You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/31 21:38:45 UTC
[2/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
deleted file mode 100644
index b51c160..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
+++ /dev/null
@@ -1,1589 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store.file;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.collections.Predicate;
-import org.apache.commons.collections.PredicateUtils;
-import org.apache.commons.lang.ObjectUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.fs.Path;
-import org.apache.ranger.plugin.model.RangerBaseModelObject;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
-
-
-public class ServiceFileStore extends BaseFileStore implements ServiceStore {
- private static final Log LOG = LogFactory.getLog(ServiceFileStore.class);
-
- private long nextServiceDefId = 0;
- private long nextServiceId = 0;
- private long nextPolicyId = 0;
-
- static Map<String, Long> legacyServiceDefs = new HashMap<String, Long>();
-
- static {
- legacyServiceDefs.put("hdfs", new Long(1));
- legacyServiceDefs.put("hbase", new Long(2));
- legacyServiceDefs.put("hive", new Long(3));
- legacyServiceDefs.put("knox", new Long(5));
- legacyServiceDefs.put("storm", new Long(6));
- }
-
- public ServiceFileStore() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.ServiceFileStore()");
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.ServiceFileStore()");
- }
- }
-
- @Override
- public void init() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.init()");
- }
-
- super.initStore();
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.init()");
- }
- }
-
- @Override
- public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.createServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef existing = getServiceDefByName(serviceDef.getName());
-
- if(existing != null) {
- throw new Exception(serviceDef.getName() + ": service-def already exists (id=" + existing.getId() + ")");
- }
-
- RangerServiceDef ret = null;
-
- try {
- preCreate(serviceDef);
-
- serviceDef.setId(nextServiceDefId++);
-
- ret = saveToFile(serviceDef, false);
-
- postCreate(ret);
- } catch(Exception excp) {
- LOG.warn("ServiceDefFileStore.createServiceDef(): failed to save service-def '" + serviceDef.getName() + "'", excp);
-
- throw new Exception("failed to save service-def '" + serviceDef.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.createServiceDef(" + serviceDef + ")");
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.updateServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef existing = getServiceDef(serviceDef.getId());
-
- if(existing == null) {
- throw new Exception(serviceDef.getId() + ": service-def does not exist");
- }
-
- if(isLegacyServiceDef(existing)) {
- String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
-
- LOG.warn(msg);
-
- throw new Exception(msg);
- }
-
- String existingName = existing.getName();
-
- boolean renamed = !StringUtils.equalsIgnoreCase(serviceDef.getName(), existingName);
-
- // renaming service-def would require updating services that refer to this service-def
- if(renamed) {
- LOG.warn("ServiceDefFileStore.updateServiceDef(): service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
-
- throw new Exception("service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
- }
-
- RangerServiceDef ret = null;
-
- try {
- existing.updateFrom(serviceDef);
-
- preUpdate(existing);
-
- ret = saveToFile(existing, true);
-
- postUpdate(ret);
- } catch(Exception excp) {
- LOG.warn("ServiceDefFileStore.updateServiceDef(): failed to save service-def '" + existing.getName() + "'", excp);
-
- throw new Exception("failed to save service-def '" + existing.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.updateServiceDef(" + serviceDef + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.deleteServiceDef(" + id + ")");
- }
-
- RangerServiceDef existing = getServiceDef(id);
-
- if(existing == null) {
- throw new Exception("service-def does not exist. id=" + id);
- }
-
- if(isLegacyServiceDef(existing)) {
- String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
-
- LOG.warn(msg);
-
- throw new Exception(msg);
- }
-
- // TODO: deleting service-def would require deleting services that refer to this service-def
-
- try {
- preDelete(existing);
-
- Path filePath = new Path(getServiceDefFile(id));
-
- deleteFile(filePath);
-
- postDelete(existing);
- } catch(Exception excp) {
- throw new Exception("failed to delete service-def. id=" + id + "; name=" + existing.getName(), excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.deleteServiceDef(" + id + ")");
- }
- }
-
- @Override
- public RangerServiceDef getServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getServiceDef(" + id + ")");
- }
-
- RangerServiceDef ret = null;
-
- if(id != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE_ID, id.toString());
-
- List<RangerServiceDef> serviceDefs = getServiceDefs(filter);
-
- ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getServiceDef(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef getServiceDefByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getServiceDefByName(" + name + ")");
- }
-
- RangerServiceDef ret = null;
-
- if(name != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE, name);
-
- List<RangerServiceDef> serviceDefs = getServiceDefs(filter);
-
- ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getServiceDefByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getServiceDefs()");
- }
-
- List<RangerServiceDef> ret = getAllServiceDefs();
-
- if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
-
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
-
- if(comparator != null) {
- Collections.sort(ret, comparator);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getServiceDefs(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
-
- @Override
- public RangerService createService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.createService(" + service + ")");
- }
-
- RangerService existing = getServiceByName(service.getName());
-
- if(existing != null) {
- throw new Exception("service already exists - '" + service.getName() + "'. ID=" + existing.getId());
- }
-
- RangerService ret = null;
-
- try {
- preCreate(service);
-
- service.setId(nextServiceId++);
-
- ret = saveToFile(service, false);
-
- postCreate(service);
- } catch(Exception excp) {
- throw new Exception("failed to save service '" + service.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.createService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService updateService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.updateService(" + service + ")");
