You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2017/01/28 02:17:48 UTC
[1/2] [ranger] Git Push Summary
Repository: ranger
Updated Branches:
refs/heads/master 8f9fec37b -> 16f481ba8
[2/2] ranger git commit: RANGER-1329: update Ranger plugin handling
of service-not-found error
Posted by ma...@apache.org.
RANGER-1329: update Ranger plugin handling of service-not-found error
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/16f481ba
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/16f481ba
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/16f481ba
Branch: refs/heads/master
Commit: 16f481ba888077acb4daf5705896a8318aa6a24e
Parents: 8f9fec3
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Thu Jan 26 16:16:54 2017 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Jan 27 18:17:37 2017 -0800
----------------------------------------------------------------------
.../ranger/admin/client/RangerAdminClient.java | 1 +
.../admin/client/RangerAdminRESTClient.java | 99 +++++---
.../RangerAdminTagRetriever.java | 7 +-
.../RangerFileBasedTagRetriever.java | 4 +-
.../contextenricher/RangerTagEnricher.java | 136 +++++++----
.../contextenricher/RangerTagRetriever.java | 2 +-
.../ranger/plugin/service/RangerBasePlugin.java | 14 +-
.../ranger/plugin/util/PolicyRefresher.java | 94 ++++++--
.../util/RangerServiceNotFoundException.java | 38 ++++
.../client/RangerAdminJersey2RESTClient.java | 225 ++++++++++---------
.../RangerPluginClassLoaderUtil.java | 4 +
.../java/org/apache/ranger/biz/AssetMgr.java | 63 ++++--
.../java/org/apache/ranger/biz/TagDBStore.java | 9 +-
.../org/apache/ranger/common/RESTErrorUtil.java | 2 +-
.../org/apache/ranger/common/ServiceUtil.java | 13 +-
.../org/apache/ranger/rest/ServiceREST.java | 106 +++++----
.../java/org/apache/ranger/rest/TagREST.java | 60 ++---
.../resources/META-INF/jpa_named_queries.xml | 4 +-
.../org/apache/ranger/rest/TestServiceREST.java | 11 +-
.../org/apache/ranger/rest/TestTagREST.java | 12 +-
20 files changed, 581 insertions(+), 323 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
index 6755e15..683d53b 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
@@ -28,6 +28,7 @@ import java.util.List;
public interface RangerAdminClient {
+
void init(String serviceName, String appId, String configPropertyPrefix);
ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception;
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index 646004a..bcb07d7 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -34,9 +34,11 @@ import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerRESTClient;
import org.apache.ranger.plugin.util.RangerRESTUtils;
+import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
+import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.security.PrivilegedAction;
@@ -81,7 +83,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
String sslConfigFileName = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.ssl.config.file");
int restClientConnTimeOutMs = RangerConfiguration.getInstance().getInt(propertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000);
int restClientReadTimeOutMs = RangerConfiguration.getInstance().getInt(propertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000);
-
+
init(url, sslConfigFileName, restClientConnTimeOutMs , restClientReadTimeOutMs);
}
@@ -97,37 +99,56 @@ public class RangerAdminRESTClient implements RangerAdminClient {
ClientResponse response = null;
if (isSecureMode) {
- if(LOG.isDebugEnabled()) {
+ if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated as user : " + user);
}
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
- };
- };
+ }
+ };
response = user.doAs(action);
- }else{
- if(LOG.isDebugEnabled()) {
+ } else {
+ if (LOG.isDebugEnabled()) {
LOG.debug("Checking Service policy if updated with old api call");
}
WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
-
- if(response != null && response.getStatus() == 200) {
+
+ if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
+ if (response == null) {
+ LOG.error("Error getting policies; Received NULL response!!. secureMode=" + isSecureMode + ", user=" + user + ", serviceName=" + serviceName);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No change in policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp.toString() + ", serviceName=" + serviceName);
+ }
+ }
+ ret = null;
+ } else if (response.getStatus() == HttpServletResponse.SC_OK) {
ret = response.getEntity(ServicePolicies.class);
- } else if(!(response != null && response.getStatus() == 304)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
- LOG.error("Error getting policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp.toString() + ", serviceName=" + serviceName);
+ } else if (response.getStatus() == HttpServletResponse.SC_NOT_FOUND) {
+ LOG.error("Error getting policies; service not found. secureMode=" + isSecureMode + ", user=" + user
+ + ", response=" + response.getStatus() + ", serviceName=" + serviceName
+ + ", " + "lastKnownVersion=" + lastKnownVersion
+ + ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
+ String exceptionMsg = response.hasEntity() ? response.getEntity(String.class) : null;
- throw new Exception(resp.getMessage());
+ RangerServiceNotFoundException.throwExceptionIfServiceNotFound(serviceName, exceptionMsg);
+
+ LOG.warn("Received 404 error code with body:[" + exceptionMsg + "], Ignoring");
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+ LOG.warn("Error getting policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp.toString() + ", serviceName=" + serviceName);
+ ret = null;
}
if(LOG.isDebugEnabled()) {
@@ -153,7 +174,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceName)
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
- };
+ }
};
if (LOG.isDebugEnabled()) {
LOG.debug("grantAccess as user " + user);
@@ -198,7 +219,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
WebResource secureWebResource = createWebResource(RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceName)
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, restClient.toJson(request));
- };
+ }
};
if (LOG.isDebugEnabled()) {
LOG.debug("revokeAccess as user " + user);
@@ -268,7 +289,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
.queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
.queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
return secureWebResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
- };
+ }
};
if (LOG.isDebugEnabled()) {
LOG.debug("getServiceTagsIfUpdated as user " + user);
@@ -282,15 +303,35 @@ public class RangerAdminRESTClient implements RangerAdminClient {
response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
}
- if(response != null && response.getStatus() == 200) {
+ if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
+ if (response == null) {
+ LOG.error("Error getting tags; Received NULL response!!. secureMode=" + isSecureMode + ", user=" + user + ", serviceName=" + serviceName);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No change in tags. secureMode=" + isSecureMode + ", user=" + user
+ + ", response=" + resp.toString() + ", serviceName=" + serviceName
+ + ", " + "lastKnownVersion=" + lastKnownVersion
+ + ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
+ }
+ }
+ ret = null;
+ } else if (response.getStatus() == HttpServletResponse.SC_OK) {
ret = response.getEntity(ServiceTags.class);
- } else if(!(response != null && response.getStatus() == 304)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
- LOG.error("Error getting taggedResources. secureMode=" + isSecureMode + ", user=" + user
- + ", response=" + resp.toString() + ", serviceName=" + serviceName
+ } else if (response.getStatus() == HttpServletResponse.SC_NOT_FOUND) {
+ LOG.error("Error getting tags; service not found. secureMode=" + isSecureMode + ", user=" + user
+ + ", response=" + response.getStatus() + ", serviceName=" + serviceName
+ ", " + "lastKnownVersion=" + lastKnownVersion
