You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/16 08:32:24 UTC
incubator-ranger git commit: RANGER-203: 1) URL for few methods in
ServiceREST updated to be consistent 2) plugin-common project updated to read
configuration using existing RangerConfiguration class. 3) Added
ServiceRESTStore, to access service store vi
Repository: incubator-ranger
Updated Branches:
refs/heads/stack fbe800a16 -> 87fffe02e
RANGER-203: 1) URL for few methods in ServiceREST updated to be
consistent 2) plugin-common project updated to read configuration using
existing RangerConfiguration class. 3) Added ServiceRESTStore, to access
service store via REST interface.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/87fffe02
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/87fffe02
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/87fffe02
Branch: refs/heads/stack
Commit: 87fffe02e0e12b58d1e731b6f0b46c4375f1d281
Parents: fbe800a
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Jan 15 23:31:55 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Jan 15 23:31:55 2015 -0800
----------------------------------------------------------------------
plugin-common/pom.xml | 5 +
.../ranger/plugin/service/RangerBasePlugin.java | 19 +-
.../ranger/plugin/store/ServiceStore.java | 6 +-
.../plugin/store/ServiceStoreFactory.java | 14 +-
.../ranger/plugin/store/file/BaseFileStore.java | 3 +-
.../plugin/store/file/ServiceFileStore.java | 109 ++--
.../plugin/store/rest/ServiceRESTStore.java | 565 +++++++++++++++++++
.../ranger/plugin/util/PolicyRefresher.java | 3 +-
.../ranger/plugin/util/RangerRESTClient.java | 376 ++++++++++++
.../ranger/plugin/store/TestServiceStore.java | 8 +-
.../org/apache/ranger/rest/ServiceREST.java | 236 +++++---
.../webapp/scripts/controllers/Controller.js | 2 +-
12 files changed, 1188 insertions(+), 158 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-common/pom.xml b/plugin-common/pom.xml
index 3e1d0bc..0aa4583 100644
--- a/plugin-common/pom.xml
+++ b/plugin-common/pom.xml
@@ -60,5 +60,10 @@
<artifactId>ranger-plugins-audit</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index d27733b..6deea8f 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -19,6 +19,8 @@
package org.apache.ranger.plugin.service;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.store.ServiceStoreFactory;
@@ -34,7 +36,22 @@ public abstract class RangerBasePlugin {
if(!initDone) {
synchronized(this) {
if(! initDone) {
- String serviceName = System.getProperty("ranger.plugin.service.name", "hbasedev"); // TODO: read from configuration
+ String serviceName = null;
+
+ // get the serviceName from download URL: http://ranger-admin-host:port/service/assets/policyList/serviceName
+ String policyDownloadUrl = RangerConfiguration.getInstance().get("xasecure.hdfs.policymgr.url");
+
+ if(! StringUtils.isEmpty(policyDownloadUrl)) {
+ int idx = policyDownloadUrl.lastIndexOf('/');
+
+ if(idx != -1) {
+ serviceName = policyDownloadUrl.substring(idx) + 1;
+ }
+ }
+
+ if(StringUtils.isEmpty(serviceName)) {
+ serviceName = RangerConfiguration.getInstance().get("ranger.plugin.service.name", "hbasedev");
+ }
ServiceStore serviceStore = ServiceStoreFactory.instance().getServiceStore();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
index f986def..8d48305 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
@@ -61,13 +61,11 @@ public interface ServiceStore {
RangerPolicy getPolicy(Long id) throws Exception;
- RangerPolicy getPolicyByName(String serviceName, String policyName) throws Exception;
-
List<RangerPolicy> getAllPolicies() throws Exception;
- List<RangerPolicy> getServicePolicies(String serviceName) throws Exception;
-
List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception;
+ List<RangerPolicy> getServicePolicies(String serviceName) throws Exception;
+
ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
index 7be2311..a2af931 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
@@ -22,6 +22,8 @@ package org.apache.ranger.plugin.store;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.store.file.ServiceFileStore;
+import org.apache.ranger.plugin.store.rest.ServiceRESTStore;
+import org.apache.ranger.plugin.util.RangerRESTClient;
public class ServiceStoreFactory {
@@ -60,8 +62,18 @@ public class ServiceStoreFactory {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceStoreFactory.init()");
}
+
+ boolean useFileStore = true;
+
+ if(useFileStore) {
+ serviceStore = new ServiceFileStore(); // TODO: configurable store implementation
+ } else {
+ RangerRESTClient restClient = new RangerRESTClient("http://172.18.145.30:6080", "");
+ restClient.setBasicAuthInfo("admin", "admin");
+
+ serviceStore = new ServiceRESTStore(restClient);
+ }
- serviceStore = new ServiceFileStore(); // TODO: configurable store implementation
if(LOG.isDebugEnabled()) {
LOG.debug("<== ServiceStoreFactory.init()");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
index 8717495..ea22745 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