- }
-
- RangerService existing = getService(service.getId());
-
- if(existing == null) {
- throw new Exception("no service exists with ID=" + service.getId());
- }
-
- String existingName = existing.getName();
-
- boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName);
-
- if(renamed) {
- RangerService newNameService = getServiceByName(service.getName());
-
- if(newNameService != null) {
- throw new Exception("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId());
- }
- }
-
- RangerService ret = null;
-
- try {
- existing.updateFrom(service);
-
- preUpdate(existing);
-
- ret = saveToFile(existing, true);
-
- postUpdate(ret);
-
- if(renamed) {
- handleServiceRename(ret, existingName);
- }
- } catch(Exception excp) {
- throw new Exception("failed to update service '" + existing.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.updateService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.deleteService(" + id + ")");
- }
-
- RangerService existing = getService(id);
-
- if(existing == null) {
- throw new Exception("no service exists with ID=" + id);
- }
-
- try {
- Path filePath = new Path(getServiceFile(id));
-
- preDelete(existing);
-
- handleServiceDelete(existing);
-
- deleteFile(filePath);
-
- postDelete(existing);
- } catch(Exception excp) {
- throw new Exception("failed to delete service with ID=" + id, excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.deleteService(" + id + ")");
- }
- }
-
- @Override
- public RangerService getService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getService(" + id + ")");
- }
-
- RangerService ret = null;
-
- try {
- Path filePath = new Path(getServiceFile(id));
-
- ret = loadFromFile(filePath, RangerService.class);
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getService(" + id + "): failed to read service", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getService(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService getServiceByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServiceByName(" + name + ")");
- }
-
- RangerService ret = null;
-
- if(name != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, name);
-
- List<RangerService> services = getServices(filter);
-
- ret = CollectionUtils.isEmpty(services) ? null : services.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServiceByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerService> getServices(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServices()");
- }
-
- List<RangerService> ret = getAllServices();
-
- if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
-
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
-
- if(comparator != null) {
- Collections.sort(ret, comparator);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServices(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.createPolicy(" + policy + ")");
- }
-
- RangerService service = getServiceByName(policy.getService());
-
- if(service == null) {
- throw new Exception("service does not exist - name=" + policy.getService());
- }
-
- RangerPolicy existing = findPolicyByName(policy.getService(), policy.getName());
-
- if(existing != null) {
- throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId());
- }
-
- RangerPolicy ret = null;
-
- try {
- preCreate(policy);
-
- policy.setId(nextPolicyId++);
-
- ret = saveToFile(policy, service.getId(), false);
-
- handlePolicyUpdate(service);
-
- postCreate(ret);
- } catch(Exception excp) {
- throw new Exception("failed to save policy: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName(), excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.createPolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.updatePolicy(" + policy + ")");
- }
-
- RangerPolicy existing = getPolicy(policy.getId());
-
- if(existing == null) {
- throw new Exception("no policy exists with ID=" + policy.getId());
- }
-
- RangerService service = getServiceByName(policy.getService());
-
- if(service == null) {
- throw new Exception("service does not exist - name=" + policy.getService());
- }
-
- if(! StringUtils.equalsIgnoreCase(existing.getService(), policy.getService())) {
- throw new Exception("policy id=" + policy.getId() + " already exists in service " + existing.getService() + ". It can not be moved to service " + policy.getService());
- }
-
- boolean renamed = !StringUtils.equalsIgnoreCase(policy.getName(), existing.getName());
-
- if(renamed) {
- RangerPolicy newNamePolicy = findPolicyByName(service.getName(), policy.getName());
-
- if(newNamePolicy != null) {
- throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId());
- }
- }
-
- RangerPolicy ret = null;
-
- try {
- existing.updateFrom(policy);
-
- preUpdate(existing);
-
- ret = saveToFile(existing, service.getId(), true);
-
- handlePolicyUpdate(service);
-
- postUpdate(ret);
- } catch(Exception excp) {
- throw new Exception("failed to update policy - ID=" + existing.getId(), excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.updatePolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deletePolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.deletePolicy(" + id + ")");
- }
-
- RangerPolicy existing = getPolicy(id);
-
- if(existing == null) {
- throw new Exception("no policy exists with ID=" + id);
- }
-
- RangerService service = getServiceByName(existing.getService());
-
- if(service == null) {
- throw new Exception("service does not exist - name='" + existing.getService());
- }
-
- try {
- preDelete(existing);
-
- Path filePath = new Path(getPolicyFile(service.getId(), existing.getId()));
-
- deleteFile(filePath);
-
- handlePolicyUpdate(service);
-
- postDelete(existing);
- } catch(Exception excp) {
- throw new Exception(existing.getId() + ": failed to delete policy", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.deletePolicy(" + id + ")");
- }
- }
-
- @Override
- public RangerPolicy getPolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getPolicy(" + id + ")");
- }
-
- RangerPolicy ret = null;
-
- if(id != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.POLICY_ID, id.toString());
-
- List<RangerPolicy> policies = getPolicies(filter);
-
- ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getPolicy(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getPolicies()");
- }
-
- List<RangerPolicy> ret = getAllPolicies();
-
- if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
-
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
-
- if(comparator != null) {
- Collections.sort(ret, comparator);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getPolicies(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceId + ")");
- }
-
- RangerService service = getService(serviceId);
