You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pe...@apache.org on 2019/03/29 06:15:35 UTC
[ranger] branch master updated: RANGER-2381 Failed to refresh
policies when servicename contains space
This is an automated email from the ASF dual-hosted git repository.
pengjianhua pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new ec57902 RANGER-2381 Failed to refresh policies when servicename contains space
ec57902 is described below
commit ec57902585882981b9728fc0d452912b1dd8f529
Author: zhangqiang2 <zh...@zte.com.cn>
AuthorDate: Wed Mar 27 09:51:07 2019 +0800
RANGER-2381 Failed to refresh policies when servicename contains space
Signed-off-by: peng.jianhua <pe...@zte.com.cn>
---
.../ranger/admin/client/RangerAdminRESTClient.java | 28 +++++++++++++++-------
.../apache/ranger/plugin/util/URLEncoderUtil.java | 4 ++--
.../process/LdapPolicyMgrUserGroupBuilder.java | 6 ++---
.../process/PolicyMgrUserGroupBuilder.java | 4 ++--
4 files changed, 26 insertions(+), 16 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index b6a9380..81bbdbd 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -38,8 +38,10 @@ import org.apache.ranger.plugin.util.RangerRESTUtils;
import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
+import org.apache.ranger.plugin.util.URLEncoderUtil;
import javax.servlet.http.HttpServletResponse;
+import java.io.UnsupportedEncodingException;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.security.PrivilegedAction;
@@ -49,6 +51,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
private static final Log LOG = LogFactory.getLog(RangerAdminRESTClient.class);
private String serviceName;
+ private String serviceNameUrlParam;
private String pluginId;
private String clusterName;
private RangerRESTClient restClient;
@@ -97,6 +100,13 @@ public class RangerAdminRESTClient implements RangerAdminClient {
}
init(url, sslConfigFileName, restClientConnTimeOutMs , restClientReadTimeOutMs);
+
+ try {
+ this.serviceNameUrlParam = URLEncoderUtil.encodeURIParam(serviceName);
+ } catch (UnsupportedEncodingException e) {
+ LOG.warn("Unsupported encoding, serviceName=" + serviceName);
+ this.serviceNameUrlParam = serviceName;
+ }
}
@Override
@@ -117,7 +127,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
}
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName)
+ WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceNameUrlParam)
.queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
.queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId)
@@ -131,7 +141,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated with old api call");
}
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName)
+ WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceNameUrlParam)
.queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
.queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId)
@@ -189,7 +199,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceName)
+ WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceNameUrlParam)
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
}
@@ -199,7 +209,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceName)
+ WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceNameUrlParam)
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
}
@@ -234,7 +244,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceName)
+ WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceNameUrlParam)
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
}
@@ -244,7 +254,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceName)
+ WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceNameUrlParam)
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
}
@@ -302,7 +312,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceName)
+ WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceNameUrlParam)
.queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
.queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
@@ -314,7 +324,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
}
response = user.doAs(action);
} else {
- webResource = createWebResource(RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceName)
+ webResource = createWebResource(RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceNameUrlParam)
.queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
.queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
@@ -371,7 +381,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
final WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES)
- .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceName)
+ .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam)
.queryParam(RangerRESTUtils.PATTERN_PARAM, pattern);
ClientResponse response = null;
diff --git a/ugsync/src/main/java/org/apache/ranger/usersync/util/UserSyncUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/URLEncoderUtil.java
similarity index 94%
rename from ugsync/src/main/java/org/apache/ranger/usersync/util/UserSyncUtil.java
rename to agents-common/src/main/java/org/apache/ranger/plugin/util/URLEncoderUtil.java
index 22a7531..af76889 100644
--- a/ugsync/src/main/java/org/apache/ranger/usersync/util/UserSyncUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/URLEncoderUtil.java
@@ -17,12 +17,12 @@
* under the License.
*/
-package org.apache.ranger.usersync.util;
+package org.apache.ranger.plugin.util;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
-public class UserSyncUtil {
+public class URLEncoderUtil {
public static String encodeURIParam(String s) throws UnsupportedEncodingException {
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
index f653b81..1fb36a0 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
@@ -49,10 +49,10 @@ import javax.ws.rs.core.MediaType;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
+import org.apache.ranger.plugin.util.URLEncoderUtil;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.*;
import org.apache.ranger.usergroupsync.UserGroupSink;
-import org.apache.ranger.usersync.util.UserSyncUtil;
import com.google.common.collect.Table;
import com.google.gson.Gson;
@@ -564,7 +564,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
Client c = getClient();
String uri = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
- UserSyncUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), UserSyncUtil.encodeURIParam(userName));
+ URLEncoderUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), URLEncoderUtil.encodeURIParam(userName));
WebResource r = c.resource(getURL(uri));
@@ -748,7 +748,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
Client c = getClient();
String uri = PM_GET_GROUP_USER_MAP_LIST_URI.replaceAll(Pattern.quote("${groupName}"),
- UserSyncUtil.encodeURIParam(groupName));
+ URLEncoderUtil.encodeURIParam(groupName));
WebResource r = c.resource(getURL(uri));
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index cb9b51c..e9c161a 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -53,6 +53,7 @@ import javax.ws.rs.core.NewCookie;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
+import org.apache.ranger.plugin.util.URLEncoderUtil;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.GetXGroupListResponse;
import org.apache.ranger.unixusersync.model.GetXUserGroupListResponse;
@@ -64,7 +65,6 @@ import org.apache.ranger.unixusersync.model.XGroupInfo;
import org.apache.ranger.unixusersync.model.XUserGroupInfo;
import org.apache.ranger.unixusersync.model.XUserInfo;
import org.apache.ranger.usergroupsync.UserGroupSink;
-import org.apache.ranger.usersync.util.UserSyncUtil;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
@@ -1086,7 +1086,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
try {
ClientResponse response = null;
String uri = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
- UserSyncUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), UserSyncUtil.encodeURIParam(userName));
+ URLEncoderUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), URLEncoderUtil.encodeURIParam(userName));
if (isRangerCookieEnabled) {
if (sessionId != null && isValidRangerCookie) {
WebResource webResource = createWebResourceForCookieAuth(uri);