You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/09/25 12:44:39 UTC
[ranger] branch master updated: RANGER: 2555 Enhancements in Ranger
plugins to support Ranger HA without load-balancer
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 4624da1 RANGER: 2555 Enhancements in Ranger plugins to support Ranger HA without load-balancer
4624da1 is described below
commit 4624da1f47242715865a5197ecd1f0d5adb62617
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Tue Sep 24 10:42:08 2019 +0530
RANGER: 2555 Enhancements in Ranger plugins to support Ranger HA without load-balancer
Signed-off-by: Pradeep <pr...@apache.org>
---
.../ranger/admin/client/RangerAdminRESTClient.java | 246 +++++++++++++--------
.../ranger/plugin/util/RangerRESTClient.java | 194 +++++++++++++++-
.../admin/client/RangerAdminJersey2RESTClient.java | 152 ++++++++-----
.../tagsync/sink/tagadmin/TagAdminRESTSink.java | 84 +++----
4 files changed, 463 insertions(+), 213 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index 62d5776..01ee945 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -22,7 +22,6 @@
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.GenericType;
-import com.sun.jersey.api.client.WebResource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -40,7 +39,9 @@ import java.io.UnsupportedEncodingException;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.security.PrivilegedAction;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
public class RangerAdminRESTClient extends AbstractRangerAdminClient {
private static final Log LOG = LogFactory.getLog(RangerAdminRESTClient.class);
@@ -119,19 +120,27 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
final ClientResponse response;
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion));
+ queryParams.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis));
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
+ queryParams.put(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName);
+ queryParams.put(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, supportsPolicyDeltas);
+
if (isSecureMode) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated as user : " + user);
}
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId)
- .queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName)
- .queryParam(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, supportsPolicyDeltas);
- return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
+ ClientResponse clientRes = null;
+ String relativeURL = RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceNameUrlParam;
+ try {
+ clientRes = restClient.get(relativeURL, queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientRes;
}
};
response = user.doAs(action);
@@ -139,13 +148,8 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated with old api call");
}
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId)
- .queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, clusterName)
- .queryParam(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, supportsPolicyDeltas);
- response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
+ String relativeURL = RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceNameUrlParam;
+ response = restClient.get(relativeURL, queryParams);
}
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
@@ -195,13 +199,21 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE;
+
+ Map <String, String> queryParams = new HashMap<String, String> ();
+ queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE)
- .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
+ ClientResponse clientRes = null;
+ try {
+ clientRes = restClient.post(relativeURL, queryParams, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientRes;
}
};
if (LOG.isDebugEnabled()) {
@@ -209,8 +221,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
+ response = restClient.post(relativeURL, queryParams, request);
}
if(response != null && response.getStatus() != HttpServletResponse.SC_OK) {
@@ -244,13 +255,22 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
+ queryParams.put(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
+
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_DROP_ROLE + roleName;
+
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_DROP_ROLE + roleName)
- .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).delete(ClientResponse.class);
+ ClientResponse clientRes = null;
+ try {
+ clientRes = restClient.delete(relativeURL, queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientRes;
}
};
if (LOG.isDebugEnabled()) {
@@ -258,9 +278,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_DROP_ROLE + roleName)
- .queryParam(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).delete(ClientResponse.class);
+ response = restClient.delete(relativeURL, queryParams);
}
if(response == null) {
throw new Exception("unknown error during deleteRole. roleName=" + roleName);
@@ -291,12 +309,18 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_USER_ROLES + execUser;
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GET_USER_ROLES + execUser);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+ ClientResponse clientRes = null;