@@ -37,6 +37,7 @@ import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.PathFilter;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
@@ -58,7 +59,7 @@ public class BaseFileStore {
protected void init() {
- dataDir = System.getProperty("ranger.policystore.file.dir", "/etc/ranger/data"); // TODO: read from configuration
+ dataDir = RangerConfiguration.getInstance().get("ranger.policystore.file.dir", "/etc/ranger/data");
try {
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
index feac5d4..f5207ef 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
@@ -493,7 +493,7 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore {
throw new Exception("service does not exist - name=" + policy.getService());
}
- RangerPolicy existing = getPolicyByName(policy.getService(), policy.getName());
+ RangerPolicy existing = findPolicyByName(policy.getService(), policy.getName());
if(existing != null) {
throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId());
@@ -547,7 +547,7 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore {
boolean renamed = !StringUtils.equalsIgnoreCase(policy.getName(), existing.getName());
if(renamed) {
- RangerPolicy newNamePolicy = getPolicyByName(service.getName(), policy.getName());
+ RangerPolicy newNamePolicy = findPolicyByName(service.getName(), policy.getName());
if(newNamePolicy != null) {
throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId());
@@ -646,61 +646,44 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore {
}
@Override
- public RangerPolicy getPolicyByName(String serviceName, String policyName) throws Exception {
+ public List<RangerPolicy> getAllPolicies() throws Exception {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + ")");
- }
-
- RangerService service = getServiceByName(serviceName);
-
- if(service == null) {
- throw new Exception("service does not exist - name='" + serviceName);
+ LOG.debug("==> ServiceFileStore.getAllPolicies()");
}
- RangerPolicy ret = null;
+ List<RangerPolicy> ret = null;
try {
- List<RangerPolicy> policies = getAllPolicies();
-
- if(policies != null) {
- for(RangerPolicy policy : policies) {
- if(StringUtils.equals(policy.getService(), service.getName()) &&
- StringUtils.equals(policy.getName(), policyName)) {
- ret = policy;
+ ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class);
- break;
- }
- }
- }
+ nextPolicyId = getMaxId(ret) + 1;
} catch(Exception excp) {
- LOG.error("ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + "): failed to read policies", excp);
+ LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + "): " + ret);
+ LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size()));
}
return ret;
}
@Override
- public List<RangerPolicy> getAllPolicies() throws Exception {
+ public List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getAllPolicies()");
+ LOG.debug("==> ServiceFileStore.getPolicies(" + serviceId + ")");
}
- List<RangerPolicy> ret = null;
-
- try {
- ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class);
+ RangerService service = getService(serviceId);
- nextPolicyId = getMaxId(ret) + 1;
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp);
+ if(service == null) {
+ throw new Exception("service does not exist - id='" + serviceId);
}
+ List<RangerPolicy> ret = getServicePolicies(service.getName());
+
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size()));
+ LOG.debug("<== ServiceFileStore.getPolicies(" + serviceId + "): " + ((ret == null) ? 0 : ret.size()));
}
return ret;
@@ -748,27 +731,6 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore {
}
@Override
- public List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getPolicies(" + serviceId + ")");
- }
-
- RangerService service = getService(serviceId);
-
- if(service == null) {
- throw new Exception("service does not exist - id='" + serviceId);
- }
-
- List<RangerPolicy> ret = getServicePolicies(service.getName());
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getPolicies(" + serviceId + "): " + ((ret == null) ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
@@ -921,6 +883,43 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore {
return ret;
}
+ private RangerPolicy findPolicyByName(String serviceName, String policyName) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + ")");
+ }
+
+ RangerService service = getServiceByName(serviceName);
+
+ if(service == null) {
+ throw new Exception("service does not exist - name='" + serviceName);
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ List<RangerPolicy> policies = getAllPolicies();
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ if(StringUtils.equals(policy.getService(), service.getName()) &&
+ StringUtils.equals(policy.getName(), policyName)) {
+ ret = policy;
+
+ break;
+ }
+ }
+ }
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + "): failed to read policies", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + "): " + ret);
+ }
+
+ return ret;
+ }
+
private boolean isLegacyServiceDef(RangerServiceDef sd) {
return sd == null ? false : (isLegacyServiceDef(sd.getName()) || isLegacyServiceDef(sd.getId()));
