You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/07 21:46:04 UTC
incubator-ranger git commit: Created Version-2 of Public APIs.
Repository: incubator-ranger
Updated Branches:
refs/heads/master 53709aad8 -> b253a4e2d
Created Version-2 of Public APIs.
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b253a4e2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b253a4e2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b253a4e2
Branch: refs/heads/master
Commit: b253a4e2d19dd7bcc38870edb732ba8d9d73e220
Parents: 53709aa
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Wed Apr 1 12:49:08 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Apr 7 12:35:38 2015 -0700
----------------------------------------------------------------------
.../java/org/apache/ranger/rest/PublicAPIs.java | 91 +----
.../org/apache/ranger/rest/PublicAPIsv2.java | 404 +++++++++++++++++++
2 files changed, 414 insertions(+), 81 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b253a4e2/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
index c6856b3..cd31f69 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
@@ -17,49 +17,18 @@
* under the License.
*/
- package org.apache.ranger.rest;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
+package org.apache.ranger.rest;
import org.apache.log4j.Logger;
-import org.apache.ranger.biz.AssetMgr;
-import org.apache.ranger.biz.ServiceDBStore;
-import org.apache.ranger.common.RESTErrorUtil;
-import org.apache.ranger.common.RangerConstants;
-import org.apache.ranger.common.RangerSearchUtil;
-import org.apache.ranger.common.SearchCriteria;
-import org.apache.ranger.common.ServiceUtil;
-import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.*;
import org.apache.ranger.common.annotation.RangerAnnotationClassName;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
-import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.XAssetService;
-import org.apache.ranger.service.XPolicyService;
-import org.apache.ranger.service.XRepositoryService;
-import org.apache.ranger.service.XResourceService;
-import org.apache.ranger.view.VXAsset;
-import org.apache.ranger.view.VXLong;
-import org.apache.ranger.view.VXPolicy;
-import org.apache.ranger.view.VXPolicyList;
-import org.apache.ranger.view.VXRepository;
-import org.apache.ranger.view.VXRepositoryList;
-import org.apache.ranger.view.VXResource;
-import org.apache.ranger.view.VXResponse;
+import org.apache.ranger.view.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
@@ -67,6 +36,12 @@ import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import java.util.ArrayList;
+import java.util.List;
+
@Path("public")
@Component
@Scope("request")
@@ -79,44 +54,20 @@ public class PublicAPIs {
RangerSearchUtil searchUtil;
@Autowired
- AssetMgr assetMgr;
-
- @Autowired
XAssetService xAssetService;
@Autowired
- RESTErrorUtil restErrorUtil;
-
- @Autowired
- XRepositoryService xRepositoryService;
-
- @Autowired
- XResourceService xResourceService;
-
- @Autowired
- XPolicyService xPolicyService;
-
- @Autowired
RangerPolicyService policyService;
@Autowired
StringUtil stringUtil;
@Autowired
- RangerDaoManager xaDaoMgr;
-
- @Autowired
ServiceUtil serviceUtil;
@Autowired
ServiceREST serviceREST;
- @Autowired
- AssetREST assetREST;
-
- @Autowired
- ServiceDBStore svcStore;
-
@GET
@Path("/api/repository/{id}")
@@ -191,8 +142,6 @@ public class PublicAPIs {
return ret;
}
-
-
@DELETE
@@ -219,26 +168,6 @@ public class PublicAPIs {
}
}
-
- /*// @POST
- // @Path("/api/repository/testConfig")
- // @Produces({ "application/xml", "application/json" })
- public VXResponse testConfig(VXRepository vXRepository) {
- VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository);
- return assetMgr.testConfig(vXAsset);
- }*/
-
-
- // @POST
- // @Path("/api/repository/testConfig")
- // @Produces({ "application/xml", "application/json" })
- public VXResponse testConfig(VXRepository vXRepository) {
- VXAsset vXAsset = serviceUtil.publicObjecttoVXAsset(vXRepository);
- return serviceREST.validateConfig(serviceUtil.toRangerService(vXAsset));
- }
-
-
-
@GET
@Path("/api/repository/")
@Produces({ "application/json", "application/xml" })
@@ -380,7 +309,7 @@ public class PublicAPIs {
VXPolicy ret = serviceUtil.toVXPolicy(updatedPolicy, service);
if(logger.isDebugEnabled()) {
- logger.debug("<== AssetREST.updatePolicy(" + policy + "): " + ret);
+ logger.debug("<== PublicAPIs.updatePolicy(" + policy + "): " + ret);
}
return ret;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b253a4e2/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
new file mode 100644
index 0000000..4e641ad
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -0,0 +1,404 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.rest;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import java.util.List;
+
+@Path("public/v2")
+@Component
+@Scope("request")
+@RangerAnnotationJSMgrName("PublicMgr")
+@Transactional(propagation = Propagation.REQUIRES_NEW)
+public class PublicAPIsv2 {
+ static Logger logger = Logger.getLogger(PublicAPIsv2.class);
+
+ @Autowired
+ ServiceREST serviceREST;
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ /*
+ * ServiceDef Manipulation APIs
+ */
+
+ @GET