+ ", " + "lastActivationTimeInMillis=" + lastActivationTimeInMillis);
- throw new Exception(resp.getMessage());
+ String exceptionMsg = response.hasEntity() ? response.getEntity(String.class) : null;
+
+ RangerServiceNotFoundException.throwExceptionIfServiceNotFound(serviceName, exceptionMsg);
+
+ LOG.warn("Received 404 error code with body:[" + exceptionMsg + "], Ignoring");
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+ LOG.warn("Error getting tags. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp.toString() + ", serviceName=" + serviceName);
+ ret = null;
}
if(LOG.isDebugEnabled()) {
@@ -320,7 +361,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
public ClientResponse run() {
return webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class);
- };
+ }
};
if (LOG.isDebugEnabled()) {
LOG.debug("getTagTypes as user " + user);
@@ -334,7 +375,7 @@ public class RangerAdminRESTClient implements RangerAdminClient {
ret = response.getEntity(getGenericType(emptyString));
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
- LOG.error("Error getting taggedResources. request=" + webResource.toString()
+ LOG.error("Error getting tags. request=" + webResource.toString()
+ ", response=" + resp.toString() + ", serviceName=" + serviceName
+ ", " + "pattern=" + pattern);
throw new Exception(resp.getMessage());
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
index 9c336bf..4caed81 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
@@ -48,21 +48,16 @@ public class RangerAdminTagRetriever extends RangerTagRetriever {
}
@Override
- public ServiceTags retrieveTags(long lastKnownVersion, long lastActivationTimeInMillis) throws InterruptedException {
+ public ServiceTags retrieveTags(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
ServiceTags serviceTags = null;
if (adminClient != null) {
try {
serviceTags = adminClient.getServiceTagsIfUpdated(lastKnownVersion, lastActivationTimeInMillis);
- } catch (InterruptedException interruptedException) {
- LOG.error("Tag-retriever thread was interrupted");
- throw interruptedException;
} catch (ClosedByInterruptException closedByInterruptException) {
LOG.error("Tag-retriever thread was interrupted while blocked on I/O");
throw new InterruptedException();
- } catch (Exception exception) {
- LOG.error("RangerAdminTagRetriever.retrieveTags() - Error retrieving resources, exception=", exception);
}
}
return serviceTags;
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedTagRetriever.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedTagRetriever.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedTagRetriever.java
index 248aafa..031a59f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedTagRetriever.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedTagRetriever.java
@@ -124,7 +124,7 @@ public class RangerFileBasedTagRetriever extends RangerTagRetriever {
}
@Override
- public ServiceTags retrieveTags(long lastKnownVersion, long lastActivationTimeInMillis) throws InterruptedException {
+ public ServiceTags retrieveTags(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> retrieveTags(lastKnownVersion=" + lastKnownVersion + ", lastActivationTimeInMillis=" + lastActivationTimeInMillis + ", serviceTagsFilePath=" + serviceTagsFileName);
@@ -146,9 +146,11 @@ public class RangerFileBasedTagRetriever extends RangerTagRetriever {
}
} catch (IOException e) {
LOG.warn("Error processing input file: or no privilege for reading file " + serviceTagsFileName);
+ throw e;
}
} else {
LOG.error("Error reading file: " + serviceTagsFileName);
+ throw new Exception("serviceTagsFileURL is null!");
}
if (LOG.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index 43d501a..06ccfcc 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -37,6 +37,7 @@ import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatche
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerResourceTrie;
+import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.ServiceTags;
import java.io.File;
@@ -65,6 +66,7 @@ public class RangerTagEnricher extends RangerAbstractContextEnricher {
private RangerTagRetriever tagRetriever = null;
private boolean disableTrieLookupPrefilter = false;
private EnrichedServiceTags enrichedServiceTags;
+ private boolean disableCacheIfServiceNotFound = true;
@Override
public void init() {
@@ -100,6 +102,7 @@ public class RangerTagEnricher extends RangerAbstractContextEnricher {
if (tagRetriever != null) {
String propertyPrefix = "ranger.plugin." + serviceDef.getName();
+ disableCacheIfServiceNotFound = RangerConfiguration.getInstance().getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true);
String cacheDir = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.cache.dir");
String cacheFilename = String.format("%s_%s_tag.json", appId, serviceName);
cacheFilename = cacheFilename.replace(File.separatorChar, '_');
@@ -136,7 +139,7 @@ public class RangerTagEnricher extends RangerAbstractContextEnricher {
LOG.debug("==> RangerTagEnricher.enrich(" + request + ")");
}
- final Set<RangerTagForEval> matchedTags = findMatchingTags(request);
+ final Set<RangerTagForEval> matchedTags = enrichedServiceTags == null ? null : findMatchingTags(request);
RangerAccessRequestUtil.setRequestTagsInContext(request.getContext(), matchedTags);
@@ -147,47 +150,53 @@ public class RangerTagEnricher extends RangerAbstractContextEnricher {
public void setServiceTags(final ServiceTags serviceTags) {
- List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<RangerServiceResourceMatcher>();
+ if (serviceTags == null || CollectionUtils.isEmpty(serviceTags.getServiceResources())) {
+ LOG.info("ServiceTags is null or there are no tagged resources for service " + serviceName);
+ enrichedServiceTags = null;
+ } else {
- List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
+ List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<RangerServiceResourceMatcher>();
- if (CollectionUtils.isNotEmpty(serviceResources)) {
+ List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
- for (RangerServiceResource serviceResource : serviceResources) {
- RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
+ if (CollectionUtils.isNotEmpty(serviceResources)) {
- matcher.setServiceDef(this.serviceDef);
- matcher.setPolicyResources(serviceResource.getResourceElements());
+ for (RangerServiceResource serviceResource : serviceResources) {
+ RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
- if (LOG.isDebugEnabled()) {
- LOG.debug("RangerTagEnricher.setServiceTags() - Initializing matcher with (resource=" + serviceResource
- + ", serviceDef=" + this.serviceDef.getName() + ")");
+ matcher.setServiceDef(this.serviceDef);
+ matcher.setPolicyResources(serviceResource.getResourceElements());
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RangerTagEnricher.setServiceTags() - Initializing matcher with (resource=" + serviceResource
+ + ", serviceDef=" + this.serviceDef.getName() + ")");
+
+ }
+ matcher.init();
+ RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher);
+ resourceMatchers.add(serviceResourceMatcher);
}
- matcher.init();
- RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher);
- resourceMatchers.add(serviceResourceMatcher);
}
- }
+ Map<String, RangerResourceTrie<RangerServiceResourceMatcher>> serviceResourceTrie = null;
- Map<String, RangerResourceTrie<RangerServiceResourceMatcher>> serviceResourceTrie = null;
+ if (!disableTrieLookupPrefilter) {
+ serviceResourceTrie = new HashMap<String, RangerResourceTrie<RangerServiceResourceMatcher>>();
- if(!disableTrieLookupPrefilter) {
- serviceResourceTrie = new HashMap<String, RangerResourceTrie<RangerServiceResourceMatcher>>();
+ for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
+ serviceResourceTrie.put(resourceDef.getName(), new RangerResourceTrie<RangerServiceResourceMatcher>(resourceDef, resourceMatchers));
+ }
+ }
- for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
- serviceResourceTrie.put(resourceDef.getName(), new RangerResourceTrie<RangerServiceResourceMatcher>(resourceDef, resourceMatchers));