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
new file mode 100644
index 0000000..cdb2fa5
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
@@ -0,0 +1,565 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store.rest;
+
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.util.RangerRESTClient;
+import org.apache.ranger.plugin.util.ServicePolicies;
+
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.GenericType;
+import com.sun.jersey.api.client.WebResource;
+
+
+public class ServiceRESTStore implements ServiceStore {
+ private static final Log LOG = LogFactory.getLog(ServiceRESTStore.class);
+
+
+ public final String REST_URL_SERVICEDEF_CREATE = "/service/plugins/definitions";
+ public final String REST_URL_SERVICEDEF_UPDATE = "/service/plugins/definitions/";
+ public final String REST_URL_SERVICEDEF_DELETE = "/service/plugins/definitions/";
+ public final String REST_URL_SERVICEDEF_GET = "/service/plugins/definitions/";
+ public final String REST_URL_SERVICEDEF_GET_BY_NAME = "/service/plugins/definitions/name/";
+ public final String REST_URL_SERVICEDEF_GET_ALL = "/service/plugins/definitions";
+
+ public final String REST_URL_SERVICE_CREATE = "/service/plugins/services";
+ public final String REST_URL_SERVICE_UPDATE = "/service/plugins/services/";
+ public final String REST_URL_SERVICE_DELETE = "/service/plugins/services/";
+ public final String REST_URL_SERVICE_GET = "/service/plugins/services/";
+ public final String REST_URL_SERVICE_GET_BY_NAME = "/service/plugins/services/name/";
+ public final String REST_URL_SERVICE_GET_ALL = "/service/plugins/services";
+
+ public final String REST_URL_POLICY_CREATE = "/service/plugins/policies";
+ public final String REST_URL_POLICY_UPDATE = "/service/plugins/policies/";
+ public final String REST_URL_POLICY_DELETE = "/service/plugins/policies/";
+ public final String REST_URL_POLICY_GET = "/service/plugins/policies/";
+ public final String REST_URL_POLICY_GET_BY_NAME = "/service/plugins/policies/name/";
+ public final String REST_URL_POLICY_GET_ALL = "/service/plugins/policies";
+ public final String REST_URL_POLICY_GET_FOR_SERVICE = "/service/plugins/policies/service/";
+ public final String REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME = "/service/plugins/policies/service/name/";
+
+ public static final String REST_MIME_TYPE_JSON = "application/json" ;
+
+ private RangerRESTClient restClient;
+
+ public ServiceRESTStore(RangerRESTClient restClient) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.ServiceRESTStore(" + restClient + ")");
+ }
+
+ this.restClient = restClient;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.ServiceRESTStore(" + restClient + ")");
+ }
+ }
+
+
+ @Override
+ public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.createServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICEDEF_CREATE);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(serviceDef));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.createServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.updateServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICEDEF_UPDATE + serviceDef.getId());
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(serviceDef));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.updateServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deleteServiceDef(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.deleteServiceDef(" + id + ")");
+ }
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICEDEF_DELETE + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
+
+ if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.deleteServiceDef(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerServiceDef getServiceDef(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServiceDef(" + id + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICEDEF_GET + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServiceDef(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef getServiceDefByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServiceDefByName(" + name + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICEDEF_GET_BY_NAME + name);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServiceDefByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerServiceDef> getAllServiceDefs() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getAllServiceDefs()");
+ }
+
+ List<RangerServiceDef> ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICEDEF_GET_ALL);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerServiceDef>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getAllServiceDefs(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService createService(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.createService(" + service + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICE_CREATE);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(service));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.createService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService updateService(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.updateService(" + service + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICE_UPDATE + service.getId());