-
- if(service == null) {
- throw new Exception("service does not exist - id='" + serviceId);
- }
-
- List<RangerPolicy> ret = getServicePolicies(service.getName(), filter);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceId + "): " + ((ret == null) ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceName + ")");
- }
-
- List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
-
- try {
- if(filter == null) {
- filter = new SearchFilter();
- }
-
- filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
-
- ret = getPolicies(filter);
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getServicePolicies(" + serviceName + "): failed to read policies", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceName + "): count=" + ((ret == null) ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
- }
-
- RangerService service = getServiceByName(serviceName);
-
- if(service == null) {
- throw new Exception("service does not exist - name=" + serviceName);
- }
-
- RangerServiceDef serviceDef = getServiceDefByName(service.getType());
-
- if(serviceDef == null) {
- throw new Exception(service.getType() + ": unknown service-def)");
- }
-
- ServicePolicies ret = new ServicePolicies();
- ret.setServiceId(service.getId());
- ret.setServiceName(service.getName());
- ret.setPolicyVersion(service.getPolicyVersion());
- ret.setPolicyUpdateTime(service.getPolicyUpdateTime());
- ret.setServiceDef(serviceDef);
- ret.setPolicies(new ArrayList<RangerPolicy>());
-
- if(lastKnownVersion == null || service.getPolicyVersion() == null || lastKnownVersion.longValue() != service.getPolicyVersion().longValue()) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, serviceName);
-
- List<RangerPolicy> policies = getPolicies(filter);
-
- ret.setPolicies(policies);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
- }
-
- if(ret != null && ret.getPolicies() != null) {
- Collections.sort(ret.getPolicies(), idComparator);
- }
-
- return ret;
- }
-
-
- private void handleServiceRename(RangerService service, String oldName) throws Exception {
- List<RangerPolicy> policies = getAllPolicies();
-
- if(policies != null) {
- for(RangerPolicy policy : policies) {
- if(StringUtils.equalsIgnoreCase(policy.getService(), oldName)) {
- policy.setService(service.getName());
-
- preUpdate(policy);
-
- saveToFile(policy, service.getId(), true);
-
- postUpdate(policy);
- }
- }
- }
- }
-
- private void handleServiceDelete(RangerService service) throws Exception {
- List<RangerPolicy> policies = getAllPolicies();
-
- if(policies != null) {
- for(RangerPolicy policy : policies) {
- if(! StringUtils.equals(policy.getService(), service.getName())) {
- continue;
- }
-
- preDelete(policy);
-
- Path filePath = new Path(getPolicyFile(service.getId(), policy.getId()));
-
- deleteFile(filePath);
-
- postDelete(policy);
- }
- }
- }
-
- private void handlePolicyUpdate(RangerService service) throws Exception {
- if(service == null) {
- return;
- }
-
- Long policyVersion = service.getPolicyVersion();
-
- if(policyVersion == null) {
- policyVersion = new Long(1);
- } else {
- policyVersion = new Long(policyVersion.longValue() + 1);
- }
-
- service.setPolicyVersion(policyVersion);
- service.setPolicyUpdateTime(new Date());
-
- saveToFile(service, true);
- }
-
- private RangerPolicy findPolicyByName(String serviceName, String policyName) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + ")");
- }
-
- RangerService service = getServiceByName(serviceName);
-
- if(service == null) {
- throw new Exception("service does not exist - name='" + serviceName);
- }
-
- RangerPolicy ret = null;
-
- SearchFilter filter = new SearchFilter();
-
- filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
- filter.setParam(SearchFilter.POLICY_NAME, policyName);
-
- List<RangerPolicy> policies = getPolicies(filter);
-
- ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + "): " + ret);
- }
-
- return ret;
- }
-
- private boolean isLegacyServiceDef(RangerServiceDef sd) {
- return sd == null ? false : (isLegacyServiceDef(sd.getName()) || isLegacyServiceDef(sd.getId()));
- }
-
- private boolean isLegacyServiceDef(String name) {
- return name == null ? false : legacyServiceDefs.containsKey(name);
- }
-
- private boolean isLegacyServiceDef(Long id) {
- return id == null ? false : legacyServiceDefs.containsValue(id);
- }
-
- private List<RangerServiceDef> getAllServiceDefs() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getAllServiceDefs()");
- }
-
- List<RangerServiceDef> ret = new ArrayList<RangerServiceDef>();
-
- try {
- // load definitions for legacy services from embedded resources
- String[] legacyServiceDefResources = {
- "/service-defs/ranger-servicedef-hdfs.json",
- "/service-defs/ranger-servicedef-hive.json",
- "/service-defs/ranger-servicedef-hbase.json",
- "/service-defs/ranger-servicedef-knox.json",
- "/service-defs/ranger-servicedef-storm.json",
- };
-
- for(String resource : legacyServiceDefResources) {
- RangerServiceDef sd = loadFromResource(resource, RangerServiceDef.class);
-
- if(sd != null) {
- ret.add(sd);
- }
- }
- nextServiceDefId = getMaxId(ret) + 1;
-
- // load service definitions from file system
- List<RangerServiceDef> sds = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE_DEF, RangerServiceDef.class);
-
- if(sds != null) {
- for(RangerServiceDef sd : sds) {
- if(sd != null) {
- if(isLegacyServiceDef(sd)) {
- LOG.warn("Found in-built service-def '" + sd.getName() + "' under " + getDataDir() + ". Ignorning");
-
- continue;
- }
-
- // if the ServiceDef is already found, remove the earlier definition
- for(int i = 0; i < ret.size(); i++) {
- RangerServiceDef currSd = ret.get(i);
-
- if(StringUtils.equals(currSd.getName(), sd.getName()) ||
- ObjectUtils.equals(currSd.getId(), sd.getId())) {
- ret.remove(i);
- }
- }
-
- ret.add(sd);
- }
- }
- }
- nextServiceDefId = getMaxId(ret) + 1;
- } catch(Exception excp) {
- LOG.error("ServiceDefFileStore.getAllServiceDefs(): failed to read service-defs", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getAllServiceDefs(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- if(ret != null) {
- Collections.sort(ret, idComparator);
-
- for(RangerServiceDef sd : ret) {
- Collections.sort(sd.getResources(), resourceLevelComparator);
- }
- }
-
- return ret;
- }
-
- private List<RangerService> getAllServices() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getAllServices()");
- }
-
- List<RangerService> ret = null;
-
- try {
- ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class);
-
- nextServiceId = getMaxId(ret) + 1;
