RANGER-5046: checkstyle compliance updates - plugin-ozone (#429)
Co-authored-by: Madhan Neethiraj <mneethiraj@users.noreply.github.com>
diff --git a/plugin-ozone/pom.xml b/plugin-ozone/pom.xml
index 1849835..30b92d1 100644
--- a/plugin-ozone/pom.xml
+++ b/plugin-ozone/pom.xml
@@ -28,6 +28,8 @@
<name>Ozone Security Plugin</name>
<description>Ozone Security Plugin</description>
<properties>
+ <checkstyle.failOnViolation>true</checkstyle.failOnViolation>
+ <checkstyle.skip>false</checkstyle.skip>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
diff --git a/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java b/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
index 3bd17d5..a079b08 100644
--- a/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
+++ b/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
@@ -39,178 +39,186 @@
import java.util.Date;
public class RangerOzoneAuthorizer implements IAccessAuthorizer {
- public static final String ACCESS_TYPE_READ = "read";
- public static final String ACCESS_TYPE_WRITE = "write";
- public static final String ACCESS_TYPE_CREATE = "create";
- public static final String ACCESS_TYPE_LIST = "list";
- public static final String ACCESS_TYPE_DELETE = "delete";
- public static final String ACCESS_TYPE_READ_ACL = "read_acl";
- public static final String ACCESS_TYPE_WRITE_ACL = "write_acl";
+ private static final Logger LOG = LoggerFactory.getLogger(RangerOzoneAuthorizer.class);
+ private static final Logger PERF_OZONEAUTH_REQUEST_LOG = RangerPerfTracer.getPerfLogger("ozoneauth.request");
+ public static final String ACCESS_TYPE_READ = "read";
+ public static final String ACCESS_TYPE_WRITE = "write";
+ public static final String ACCESS_TYPE_CREATE = "create";
+ public static final String ACCESS_TYPE_LIST = "list";
+ public static final String ACCESS_TYPE_DELETE = "delete";
+ public static final String ACCESS_TYPE_READ_ACL = "read_acl";
+ public static final String ACCESS_TYPE_WRITE_ACL = "write_acl";
+ public static final String KEY_RESOURCE_VOLUME = "volume";
+ public static final String KEY_RESOURCE_BUCKET = "bucket";
+ public static final String KEY_RESOURCE_KEY = "key";
- public static final String KEY_RESOURCE_VOLUME = "volume";
- public static final String KEY_RESOURCE_BUCKET = "bucket";
- public static final String KEY_RESOURCE_KEY = "key";
+ private static volatile RangerBasePlugin rangerPlugin;
- private static final Logger PERF_OZONEAUTH_REQUEST_LOG = RangerPerfTracer.getPerfLogger("ozoneauth.request");
+ RangerDefaultAuditHandler auditHandler;
- private static final Logger LOG = LoggerFactory.getLogger(RangerOzoneAuthorizer.class);
+ public RangerOzoneAuthorizer() {
+ RangerBasePlugin plugin = rangerPlugin;
- private static volatile RangerBasePlugin rangerPlugin = null;
- RangerDefaultAuditHandler auditHandler = null;
+ if (plugin == null) {
+ synchronized (RangerOzoneAuthorizer.class) {
+ plugin = rangerPlugin;
- public RangerOzoneAuthorizer() {
- RangerBasePlugin plugin = rangerPlugin;
+ if (plugin == null) {
+ plugin = new RangerBasePlugin("ozone", "ozone");
- if (plugin == null) {
- synchronized (RangerOzoneAuthorizer.class) {
- plugin = rangerPlugin;
+ plugin.init(); // this will initialize policy engine and policy refresher
- if (plugin == null) {
- plugin = new RangerBasePlugin("ozone", "ozone");
- plugin.init(); // this will initialize policy engine and policy refresher
+ auditHandler = new RangerDefaultAuditHandler();
- auditHandler = new RangerDefaultAuditHandler();
- plugin.setResultProcessor(auditHandler);
+ plugin.setResultProcessor(auditHandler);
- rangerPlugin = plugin;
- }
- }
- }
- }
+ rangerPlugin = plugin;
+ }
+ }
+ }
+ }
- @Override
- public boolean checkAccess(IOzoneObj ozoneObject, RequestContext context) {
- boolean returnValue = false;
- if (ozoneObject == null) {
- LOG.error("Ozone object is null!!");
- return returnValue;
- }
- OzoneObj ozoneObj = (OzoneObj) ozoneObject;
- UserGroupInformation ugi = context.getClientUgi();