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(service));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.updateService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deleteService(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.deleteService(" + id + ")");
+ }
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICE_DELETE + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
+
+ if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.deleteService(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerService getService(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getService(" + id + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICE_GET + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getService(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService getServiceByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServiceByName(" + name + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICE_GET_BY_NAME + name);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServiceByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerService> getAllServices() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getAllServices()");
+ }
+
+ List<RangerService> ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_SERVICE_GET_ALL);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerService>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getAllServices(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.createPolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_POLICY_CREATE);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(policy));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerPolicy.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.createPolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.updatePolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_POLICY_UPDATE + policy.getId());
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(policy));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerPolicy.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.updatePolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deletePolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.deletePolicy(" + id + ")");
+ }
+
+ WebResource webResource = restClient.getResource(REST_URL_POLICY_DELETE + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
+
+ if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.deletePolicy(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerPolicy getPolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getPolicy(" + id + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_POLICY_GET + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerPolicy.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getPolicy(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getAllPolicies() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getAllPolicies()");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_POLICY_GET_ALL);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getAllPolicies(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceId + ")");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_POLICY_GET_FOR_SERVICE + serviceId);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceId + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(String serviceName) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceName + ")");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ WebResource webResource = restClient.getResource(REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME + serviceName);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceName + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public ServicePolicies getServicePoliciesIfUpdated(String serviceName,
+ Long lastKnownVersion) throws Exception {
+ // TODO Auto-generated method stub
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
index 12d616c..146d151 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
@@ -21,6 +21,7 @@ package org.apache.ranger.plugin.util;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.store.ServiceStore;
@@ -46,7 +47,7 @@ public class PolicyRefresher extends Thread {
this.serviceName = serviceName;
this.serviceStore = serviceStore;
- this.pollingIntervalMilliSeconds = 30 * 1000; // TODO: read from configuration
+ this.pollingIntervalMilliSeconds = RangerConfiguration.getInstance().getLong("xasecure.hdfs.policymgr.url.reloadIntervalInMillis", 30 * 1000);
if(LOG.isDebugEnabled()) {
LOG.debug("<== PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
new file mode 100644
index 0000000..cfff4b7
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -0,0 +1,376 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
+import org.apache.ranger.authorization.utils.StringUtil;
+import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