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getAllServices(): failed to read services", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getAllServices(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- if(ret != null) {
- Collections.sort(ret, idComparator);
- }
-
- return ret;
- }
-
- private List<RangerPolicy> getAllPolicies() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getAllPolicies()");
- }
-
- List<RangerPolicy> ret = null;
-
- try {
- ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class);
-
- nextPolicyId = getMaxId(ret) + 1;
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp);
- }
-
- if(ret != null) {
- Collections.sort(ret, idComparator);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- private String getServiceType(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getType() : null;
- }
-
- private Long getServiceId(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getId() : null;
- }
-
- private final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Long val1 = (o1 != null) ? o1.getId() : null;
- Long val2 = (o2 != null) ? o2.getId() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getCreateTime() : null;
- Date val2 = (o2 != null) ? o2.getCreateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getUpdateTime() : null;
- Date val2 = (o2 != null) ? o2.getUpdateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerServiceDef) {
- val1 = ((RangerServiceDef)o1).getName();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerServiceDef) {
- val2 = ((RangerServiceDef)o2).getName();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerPolicy) {
- val1 = ((RangerPolicy)o1).getService();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerPolicy) {
- val2 = ((RangerPolicy)o2).getService();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null;
- String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() {
- @Override
- public int compare(RangerResourceDef o1, RangerResourceDef o2) {
- Integer val1 = (o1 != null) ? o1.getLevel() : null;
- Integer val2 = (o2 != null) ? o2.getLevel() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private Predicate getPredicate(SearchFilter filter) {
- if(filter == null || filter.isEmpty()) {
- return null;
- }
-
- List<Predicate> predicates = new ArrayList<Predicate>();
-
- addPredicateForLoginUser(filter.getParam(SearchFilter.LOGIN_USER), predicates);
- addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
- addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates);
- addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates);
- addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
- addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates);
- addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates);
- addPredicateForStatus(filter.getParam(SearchFilter.STATUS), predicates);
- addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
- addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
- addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
-
- Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
-
- return ret;
- }
-
- private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>();
-
- static {
- sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator);
- sorterMap.put(SearchFilter.POLICY_ID, idComparator);
- sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator);
- sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator);
- }
-
- private Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) {
- String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY);
-
- if(StringUtils.isEmpty(sortBy)) {
- return null;
- }
-
- Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy);
-
- return ret;
- }
-
- private Predicate addPredicateForLoginUser(final String loginUser, List<Predicate> predicates) {
- if(StringUtils.isEmpty(loginUser)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(!policyItem.getDelegateAdmin()) {
- continue;
- }
-
- if(policyItem.getUsers().contains(loginUser)) { // TODO: group membership check
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceType)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceType, getServiceType(policy.getService()));
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceType, service.getType());
- } else if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
-
- ret = StringUtils.equals(serviceType, serviceDef.getName());
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceTypeId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
- Long svcDefId = serviceDef.getId();
-
- if(svcDefId != null) {
- ret = StringUtils.equals(serviceTypeId, svcDefId.toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceName, policy.getService());
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceName, service.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
- Long svcId = getServiceId(policy.getService());
-
- if(svcId != null) {
- ret = StringUtils.equals(serviceId, svcId.toString());
- }
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- if(service.getId() != null) {
- ret = StringUtils.equals(serviceId, service.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(policyName, policy.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(policy.getId() != null) {
- ret = StringUtils.equals(policyId, policy.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(userName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getUsers().contains(userName)) { // TODO: group membership check
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(groupName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getGroups().contains(groupName)) {
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForStatus(final String status, List<Predicate> predicates) {
- if(StringUtils.isEmpty(status)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerBaseModelObject) {
- RangerBaseModelObject obj = (RangerBaseModelObject)object;
-
- if(StringUtils.equals(status, "enabled")) {
- ret = obj.getIsEnabled();
- } else if(StringUtils.equals(status, "disabled")) {
- ret = !obj.getIsEnabled();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
- if(MapUtils.isEmpty(resources)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(! MapUtils.isEmpty(policy.getResources())) {
- int numFound = 0;
- for(String name : resources.keySet()) {
- boolean isMatch = false;
-
- RangerPolicyResource policyResource = policy.getResources().get(name);
-
- if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
- String val = resources.get(name);
-
- if(policyResource.getValues().contains(val)) {
- isMatch = true;
- } else {
- for(String policyResourceValue : policyResource.getValues()) {
- if(policyResourceValue.contains(val)) { // TODO: consider match for wildcard in policyResourceValue?
