef0b..0dbd042 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -105,6 +105,10 @@ public class ServiceREST {
private static final Log LOG = LogFactory.getLog(ServiceREST.class);
private static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("rest.ServiceREST");
+ final static public String PARAM_SERVICE_NAME = "serviceName";
+ final static public String PARAM_POLICY_NAME = "policyName";
+ final static public String PARAM_UPDATE_IF_EXISTS = "updateIfExists";
+
@Autowired
RESTErrorUtil restErrorUtil;
@@ -974,7 +978,7 @@ public class ServiceREST {
@POST
@Path("/policies")
@Produces({ "application/json", "application/xml" })
- public RangerPolicy createPolicy(RangerPolicy policy) {
+ public RangerPolicy createPolicy(RangerPolicy policy, @Context HttpServletRequest request) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.createPolicy(" + policy + ")");
}
@@ -986,29 +990,65 @@ public class ServiceREST {
if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createPolicy(policyName=" + policy.getName() + ")");
}
- // this needs to happen before validator is called
- // set name of policy if unspecified
- if (StringUtils.isBlank(policy.getName())) { // use of isBlank over isEmpty is deliberate as a blank string does not strike us as a particularly useful policy name!
- String guid = policy.getGuid();
- if (StringUtils.isBlank(guid)) { // use of isBlank is deliberate. External parties could send the guid in, perhaps to sync between dev/test/prod instances?
- guid = guidUtil.genGUID();
- policy.setGuid(guid);
- if (LOG.isDebugEnabled()) {
- LOG.debug("No GUID supplied on the policy! Ok, setting GUID to [" + guid + "].");
- }
+
+ if(request != null) {
+ String serviceName = request.getParameter(PARAM_SERVICE_NAME);
+ String policyName = request.getParameter(PARAM_POLICY_NAME);
+ String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
+
+ if(StringUtils.isNotEmpty(serviceName)) {
+ policy.setService(serviceName);
}
- String name = policy.getService() + "-" + guid;
- policy.setName(name);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Policy did not have its name set! Ok, setting name to [" + name + "]");
+
+ if(StringUtils.isNotEmpty(policyName)) {
+ policy.setName(policyName);
+ }
+
+ if(Boolean.valueOf(updateIfExists)) {
+ RangerPolicy existingPolicy = null;
+ try {
+ if(StringUtils.isNotEmpty(policy.getGuid())) {
+ existingPolicy = getPolicyByGuid(policy.getGuid());
+ }
+
+ if(existingPolicy == null && StringUtils.isNotEmpty(serviceName) && StringUtils.isNotEmpty(policyName)) {
+ existingPolicy = getPolicyByName(policy.getService(), policy.getName());
+ }
+
+ if(existingPolicy != null) {
+ ret = updatePolicy(policy);
+ }
+ } catch(Exception excp) {
+ LOG.info("ServiceREST.createPolicy(): Failed to find/update exising policy, will attempt to create the policy", excp);
+ }
}
}
- RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
- validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
- ensureAdminAccess(policy.getService(), policy.getResources());
+ if(ret == null) {
+ // this needs to happen before validator is called
+ // set name of policy if unspecified
+ if (StringUtils.isBlank(policy.getName())) { // use of isBlank over isEmpty is deliberate as a blank string does not strike us as a particularly useful policy name!
+ String guid = policy.getGuid();
+ if (StringUtils.isBlank(guid)) { // use of isBlank is deliberate. External parties could send the guid in, perhaps to sync between dev/test/prod instances?