+
+
+public class RangerRESTClient {
+ private static final Log LOG = LogFactory.getLog(RangerRESTClient.class);
+
+ public static final String RANGER_PROP_POLICYMGR_URL = "xasecure.policymgr.url";
+ public static final String RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME = "xasecure.policymgr.sslconfig.filename";
+
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks";
+
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
+
+ public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = "SunX509" ;
+ public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = "SunX509" ;
+ public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "SSL" ;
+
+
+ private String mUrl = null;
+ private String mSslConfigFileName = null;
+ private String mUsername = null;
+ private String mPassword = null;
+ private boolean mIsSSL = false;
+
+ private String mKeyStoreURL = null;
+ private String mKeyStoreAlias = null;
+ private String mKeyStoreFile = null;
+ private String mKeyStoreType = null;
+ private String mTrustStoreURL = null;
+ private String mTrustStoreAlias = null;
+ private String mTrustStoreFile = null;
+ private String mTrustStoreType = null;
+
+ private Gson gsonBuilder = null;
+ private Client client = null;
+
+ public RangerRESTClient() {
+ this(RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_URL),
+ RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME));
+ }
+
+ public RangerRESTClient(String url, String sslConfigFileName) {
+ mUrl = url;
+ mSslConfigFileName = sslConfigFileName;
+
+ init();
+ }
+
+ public String getUrl() {
+ return mUrl;
+ }
+
+ public void setUrl(String url) {
+ this.mUrl = url;
+ }
+
+ public String getUsername() {
+ return mUsername;
+ }
+
+ public String getPassword() {
+ return mPassword;
+ }
+
+ public void setBasicAuthInfo(String username, String password) {
+ mUsername = username;
+ mPassword = password;
+ }
+
+ public WebResource getResource(String relativeUrl) {
+ WebResource ret = getClient().resource(getUrl() + relativeUrl);
+
+ return ret;
+ }
+
+ public String toJson(Object obj) {
+ return gsonBuilder.toJson(obj);
+ }
+
+ public <T> T fromJson(String json, Class<T> cls) {
+ return gsonBuilder.fromJson(json, cls);
+ }
+
+ public Client getClient() {
+ if(client == null) {
+ synchronized(this) {
+ if(client == null) {
+ client = buildClient();
+ }
+ }
+ }
+
+ return client;
+ }
+
+ private Client buildClient() {
+ Client client = null;
+
+ if (mIsSSL) {
+ KeyManager[] kmList = getKeyManagers();
+ TrustManager[] tmList = getTrustManagers();
+ SSLContext sslContext = getSSLContext(kmList, tmList);
+ ClientConfig config = new DefaultClientConfig();
+
+ config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
+
+ HostnameVerifier hv = new HostnameVerifier() {
+ public boolean verify(String urlHostName, SSLSession session) {
+ return session.getPeerHost().equals(urlHostName);
+ }
+ };
+
+ config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
+
+ client = Client.create(config);
+ }
+
+ if(client == null) {
+ ClientConfig config = new DefaultClientConfig();
+
+ config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
+
+ client = Client.create(config);
+ }
+
+ // TODO: for testing only
+ if(!StringUtils.isEmpty(mUsername) || !StringUtils.isEmpty(mPassword)) {
+ client.addFilter(new HTTPBasicAuthFilter(mUsername, mPassword));
+ }
+
+ return client;
+ }
+
+ private void init() {
+ try {
+ gsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").setPrettyPrinting().create();
+ } catch(Throwable excp) {
+ LOG.fatal("RangerRESTClient.init(): failed to create GsonBuilder object", excp);
+ }
+
+ mIsSSL = StringUtil.containsIgnoreCase(mUrl, "https");
+
+ InputStream in = null ;
+
+ try {
+ Configuration conf = new Configuration() ;
+
+ in = getFileInputStream(mSslConfigFileName) ;
+
+ if (in != null) {
+ conf.addResource(in);
+ }
+
+ mKeyStoreURL = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
+ mKeyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
+ mKeyStoreType = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
+ mKeyStoreFile = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE);
+
+ mTrustStoreURL = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
+ mTrustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
+ mTrustStoreType = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
+ mTrustStoreFile = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE);
+ }
+ catch(IOException ioe) {
+ LOG.error("Unable to load SSL Config FileName: [" + mSslConfigFileName + "]", ioe);
+ }
+ finally {
+ close(in, mSslConfigFileName);
+ }
+ }
+
+ private KeyManager[] getKeyManagers() {
+ KeyManager[] kmList = null;
+
+ String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
+
+ if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) {
+ InputStream in = null ;
+
+ try {
+ in = getFileInputStream(mKeyStoreFile) ;
+
+ if (in != null) {
+ KeyStore keyStore = KeyStore.getInstance(mKeyStoreType);
+
+ keyStore.load(in, keyStoreFilepwd.toCharArray());