+ Set<RangerTagForEval> tagsForEmptyResourceAndAnyAccess = new HashSet<RangerTagForEval>();
+ for (Map.Entry<Long, RangerTag> entry : serviceTags.getTags().entrySet()) {
+ tagsForEmptyResourceAndAnyAccess.add(new RangerTagForEval(entry.getValue(), RangerPolicyResourceMatcher.MatchType.ANCESTOR));
}
- }
- Set<RangerTagForEval> tagsForEmptyResourceAndAnyAccess = new HashSet<RangerTagForEval>();
- for (Map.Entry<Long, RangerTag> entry : serviceTags.getTags().entrySet()) {
- tagsForEmptyResourceAndAnyAccess.add(new RangerTagForEval(entry.getValue(), RangerPolicyResourceMatcher.MatchType.ANCESTOR));
+ enrichedServiceTags = new EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie, tagsForEmptyResourceAndAnyAccess);
}
-
- enrichedServiceTags = new EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie, tagsForEmptyResourceAndAnyAccess);
}
@Override
@@ -468,27 +477,43 @@ public class RangerTagEnricher extends RangerAbstractContextEnricher {
if (tagEnricher != null) {
ServiceTags serviceTags = null;
- serviceTags = tagRetriever.retrieveTags(lastKnownVersion, lastActivationTimeInMillis);
+ try {
+ serviceTags = tagRetriever.retrieveTags(lastKnownVersion, lastActivationTimeInMillis);
- if (serviceTags == null) {
- if (!hasProvidedTagsToReceiver) {
- serviceTags = loadFromCache();
+ if (serviceTags == null) {
+ if (!hasProvidedTagsToReceiver) {
+ serviceTags = loadFromCache();
+ }
+ } else {
+ saveToCache(serviceTags);
}
- } else {
- saveToCache(serviceTags);
- }
- if (serviceTags != null) {
- tagEnricher.setServiceTags(serviceTags);
- LOG.info("RangerTagRefresher.populateTags() - Updated tags-cache to new version of tags, lastKnownVersion=" + lastKnownVersion + "; newVersion="
- + (serviceTags.getTagVersion() == null ? -1L : serviceTags.getTagVersion()));
- hasProvidedTagsToReceiver = true;
- lastKnownVersion = serviceTags.getTagVersion() == null ? -1L : serviceTags.getTagVersion();
- setLastActivationTimeInMillis(System.currentTimeMillis());
- } else {
- if (LOG.isDebugEnabled()) {
- LOG.debug("RangerTagRefresher.populateTags() - No need to update tags-cache. lastKnownVersion=" + lastKnownVersion);
+ if (serviceTags != null) {
+ tagEnricher.setServiceTags(serviceTags);
+ LOG.info("RangerTagRefresher.populateTags() - Updated tags-cache to new version of tags, lastKnownVersion=" + lastKnownVersion + "; newVersion="
+ + (serviceTags.getTagVersion() == null ? -1L : serviceTags.getTagVersion()));
+ hasProvidedTagsToReceiver = true;
+ lastKnownVersion = serviceTags.getTagVersion() == null ? -1L : serviceTags.getTagVersion();
+ setLastActivationTimeInMillis(System.currentTimeMillis());
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RangerTagRefresher.populateTags() - No need to update tags-cache. lastKnownVersion=" + lastKnownVersion);
+ }
+ }
+ } catch (RangerServiceNotFoundException snfe) {
+ LOG.error("Caught ServiceNotFound exception :", snfe);
+
+ // Need to clean up local tag cache
+ if (tagEnricher.disableCacheIfServiceNotFound) {
+ disableCache();
+ tagEnricher.setServiceTags(null);
+ setLastActivationTimeInMillis(System.currentTimeMillis());
+ lastKnownVersion = -1L;
}
+ } catch (InterruptedException interruptedException) {
+ throw interruptedException;
+ } catch (Exception e) {
+ LOG.error("Encountered unexpected exception. Ignoring", e);
}
} else {
@@ -611,5 +636,30 @@ public class RangerTagEnricher extends RangerAbstractContextEnricher {
LOG.debug("<== RangerTagRetriever(serviceName=" + tagEnricher.getServiceName() + ").saveToCache()");
}
}
+
+ final void disableCache() {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerTagRetriever.disableCache(serviceName=" + tagEnricher.getServiceName() + ")");
+ }
+
+ File cacheFile = StringUtils.isEmpty(this.cacheFile) ? null : new File(this.cacheFile);
+ if (cacheFile != null && cacheFile.isFile() && cacheFile.canRead()) {
+ LOG.warn("Cleaning up local tags cache");
+ String renamedCacheFile = cacheFile.getAbsolutePath() + "_" + System.currentTimeMillis();
+ if (!cacheFile.renameTo(new File(renamedCacheFile))) {
+ LOG.error("Failed to move " + cacheFile.getAbsolutePath() + " to " + renamedCacheFile);
+ } else {
+ LOG.warn("moved " + cacheFile.getAbsolutePath() + " to " + renamedCacheFile);
+ }
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No local TAGS cache found. No need to disable it!");
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerTagRetriever.disableCache(serviceName=" + tagEnricher.getServiceName() + ")");
+ }
+ }
}
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java
index a5eeeaa..91fdcc3 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java
@@ -32,7 +32,7 @@ public abstract class RangerTagRetriever {
public abstract void init(Map<String, String> options);
- public abstract ServiceTags retrieveTags(long lastKnownVersion, long lastActivationTimeInMillis) throws InterruptedException;
+ public abstract ServiceTags retrieveTags(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception;
public String getServiceName() {
return serviceName;
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index c34aa19..eda0014 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -174,11 +174,15 @@ public class RangerBasePlugin {
try {
RangerPolicyEngine oldPolicyEngine = this.policyEngine;
- RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(appId, policies, policyEngineOptions);
- policyEngine.setUseForwardedIPAddress(useForwardedIPAddress);
- policyEngine.setTrustedProxyAddresses(trustedProxyAddresses);
-
- this.policyEngine = policyEngine;
+ if (policies == null) {
+ this.policyEngine = null;
+ } else {
+ RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(appId, policies, policyEngineOptions);
+ policyEngine.setUseForwardedIPAddress(useForwardedIPAddress);
+ policyEngine.setTrustedProxyAddresses(trustedProxyAddresses);
+
+ this.policyEngine = policyEngine;
+ }
if (oldPolicyEngine != null && !oldPolicyEngine.preCleanup()) {
LOG.error("preCleanup() failed on the previous policy engine instance !!");
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
index 91c24c6..02dd680 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
@@ -29,6 +29,7 @@ import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.admin.client.RangerAdminClient;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import com.google.gson.Gson;
@@ -47,6 +48,7 @@ public class PolicyRefresher extends Thread {
private final String cacheFileName;
private final String cacheDir;
private final Gson gson;
+ private final boolean disableCacheIfServiceNotFound;
private long pollingIntervalMs = 30 * 1000;
private long lastKnownVersion = -1L;
@@ -84,6 +86,9 @@ public class PolicyRefresher extends Thread {
}
this.gson = gson;
+ String propertyPrefix = "ranger.plugin." + serviceType;
+ disableCacheIfServiceNotFound = RangerConfiguration.getInstance().getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true);
+
if(LOG.isDebugEnabled()) {
LOG.debug("<== PolicyRefresher(serviceName=" + serviceName + ").PolicyRefresher()");
}
@@ -192,31 +197,42 @@ public class PolicyRefresher extends Thread {
PERF_POLICYENGINE_INIT_LOG.debug("In-Use memory: " + (totalMemory-freeMemory) + ", Free memory:" + freeMemory);
}
- //load policy from PolicyAdmin
- ServicePolicies svcPolicies = loadPolicyfromPolicyAdmin();
+ try {
+ //load policy from PolicyAdmin
+ ServicePolicies svcPolicies = loadPolicyfromPolicyAdmin();
- if ( svcPolicies == null) {
- //if Policy fetch from Policy Admin Fails, load from cache
- if (!policiesSetInPlugin) {
- svcPolicies = loadFromCache();
+ if (svcPolicies == null) {
+ //if Policy fetch from Policy Admin Fails, load from cache
+ if (!policiesSetInPlugin) {
+ svcPolicies = loadFromCache();
+ }
+ } else {
+ saveToCache(svcPolicies);
}
- } else {
- saveToCache(svcPolicies);
- }
- RangerPerfTracer.log(perf);
+ RangerPerfTracer.log(perf);
- if (PERF_POLICYENGINE_INIT_LOG.isDebugEnabled()) {
- long freeMemory = Runtime.getRuntime().freeMemory();