+ try {
+ clientRes = restClient.get(relativeURL, null);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientRes;
}
};
if (LOG.isDebugEnabled()) {
@@ -304,8 +328,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GET_USER_ROLES + execUser);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+ response = restClient.get(relativeURL, null);
}
if(response != null) {
if (response.getStatus() != HttpServletResponse.SC_OK) {
@@ -341,14 +364,22 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_ALL_ROLES;
+
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
+ queryParams.put(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GET_ALL_ROLES)
- .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+ ClientResponse clientRes = null;
+ try {
+ clientRes = restClient.get(relativeURL, queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientRes;
}
};
if (LOG.isDebugEnabled()) {
@@ -356,9 +387,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GET_ALL_ROLES)
- .queryParam(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+ response = restClient.get(relativeURL, queryParams);
}
if(response != null) {
if (response.getStatus() != HttpServletResponse.SC_OK) {
@@ -393,14 +422,22 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_ROLE_INFO + roleName;
+
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
+ queryParams.put(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GET_ROLE_INFO + roleName)
- .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+ ClientResponse clientResp = null;
+ try {
+ clientResp = restClient.get(relativeURL, queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientResp;
}
};
if (LOG.isDebugEnabled()) {
@@ -408,9 +445,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GET_ROLE_INFO + roleName)
- .queryParam(RangerRESTUtils.REST_PARAM_EXEC_USER, execUser);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+ response = restClient.get(relativeURL, queryParams);
}
if(response != null) {
if (response.getStatus() != HttpServletResponse.SC_OK) {
@@ -445,13 +480,18 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GRANT_ROLE + serviceNameUrlParam;
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ROLE + serviceNameUrlParam);
- //.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).put(ClientResponse.class, restClient.toJson(request));
+ ClientResponse clientResp = null;
+ try {
+ clientResp = restClient.put(relativeURL, null, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientResp;
}
};
if (LOG.isDebugEnabled()) {
@@ -459,9 +499,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ROLE + serviceNameUrlParam);
- //.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).put(ClientResponse.class, restClient.toJson(request));
+ response = restClient.put(relativeURL, null, request);
}
if(response != null && response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
@@ -490,13 +528,18 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_REVOKE_ROLE + serviceNameUrlParam;
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ROLE + serviceNameUrlParam);
- //.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).put(ClientResponse.class, restClient.toJson(request));
+ ClientResponse clientResp = null;
+ try {
+ clientResp = restClient.put(relativeURL, null, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientResp;
}
};
if (LOG.isDebugEnabled()) {
@@ -504,9 +547,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ROLE + serviceNameUrlParam);
- //.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).put(ClientResponse.class, restClient.toJson(request));
+ response = restClient.put(relativeURL, null, request);
}
if(response != null && response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
@@ -536,12 +577,20 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
+
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
+ String relativeURL = RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceNameUrlParam;
+ ClientResponse clientResp = null;
+ try {
+ clientResp = restClient.post(relativeURL, queryParams, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientResp;
}
};
if (LOG.isDebugEnabled()) {
@@ -549,9 +598,8 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceNameUrlParam;
+ response = restClient.post(relativeURL, queryParams, request);
}
if(response != null && response.getStatus() != HttpServletResponse.SC_OK) {
RESTResponse resp = RESTResponse.fromClientResponse(response);
@@ -581,12 +629,20 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
+
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
+ String relativeURL = RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceNameUrlParam;
+ ClientResponse clientResp = null;
+ try {
+ clientResp = restClient.post(relativeURL, queryParams, request);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientResp;
}
};
if (LOG.isDebugEnabled()) {
@@ -594,9 +650,8 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceNameUrlParam;
+ response = restClient.post(relativeURL, queryParams, request);
}
if(response != null && response.getStatus() != HttpServletResponse.SC_OK) {