- isMatch = true;
- break;
- }
- }
- }
- }
-
- if(isMatch) {
- numFound++;
- } else {
- break;
- }
- }
-
- ret = numFound == resources.size();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
deleted file mode 100644
index dd3624b..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
+++ /dev/null
@@ -1,609 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store.rest;
-
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.admin.client.datatype.RESTResponse;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.util.RangerRESTClient;
-import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
-
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.GenericType;
-import com.sun.jersey.api.client.WebResource;
-
-
-public class ServiceRESTStore implements ServiceStore {
- private static final Log LOG = LogFactory.getLog(ServiceRESTStore.class);
-
-
- public final String REST_URL_SERVICEDEF_CREATE = "/service/plugins/definitions";
- public final String REST_URL_SERVICEDEF_UPDATE = "/service/plugins/definitions/";
- public final String REST_URL_SERVICEDEF_DELETE = "/service/plugins/definitions/";
- public final String REST_URL_SERVICEDEF_GET = "/service/plugins/definitions/";
- public final String REST_URL_SERVICEDEF_GET_BY_NAME = "/service/plugins/definitions/name/";
- public final String REST_URL_SERVICEDEF_GET_ALL = "/service/plugins/definitions";
-
- public final String REST_URL_SERVICE_CREATE = "/service/plugins/services";
- public final String REST_URL_SERVICE_UPDATE = "/service/plugins/services/";
- public final String REST_URL_SERVICE_DELETE = "/service/plugins/services/";
- public final String REST_URL_SERVICE_GET = "/service/plugins/services/";
- public final String REST_URL_SERVICE_GET_BY_NAME = "/service/plugins/services/name/";
- public final String REST_URL_SERVICE_GET_ALL = "/service/plugins/services";
-
- public final String REST_URL_POLICY_CREATE = "/service/plugins/policies";
- public final String REST_URL_POLICY_UPDATE = "/service/plugins/policies/";
- public final String REST_URL_POLICY_DELETE = "/service/plugins/policies/";
- public final String REST_URL_POLICY_GET = "/service/plugins/policies/";
- public final String REST_URL_POLICY_GET_BY_NAME = "/service/plugins/policies/name/";
- public final String REST_URL_POLICY_GET_ALL = "/service/plugins/policies";
- public final String REST_URL_POLICY_GET_FOR_SERVICE = "/service/plugins/policies/service/";
- public final String REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME = "/service/plugins/policies/service/name/";
- public final String REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED = "/service/plugins/policies/service/name/";
-
- public static final String REST_MIME_TYPE_JSON = "application/json" ;
-
- private RangerRESTClient restClient;
-
- public ServiceRESTStore() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.ServiceRESTStore()");
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.ServiceRESTStore()");
- }
- }
-
- @Override
- public void init() throws Exception {
- String restUrl = RangerConfiguration.getInstance().get("ranger.service.store.rest.url", "http://localhost:6080");
- String restUsername = RangerConfiguration.getInstance().get("ranger.service.store.rest.username", "admin");
- String restPassword = RangerConfiguration.getInstance().get("ranger.service.store.rest.password", "admin");
- String sslConfigFile = RangerConfiguration.getInstance().get("ranger.service.store.rest.ssl.config.file", "");
-
- restClient = new RangerRESTClient(restUrl, sslConfigFile);
- restClient.setBasicAuthInfo(restUsername, restPassword);
- }
-
- @Override
- public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.createServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_CREATE);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(serviceDef));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.createServiceDef(" + serviceDef + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.updateServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_UPDATE + serviceDef.getId());
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(serviceDef));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.updateServiceDef(" + serviceDef + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.deleteServiceDef(" + id + ")");
- }
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_DELETE + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
-
- if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.deleteServiceDef(" + id + ")");
- }
- }
-
- @Override
- public RangerServiceDef getServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceDef(" + id + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServiceDef(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef getServiceDefByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceDefByName(" + name + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_BY_NAME + name);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServiceDefByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceDefs()");
- }
-
- List<RangerServiceDef> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_ALL, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerServiceDef>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getAllServiceDefs(): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService createService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.createService(" + service + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_CREATE);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(service));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.createService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService updateService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.updateService(" + service + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_UPDATE + service.getId());
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(service));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.updateService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.deleteService(" + id + ")");
- }
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_DELETE + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