+ @Path("/api/servicedef/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef getServiceDef(@PathParam("id") Long id) {
+ return serviceREST.getServiceDef(id);
+ }
+
+ @GET
+ @Path("/api/servicedef/name/{name}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef getServiceDefByName(@PathParam("name") String name) {
+ return serviceREST.getServiceDefByName(name);
+ }
+
+ @GET
+ @Path("/api/servicedef/")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public List<RangerServiceDef> searchServiceDefs(@Context HttpServletRequest request) {
+ return serviceREST.getServiceDefs(request);
+ }
+
+ @POST
+ @Path("/api/servicedef/")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) {
+ return serviceREST.createServiceDef(serviceDef);
+ }
+
+ @PUT
+ @Path("/api/servicedef/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef, @PathParam("id") Long id) {
+ // if serviceDef.id is specified, it should be same as param 'id'
+ if(serviceDef.getId() == null) {
+ serviceDef.setId(id);
+ } else if(!serviceDef.getId().equals(id)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef id mismatch", true);
+ }
+
+ return serviceREST.updateServiceDef(serviceDef);
+ }
+
+
+ @PUT
+ @Path("/api/servicedef/name/{name}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef updateServiceDefByName(RangerServiceDef serviceDef,
+ @PathParam("name") String name) {
+ // serviceDef.name is immutable
+ // if serviceDef.name is specified, it should be same as the param 'name'
+ if(serviceDef.getName() == null) {
+ serviceDef.setType(name);
+ } else if(!serviceDef.getName().equals(name)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef name mismatch", true);
+ }
+
+ // ignore serviceDef.id - if specified. Retrieve using the given name and use id from the retrieved object
+ RangerServiceDef existingServiceDef = getServiceDefByName(name);
+ serviceDef.setId(existingServiceDef.getId());
+ if(StringUtils.isEmpty(serviceDef.getGuid())) {
+ serviceDef.setGuid(existingServiceDef.getGuid());
+ }
+
+ return serviceREST.updateServiceDef(serviceDef);
+ }
+
+ /*
+ * Should add this back when guid is used for search and delete operations as well
+ @PUT
+ @Path("/api/servicedef/guid/{guid}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef updateServiceDefByGuid(RangerServiceDef serviceDef,
+ @PathParam("guid") String guid) {
+ // ignore serviceDef.id - if specified. Retrieve using the given guid and use id from the retrieved object
+ RangerServiceDef existingServiceDef = getServiceDefByGuid(guid);
+ serviceDef.setId(existingServiceDef.getId());
+ if(StringUtils.isEmpty(serviceDef.getGuid())) {
+ serviceDef.setGuid(existingServiceDef.getGuid());
+ }
+
+ return serviceREST.updateServiceDef(serviceDef);
+ }
+ */
+
+
+ @DELETE
+ @Path("/api/servicedef/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteServiceDef(@PathParam("id") Long id) {
+ serviceREST.deleteServiceDef(id);
+ }
+
+ @DELETE
+ @Path("/api/servicedef/name/{name}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteServiceDefByName(@PathParam("name") String name) {
+ RangerServiceDef serviceDef = serviceREST.getServiceDefByName(name);
+ serviceREST.deleteServiceDef(serviceDef.getId());
+ }
+
+ /*
+ * Service Manipulation APIs
+ */
+
+ @GET
+ @Path("/api/service/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService getService(@PathParam("id") Long id) {
+ return serviceREST.getService(id);
+ }
+
+ @GET
+ @Path("/api/service/name/{name}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService getServiceByName(@PathParam("name") String name) {
+ return serviceREST.getServiceByName(name);
+ }
+
+ @GET
+ @Path("/api/service/")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public List<RangerService> searchServices(@Context HttpServletRequest request) {
+ return serviceREST.getServices(request);
+ }
+
+ @POST
+ @Path("/api/service/")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService createService(RangerService service) {
+ return serviceREST.createService(service);
+ }
+
+ @PUT
+ @Path("/api/service/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService updateService(RangerService service, @PathParam("id") Long id) {
+ // if service.id is specified, it should be same as the param 'id'
+ if(service.getId() == null) {
+ service.setId(id);
+ } else if(!service.getId().equals(id)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "service id mismatch", true);
+ }
+
+ return serviceREST.updateService(service);
+ }
+
+
+ @PUT
+ @Path("/api/service/name/{name}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService updateServiceByName(RangerService service,
+ @PathParam("name") String name) {
+ // ignore service.id - if specified. Retrieve using the given name and use id from the retrieved object
+ RangerService existingService = getServiceByName(name);
+ service.setId(existingService.getId());
+ if(StringUtils.isEmpty(service.getGuid())) {
+ service.setGuid(existingService.getGuid());
+ }
+ if (StringUtils.isEmpty(service.getName())) {
+ service.setName(existingService.getName());
+ }
+
+ return serviceREST.updateService(service);
+ }
+
+ /*
+ * Should add this back when guid is used for search and delete operations as well
+ @PUT
+ @Path("/api/service/guid/{guid}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService updateServiceByGuid(RangerService service,