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
+
+ keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
+
+ kmList = keyManagerFactory.getKeyManagers();
+ } else {
+ LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore", e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is available in the environment", e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification ", e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+ } catch (UnrecoverableKeyException e) {
+ LOG.error("Unable to recover the key from keystore", e);
+ } finally {
+ close(in, mKeyStoreFile);
+ }
+ }
+
+ return kmList;
+ }
+
+ private TrustManager[] getTrustManagers() {
+ TrustManager[] tmList = null;
+
+ String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
+
+ if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
+ InputStream in = null ;
+
+ try {
+ in = getFileInputStream(mTrustStoreFile) ;
+
+ if (in != null) {
+ KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
+
+ trustStore.load(in, trustStoreFilepwd.toCharArray());
+
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
+
+ trustManagerFactory.init(trustStore);
+
+ tmList = trustManagerFactory.getTrustManagers();
+ } else {
+ LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore", e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is available in the environment", e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification ", e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+ } finally {
+ close(in, mTrustStoreFile);
+ }
+ }
+
+ return tmList;
+ }
+
+ private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
+ try {
+ if(kmList != null && tmList != null) {
+ SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
+
+ sslContext.init(kmList, tmList, new SecureRandom());
+
+ return sslContext;
+ }
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is available in the environment", e);
+ } catch (KeyManagementException e) {
+ LOG.error("Unable to initials the SSLContext", e);
+ }
+
+ return null;
+ }
+
+ private String getCredential(String url, String alias) {
+ char[] credStr = RangerCredentialProvider.getInstance().getCredentialString(url, alias);
+
+ return credStr == null ? null : new String(credStr);
+ }
+
+ private InputStream getFileInputStream(String fileName) throws IOException {
+ InputStream in = null ;
+
+ if(! StringUtil.isEmpty(fileName)) {
+ File f = new File(fileName) ;
+
+ if (f.exists()) {
+ in = new FileInputStream(f) ;
+ }
+ else {
+ in = ClassLoader.getSystemResourceAsStream(fileName) ;
+ }
+ }
+
+ return in ;
+ }
+
+ private void close(InputStream str, String filename) {
+ if (str != null) {
+ try {
+ str.close() ;
+ } catch (IOException excp) {
+ LOG.error("Error while closing file: [" + filename + "]", excp) ;
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java b/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
index 722c8a7..d0ef299 100644
--- a/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
+++ b/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
@@ -64,6 +64,8 @@ public class TestServiceStore {
@Test
public void testServiceStore() throws Exception {
+ String updatedName, updatedDescription;
+
List<RangerServiceDef> sds = svcStore.getAllServiceDefs();
int initSdCount = sds == null ? 0 : sds.size();
@@ -76,7 +78,7 @@ public class TestServiceStore {
sds = svcStore.getAllServiceDefs();
assertEquals("createServiceDef() failed", initSdCount + 1, sds == null ? 0 : sds.size());
- String updatedDescription = sd.getDescription() + ": updated";
+ updatedDescription = sd.getDescription() + ": updated";
createdSd.setDescription(updatedDescription);
RangerServiceDef updatedSd = svcStore.updateServiceDef(createdSd);
assertNotNull("updateServiceDef(updatedDescription) failed", updatedSd);
@@ -86,7 +88,7 @@ public class TestServiceStore {
assertEquals("updateServiceDef(updatedDescription) failed", initSdCount + 1, sds == null ? 0 : sds.size());
/*
- String updatedName = sd.getName() + "-Renamed";
+ updatedName = sd.getName() + "-Renamed";
updatedSd.setName(updatedName);
updatedSd = sdMgr.update(updatedSd);
assertNotNull("updateServiceDef(updatedName) failed", updatedSd);
@@ -117,7 +119,7 @@ public class TestServiceStore {
services = svcStore.getAllServices();
assertEquals("updateService(updatedDescription) failed", initServiceCount + 1, services == null ? 0 : services.size());
- String updatedName = serviceName + "-Renamed";
+ updatedName = serviceName + "-Renamed";
updatedSvc.setName(updatedName);
updatedSvc = svcStore.updateService(updatedSvc);
assertNotNull("updateService(updatedName) failed", updatedSvc);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 2ecd347..cfe07d0 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -39,6 +39,7 @@ import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.store.ServiceStoreFactory;
+import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.view.VXResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
@@ -62,6 +63,75 @@ public class ServiceREST {
svcStore = ServiceStoreFactory.instance().getServiceStore();