- long totalMemory = Runtime.getRuntime().totalMemory();
- PERF_POLICYENGINE_INIT_LOG.debug("In-Use memory: " + (totalMemory-freeMemory) + ", Free memory:" + freeMemory);
- }
+ if (PERF_POLICYENGINE_INIT_LOG.isDebugEnabled()) {
+ long freeMemory = Runtime.getRuntime().freeMemory();
+ long totalMemory = Runtime.getRuntime().totalMemory();
+ PERF_POLICYENGINE_INIT_LOG.debug("In-Use memory: " + (totalMemory - freeMemory) + ", Free memory:" + freeMemory);
+ }
- if (svcPolicies != null) {
- plugIn.setPolicies(svcPolicies);
- policiesSetInPlugin = true;
- setLastActivationTimeInMillis(System.currentTimeMillis());
- lastKnownVersion = svcPolicies.getPolicyVersion();
+ if (svcPolicies != null) {
+ plugIn.setPolicies(svcPolicies);
+ policiesSetInPlugin = true;
+ setLastActivationTimeInMillis(System.currentTimeMillis());
+ lastKnownVersion = svcPolicies.getPolicyVersion();
+ }
+ } catch (RangerServiceNotFoundException snfe) {
+ if (disableCacheIfServiceNotFound) {
+ disableCache();
+ plugIn.setPolicies(null);
+ setLastActivationTimeInMillis(System.currentTimeMillis());
+ lastKnownVersion = -1;
+ }
+ } catch (Exception excp) {
+ LOG.error("Encountered unexpected exception, ignoring..", excp);
}
if(LOG.isDebugEnabled()) {
@@ -224,7 +240,7 @@ public class PolicyRefresher extends Thread {
}
}
- private ServicePolicies loadPolicyfromPolicyAdmin() {
+ private ServicePolicies loadPolicyfromPolicyAdmin() throws RangerServiceNotFoundException {
if(LOG.isDebugEnabled()) {
LOG.debug("==> PolicyRefresher(serviceName=" + serviceName + ").loadPolicyfromPolicyAdmin()");
@@ -259,9 +275,13 @@ public class PolicyRefresher extends Thread {
LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): no update found. lastKnownVersion=" + lastKnownVersion);
}
}
- } catch(Exception excp) {
- LOG.error("PolicyRefresher(serviceName=" + serviceName + "): failed to refresh policies. Will continue to use last known version of policies (" + lastKnownVersion + ")", excp);
- }
+ } catch (RangerServiceNotFoundException snfe) {
+ LOG.error("PolicyRefresher(serviceName=" + serviceName + "): failed to find service. Will clean up local cache of policis (" + lastKnownVersion + ")", snfe);
+ throw snfe;
+ } catch (Exception excp) {
+ LOG.error("PolicyRefresher(serviceName=" + serviceName + "): failed to refresh policies. Will continue to use last known version of policies (" + lastKnownVersion + ")", excp);
+ svcPolicies = null;
+ }
RangerPerfTracer.log(perf);
@@ -389,4 +409,30 @@ public class PolicyRefresher extends Thread {
LOG.debug("<== PolicyRefresher(serviceName=" + serviceName + ").saveToCache()");
}
}
+
+ private void disableCache() {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> PolicyRefresher.disableCache(serviceName=" + serviceName + ")");
+ }
+
+ File cacheFile = cacheDir == null ? null : new File(cacheDir + File.separator + cacheFileName);
+
+ if(cacheFile != null && cacheFile.isFile() && cacheFile.canRead()) {
+ LOG.warn("Cleaning up local cache");
+ String renamedCacheFile = cacheFile.getAbsolutePath() + "_" + System.currentTimeMillis();
+ if (!cacheFile.renameTo(new File(renamedCacheFile))) {
+ LOG.error("Failed to move " + cacheFile.getAbsolutePath() + " to " + renamedCacheFile);
+ } else {
+ LOG.warn("Moved " + cacheFile.getAbsolutePath() + " to " + renamedCacheFile);
+ }
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No local policy cache found. No need to disable it!");
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== PolicyRefresher.disableCache(serviceName=" + serviceName + ")");
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceNotFoundException.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceNotFoundException.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceNotFoundException.java
new file mode 100644
index 0000000..a8dafff
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceNotFoundException.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import org.apache.commons.lang.StringUtils;
+
+public class RangerServiceNotFoundException extends Exception {
+ static private final String formatString = "\"RANGER_ERROR_SERVICE_NOT_FOUND: ServiceName=%s\"";
+ public RangerServiceNotFoundException(String serviceName) {
+ super(serviceName);
+ }
+ public static final String buildExceptionMsg(String serviceName) {
+ return String.format(formatString, serviceName);
+ }
+ public static final void throwExceptionIfServiceNotFound(String serviceName, String exceptionMsg) throws RangerServiceNotFoundException {
+ String expectedExceptionMsg = buildExceptionMsg(serviceName);
+ if (StringUtils.startsWith(exceptionMsg, expectedExceptionMsg)) {
+ throw new RangerServiceNotFoundException(serviceName);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index 1c649de..fb92616 100644
--- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -32,6 +32,7 @@ import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.AccessControlException;
@@ -78,7 +79,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
_isSSL = _utils.isSsl(_baseUrl);
_restClientConnTimeOutMs = RangerConfiguration.getInstance().getInt(configPropertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000);
_restClientReadTimeOutMs = RangerConfiguration.getInstance().getInt(configPropertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000);
-
+
LOG.info("Init params: " + String.format("Base URL[%s], SSL Congig filename[%s], ServiceName=[%s]", _baseUrl, _sslConfigFileName, _serviceName));
_client = getClient();
@@ -100,53 +101,53 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
String url = null;
- try {
- ServicePolicies servicePolicies = null;
- Response response = null;
- if(isSecureMode){
- if(LOG.isDebugEnabled()) {
- LOG.debug("Checking Service policy if updated as user : " + user);
- }
- url = _utils.getSecureUrlForPolicyUpdate(_baseUrl, _serviceName);
- final String secureUrl = url;
- PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
- public Response run() {
- return _client.target(secureUrl)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
- };
- };
- response = user.doAs(action);
- }else{
- if(LOG.isDebugEnabled()) {
- LOG.debug("Checking Service policy if updated with old api call");
+ ServicePolicies servicePolicies = null;
+ Response response = null;
+
+ if (isSecureMode) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Checking Service policy if updated as user : " + user);
+ }
+ url = _utils.getSecureUrlForPolicyUpdate(_baseUrl, _serviceName);
+ final String secureUrl = url;
+ PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
+ public Response run() {
+ return _client.target(secureUrl)
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
+ .request(MediaType.APPLICATION_JSON_TYPE)
+ .get();
}
- url = _utils.getUrlForPolicyUpdate(_baseUrl, _serviceName);
- response = _client.target(url)
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ };
+ response = user.doAs(action);
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Checking Service policy if updated with old api call");
}
+ url = _utils.getUrlForPolicyUpdate(_baseUrl, _serviceName);
+ response = _client.target(url)
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
+ .request(MediaType.APPLICATION_JSON_TYPE)
+ .get();
+ }
- int httpResponseCode = response == null ? -1 : response.getStatus();
- String body = null;
+ int httpResponseCode = response == null ? -1 : response.getStatus();
+ String body = null;
- switch (httpResponseCode) {
+ switch (httpResponseCode) {
case 200:
body = response.readEntity(String.class);
-
+
if (LOG.isDebugEnabled()) {
LOG.debug("Response from 200 server: " + body);
}
-
+
Gson gson = getGson();
servicePolicies = gson.fromJson(body, ServicePolicies.class);
-
+
if (LOG.isDebugEnabled()) {
LOG.debug("Deserialized response to: " + servicePolicies);
}
@@ -157,20 +158,26 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
case -1:
LOG.warn("Unexpected: Null response from policy server while trying to get policies! Returning null!");
break;
