Repository: incubator-ranger Updated Branches: refs/heads/master ebcf9dd5e -> a1dd7be65
RANGER-1248: Knox plugin does not report policy activation time correctly Signed-off-by: Madhan Neethiraj <mad...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/83674c7d Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/83674c7d Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/83674c7d Branch: refs/heads/master Commit: 83674c7d54d78821edc4a5e72e9ec8dae68fb4ea Parents: ebcf9dd Author: Abhay Kulkarni <akulka...@hortonworks.com> Authored: Fri Dec 9 12:20:55 2016 -0800 Committer: Madhan Neethiraj <mad...@apache.org> Committed: Wed Dec 14 12:39:17 2016 -0800 ---------------------------------------------------------------------- .../ranger/plugin/util/RangerRESTUtils.java | 11 +++ .../client/RangerAdminJersey2RESTClient.java | 84 +++++++++++++++++++- 2 files changed, 93 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83674c7d/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java index fa81f0b..609f717 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java @@ -93,6 +93,17 @@ public class RangerRESTUtils { return url; } + public String getUrlForTagUpdate(String baseUrl, String serviceName) { + String url = baseUrl + REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceName; + + return url; + } + + public String getSecureUrlForTagUpdate(String baseUrl, String serviceName) { + String url = baseUrl + REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceName; + return url; + } + public boolean isSsl(String _baseUrl) { return StringUtils.isEmpty(_baseUrl) ? false : _baseUrl.toLowerCase().startsWith("https"); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83674c7d/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java index 6c0b3e9..1c649de 100644 --- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java @@ -113,6 +113,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { public Response run() { return _client.target(secureUrl) .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)) + .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)) .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) .request(MediaType.APPLICATION_JSON_TYPE) .get(); @@ -126,6 +127,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { url = _utils.getUrlForPolicyUpdate(_baseUrl, _serviceName); response = _client.target(url) .queryParam(RangerRESTUtils.REST_PARAM_LAST_KNOWN_POLICY_VERSION, Long.toString(lastKnownVersion)) + .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)) .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) .request(MediaType.APPLICATION_JSON_TYPE) .get(); @@ -242,8 +244,86 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } @Override - public ServiceTags getServiceTagsIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception { - throw new Exception("RangerAdminjersey2RESTClient.getServiceTagsIfUpdated() -- *** NOT IMPLEMENTED *** "); + public ServiceTags getServiceTagsIfUpdated(final long lastKnownVersion, final long lastActivationTimeInMillis) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + ")"); + } + + UserGroupInformation user = MiscUtil.getUGILoginUser(); + boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + + String url = null; + try { + ServiceTags serviceTags = null; + Response response = null; + if(isSecureMode){ + if(LOG.isDebugEnabled()) { + LOG.debug("Checking Service tags if updated as user : " + user); + } + url = _utils.getSecureUrlForTagUpdate(_baseUrl, _serviceName); + final String secureUrl = url; + PrivilegedAction<Response> action = new PrivilegedAction<Response>() { + public Response run() { + return _client.target(secureUrl) + .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion)) + .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) + .request(MediaType.APPLICATION_JSON_TYPE) + .get(); + }; + }; + response = user.doAs(action); + }else{ + if(LOG.isDebugEnabled()) { + LOG.debug("Checking Service tags if updated with old api call"); + } + url = _utils.getUrlForTagUpdate(_baseUrl, _serviceName); + response = _client.target(url) + .queryParam(RangerRESTUtils.LAST_KNOWN_TAG_VERSION_PARAM, Long.toString(lastKnownVersion)) + .queryParam(RangerRESTUtils.REST_PARAM_LAST_ACTIVATION_TIME, Long.toString(lastActivationTimeInMillis)) + .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) + .request(MediaType.APPLICATION_JSON_TYPE) + .get(); + } + + int httpResponseCode = response == null ? -1 : response.getStatus(); + String body = null; + + switch (httpResponseCode) { + case 200: + body = response.readEntity(String.class); + + if (LOG.isDebugEnabled()) { + LOG.debug("Response from 200 server: " + body); + } + + Gson gson = getGson(); + serviceTags = gson.fromJson(body, ServiceTags.class); + + if (LOG.isDebugEnabled()) { + LOG.debug("Deserialized response to: " + serviceTags); + } + break; + case 304: + LOG.debug("Got response: 304. Ok. Returning null"); + break; + case -1: + LOG.warn("Unexpected: Null response from tag server while trying to get tags! Returning null!"); + break; + default: + body = response.readEntity(String.class); + LOG.warn(String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url)); + break; + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerAdminJersey2RESTClient.getServiceTagsIfUpdated(" + lastKnownVersion + ", " + lastActivationTimeInMillis + "): " + serviceTags); + } + return serviceTags; + } catch (Exception ex) { + LOG.error("Failed getting tags from server. url=" + url + ", pluginId=" + _pluginId + ", lastKnownVersion=" + lastKnownVersion + ", " + lastActivationTimeInMillis); + throw ex; + } } @Override