+ @PathParam("guid") String guid) {
+ // ignore service.id - if specified. Retrieve using the given guid and use id from the retrieved object
+ RangerService existingService = getServiceByGuid(guid);
+ service.setId(existingService.getId());
+ if(StringUtils.isEmpty(service.getGuid())) {
+ service.setGuid(existingService.getGuid());
+ }
+
+ return serviceREST.updateService(service);
+ }
+ */
+
+ @DELETE
+ @Path("/api/service/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteService(@PathParam("id") Long id) {
+ serviceREST.deleteService(id);
+ }
+
+ @DELETE
+ @Path("/api/service/name/{name}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteServiceByName(@PathParam("name") String name) {
+ RangerService service = serviceREST.getServiceByName(name);
+ serviceREST.deleteService(service.getId());
+ }
+
+ /*
+ * Policy Manipulation APIs
+ */
+
+ @GET
+ @Path("/api/policy/{id}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy getPolicy(@PathParam("id") Long id) {
+ return serviceREST.getPolicy(id);
+ }
+
+ @GET
+ @Path("/api/service/{servicename}/policy/{policyname}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy getPolicyByName(@PathParam("servicename") String serviceName,
+ @PathParam("policyname") String policyName,
+ @Context HttpServletRequest request) {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PublicAPIsv2.getPolicyByName(" + serviceName + "," + policyName + ")");
+ }
+
+ SearchFilter filter = new SearchFilter();
+ filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
+ filter.setParam(SearchFilter.POLICY_NAME, policyName);
+ List<RangerPolicy> policies = serviceREST.getPolicies(filter);
+
+ if (policies.size() != 1) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+ RangerPolicy policy = policies.get(0);
+
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PublicAPIsv2.getPolicyByName(" + serviceName + "," + policyName + ")" + policy);
+ }
+ return policy;
+ }
+
+ @GET
+ @Path("/api/service/{servicename}/policy/")
+ @Produces({ "application/json", "application/xml" })
+ public List<RangerPolicy> searchPolicies(@PathParam("servicename") String serviceName,
+ @Context HttpServletRequest request) {
+ return serviceREST.getServicePolicies(serviceName, request);
+ }
+
+ @POST
+ @Path("/api/policy/")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy createPolicy(RangerPolicy policy) {
+ return serviceREST.createPolicy(policy);
+ }
+
+ @PUT
+ @Path("/api/policy/{id}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy updatePolicy(RangerPolicy policy, @PathParam("id") Long id) {
+ // if policy.id is specified, it should be same as the param 'id'
+ if(policy.getId() == null) {
+ policy.setId(id);
+ } else if(!policy.getId().equals(id)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "policyID mismatch", true);
+ }
+
+ return serviceREST.updatePolicy(policy);
+ }
+
+
+ @PUT
+ @Path("/api/service/{servicename}/policy/{policyname}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy updatePolicyByName(RangerPolicy policy,
+ @PathParam("servicename") String serviceName,
+ @PathParam("policyname") String policyName,
+ @Context HttpServletRequest request) {
+ if (policy.getService() == null || !policy.getService().equals(serviceName)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "service name mismatch", true);
+ }
+ RangerPolicy oldPolicy = getPolicyByName(serviceName, policyName, request);
+
+ // ignore policy.id - if specified. Retrieve using the given serviceName+policyName and use id from the retrieved object
+ policy.setId(oldPolicy.getId());
+ if(StringUtils.isEmpty(policy.getGuid())) {
+ policy.setGuid(oldPolicy.getGuid());
+ }
+
+ return serviceREST.updatePolicy(policy);
+ }
+
+
+ /* Should add this back when guid is used for search and delete operations as well
+ @PUT
+ @Path("/api/policy/guid/{guid}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy updatePolicyByGuid(RangerPolicy policy,
+ @PathParam("guid") String guid) {
+ // ignore policy.guid - if specified. Retrieve using the given guid and use id from the retrieved object
+ RangerPolicy existingPolicy = getPolicyByGuid(name);
+ policy.setId(existingPolicy.getId());
+ if(StringUtils.isEmpty(policy.getGuid())) {
+ policy.setGuid(existingPolicy.getGuid());
+ }
+
+ return serviceREST.updatePolicy(policy);
+ }
+ */
+
+
+ @DELETE
+ @Path("/api/policy/{id}")
+ public void deletePolicy(@PathParam("id") Long id) {
+ serviceREST.deletePolicy(id);
+ }
+
+ @DELETE
+ @Path("/api/policy")
+ public void deletePolicyByName(@QueryParam("servicename") String serviceName,
+ @QueryParam("policyname") String policyName,
+ @Context HttpServletRequest request) {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PublicAPIsv2.deletePolicyByName(" + serviceName + "," + policyName + ")");
+ }
+
+ if (serviceName == null || policyName == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid service name or policy name", true);
+ }
+ RangerPolicy policy = getPolicyByName(serviceName, policyName, request);
+ serviceREST.deletePolicy(policy.getId());
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PublicAPIsv2.deletePolicyByName(" + serviceName + "," + policyName + ")");
+ }
+ }
+}