@@ -631,12 +686,6 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
}
- private WebResource createWebResource(String url) {
- WebResource ret = restClient.getResource(url);
-
- return ret;
- }
-
@Override
public ServiceTags getServiceTagsIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
if(LOG.isDebugEnabled()) {
@@ -645,18 +694,25 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ServiceTags ret = null;
ClientResponse response = null;
- WebResource webResource = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion));
+ queryParams.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis));
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
+
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
+ String relativeURL = RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceNameUrlParam;
+ ClientResponse clientResp = null;
+ try {
+ clientResp = restClient.get(relativeURL, queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientResp;
}
};
if (LOG.isDebugEnabled()) {
@@ -664,11 +720,8 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- webResource = createWebResource(RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceNameUrlParam)
- .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
- response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
+ String relativeURL = RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceNameUrlParam;
+ response = restClient.get(relativeURL, queryParams);
}
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
@@ -720,15 +773,22 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
- final WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES)
- .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam)
- .queryParam(RangerRESTUtils.PATTERN_PARAM, pattern);
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
+ queryParams.put(RangerRESTUtils.PATTERN_PARAM, pattern);
+ String relativeURL = RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES;
ClientResponse response = null;
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
- return webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
+ ClientResponse clientResp = null;
+ try {
+ clientResp = restClient.get(relativeURL, queryParams);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
+ return clientResp;
}
};
if (LOG.isDebugEnabled()) {
@@ -736,16 +796,14 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
}
response = user.doAs(action);
} else {
- response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
+ response = restClient.get(relativeURL, queryParams);
}
if(response != null && response.getStatus() == HttpServletResponse.SC_OK) {
ret = response.getEntity(getGenericType(emptyString));
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
- LOG.error("Error getting tags. request=" + webResource
- + ", response=" + resp + ", serviceName=" + serviceName
- + ", " + "pattern=" + pattern);
+ LOG.error("Error getting tags. response=" + resp + ", serviceName=" + serviceName + ", " + "pattern=" + pattern);
throw new Exception(resp.getMessage());
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
index ef9e5ae..ef5f1d5 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -31,6 +31,11 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
@@ -39,6 +44,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.ws.rs.core.Cookie;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
@@ -46,12 +52,13 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
-import org.apache.ranger.authorization.utils.StringUtil;
import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientHandlerException;
+import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
@@ -102,6 +109,9 @@ public class RangerRESTClient {
private int mRestClientConnTimeOutMs;
private int mRestClientReadTimeOutMs;
+ private int lastKnownActiveUrlIndex;
+ private final List<String> configuredURLs;
+
public RangerRESTClient() {
this(RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_URL),
RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME));
@@ -110,7 +120,8 @@ public class RangerRESTClient {
public RangerRESTClient(String url, String sslConfigFileName) {
mUrl = url;
mSslConfigFileName = sslConfigFileName;
-
+ this.configuredURLs = getURLs(mUrl);
+ this.lastKnownActiveUrlIndex = (new Random()).nextInt(configuredURLs.size());
init();
}
@@ -210,7 +221,7 @@ public class RangerRESTClient {
client = Client.create(config);
}
- if(!StringUtils.isEmpty(mUsername) && !StringUtils.isEmpty(mPassword)) {
+ if(StringUtils.isNotEmpty(mUsername) && StringUtils.isNotEmpty(mPassword)) {
client.addFilter(new HTTPBasicAuthFilter(mUsername, mPassword));
}
@@ -232,7 +243,7 @@ public class RangerRESTClient {
LOG.fatal("RangerRESTClient.init(): failed to create GsonBuilder object", excp);
}
- mIsSSL = StringUtil.containsIgnoreCase(mUrl, "https");
+ mIsSSL = StringUtils.containsIgnoreCase(mUrl, "https");
if (mIsSSL) {
@@ -270,7 +281,7 @@ public class RangerRESTClient {
String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
- if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) {
+ if (StringUtils.isNotEmpty(mKeyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