+ case 404: {
+ if (response.hasEntity()) {
+ body = response.readEntity(String.class);
+ if (StringUtils.isNotBlank(body)) {
+ RangerServiceNotFoundException.throwExceptionIfServiceNotFound(_serviceName, body);
+ }
+ }
+ LOG.warn("Received 404 error code with body:[" + body + "], Ignoring");
+ break;
+ }
default:
body = response.readEntity(String.class);
LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url));
break;
- }
+ }
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + servicePolicies);
- }
- return servicePolicies;
- } catch (Exception ex) {
- LOG.error("Failed getting policies from server. url=" + url + ", pluginId=" + _pluginId + ", lastKnownVersion=" + lastKnownVersion + ", " + lastActivationTimeInMillis);
- throw ex;
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAdminJersey2RESTClient.getServicePoliciesIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + servicePolicies);
}
+ return servicePolicies;
}
@Override
@@ -245,7 +252,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
@Override
public ServiceTags getServiceTagsIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception {
- if(LOG.isDebugEnabled()) {
+ if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + ")");
}
@@ -253,77 +260,81 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient {
boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
String url = null;
- try {
- ServiceTags serviceTags = null;
- Response response = null;
- if(isSecureMode){
- if(LOG.isDebugEnabled()) {
- LOG.debug("Checking Service tags if updated as user : " + user);
- }
- url = _utils.getSecureUrlForTagUpdate(_baseUrl, _serviceName);
- final String secureUrl = url;
- PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
- public Response run() {
- return _client.target(secureUrl)
- .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
- };
- };
- response = user.doAs(action);
- }else{
- if(LOG.isDebugEnabled()) {
- LOG.debug("Checking Service tags if updated with old api call");
+ ServiceTags serviceTags = null;
+ Response response = null;
+ if (isSecureMode) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Checking Service tags if updated as user : " + user);
+ }
+ url = _utils.getSecureUrlForTagUpdate(_baseUrl, _serviceName);
+ final String secureUrl = url;
+ PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
+ public Response run() {
+ return _client.target(secureUrl)
+ .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
+ .request(MediaType.APPLICATION_JSON_TYPE)
+ .get();
}
- url = _utils.getUrlForTagUpdate(_baseUrl, _serviceName);
- response = _client.target(url)
- .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
- .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
- .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
- .request(MediaType.APPLICATION_JSON_TYPE)
- .get();
+ };
+ response = user.doAs(action);
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Checking Service tags if updated with old api call");
}
+ url = _utils.getUrlForTagUpdate(_baseUrl, _serviceName);
+ response = _client.target(url)
+ .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion))
+ .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis))
+ .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
+ .request(MediaType.APPLICATION_JSON_TYPE)
+ .get();
+ }
- int httpResponseCode = response == null ? -1 : response.getStatus();
- String body = null;
+ int httpResponseCode = response == null ? -1 : response.getStatus();
+ String body = null;
- switch (httpResponseCode) {
- case 200:
- body = response.readEntity(String.class);
+ switch (httpResponseCode) {
+ case 200:
+ body = response.readEntity(String.class);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Response from 200 server: " + body);
- }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Response from 200 server: " + body);
+ }
- Gson gson = getGson();
- serviceTags = gson.fromJson(body, ServiceTags.class);
+ Gson gson = getGson();
+ serviceTags = gson.fromJson(body, ServiceTags.class);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Deserialized response to: " + serviceTags);
- }
- break;
- case 304:
- LOG.debug("Got response: 304. Ok. Returning null");
- break;
- case -1:
- LOG.warn("Unexpected: Null response from tag server while trying to get tags! Returning null!");
- break;
- default:
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Deserialized response to: " + serviceTags);
+ }
+ break;
+ case 304:
+ LOG.debug("Got response: 304. Ok. Returning null");
+ break;
+ case -1:
+ LOG.warn("Unexpected: Null response from tag server while trying to get tags! Returning null!");
+ break;
+ case 404:
+ if (response.hasEntity()) {
body = response.readEntity(String.class);
- LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url));
- break;
- }
+ if (StringUtils.isNotBlank(body)) {
+ RangerServiceNotFoundException.throwExceptionIfServiceNotFound(_serviceName, body);
+ }
+ }
+ LOG.warn("Received 404 error code with body:[" + body + "], Ignoring");
+ break;
+ default:
+ body = response.readEntity(String.class);
+ LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url));
+ break;
+ }
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + serviceTags);
- }
- return serviceTags;
- } catch (Exception ex) {
- LOG.error("Failed getting tags from server. url=" + url + ", pluginId=" + _pluginId + ", lastKnownVersion=" + lastKnownVersion + ", " + lastActivationTimeInMillis);
- throw ex;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + serviceTags);
}
+ return serviceTags;
}
@Override
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java
----------------------------------------------------------------------
diff --git a/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java
index 156fec9..a6e57b6 100644
--- a/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java
+++ b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java
@@ -105,6 +105,10 @@ public class RangerPluginClassLoaderUtil {
if(dirFiles != null) {
for(File dirFile : dirFiles) {
try {
+ if (!dirFile.canRead()) {
+ LOG.error("getFilesInDirectory('" + dirPath + "'): " + dirFile.getAbsolutePath() + " is not readable!");
+ }
+
URL jarPath = dirFile.toURI().toURL();
LOG.info("getFilesInDirectory('" + dirPath + "'): adding " + dirFile.getAbsolutePath());
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 7e50fd5..8f4619e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -669,7 +669,7 @@ public class AssetMgr extends AssetMgrBase {
return ret;
}
- public void createPluginInfo(String serviceName, String pluginId, HttpServletRequest request, int entityType, long downloadedVersion, long lastKnownVersion, long lastActivationTime, int httpCode) {
+ public void createPluginInfo(String serviceName, String pluginId, HttpServletRequest request, int entityType, Long downloadedVersion, long lastKnownVersion, long lastActivationTime, int httpCode) {
RangerRESTUtils restUtils = new RangerRESTUtils();
final String ipAddress = getRemoteAddress(request);
@@ -704,12 +704,12 @@ public class AssetMgr extends AssetMgrBase {
pluginSvcVersionInfo.setTagDownloadTime(new Date().getTime());
}
- createOrUpdatePluginInfo(pluginSvcVersionInfo, httpCode);
+ createOrUpdatePluginInfo(pluginSvcVersionInfo, entityType == RangerPluginInfo.ENTITY_TYPE_POLICIES, httpCode);
}
- private void createOrUpdatePluginInfo(final RangerPluginInfo pluginInfo, final int httpCode) {
+ private void createOrUpdatePluginInfo(final RangerPluginInfo pluginInfo, final boolean isPolicyDownloadRequest, final int httpCode) {
if (logger.isDebugEnabled()) {
- logger.debug("==> createOrUpdatePluginInfo(pluginInfo=" + pluginInfo + ", httpCode=" + httpCode + ")");
+ logger.debug("==> createOrUpdatePluginInfo(pluginInfo=" + pluginInfo + ", isPolicyDownloadRequest=" + isPolicyDownloadRequest + ", httpCode=" + httpCode + ")");
}
final boolean isTagVersionResetNeeded;
@@ -719,8 +719,7 @@ public class AssetMgr extends AssetMgrBase {