}
+
+ @POST
+ @Path("/definitions")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.createServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ ret = svcStore.createServiceDef(serviceDef);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.createServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @PUT
+ @Path("/definitions/{id}")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.updateServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ ret = svcStore.updateServiceDef(serviceDef);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.updateServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @DELETE
+ @Path("/definitions/{id}")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteServiceDef(@PathParam("id") Long id) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.deleteServiceDef(" + id + ")");
+ }
+
+ try {
+ svcStore.deleteServiceDef(id);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.deleteServiceDef(" + id + ")");
+ }
+ }
+
@GET
@Path("/definitions/{id}")
@Produces({ "application/json", "application/xml" })
@@ -139,75 +209,73 @@ public class ServiceREST {
return ret;
}
+
@POST
- @Path("/definitions")
+ @Path("/services")
@Produces({ "application/json", "application/xml" })
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
- public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) {
+ public RangerService createService(RangerService service) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.createServiceDef(" + serviceDef + ")");
+ LOG.debug("==> ServiceREST.createService(" + service + ")");
}
- RangerServiceDef ret = null;
+ RangerService ret = null;
try {
- ret = svcStore.createServiceDef(serviceDef);
+ ret = svcStore.createService(service);
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.createServiceDef(" + serviceDef + "): " + ret);
+ LOG.debug("<== ServiceREST.createService(" + service + "): " + ret);
}
return ret;
}
@PUT
- @Path("/definitions")
+ @Path("/services/{id}")
@Produces({ "application/json", "application/xml" })
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
- public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) {
+ public RangerService updateService(RangerService service) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.updateServiceDef(" + serviceDef + ")");
+ LOG.debug("==> ServiceREST.updateService(): " + service);
}
- RangerServiceDef ret = null;
+ RangerService ret = null;
try {
- ret = svcStore.updateServiceDef(serviceDef);
+ ret = svcStore.updateService(service);
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.updateServiceDef(" + serviceDef + "): " + ret);
+ LOG.debug("<== ServiceREST.updateService(" + service + "): " + ret);
}
return ret;
}
@DELETE
- @Path("/definitions/{id}")
+ @Path("/services/{id}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
- public void deleteServiceDef(@PathParam("id") Long id) {
+ public void deleteService(@PathParam("id") Long id) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.deleteServiceDef(" + id + ")");
+ LOG.debug("==> ServiceREST.deleteService(" + id + ")");
}
try {
- svcStore.deleteServiceDef(id);
+ svcStore.deleteService(id);
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.deleteServiceDef(" + id + ")");
+ LOG.debug("<== ServiceREST.deleteService(" + id + ")");
}
}
-
@GET
@Path("/services/{id}")
@Produces({ "application/json", "application/xml" })
@@ -311,96 +379,96 @@ public class ServiceREST {
}
@POST
- @Path("/services")
+ @Path("/services/validateConfig")
@Produces({ "application/json", "application/xml" })
- public RangerService createService(RangerService service) {
+ public VXResponse validateConfig(RangerService service) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.createService(" + service + ")");
+ LOG.debug("==> ServiceREST.validateConfig(" + service + ")");
}
- RangerService ret = null;
+ VXResponse ret = new VXResponse();
try {
- ret = svcStore.createService(service);
+ // TODO: svcStore.validateConfig(service);
} catch(Exception excp) {
- throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ ret.setStatusCode(VXResponse.STATUS_ERROR);
+ // TODO: message
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.createService(" + service + "): " + ret);
+ LOG.debug("<== ServiceREST.validateConfig(" + service + "): " + ret);
}
return ret;
}
- @PUT
- @Path("/services/{id}")
+
+ @POST
+ @Path("/policies")
@Produces({ "application/json", "application/xml" })
- public RangerService updateService(RangerService service) {
+ public RangerPolicy createPolicy(RangerPolicy policy) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.updateService(): " + service);
+ LOG.debug("==> ServiceREST.createPolicy(" + policy + ")");
}
- RangerService ret = null;
+ RangerPolicy ret = null;
try {
- ret = svcStore.updateService(service);
+ ret = svcStore.createPolicy(policy);
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.updateService(" + service + "): " + ret);
+ LOG.debug("<== ServiceREST.createPolicy(" + policy + "): " + ret);
}
return ret;
}
- @DELETE
- @Path("/services/{id}")