InputStream in = null;
try {
@@ -321,7 +332,7 @@ public class RangerRESTClient {
String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
- if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
+ if (StringUtils.isNotEmpty(mTrustStoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) {
InputStream in = null;
try {
@@ -388,7 +399,7 @@ public class RangerRESTClient {
private InputStream getFileInputStream(String fileName) throws IOException {
InputStream in = null;
- if(! StringUtil.isEmpty(fileName)) {
+ if(StringUtils.isNotEmpty(fileName)) {
File f = new File(fileName);
if (f.exists()) {
@@ -411,4 +422,173 @@ public class RangerRESTClient {
}
}
}
+
+ public ClientResponse get(String relativeUrl, Map<String, String> params) throws Exception {
+ ClientResponse finalResponse = null;
+ int startIndex = this.lastKnownActiveUrlIndex;
+ int currentIndex = 0;
+
+ for (int index = 0; index < configuredURLs.size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % configuredURLs.size();
+
+ WebResource webResource = getClient().resource(configuredURLs.get(currentIndex) + relativeUrl);
+ webResource = setQueryParams(webResource, params);
+
+ finalResponse = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if (finalResponse != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException ex) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + configuredURLs.get(currentIndex));
+ processException(index, ex);
+ }
+ }
+ return finalResponse;
+ }
+
+ public ClientResponse post(String relativeUrl, Map<String, String> params, Object obj) throws Exception {
+ ClientResponse finalResponse = null;
+ int startIndex = this.lastKnownActiveUrlIndex;
+ int currentIndex = 0;
+
+ for (int index = 0; index < configuredURLs.size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % configuredURLs.size();
+
+ WebResource webResource = getClient().resource(configuredURLs.get(currentIndex) + relativeUrl);
+ webResource = setQueryParams(webResource, params);
+ finalResponse = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_MIME_TYPE_JSON).post(ClientResponse.class, toJson(obj));
+ if (finalResponse != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException ex) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + configuredURLs.get(currentIndex));
+ processException(index, ex);
+ }
+ }
+ return finalResponse;
+ }
+
+ public ClientResponse delete(String relativeUrl, Map<String, String> params) throws Exception {
+ ClientResponse finalResponse = null;
+ int startIndex = this.lastKnownActiveUrlIndex;
+ int currentIndex = 0;
+
+ for (int index = 0; index < configuredURLs.size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % configuredURLs.size();
+
+ WebResource webResource = getClient().resource(configuredURLs.get(currentIndex) + relativeUrl);
+ webResource = setQueryParams(webResource, params);
+
+ finalResponse = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_MIME_TYPE_JSON).delete(ClientResponse.class);
+ if (finalResponse != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException ex) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + configuredURLs.get(currentIndex));
+ processException(index, ex);
+ }
+ }
+ return finalResponse;
+ }
+
+ public ClientResponse put(String relativeUrl, Map<String, String> params, Object obj) throws Exception {
+ ClientResponse finalResponse = null;
+ int startIndex = this.lastKnownActiveUrlIndex;
+ int currentIndex = 0;
+ for (int index = 0; index < configuredURLs.size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % configuredURLs.size();
+
+ WebResource webResource = getClient().resource(configuredURLs.get(currentIndex) + relativeUrl);
+ webResource = setQueryParams(webResource, params);
+ finalResponse = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_MIME_TYPE_JSON).put(ClientResponse.class, toJson(obj));
+ if (finalResponse != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException ex) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + configuredURLs.get(currentIndex));
+ processException(index, ex);
+ }
+ }
+ return finalResponse;
+ }
+
+ public ClientResponse put(String relativeURL, Object request, Cookie sessionId) throws Exception {
+ ClientResponse response = null;
+ int startIndex = this.lastKnownActiveUrlIndex;
+ int currentIndex = 0;
+
+ for (int index = 0; index < configuredURLs.size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % configuredURLs.size();
+
+ WebResource webResource = createWebResourceForCookieAuth(currentIndex, relativeURL);
+ WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
+ response = br.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_MIME_TYPE_JSON)
+ .put(ClientResponse.class, toJson(request));
+ if (response != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ClientHandlerException e) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + configuredURLs.get(currentIndex));
+ processException(index, e);
+ }
+ }
+ return response;
+ }
+
+
+ public static List<String> getURLs(String configURLs) {
+ List<String> configuredURLs = new ArrayList<>();
+ if(configURLs!=null) {
+ String[] urls = configURLs.split(",");