-
- if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.deleteService(" + id + ")");
- }
- }
-
- @Override
- public RangerService getService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getService(" + id + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_GET + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getService(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService getServiceByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceByName(" + name + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_GET_BY_NAME + name);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServiceByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerService> getServices(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServices()");
- }
-
- List<RangerService> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_GET_ALL, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerService>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServices(): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.createPolicy(" + policy + ")");
- }
-
- RangerPolicy ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_CREATE);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(policy));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerPolicy.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.createPolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.updatePolicy(" + policy + ")");
- }
-
- RangerPolicy ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_UPDATE + policy.getId());
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(policy));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerPolicy.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.updatePolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deletePolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.deletePolicy(" + id + ")");
- }
-
- WebResource webResource = createWebResource(REST_URL_POLICY_DELETE + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
-
- if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.deletePolicy(" + id + ")");
- }
- }
-
- @Override
- public RangerPolicy getPolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getPolicy(" + id + ")");
- }
-
- RangerPolicy ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerPolicy.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getPolicy(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getPolicies()");
- }
-
- List<RangerPolicy> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_ALL, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getPolicies(): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceId + ")");
- }
-
- List<RangerPolicy> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE + serviceId, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceId + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceName + ")");
- }
-
- List<RangerPolicy> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME + serviceName, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceName + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
- }
-
- ServicePolicies ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName + "/" + lastKnownVersion);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(ServicePolicies.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): " + ret);
- }
-
- return ret;
- }
-
- private WebResource createWebResource(String url) {
- return createWebResource(url, null);
- }
-
- private WebResource createWebResource(String url, SearchFilter filter) {
- WebResource ret = restClient.getResource(url);
-
- if(filter != null) {
- // TODO: add query params for filter
- }
-
- return ret;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
deleted file mode 100644
index 7112562..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.store.ServiceStore;
-
-
-public class PolicyRefresher extends Thread {
- private static final Log LOG = LogFactory.getLog(PolicyRefresher.class);
-
- private RangerPolicyEngine policyEngine = null;
- private String serviceType = null;
- private String serviceName = null;
- private ServiceStore serviceStore = null;
- private long pollingIntervalMs = 30 * 1000;
-
- private boolean shutdownFlag = false;
- private ServicePolicies lastKnownPolicies = null;
-
-
- public PolicyRefresher(RangerPolicyEngine policyEngine, String serviceType, String serviceName, ServiceStore serviceStore, long pollingIntervalMs, String cacheDir) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")");
- }
-
- this.policyEngine = policyEngine;
- this.serviceType = serviceType;
- this.serviceName = serviceName;
- this.serviceStore = serviceStore;
- this.pollingIntervalMs = pollingIntervalMs;
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")");
- }
- }
-
- /**
- * @return the policyEngine
- */
- public RangerPolicyEngine getPolicyEngine() {
- return policyEngine;
- }
-
- /**
- * @return the serviceType
- */
- public String getServiceType() {
- return serviceType;
- }
-
- /**
- * @return the serviceName
- */
- public String getServiceName() {
- return serviceName;
- }
-
- /**
- * @return the serviceStore
- */
- public ServiceStore getServiceStore() {
- return serviceStore;
- }
-
- /**
- * @return the pollingIntervalMilliSeconds
- */
- public long getPollingIntervalMs() {
- return pollingIntervalMs;
- }
-
- /**
- * @param pollingIntervalMilliSeconds the pollingIntervalMilliSeconds to set
- */
- public void setPollingIntervalMilliSeconds(long pollingIntervalMilliSeconds) {
- this.pollingIntervalMs = pollingIntervalMilliSeconds;
- }
-
- public void startRefresher() {
- shutdownFlag = false;
-
- super.start();
- }
-
- public void stopRefresher() {
- shutdownFlag = true;
- }
-
- public void run() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> PolicyRefresher.run()");
- }
-
- while(! shutdownFlag) {
- try {
- long lastKnownVersion = (lastKnownPolicies == null || lastKnownPolicies.getPolicyVersion() == null) ? 0 : lastKnownPolicies.getPolicyVersion().longValue();
-
- ServicePolicies svcPolicies = serviceStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
-
- long newVersion = (svcPolicies == null || svcPolicies.getPolicyVersion() == null) ? 0 : svcPolicies.getPolicyVersion().longValue();
