Added policy chain to webhdfs service KNOX-487
Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/5cc21a5c Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/5cc21a5c Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/5cc21a5c Branch: refs/heads/KNOX-481 Commit: 5cc21a5c24c70bbb1fa12e6d015ec4e3a302ab9f Parents: 6615a0d Author: Sumit Gupta <su...@apache.org> Authored: Tue Jan 20 12:23:31 2015 -0500 Committer: Sumit Gupta <su...@apache.org> Committed: Thu Feb 12 17:16:08 2015 -0500 ---------------------------------------------------------------------- .../ServiceDefinitionDeploymentContributor.java | 39 +++++++++++++++++--- .../service/definition/PolicyBinding.java | 24 ++++++++++++ .../gateway/service/definition/UrlBinding.java | 13 +++++++ .../services/yarn-rm/2.5.0/service.xml | 1 - .../definition/ServiceDefinitionTest.java | 10 +++++ 5 files changed, 81 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/5cc21a5c/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java index 755fc67..f31b08a 100644 --- a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java +++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java @@ -24,10 +24,7 @@ import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor; import org.apache.hadoop.gateway.descriptor.ResourceDescriptor; import org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter; import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteRulesDescriptor; -import org.apache.hadoop.gateway.service.definition.CustomDispatch; -import org.apache.hadoop.gateway.service.definition.RewriteFilter; -import org.apache.hadoop.gateway.service.definition.ServiceDefinition; -import org.apache.hadoop.gateway.service.definition.UrlBinding; +import org.apache.hadoop.gateway.service.definition.*; import org.apache.hadoop.gateway.topology.Provider; import org.apache.hadoop.gateway.topology.Service; @@ -100,17 +97,49 @@ public class ServiceDefinitionDeploymentContributor extends ServiceDeploymentCon ResourceDescriptor resource = context.getGatewayDescriptor().addResource(); resource.role(service.getRole()); resource.pattern(binding.getPattern()); + List<PolicyBinding> policyBindings = binding.getPolicyBindings(); + if (policyBindings == null) { + policyBindings = serviceDefinition.getPolicyBindings(); + } + if (policyBindings == null) { + //add default set + addDefaultPolicies(context, service, filterParams, params, resource); + } else { + addPolicies(context, service, filterParams, params, resource, policyBindings); + } + addDispatchFilter(context, service, resource, binding); + } + + private void addPolicies(DeploymentContext context, Service service, Map<String, String> filterParams, List<FilterParamDescriptor> params, ResourceDescriptor resource, List<PolicyBinding> policyBindings) throws URISyntaxException { + for (PolicyBinding policyBinding : policyBindings) { + String role = policyBinding.getRole(); + if (role == null) { + throw new IllegalArgumentException("Policy defined has no role for service " + service.getName()); + } + role = role.trim().toLowerCase(); + if (role.equals("rewrite")) { + addRewriteFilter(context, service, filterParams, params, resource); + } else if (topologyContainsProviderType(context, role)) { + context.contributeFilter( service, resource, role, policyBinding.getName(), null ); + } + } + } + + private void addDefaultPolicies(DeploymentContext context, Service service, Map<String, String> filterParams, List<FilterParamDescriptor> params, ResourceDescriptor resource) throws URISyntaxException { addWebAppSecFilters(context, service, resource); addAuthenticationFilter(context, service, resource); addIdentityAssertionFilter(context, service, resource); addAuthorizationFilter(context, service, resource); + addRewriteFilter(context, service, filterParams, params, resource); + } + + private void addRewriteFilter(DeploymentContext context, Service service, Map<String, String> filterParams, List<FilterParamDescriptor> params, ResourceDescriptor resource) throws URISyntaxException { if ( !filterParams.isEmpty() ) { for ( Map.Entry<String, String> filterParam : filterParams.entrySet() ) { params.add(resource.createFilterParam().name(filterParam.getKey()).value(filterParam.getValue())); } } addRewriteFilter(context, service, resource, params); - addDispatchFilter(context, service, resource, binding); } private void addDispatchFilter(DeploymentContext context, Service service, ResourceDescriptor resource, UrlBinding binding) { http://git-wip-us.apache.org/repos/asf/knox/blob/5cc21a5c/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java index ad6b0a6..d87674f 100644 --- a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java +++ b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/PolicyBinding.java @@ -17,5 +17,29 @@ */ package org.apache.hadoop.gateway.service.definition; +import javax.xml.bind.annotation.XmlAttribute; + public class PolicyBinding { + + private String name; + + private String role; + + @XmlAttribute + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + @XmlAttribute + public String getRole() { + return role; + } + + public void setRole(String role) { + this.role = role; + } } http://git-wip-us.apache.org/repos/asf/knox/blob/5cc21a5c/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java index c64658c..a1b7718 100644 --- a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java +++ b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/UrlBinding.java @@ -19,6 +19,7 @@ package org.apache.hadoop.gateway.service.definition; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementWrapper; import javax.xml.bind.annotation.XmlType; import java.util.List; @@ -29,6 +30,8 @@ public class UrlBinding { private List<RewriteFilter> rewriteFilters; + private List<PolicyBinding> policyBindings; + private CustomDispatch dispatch; @XmlAttribute @@ -49,6 +52,16 @@ public class UrlBinding { this.rewriteFilters = rewriteFilters; } + @XmlElement(name = "policy") + @XmlElementWrapper(name = "policies") + public List<PolicyBinding> getPolicyBindings() { + return policyBindings; + } + + public void setPolicyBindings(List<PolicyBinding> policyBindings) { + this.policyBindings = policyBindings; + } + @XmlElement(name = "dispatch") public CustomDispatch getDispatch() { return dispatch; http://git-wip-us.apache.org/repos/asf/knox/blob/5cc21a5c/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml b/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml index f77d94d..8b53cca 100644 --- a/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml +++ b/gateway-service-definitions/src/main/resources/services/yarn-rm/2.5.0/service.xml @@ -50,6 +50,5 @@ <url pattern="/resourcemanager/proxy/*/ws/v1/mapreduce/jobs/*/tasks/*/attempts/*"> <rewrite-filter ref="RESOURCEMANAGER/resourcemanager/proxy/taskattempt/outbound" apply-to="response.body"/> </url> - </urls> </service> http://git-wip-us.apache.org/repos/asf/knox/blob/5cc21a5c/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java b/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java index 9d4488a..385aa5e 100644 --- a/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java +++ b/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java @@ -26,6 +26,7 @@ import java.util.List; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; public class ServiceDefinitionTest { @@ -46,5 +47,14 @@ public class ServiceDefinitionTest { definition = (ServiceDefinition) unmarshaller.unmarshal(url.openStream()); assertNotNull(definition.getDispatch()); assertEquals("hbase", definition.getDispatch().getContributorName()); + url = ClassLoader.getSystemResource("services/webhdfs/2.4.0/service.xml"); + definition = (ServiceDefinition) unmarshaller.unmarshal(url.openStream()); + assertNotNull(definition.getDispatch()); + assertEquals("hdfs", definition.getDispatch().getContributorName()); + assertEquals("ha-hdfs", definition.getDispatch().getHaContributorName()); + List<PolicyBinding> policyBindings = definition.getPolicyBindings(); + assertNotNull(policyBindings); + assertEquals("webappsec", policyBindings.get(0).getRole()); + assertNull(policyBindings.get(0).getName()); } }