+ for (String strUrl : urls) {
+ if (StringUtils.isNotEmpty(StringUtils.trimToEmpty(strUrl))) {
+ if (strUrl.endsWith("/")) {
+ strUrl = strUrl.substring(0, strUrl.length() - 1);
+ }
+ configuredURLs.add(strUrl);
+ }
+ }
+ }
+ return configuredURLs;
+ }
+
+ private static WebResource setQueryParams(WebResource webResource, Map<String, String> params) {
+ WebResource ret = webResource;
+ if (webResource != null && params != null) {
+ Set<Map.Entry<String, String>> entrySet= params.entrySet();
+ for (Map.Entry<String, String> entry : entrySet) {
+ ret = ret.queryParam(entry.getKey(), entry.getValue());
+ }
+ }
+ return ret;
+ }
+
+ private void setLastKnownActiveUrlIndex(int lastKnownActiveUrlIndex) {
+ this.lastKnownActiveUrlIndex = lastKnownActiveUrlIndex;
+ }
+
+ private WebResource createWebResourceForCookieAuth(int currentIndex, String relativeURL) {
+ Client cookieClient = getClient();
+ cookieClient.removeAllFilters();
+ WebResource ret = cookieClient.resource(configuredURLs.get(currentIndex) + relativeURL);
+ return ret;
+ }
+
+ private void processException(int index, ClientHandlerException e) throws Exception {
+ if (index == configuredURLs.size() - 1) {
+ LOG.error("Failed to communicate with all Ranger Admin's URL's : [ " + configuredURLs + " ]");
+ throw e;
+ }
+ }
}
diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index f57012e..db16d73 100644
--- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -22,13 +22,19 @@ package org.apache.ranger.admin.client;
import java.lang.reflect.Type;
import java.security.PrivilegedAction;
import java.util.Date;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
+import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -49,6 +55,7 @@ import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.JsonParseException;
+import com.sun.jersey.api.client.ClientHandlerException;
public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
@@ -68,6 +75,8 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
String _pluginId = null;
int _restClientConnTimeOutMs;
int _restClientReadTimeOutMs;
+ private int lastKnownActiveUrlIndex;
+ private List<String> configURLs;
@Override
public void init(String serviceName, String appId, String configPropertyPrefix) {
@@ -90,14 +99,11 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
_supportsPolicyDeltas = "false";
}
- if (!StringUtils.isEmpty(tmpUrl)) {
- _baseUrl = tmpUrl.trim();
- if (_baseUrl.endsWith("/")) {
- _baseUrl = _baseUrl.substring(0, _baseUrl.length() - 1);
- }
- }
+ configURLs = RangerRESTClient.getURLs(tmpUrl);
+ this.lastKnownActiveUrlIndex = new Random().nextInt(configURLs.size());
+ _baseUrl = configURLs.get(this.lastKnownActiveUrlIndex);
_isSSL = _utils.isSsl(_baseUrl);
- LOG.info("Init params: " + String.format("Base URL[%s], SSL Congig filename[%s], ServiceName=[%s], SupportsPolicyDeltas=[%s]", _baseUrl, _sslConfigFileName, _serviceName, _supportsPolicyDeltas));
+ LOG.info("Init params: " + String.format("Base URL[%s], SSL Config filename[%s], ServiceName=[%s], SupportsPolicyDeltas=[%s], ConfigURLs=[%s]", _baseUrl, _sslConfigFileName, _serviceName, _supportsPolicyDeltas, configURLs));
_client = getClient();
_client.property(ClientProperties.CONNECT_TIMEOUT, _restClientConnTimeOutMs);
@@ -117,26 +123,26 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
- String url = null;
+ String relativeURL = null;
ServicePolicies servicePolicies = null;
Response response = null;
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion));
+ queryParams.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis));
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId);
+ queryParams.put(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, _clusterName);
+ queryParams.put(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, _supportsPolicyDeltas);
+
if (isSecureMode) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated as user : " + user);
}
- url = _utils.getSecureUrlForPolicyUpdate(_baseUrl, _serviceName);
- final String secureUrl = url;
+ relativeURL = RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + _serviceName;
+ final String secureRelativeUrl = relativeURL;
PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
public Response run() {
- return _client.target(secureUrl)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, _clusterName)
- .queryParam(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, _supportsPolicyDeltas)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ return get(queryParams, secureRelativeUrl);
}
};
response = user.doAs(action);
@@ -144,15 +150,8 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated with old api call");
}
- url = _utils.getUrlForPolicyUpdate(_baseUrl, _serviceName);
- response = _client.target(url)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .queryParam(RangerRESTUtils.REST_PARAM_CLUSTER_NAME, _clusterName)
- .queryParam(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, _supportsPolicyDeltas)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ relativeURL = RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + _serviceName;
+ response = get(queryParams, relativeURL);
}