-
- boolean isUpdated = newVersion != 0 && lastKnownVersion != newVersion;
-
- if(isUpdated) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): found updated version. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion);
- }
-
- policyEngine.setPolicies(serviceName, svcPolicies.getServiceDef(), svcPolicies.getPolicies());
-
- lastKnownPolicies = svcPolicies;
- } else {
- if(LOG.isDebugEnabled()) {
- LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): no update found. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion);
- }
- }
- } catch(Exception excp) {
- LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): ", excp);
- }
-
- try {
- Thread.sleep(pollingIntervalMs);
- } catch(Exception excp) {
- LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): error while sleep. exiting thread", excp);
-
- throw new RuntimeException(excp);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== PolicyRefresher.run()");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
deleted file mode 100644
index cfff4b7..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
-import org.apache.ranger.authorization.utils.StringUtil;
-import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.sun.jersey.api.client.Client;
-import com.sun.jersey.api.client.WebResource;
-import com.sun.jersey.api.client.config.ClientConfig;
-import com.sun.jersey.api.client.config.DefaultClientConfig;
-import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
-import com.sun.jersey.client.urlconnection.HTTPSProperties;
-
-
-public class RangerRESTClient {
- private static final Log LOG = LogFactory.getLog(RangerRESTClient.class);
-
- public static final String RANGER_PROP_POLICYMGR_URL = "xasecure.policymgr.url";
- public static final String RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME = "xasecure.policymgr.sslconfig.filename";
-
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks";
-
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
-
- public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = "SunX509" ;
- public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = "SunX509" ;
- public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "SSL" ;
-
-
- private String mUrl = null;
- private String mSslConfigFileName = null;
- private String mUsername = null;
- private String mPassword = null;
- private boolean mIsSSL = false;
-
- private String mKeyStoreURL = null;
- private String mKeyStoreAlias = null;
- private String mKeyStoreFile = null;
- private String mKeyStoreType = null;
- private String mTrustStoreURL = null;
- private String mTrustStoreAlias = null;
- private String mTrustStoreFile = null;
- private String mTrustStoreType = null;
-
- private Gson gsonBuilder = null;
- private Client client = null;
-
- public RangerRESTClient() {
- this(RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_URL),
- RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME));
- }
-
- public RangerRESTClient(String url, String sslConfigFileName) {
- mUrl = url;
- mSslConfigFileName = sslConfigFileName;
-
- init();
- }
-
- public String getUrl() {
- return mUrl;
- }
-
- public void setUrl(String url) {
- this.mUrl = url;
- }
-
- public String getUsername() {
- return mUsername;
- }
-
- public String getPassword() {
- return mPassword;
- }
-
- public void setBasicAuthInfo(String username, String password) {
- mUsername = username;
- mPassword = password;
- }
-
- public WebResource getResource(String relativeUrl) {
- WebResource ret = getClient().resource(getUrl() + relativeUrl);
-
- return ret;
- }
-
- public String toJson(Object obj) {
- return gsonBuilder.toJson(obj);
- }
-
- public <T> T fromJson(String json, Class<T> cls) {
- return gsonBuilder.fromJson(json, cls);
- }
-
- public Client getClient() {
- if(client == null) {
- synchronized(this) {
- if(client == null) {
- client = buildClient();
- }
- }
- }
-
- return client;
- }
-
- private Client buildClient() {
- Client client = null;
-
- if (mIsSSL) {
- KeyManager[] kmList = getKeyManagers();
- TrustManager[] tmList = getTrustManagers();
- SSLContext sslContext = getSSLContext(kmList, tmList);
- ClientConfig config = new DefaultClientConfig();
-
- config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
-
- HostnameVerifier hv = new HostnameVerifier() {
- public boolean verify(String urlHostName, SSLSession session) {
- return session.getPeerHost().equals(urlHostName);
- }
- };
-
- config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
-
- client = Client.create(config);
- }
-
- if(client == null) {
- ClientConfig config = new DefaultClientConfig();
-
- config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
-
- client = Client.create(config);
- }
-
- // TODO: for testing only
- if(!StringUtils.isEmpty(mUsername) || !StringUtils.isEmpty(mPassword)) {
- client.addFilter(new HTTPBasicAuthFilter(mUsername, mPassword));
- }
-
- return client;
- }
-
- private void init() {
- try {
- gsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.fatal("RangerRESTClient.init(): failed to create GsonBuilder object", excp);
- }
-
- mIsSSL = StringUtil.containsIgnoreCase(mUrl, "https");
-
- InputStream in = null ;
-
- try {
- Configuration conf = new Configuration() ;
-
- in = getFileInputStream(mSslConfigFileName) ;
-
- if (in != null) {
- conf.addResource(in);
- }
-
- mKeyStoreURL = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
- mKeyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
- mKeyStoreType = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
- mKeyStoreFile = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE);
-
- mTrustStoreURL = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
- mTrustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
- mTrustStoreType = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
- mTrustStoreFile = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE);
- }
- catch(IOException ioe) {
- LOG.error("Unable to load SSL Config FileName: [" + mSslConfigFileName + "]", ioe);
- }
- finally {
- close(in, mSslConfigFileName);
- }
- }
-
- private KeyManager[] getKeyManagers() {
- KeyManager[] kmList = null;
-
- String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