// then the TransactionManager will roll-back the changes because the HTTP return code is
// HttpServletResponse.SC_NOT_MODIFIED
- boolean isPolicyInfo = pluginInfo.getPolicyDownloadedVersion() != null;
- if (isPolicyInfo) {
+ if (isPolicyDownloadRequest) {
isTagVersionResetNeeded = rangerDaoManager.getXXService().findAssociatedTagService(pluginInfo.getServiceName()) == null;
} else {
isTagVersionResetNeeded = false;
@@ -729,42 +728,58 @@ public class AssetMgr extends AssetMgrBase {
Runnable commitWork = new Runnable() {
@Override
public void run() {
- doCreateOrUpdateXXPluginInfo(pluginInfo, isTagVersionResetNeeded);
+ doCreateOrUpdateXXPluginInfo(pluginInfo, isPolicyDownloadRequest, isTagVersionResetNeeded);
}
};
activityLogger.commitAfterTransactionComplete(commitWork);
+ } else if (httpCode == HttpServletResponse.SC_NOT_FOUND) {
+ Runnable commitWork;
+ if ((isPolicyDownloadRequest && (pluginInfo.getPolicyActiveVersion() == null || pluginInfo.getPolicyActiveVersion() == -1))
+ || (!isPolicyDownloadRequest && (pluginInfo.getTagActiveVersion() == null || pluginInfo.getTagActiveVersion() == -1))) {
+ commitWork = new Runnable() {
+ @Override
+ public void run() {
+ doDeleteXXPluginInfo(pluginInfo);
+ }
+ };
+ } else {
+ commitWork = new Runnable() {
+ @Override
+ public void run() {
+ doCreateOrUpdateXXPluginInfo(pluginInfo, isPolicyDownloadRequest, false);
+ }
+ };
+ }
+ activityLogger.commitAfterTransactionComplete(commitWork);
+
} else {
isTagVersionResetNeeded = false;
- doCreateOrUpdateXXPluginInfo(pluginInfo, isTagVersionResetNeeded);
+ doCreateOrUpdateXXPluginInfo(pluginInfo, isPolicyDownloadRequest, isTagVersionResetNeeded);
}
if (logger.isDebugEnabled()) {
- logger.debug("<== createOrUpdatePluginInfo(pluginInfo=" + pluginInfo + ", httpCode=" + httpCode + ")");
+ logger.debug("<== createOrUpdatePluginInfo(pluginInfo=" + pluginInfo + ", isPolicyDownloadRequest=" + isPolicyDownloadRequest + ", httpCode=" + httpCode + ")");
}
}
- private XXPluginInfo doCreateOrUpdateXXPluginInfo(RangerPluginInfo pluginInfo, final boolean isTagVersionResetNeeded) {
+ private XXPluginInfo doCreateOrUpdateXXPluginInfo(RangerPluginInfo pluginInfo, final boolean isPolicyDownloadRequest, final boolean isTagVersionResetNeeded) {
XXPluginInfo ret = null;
if (StringUtils.isNotBlank(pluginInfo.getServiceName())) {
- boolean isPolicyInfo = pluginInfo.getPolicyDownloadedVersion() != null;
-
XXPluginInfo xObj = rangerDaoManager.getXXPluginInfo().find(pluginInfo.getServiceName(),
pluginInfo.getHostName(), pluginInfo.getAppType());
if (xObj == null) {
// ranger-admin is restarted, plugin contains latest versions and no earlier record for this plug-in client
- if (isPolicyInfo) {
- if (pluginInfo.getPolicyDownloadedVersion().equals(pluginInfo.getPolicyActiveVersion())) {
+ if (isPolicyDownloadRequest) {
+ if (pluginInfo.getPolicyDownloadedVersion() != null && pluginInfo.getPolicyDownloadedVersion().equals(pluginInfo.getPolicyActiveVersion())) {
// This is our best guess of when policies may have been downloaded
pluginInfo.setPolicyDownloadTime(pluginInfo.getPolicyActivationTime());
}
- } else if (pluginInfo.getTagDownloadedVersion() != null) {
- if (pluginInfo.getTagDownloadedVersion().equals(pluginInfo.getTagActiveVersion())) {
- // This is our best guess of when tags may have been downloaded
- pluginInfo.setTagDownloadTime(pluginInfo.getTagActivationTime());
- }
+ } else if (pluginInfo.getTagDownloadedVersion() != null && pluginInfo.getTagDownloadedVersion().equals(pluginInfo.getTagActiveVersion())) {
+ // This is our best guess of when tags may have been downloaded
+ pluginInfo.setTagDownloadTime(pluginInfo.getTagActivationTime());
}
xObj = pluginInfoService.populateDBObject(pluginInfo);
@@ -781,7 +796,7 @@ public class AssetMgr extends AssetMgrBase {
dbObj.setIpAddress(pluginInfo.getIpAddress());
needsUpdating = true;
}
- if (isPolicyInfo) {
+ if (isPolicyDownloadRequest) {
if (dbObj.getPolicyDownloadedVersion() == null || !dbObj.getPolicyDownloadedVersion().equals(pluginInfo.getPolicyDownloadedVersion())) {
dbObj.setPolicyDownloadedVersion(pluginInfo.getPolicyDownloadedVersion());
dbObj.setPolicyDownloadTime(pluginInfo.getPolicyDownloadTime());
@@ -854,6 +869,14 @@ public class AssetMgr extends AssetMgrBase {
return ret;
}
+ private void doDeleteXXPluginInfo(RangerPluginInfo pluginInfo) {
+ XXPluginInfo xObj = rangerDaoManager.getXXPluginInfo().find(pluginInfo.getServiceName(),
+ pluginInfo.getHostName(), pluginInfo.getAppType());
+ if (xObj != null) {
+ rangerDaoManager.getXXPluginInfo().remove(xObj.getId());
+ }
+ }
+
private String getRemoteAddress(final HttpServletRequest request) {
String ret = null;
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
index 5fbc259..fa97bc9 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
@@ -52,6 +52,7 @@ import org.apache.ranger.plugin.model.RangerTagDef.RangerTagAttributeDef;
import org.apache.ranger.plugin.store.AbstractTagStore;
import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.store.RangerServiceResourceSignature;
+import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServiceTags;
import org.apache.ranger.service.RangerAuditFields;
@@ -62,6 +63,8 @@ import org.apache.ranger.service.RangerServiceResourceService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import javax.servlet.http.HttpServletResponse;
+
@Component
public class TagDBStore extends AbstractTagStore {
private static final Log LOG = LogFactory.getLog(TagDBStore.class);
@@ -90,6 +93,8 @@ public class TagDBStore extends AbstractTagStore {
@Autowired
GUIDUtil guidUtil;
+ @Autowired
+ RESTErrorUtil restErrorUtil;
@Override
public RangerTagDef createTagDef(RangerTagDef tagDef) throws Exception {
@@ -907,7 +912,9 @@ public class TagDBStore extends AbstractTagStore {
XXService xxService = daoManager.getXXService().findByName(serviceName);
if (xxService == null) {
- throw new Exception("service does not exist. name=" + serviceName);
+ LOG.error("Requested Service not found. serviceName=" + serviceName);
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(serviceName),
+ false);
}
XXServiceVersionInfo serviceVersionInfoDbObj = daoManager.getXXServiceVersionInfo().findByServiceName(serviceName);
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
index c98487f..2a8560d 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
@@ -330,7 +330,7 @@ public class RESTErrorUtil {
public WebApplicationException createRESTException(int responseCode,
String logMessage, boolean logError) {
Response errorResponse = Response
- .status(responseCode).build();
+ .status(responseCode).entity(logMessage).build();
WebApplicationException restException = new WebApplicationException(
errorResponse);
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 84675fc..6864c5a 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -50,6 +50,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
+import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.view.VXAsset;
import org.apache.ranger.view.VXAuditMap;
@@ -147,7 +148,7 @@ public class ServiceUtil {
}
if(ret == null) {
- throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(name), true);
}
if(LOG.isDebugEnabled()) {
@@ -1175,7 +1176,7 @@ public class ServiceUtil {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(service == null) {
- throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(policy.getService()), true);
}
VXPolicy vXPolicy = toVXPolicy(policy,service);
if(vXPolicy != null) {
@@ -1345,8 +1346,8 @@ public class ServiceUtil {
}
if(service==null){
LOG.error("Requested Service not found. serviceName=" + serviceName);
- throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
- MessageEnums.DATA_NOT_FOUND);
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(serviceName),
+ false);
}
if(!service.getIsEnabled()){
LOG.error("Requested Service is disabled. serviceName=" + serviceName);
@@ -1479,8 +1480,8 @@ public class ServiceUtil {
if(service==null){
isValid = false;
LOG.error("Requested Service not found. serviceName=" + serviceName);