+ @PUT
+ @Path("/policies/{id}")
@Produces({ "application/json", "application/xml" })
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
- public void deleteService(@PathParam("id") Long id) {
+ public RangerPolicy updatePolicy(RangerPolicy policy) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.deleteService(" + id + ")");
+ LOG.debug("==> ServiceREST.updatePolicy(" + policy + ")");
}
+ RangerPolicy ret = null;
+
try {
- svcStore.deleteService(id);
+ ret = svcStore.updatePolicy(policy);
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.deleteService(" + id + ")");
+ LOG.debug("<== ServiceREST.updatePolicy(" + policy + "): " + ret);
}
+
+ return ret;
}
- @POST
- @Path("/services/validateConfig")
+ @DELETE
+ @Path("/policies/{id}")
@Produces({ "application/json", "application/xml" })
- public VXResponse validateConfig(RangerService service) {
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deletePolicy(@PathParam("id") Long id) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.validateConfig(" + service + ")");
+ LOG.debug("==> ServiceREST.deletePolicy(" + id + ")");
}
- VXResponse ret = new VXResponse();
-
try {
- // TODO: svcStore.validateConfig(service);
+ svcStore.deletePolicy(id);
} catch(Exception excp) {
- ret.setStatusCode(VXResponse.STATUS_ERROR);
- // TODO: message
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.validateConfig(" + service + "): " + ret);
+ LOG.debug("<== ServiceREST.deletePolicy(" + id + ")");
}
-
- return ret;
}
-
@GET
@Path("/policies/{id}")
@Produces({ "application/json", "application/xml" })
@@ -439,9 +507,7 @@ public class ServiceREST {
List<RangerPolicy> ret = null;
try {
- Long serviceId = Long.parseLong(request.getParameter("serviceId"));
-
- ret = svcStore.getServicePolicies(serviceId);
+ ret = svcStore.getAllPolicies();
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
@@ -479,7 +545,7 @@ public class ServiceREST {
}
@GET
- @Path("/services/{id}/policies")
+ @Path("/policies/service/{id}")
@Produces({ "application/json", "application/xml" })
public List<RangerPolicy> getServicePolicies(@PathParam("id") Long serviceId, @Context HttpServletRequest request) {
if(LOG.isDebugEnabled()) {
@@ -505,69 +571,57 @@ public class ServiceREST {
return ret;
}
- @POST
- @Path("/policies")
+ @GET
+ @Path("/policies/service/name/{name}")
@Produces({ "application/json", "application/xml" })
- public RangerPolicy createPolicy(RangerPolicy policy) {
+ public List<RangerPolicy> getServicePolicies(@PathParam("name") String serviceName, @Context HttpServletRequest request) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.createPolicy(" + policy + ")");
+ LOG.debug("==> ServiceREST.getServicePolicies(" + serviceName + ")");
}
- RangerPolicy ret = null;
+ List<RangerPolicy> ret = null;
try {
- ret = svcStore.createPolicy(policy);
+ ret = svcStore.getServicePolicies(serviceName);
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.createPolicy(" + policy + "): " + ret);
+ LOG.debug("<== ServiceREST.getServicePolicies(" + serviceName + "): count=" + (ret == null ? 0 : ret.size()));
}
return ret;
}
- @PUT
- @Path("/policies")
+ @GET
+ @Path("/policies/service/name/{name}/{lastKnownVersion}")
@Produces({ "application/json", "application/xml" })
- public RangerPolicy updatePolicy(RangerPolicy policy) {
+ public ServicePolicies getServicePoliciesIfUpdated(@PathParam("name") String serviceName, @PathParam("lastKnownVersion") Long lastKnownVersion) throws Exception {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.updatePolicy(" + policy + ")");
+ LOG.debug("==> ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
}
- RangerPolicy ret = null;
+ ServicePolicies ret = null;
try {
- ret = svcStore.updatePolicy(policy);
+ ret = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
} catch(Exception excp) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.updatePolicy(" + policy + "): " + ret);
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
}
- return ret;
- }
-
- @DELETE
- @Path("/policies/{id}")
- @Produces({ "application/json", "application/xml" })
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
- public void deletePolicy(@PathParam("id") Long id) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.deletePolicy(" + id + ")");
+ LOG.debug("<== ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
- try {
- svcStore.deletePolicy(id);
- } catch(Exception excp) {
- throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.deletePolicy(" + id + ")");
- }
+ return ret;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/87fffe02/security-admin/src/main/webapp/scripts/controllers/Controller.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index 9dc44b5..b58a632 100644
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -687,7 +687,7 @@ define(function(require) {
'serviceId' : serviceId
}
});*/
- rangerPolicyList.url = "service/plugins/services/"+serviceId+"/policies"
+ rangerPolicyList.url = "service/plugins/policies/service/"+serviceId
rangerService.fetch({
cache : false,