int httpResponseCode = response == null ? -1 : response.getStatus();
@@ -191,7 +190,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
}
default:
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url));
+ LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, relativeURL));
break;
}
@@ -208,11 +207,12 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
}
- String url = _utils.getUrlForGrantAccess(_baseUrl, _serviceName);
- Response response = _client.target(url)
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId);
+
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + _serviceName;
+ Response response = get(queryParams, relativeURL);
+
int httpResponseCode = response == null ? -1 : response.getStatus();
switch(httpResponseCode) {
@@ -226,7 +226,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
throw new AccessControlException();
default:
String body = response.readEntity(String.class);
- String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url);
+ String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, relativeURL);
LOG.warn(message);
throw new Exception("HTTP status: " + httpResponseCode);
}
@@ -243,11 +243,12 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
}
- String url = _utils.getUrlForRevokeAccess(_baseUrl, _serviceName);
- Response response = _client.target(url)
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId);
+
+ String relativeURL = RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + _serviceName;
+ Response response = get(queryParams, relativeURL);
+
int httpResponseCode = response == null ? -1 : response.getStatus();
switch(httpResponseCode) {
@@ -261,7 +262,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
throw new AccessControlException();
default:
String body = response.readEntity(String.class);
- String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url);
+ String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, relativeURL);
LOG.warn(message);
throw new Exception("HTTP status: " + httpResponseCode);
}
@@ -280,23 +281,24 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
UserGroupInformation user = MiscUtil.getUGILoginUser();
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
- String url = null;
+ Map<String, String> queryParams = new HashMap<String, String>();
+ queryParams.put(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion));
+ queryParams.put(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis));
+ queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId);
+ queryParams.put(RangerRESTUtils.REST_PARAM_SUPPORTS_POLICY_DELTAS, _supportsPolicyDeltas);
+
+ String relativeURL = null;
ServiceTags serviceTags = null;
Response response = null;
if (isSecureMode) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service tags if updated as user : " + user);
}
- url = _utils.getSecureUrlForTagUpdate(_baseUrl, _serviceName);
- final String secureUrl = url;
+ relativeURL = RangerRESTUtils.REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + _serviceName;
+ final String secureRelativeURLUrl = relativeURL;
PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
public Response run() {
- return _client.target(secureUrl)
- .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ return get(queryParams, secureRelativeURLUrl);
}
};
response = user.doAs(action);
@@ -304,13 +306,8 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service tags if updated with old api call");
}
- url = _utils.getUrlForTagUpdate(_baseUrl, _serviceName);
- response = _client.target(url)
- .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ relativeURL = RangerRESTUtils.REST_URL_GET_SERVICE_TAGS_IF_UPDATED + _serviceName;
+ response = get(queryParams, relativeURL);
}
int httpResponseCode = response == null ? -1 : response.getStatus();
@@ -348,7 +345,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
break;
default:
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url));
+ LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, relativeURL));
break;
}
@@ -422,4 +419,45 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
return _client;
}
+
+ private Response get(Map<String, String> queyParams, String relativeURL) {
+ Response response = null;
+ int startIndex = this.lastKnownActiveUrlIndex;
+ int currentIndex = 0;
+
+ for (int index = 0; index < configURLs.size(); index++) {
+ try {
+ currentIndex = (startIndex + index) % configURLs.size();
+
+ WebTarget target = _client.target(configURLs.get(currentIndex) + relativeURL);
+ response = setQueryParams(target, queyParams).request(MediaType.APPLICATION_JSON_TYPE).get();
+ if (response != null) {
+ setLastKnownActiveUrlIndex(currentIndex);
+ break;
+ }
+ } catch (ProcessingException e) {
+ LOG.warn("Failed to communicate with Ranger Admin, URL : " + configURLs.get(currentIndex));
+ if (index == configURLs.size() - 1) {
+ throw new ClientHandlerException(
+ "Failed to communicate with all Ranger Admin's URL's : [ " + configURLs + " ]");
+ }
+ }
+ }
+ return response;
+ }
+
+ private static WebTarget setQueryParams(WebTarget target, Map<String, String> params) {
+ WebTarget ret = target;
+ if (target != null && params != null) {