- throw restErrorUtil.createRESTException("Service:" + serviceName + " not found",
- MessageEnums.DATA_NOT_FOUND);
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(serviceName),
+ false);
}
if(!service.getIsEnabled()){
isValid = false;
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 81c10e8..2fc3b21 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -2289,45 +2289,55 @@ public class ServiceREST {
int httpCode = HttpServletResponse.SC_OK;
String logMsg = null;
RangerPerfTracer perf = null;
+ Long downloadedVersion = null;
+ boolean isValid = false;
- if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
- if(lastKnownVersion == null) {
+ try {
+ isValid = serviceUtil.isValidateHttpsAuthentication(serviceName, request);
+ } catch (WebApplicationException webException) {
+ httpCode = webException.getResponse().getStatus();
+ logMsg = webException.getResponse().getEntity().toString();
+ } catch (Exception e) {
+ httpCode = HttpServletResponse.SC_BAD_REQUEST;
+ logMsg = e.getMessage();
+ }
+ if (isValid) {
+ if (lastKnownVersion == null) {
lastKnownVersion = Long.valueOf(-1);
}
-
+
try {
if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
- perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
}
ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
- Long downloadedVersion;
- if(servicePolicies == null) {
- downloadedVersion = lastKnownVersion;
+ if (servicePolicies == null) {
+ downloadedVersion = lastKnownVersion;
httpCode = HttpServletResponse.SC_NOT_MODIFIED;
- logMsg = "No change since last update";
+ logMsg = "No change since last update";
} else {
- downloadedVersion = servicePolicies.getPolicyVersion();
+ downloadedVersion = servicePolicies.getPolicyVersion();
ret = filterServicePolicies(servicePolicies);
httpCode = HttpServletResponse.SC_OK;
- logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
+ logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
}
- assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
- } catch(Throwable excp) {
- LOG.error("getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed", excp);
-
+ } catch (Throwable excp) {
+ LOG.error("getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed");
+
httpCode = HttpServletResponse.SC_BAD_REQUEST;
- logMsg = excp.getMessage();
+ logMsg = excp.getMessage();
} finally {
createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, httpCode, request);
RangerPerfTracer.log(perf);
}
-
- if(httpCode != HttpServletResponse.SC_OK) {
- boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
- throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
- }
- }
+ }
+ assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
+
+ if(httpCode != HttpServletResponse.SC_OK) {
+ boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
+ throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
+ }
if(LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
@@ -2351,76 +2361,86 @@ public class ServiceREST {
boolean isAdmin = bizUtil.isAdmin();
boolean isKeyAdmin = bizUtil.isKeyAdmin();
request.setAttribute("downloadPolicy", "secure");
- if (serviceUtil.isValidService(serviceName, request)) {
+ Long downloadedVersion = null;
+ boolean isValid = false;
+ try {
+ isValid = serviceUtil.isValidService(serviceName, request);
+ } catch (WebApplicationException webException) {
+ httpCode = webException.getResponse().getStatus();
+ logMsg = webException.getResponse().getEntity().toString();
+ } catch (Exception e) {
+ httpCode = HttpServletResponse.SC_BAD_REQUEST;
+ logMsg = e.getMessage();
+ }
+ if (isValid) {
if (lastKnownVersion == null) {
lastKnownVersion = Long.valueOf(-1);
}
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
- perf = RangerPerfTracer.getPerfTracer(PERF_LOG,"ServiceREST.getSecureServicePoliciesIfUpdated(serviceName="+ serviceName + ",lastKnownVersion="+ lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getSecureServicePoliciesIfUpdated(serviceName=" + serviceName + ",lastKnownVersion=" + lastKnownVersion + ",lastActivationTime=" + lastActivationTime + ")");
}
XXService xService = daoManager.getXXService().findByName(serviceName);
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
RangerService rangerService = null;
-
+
if (StringUtils.equals(xServiceDef.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
rangerService = svcStore.getServiceByNameForDP(serviceName);
if (isKeyAdmin) {
isAllowed = true;
- }else {
- if(rangerService!=null){
+ } else {
+ if (rangerService != null) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
- if(!isAllowed){
+ if (!isAllowed) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
}
}
}
- }else{
+ } else {
rangerService = svcStore.getServiceByName(serviceName);
if (isAdmin) {
isAllowed = true;
- }
- else{
- if(rangerService!=null){
+ } else {
+ if (rangerService != null) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Download);
- if(!isAllowed){
+ if (!isAllowed) {
isAllowed = bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Grant_Revoke);
}
}
}
}
if (isAllowed) {
- ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName,lastKnownVersion);
- Long downloadedVersion;
+ ServicePolicies servicePolicies = svcStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
if (servicePolicies == null) {
- downloadedVersion = lastKnownVersion;
+ downloadedVersion = lastKnownVersion;
httpCode = HttpServletResponse.SC_NOT_MODIFIED;
logMsg = "No change since last update";
} else {
- downloadedVersion = servicePolicies.getPolicyVersion();
+ downloadedVersion = servicePolicies.getPolicyVersion();
ret = filterServicePolicies(servicePolicies);
httpCode = HttpServletResponse.SC_OK;
logMsg = "Returning " + (ret.getPolicies() != null ? ret.getPolicies().size() : 0) + " policies. Policy version=" + ret.getPolicyVersion();
}
- assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
- } else {
+ } else {
LOG.error("getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ") failed as User doesn't have permission to download Policy");
httpCode = HttpServletResponse.SC_UNAUTHORIZED;
logMsg = "User doesn't have permission to download policy";
}
} catch (Throwable excp) {
- LOG.error("getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed", excp);
+ LOG.error("getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed");
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = excp.getMessage();
} finally {
createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, httpCode, request);
RangerPerfTracer.log(perf);
}
- if (httpCode != HttpServletResponse.SC_OK) {
- boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
- throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
- }
+ }
+ assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_POLICIES, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
+
+ if (httpCode != HttpServletResponse.SC_OK) {
+ boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
+ throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index feb6a54..e650968 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -61,6 +61,7 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import java.util.List;
@@ -1113,32 +1114,34 @@ public class TagREST {
ServiceTags ret = null;
int httpCode = HttpServletResponse.SC_OK;
String logMsg = null;
+ Long downloadedVersion = null;
try {
ret = tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion);
- Long downloadedVersion;
- if(ret == null) {
+ if (ret == null) {
downloadedVersion = lastKnownVersion;
- httpCode = HttpServletResponse.SC_NOT_MODIFIED;
- logMsg = "No change since last update";
- } else {
+ httpCode = HttpServletResponse.SC_NOT_MODIFIED;
+ logMsg = "No change since last update";
+ } else {
downloadedVersion = ret.getTagVersion();
- httpCode = HttpServletResponse.SC_OK;
- logMsg = "Returning " + (ret.getTags() != null ? ret.getTags().size() : 0) + " tags. Tag version=" + ret.getTagVersion();
- }
- assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_TAGS, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