-
- if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) {
- InputStream in = null ;
-
- try {
- in = getFileInputStream(mKeyStoreFile) ;
-
- if (in != null) {
- KeyStore keyStore = KeyStore.getInstance(mKeyStoreType);
-
- keyStore.load(in, keyStoreFilepwd.toCharArray());
-
- KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
-
- keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
-
- kmList = keyManagerFactory.getKeyManagers();
- } else {
- LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
- }
- } catch (KeyStoreException e) {
- LOG.error("Unable to obtain from KeyStore", e);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("SSL algorithm is available in the environment", e);
- } catch (CertificateException e) {
- LOG.error("Unable to obtain the requested certification ", e);
- } catch (FileNotFoundException e) {
- LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
- } catch (IOException e) {
- LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
- } catch (UnrecoverableKeyException e) {
- LOG.error("Unable to recover the key from keystore", e);
- } finally {
- close(in, mKeyStoreFile);
- }
- }
-
- return kmList;
- }
-
- private TrustManager[] getTrustManagers() {
- TrustManager[] tmList = null;
-
- String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
-
- if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
- InputStream in = null ;
-
- try {
- in = getFileInputStream(mTrustStoreFile) ;
-
- if (in != null) {
- KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
-
- trustStore.load(in, trustStoreFilepwd.toCharArray());
-
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
-
- trustManagerFactory.init(trustStore);
-
- tmList = trustManagerFactory.getTrustManagers();
- } else {
- LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]");
- }
- } catch (KeyStoreException e) {
- LOG.error("Unable to obtain from KeyStore", e);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("SSL algorithm is available in the environment", e);
- } catch (CertificateException e) {
- LOG.error("Unable to obtain the requested certification ", e);
- } catch (FileNotFoundException e) {
- LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
- } catch (IOException e) {
- LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
- } finally {
- close(in, mTrustStoreFile);
- }
- }
-
- return tmList;
- }
-
- private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
- try {
- if(kmList != null && tmList != null) {
- SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
-
- sslContext.init(kmList, tmList, new SecureRandom());
-
- return sslContext;
- }
- } catch (NoSuchAlgorithmException e) {
- LOG.error("SSL algorithm is available in the environment", e);
- } catch (KeyManagementException e) {
- LOG.error("Unable to initials the SSLContext", e);
- }
-
- return null;
- }
-
- private String getCredential(String url, String alias) {
- char[] credStr = RangerCredentialProvider.getInstance().getCredentialString(url, alias);
-
- return credStr == null ? null : new String(credStr);
- }
-
- private InputStream getFileInputStream(String fileName) throws IOException {
- InputStream in = null ;
-
- if(! StringUtil.isEmpty(fileName)) {
- File f = new File(fileName) ;
-
- if (f.exists()) {
- in = new FileInputStream(f) ;
- }
- else {
- in = ClassLoader.getSystemResourceAsStream(fileName) ;
- }
- }
-
- return in ;
- }
-
- private void close(InputStream str, String filename) {
- if (str != null) {
- try {
- str.close() ;
- } catch (IOException excp) {
- LOG.error("Error while closing file: [" + filename + "]", excp) ;
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
deleted file mode 100644
index ab8384c..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.lang.StringUtils;
-
-
-public class SearchFilter {
- public static final String LOGIN_USER = "loginUser"; // search
- public static final String SERVICE_TYPE = "serviceType"; // search, sort
- public static final String SERVICE_TYPE_ID = "serviceTypeId"; // search, sort
- public static final String SERVICE_NAME = "serviceName"; // search, sort
- public static final String SERVICE_ID = "serviceId"; // search, sort
- public static final String POLICY_NAME = "policyName"; // search, sort
- public static final String POLICY_ID = "policyId"; // search, sort
- public static final String STATUS = "status"; // search
- public static final String USER = "user"; // search
- public static final String GROUP = "group"; // search
- public static final String RESOURCE_PREFIX = "resource:"; // search
- public static final String CREATE_TIME = "createTime"; // sort
- public static final String UPDATE_TIME = "updateTime"; // sort
- public static final String START_INDEX = "startIndex";
- public static final String PAGE_SIZE = "pageSize";
- public static final String SORT_BY = "sortBy";
-
- private Map<String, String> params = null;
-
- public SearchFilter() {
- this(null);
- }
-
- public SearchFilter(String name, String value) {
- setParam(name, value);
- }
-
- public SearchFilter(Map<String, String> values) {
- setParams(values);
- }
-
- public Map<String, String> getParams() {
- return params;
- }
-
- public void setParams(Map<String, String> params) {
- this.params = params;
- }
-
- public String getParam(String name) {
- return params == null ? null : params.get(name);
- }
-
- public void setParam(String name, String value) {
- if(StringUtils.isEmpty(name) || StringUtils.isEmpty(value)) {
- return;
- }
-
- if(params == null) {
- params = new HashMap<String, String>();
- }
-
- params.put(name, value);
- }
-
- public Map<String, String> getParamsWithPrefix(String prefix, boolean stripPrefix) {
- Map<String, String> ret = null;
-
- if(prefix == null) {
- prefix = StringUtils.EMPTY;
- }
-
- if(params != null) {
- for(Map.Entry<String, String> e : params.entrySet()) {
- String name = e.getKey();
-
- if(name.startsWith(prefix)) {
- if(ret == null) {
- ret = new HashMap<String, String>();
- }
-
- if(stripPrefix) {
- name = name.substring(prefix.length());
- }
-
- ret.put(name, e.getValue());
- }
- }
- }
-
- return ret;
- }
-
- public boolean isEmpty() {
- return MapUtils.isEmpty(params);
- }
-}