+ guid = guidUtil.genGUID();
+ policy.setGuid(guid);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No GUID supplied on the policy! Ok, setting GUID to [" + guid + "].");
+ }
+ }
+ String name = policy.getService() + "-" + guid;
+ policy.setName(name);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Policy did not have its name set! Ok, setting name to [" + name + "]");
+ }
+ }
+ RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore);
+ validator.validate(policy, Action.CREATE, bizUtil.isAdmin());
+
+ ensureAdminAccess(policy.getService(), policy.getResources());
- ret = svcStore.createPolicy(policy);
+ ret = svcStore.createPolicy(policy);
+ }
} catch(WebApplicationException excp) {
throw excp;
} catch(Throwable excp) {
@@ -1051,7 +1091,7 @@ public class ServiceREST {
RangerPolicy existingPolicy = getExactMatchPolicyForResource(policy.getService(), policy.getResources());
if (existingPolicy == null) {
- ret = createPolicy(policy);
+ ret = createPolicy(policy, null);
} else {
ServiceRESTUtil.processApplyPolicy(existingPolicy, policy);
@@ -1628,6 +1668,49 @@ public class ServiceREST {
return svcStore.getPolicyForVersionNumber(policyId, versionNo);
}
+
+ private RangerPolicy getPolicyByGuid(String guid) {
+ RangerPolicy ret = null;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getPolicyByGuid(" + guid +")");
+ }
+
+ SearchFilter filter = new SearchFilter();
+ filter.setParam(SearchFilter.GUID, guid);
+ List<RangerPolicy> policies = getPolicies(filter);
+
+ if (CollectionUtils.isNotEmpty(policies)) {
+ ret = policies.get(0);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getPolicyByGuid(" + guid + ")" + ret);
+ }
+ return ret;
+ }
+
+ private RangerPolicy getPolicyByName(String serviceName,String policyName) {
+ RangerPolicy ret = null;
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getPolicyByName(" + serviceName + "," + policyName + ")");
+ }
+
+ SearchFilter filter = new SearchFilter();
+ filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
+ filter.setParam(SearchFilter.POLICY_NAME, policyName);
+ List<RangerPolicy> policies = getPolicies(filter);
+
+ if (CollectionUtils.isNotEmpty(policies)) {
+ ret = policies.get(0);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getPolicyByName(" + serviceName + "," + policyName + ")" + ret);
+ }
+ return ret;
+ }
+
private List<RangerPolicy> applyAdminAccessFilter(List<RangerPolicy> policies) {
List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
RangerPerfTracer perf = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
index 1195a50..4929cf6 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
@@ -56,6 +56,7 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends
.add(new SearchField(SearchFilter.IS_ENABLED, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.POLICY_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.POLICY_NAME, "obj.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
+ searchFields.add(new SearchField(SearchFilter.GUID, "obj.guid", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.USER, "xUser.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
"XXUser xUser, XXPolicyItem xPolItem, XXPolicyItemUserPerm userPerm", "obj.id = xPolItem.policyId "
+ "and userPerm.policyItemId = xPolItem.id and xUser.id = userPerm.userId"));
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 2be9441..083c777 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -757,7 +757,7 @@ public class TestServiceREST {
Mockito.when(svcStore.createPolicy((RangerPolicy) Mockito.anyObject()))
.thenReturn(rangPolicy);
- RangerPolicy dbRangerPolicy = serviceREST.createPolicy(rangerPolicy);
+ RangerPolicy dbRangerPolicy = serviceREST.createPolicy(rangerPolicy,null);
Assert.assertNotNull(dbRangerPolicy);
Mockito.verify(bizUtil, Mockito.times(2)).isAdmin();
Mockito.verify(validatorFactory).getPolicyValidator(svcStore);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9264dd00/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
index c591750..2f1e467 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceRESTForValidation.java
@@ -214,7 +214,7 @@ public class TestServiceRESTForValidation {
_serviceRest.updatePolicy(_policy);
verify(_policyValidator).validate(_policy, Action.UPDATE, true);
- _serviceRest.createPolicy(_policy);
+ _serviceRest.createPolicy(_policy,null);
verify(_policyValidator).validate(_policy, Action.CREATE, true);
} catch (Exception e) {
LOG.debug(e);
@@ -245,7 +245,7 @@ public class TestServiceRESTForValidation {
doThrow(_exception).when(_policyValidator).validate(_policy, Action.CREATE, true);
try {
- _serviceRest.createPolicy(_policy);
+ _serviceRest.createPolicy(_policy,null);
fail("Should have thrown exception!");
} catch (WebApplicationException t) {
verify(_policyValidator).validate(_policy, Action.CREATE, true);
@@ -288,7 +288,7 @@ public class TestServiceRESTForValidation {
doThrow(_exception).when(_store).createPolicy(_policy);
try {
- _serviceRest.createPolicy(_policy);
+ _serviceRest.createPolicy(_policy,null);
fail("Should have thrown exception!");
} catch (WebApplicationException e) {
verify(_policyValidator).validate(_policy, Action.CREATE, true);