+ httpCode = HttpServletResponse.SC_OK;
+ logMsg = "Returning " + (ret.getTags() != null ? ret.getTags().size() : 0) + " tags. Tag version=" + ret.getTagVersion();
+ }
+ } catch (WebApplicationException webException) {
+ httpCode = webException.getResponse().getStatus();
+ logMsg = webException.getResponse().getEntity().toString();
} catch(Exception excp) {
- LOG.error("getServiceTagsIfUpdated(" + serviceName + ") failed", excp);
-
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = excp.getMessage();
+ } finally {
+ assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_TAGS, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
}
- if(httpCode != HttpServletResponse.SC_OK) {
- boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
- throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
- }
+ if(httpCode != HttpServletResponse.SC_OK) {
+ boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
+ throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
+ }
if(LOG.isDebugEnabled()) {
LOG.debug("<== TagREST.getServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ", " + pluginId + ")");
@@ -1165,9 +1168,15 @@ public class TagREST {
boolean isAllowed = false;
boolean isAdmin = bizUtil.isAdmin();
boolean isKeyAdmin = bizUtil.isKeyAdmin();
+ Long downloadedVersion = null;
try {
XXService xService = daoManager.getXXService().findByName(serviceName);
+ if (xService == null) {
+ LOG.error("Requested Service not found. serviceName=" + serviceName);
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Service:" + serviceName + " not found",
+ false);
+ }
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
RangerService rangerService = svcStore.getServiceByName(serviceName);
@@ -1186,7 +1195,6 @@ public class TagREST {
}
if (isAllowed) {
ret = tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion);
- Long downloadedVersion;
if(ret == null) {
downloadedVersion = lastKnownVersion;
@@ -1197,29 +1205,25 @@ public class TagREST {
httpCode = HttpServletResponse.SC_OK;
logMsg = "Returning " + (ret.getTags() != null ? ret.getTags().size() : 0) + " tags. Tag version=" + ret.getTagVersion();
}
- assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_TAGS, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
}else{
LOG.error("getSecureServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ") failed as User doesn't have permission to download tags");
httpCode = HttpServletResponse.SC_UNAUTHORIZED;
logMsg = "User doesn't have permission to download tags";
}
- } catch(Exception excp) {
- LOG.error("getSecureServiceTagsIfUpdated(" + serviceName + ") failed", excp);
-
+ } catch (WebApplicationException webException) {
+ httpCode = webException.getResponse().getStatus();
+ logMsg = webException.getResponse().getEntity().toString();
+ } catch (Exception excp) {
httpCode = HttpServletResponse.SC_BAD_REQUEST;
logMsg = excp.getMessage();
} finally {
- // Placeholder to avoid PMD violations
- if (LOG.isDebugEnabled()) {
- LOG.debug("httpCode=" + httpCode);
- }
- // createOrUpdatePluginTagVersion(serviceName, lastKnownVersion, pluginId, lastActivationTime);
+ assetMgr.createPluginInfo(serviceName, pluginId, request, RangerPluginInfo.ENTITY_TYPE_TAGS, downloadedVersion, lastKnownVersion, lastActivationTime, httpCode);
}
if(httpCode != HttpServletResponse.SC_OK) {
- boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
- throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
- }
+ boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
+ throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
+ }
if(LOG.isDebugEnabled()) {
LOG.debug("<== TagREST.getSecureServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ", " + pluginId + ")");
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index c8c3d2f..589f3cd 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -901,7 +901,9 @@
<named-query name="XXTagResourceMap.findForServicePlugin">
<query>
- select obj from XXTagResourceMap obj, XXService service where service.id = :serviceId and service.tagService is not null and obj.tagId in
+ select obj from XXTagResourceMap obj, XXService service, XXServiceResource serviceRes where service.id = :serviceId and service.tagService is not null
+ and obj.resourceId = serviceRes.id and serviceRes.serviceId = :serviceId
+ and obj.tagId in
(select tag.id from XXTag tag, XXTagDef tagDef where tag.type = tagDef.id and tagDef.name in
(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index fafd4e0..a469513 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -29,6 +29,7 @@ import javax.ws.rs.WebApplicationException;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.biz.AssetMgr;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.biz.ServiceMgr;
@@ -174,7 +175,10 @@ public class TestServiceREST {
@Mock
StringUtils stringUtils;
-
+
+ @Mock
+ AssetMgr assetMgr;
+
@Rule
public ExpectedException thrown = ExpectedException.none();
@@ -961,6 +965,11 @@ public class TestServiceREST {
String serviceName = "HDFS_1";
Long lastKnownVersion = 1L;
String pluginId = "1";
+ try {
+ Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1L, lastKnownVersion, 1, 0);
+
+ } catch (Exception e) {
+ }
ServicePolicies dbServicePolicies = serviceREST
.getServicePoliciesIfUpdated(serviceName, lastKnownVersion, 0L,
pluginId, request);
http://git-wip-us.apache.org/repos/asf/ranger/blob/16f481ba/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
index 9608544..531ad9b 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
@@ -1432,7 +1432,7 @@ public class TestTagREST {
} catch (Exception e) {
}
try {
- Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1, lastKnownVersion, 1, 0);
+ Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1L, lastKnownVersion, 1, 0);
} catch (Exception e) {
}
@@ -1485,7 +1485,7 @@ public class TestTagREST {
try {
Mockito.when(tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion)).thenReturn(oldServiceTag);
- Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1, lastKnownVersion, 1, 0);
+ Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1L, lastKnownVersion, 1, 0);
} catch (Exception e) {
}
@@ -1548,7 +1548,7 @@ public class TestTagREST {
try {
Mockito.when(tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion)).thenReturn(oldServiceTag);
- Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1, lastKnownVersion, 1, 0);
+ Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1L, lastKnownVersion, 1, 0);
} catch (Exception e) {
}
@@ -1614,7 +1614,7 @@ public class TestTagREST {
Mockito.when(bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Tag_Download)).thenReturn(isAllowed);
try {
Mockito.when(tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion)).thenReturn(oldServiceTag);
- Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1, lastKnownVersion, 1, 0);
+ Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1L, lastKnownVersion, 1, 0);
} catch (Exception e) {
}
@@ -1680,7 +1680,7 @@ public class TestTagREST {
Mockito.when(bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Tag_Download)).thenReturn(isAllowed);
try {
Mockito.when(tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion)).thenReturn(oldServiceTag);
- Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1, lastKnownVersion, 1, 0);
+ Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1L, lastKnownVersion, 1, 0);
} catch (Exception e) {
}
@@ -1801,7 +1801,7 @@ public class TestTagREST {
Mockito.when(bizUtil.isUserAllowed(rangerService, Allowed_User_List_For_Tag_Download)).thenReturn(isAllowed);
try {
Mockito.when(tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion)).thenReturn(oldServiceTag);
- Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1, lastKnownVersion, 1, 0);
+ Mockito.doNothing().when(assetMgr).createPluginInfo(serviceName, pluginId, null, 1, 1L, lastKnownVersion, 1, 0);
} catch (Exception e) {
}
Mockito.when(restErrorUtil.createRESTException(Mockito.anyInt(), Mockito.anyString(), Mockito.anyBoolean())).thenThrow(new WebApplicationException());