+ Set<Map.Entry<String, String>> entrySet = params.entrySet();
+ for (Map.Entry<String, String> entry : entrySet) {
+ ret = ret.queryParam(entry.getKey(), entry.getValue());
+ }
+ }
+ return ret;
+ }
+
+ private void setLastKnownActiveUrlIndex(int lastKnownActiveUrlIndex) {
+ this.lastKnownActiveUrlIndex = lastKnownActiveUrlIndex;
+ }
}
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
index 331f783..062c5e3 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
@@ -19,34 +19,30 @@
package org.apache.ranger.tagsync.sink.tagadmin;
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.WebResource;
+import java.io.IOException;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Cookie;
+import javax.ws.rs.core.NewCookie;
-import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.admin.client.datatype.RESTResponse;
-import org.apache.ranger.tagsync.model.TagSink;
-import com.sun.jersey.api.client.Client;
-import javax.ws.rs.core.Cookie;
-import javax.ws.rs.core.NewCookie;
-import java.util.ArrayList;
-import java.util.List;
import org.apache.ranger.plugin.util.RangerRESTClient;
-import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServiceTags;
+import org.apache.ranger.tagsync.model.TagSink;
import org.apache.ranger.tagsync.process.TagSyncConfig;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.security.PrivilegedAction;
-import java.util.Map;
-import java.util.Properties;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.BlockingQueue;
-import java.util.concurrent.LinkedBlockingQueue;
+import com.sun.jersey.api.client.ClientResponse;
public class TagAdminRESTSink implements TagSink, Runnable {
private static final Log LOG = LogFactory.getLog(TagAdminRESTSink.class);
@@ -54,8 +50,6 @@ public class TagAdminRESTSink implements TagSink, Runnable {
private static final String REST_PREFIX = "/service";
private static final String MODULE_PREFIX = "/tags";
- private static final String REST_MIME_TYPE_JSON = "application/json";
-
private static final String REST_URL_IMPORT_SERVICETAGS_RESOURCE = REST_PREFIX + MODULE_PREFIX + "/importservicetags/";
private long rangerAdminConnectionCheckInterval;
@@ -193,8 +187,7 @@ public class TagAdminRESTSink implements TagSink, Runnable {
if (isRangerCookieEnabled) {
response = uploadServiceTagsUsingCookie(serviceTags);
} else {
- WebResource webResource = createWebResource(REST_URL_IMPORT_SERVICETAGS_RESOURCE);
- response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, tagRESTClient.toJson(serviceTags));
+ response = tagRESTClient.put(REST_URL_IMPORT_SERVICETAGS_RESOURCE, null, serviceTags);
}
if(response == null || response.getStatus() != HttpServletResponse.SC_NO_CONTENT) {
@@ -268,9 +261,13 @@ public class TagAdminRESTSink implements TagSink, Runnable {
private synchronized ClientResponse uploadTagsWithCred(ServiceTags serviceTags) {
if (sessionId == null) {
tagRESTClient.resetClient();
- WebResource webResource = createWebResource(REST_URL_IMPORT_SERVICETAGS_RESOURCE);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class,
- tagRESTClient.toJson(serviceTags));
+
+ ClientResponse response = null;
+ try {
+ response = tagRESTClient.put(REST_URL_IMPORT_SERVICETAGS_RESOURCE, null, serviceTags);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
if (response != null) {
if (!(response.toString().contains(REST_URL_IMPORT_SERVICETAGS_RESOURCE))) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
@@ -306,10 +303,13 @@ public class TagAdminRESTSink implements TagSink, Runnable {
if (LOG.isDebugEnabled()) {
LOG.debug("==> uploadTagsWithCookie");
}
- WebResource webResource = createWebResourceForCookieAuth(REST_URL_IMPORT_SERVICETAGS_RESOURCE);
- WebResource.Builder br = webResource.getRequestBuilder().cookie(sessionId);
- ClientResponse response = br.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class,
- tagRESTClient.toJson(serviceTags));
+
+ ClientResponse response = null;
+ try {
+ response = tagRESTClient.put(REST_URL_IMPORT_SERVICETAGS_RESOURCE, serviceTags, sessionId);
+ } catch (Exception e) {
+ LOG.error("Failed to get response, Error is : "+e.getMessage());
+ }
if (response != null) {
if (!(response.toString().contains(REST_URL_IMPORT_SERVICETAGS_RESOURCE))) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
@@ -331,32 +331,6 @@ public class TagAdminRESTSink implements TagSink, Runnable {
return response;
}
- private WebResource createWebResource(String url) {
- return createWebResource(url, null);
- }
-
- private WebResource createWebResource(String url, SearchFilter filter) {
- WebResource ret = tagRESTClient.getResource(url);
-
- if(filter != null && !MapUtils.isEmpty(filter.getParams())) {
- for(Map.Entry<String, String> e : filter.getParams().entrySet()) {
- String name = e.getKey();
- String value = e.getValue();
-
- ret.queryParam(name, value);
- }
- }
-
- return ret;
- }
-
- private WebResource createWebResourceForCookieAuth(String url) {
- Client cookieClient = tagRESTClient.getClient();
- cookieClient.removeAllFilters();
- WebResource ret = cookieClient.resource(tagRESTClient.getUrl() + url);
- return ret;
- }
-
@Override
public boolean start() {