- ACLType operation = context.getAclRights();
- String resource = ozoneObj.getPath();
+ @Override
+ public boolean checkAccess(IOzoneObj ozoneObject, RequestContext context) {
+ boolean returnValue = false;
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> RangerOzoneAuthorizer.checkAccess with operation = " + operation + ", resource = " +
- resource + ", store type = " + OzoneObj.StoreType.values() + ", ugi = " + ugi + ", ip = " +
- context.getIp() + ", resourceType = " + ozoneObj.getResourceType() + ")");
- }
+ if (ozoneObject == null) {
+ LOG.error("Ozone object is null!!");
- if (rangerPlugin == null) {
- MiscUtil.logErrorMessageByInterval(LOG,
- "Authorizer is still not initialized");
- return returnValue;
- }
+ return false;
+ }
- //TODO: If sorce type is S3 and resource is volume, then allow it by default
- if (ozoneObj.getStoreType() == OzoneObj.StoreType.S3 && ozoneObj.getResourceType() == OzoneObj.ResourceType.VOLUME) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("If store type is s3 and resource is volume, then we allow it by default! Returning true");
- }
- LOG.warn("Allowing access by default since source type is S3 and resource type is Volume!!");
- return true;
- }
+ OzoneObj ozoneObj = (OzoneObj) ozoneObject;
+ UserGroupInformation ugi = context.getClientUgi();
+ ACLType operation = context.getAclRights();
+ String resource = ozoneObj.getPath();
- RangerPerfTracer perf = null;
+ LOG.debug("==> RangerOzoneAuthorizer.checkAccess with operation = {}, resource = {}, store type = {}, ugi = {}, ip = {}, resourceType = {}", operation, resource, OzoneObj.StoreType.values(), ugi, context.getIp(), ozoneObj.getResourceType());
- if (RangerPerfTracer.isPerfTraceEnabled(PERF_OZONEAUTH_REQUEST_LOG)) {
- perf = RangerPerfTracer.getPerfTracer(PERF_OZONEAUTH_REQUEST_LOG, "RangerOzoneAuthorizer.authorize(resource=" + resource + ")");
- }
+ if (rangerPlugin == null) {
+ MiscUtil.logErrorMessageByInterval(LOG, "Authorizer is still not initialized");
- Date eventTime = new Date();
- String accessType = mapToRangerAccessType(operation);
- if (accessType == null) {
- MiscUtil.logErrorMessageByInterval(LOG,
- "Unsupported access type. operation=" + operation) ;
- LOG.error("Unsupported access type. operation=" + operation + ", resource=" + resource);
- return returnValue;
- }
- String action = accessType;
- String clusterName = rangerPlugin.getClusterName();
+ return false;
+ }
- RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl();
- rangerRequest.setUser(ugi.getShortUserName());
- rangerRequest.setUserGroups(Sets.newHashSet(ugi.getGroupNames()));
- rangerRequest.setClientIPAddress(context.getIp().getHostAddress());
- rangerRequest.setRemoteIPAddress(context.getIp().getHostAddress());
- rangerRequest.setAccessTime(eventTime);
+ //TODO: If source type is S3 and resource is volume, then allow it by default
+ if (ozoneObj.getStoreType() == OzoneObj.StoreType.S3 && ozoneObj.getResourceType() == OzoneObj.ResourceType.VOLUME) {
+ LOG.debug("If store type is s3 and resource is volume, then we allow it by default! Returning true");
+ LOG.warn("Allowing access by default since source type is S3 and resource type is Volume!!");
- RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
- rangerResource.setOwnerUser(context.getOwnerName());
+ return true;
+ }
- rangerRequest.setResource(rangerResource);
- rangerRequest.setAccessType(accessType);
- rangerRequest.setAction(action);
- rangerRequest.setRequestData(resource);
- rangerRequest.setClusterName(clusterName);
+ RangerPerfTracer perf = null;
- if (ozoneObj.getResourceType() == OzoneObj.ResourceType.VOLUME) {
- rangerResource.setValue(KEY_RESOURCE_VOLUME, ozoneObj.getVolumeName());
- } else if (ozoneObj.getResourceType() == OzoneObj.ResourceType.BUCKET || ozoneObj.getResourceType() == OzoneObj.ResourceType.KEY) {
- if (ozoneObj.getStoreType() == OzoneObj.StoreType.S3) {
- rangerResource.setValue(KEY_RESOURCE_VOLUME, "s3Vol");
- } else {
- rangerResource.setValue(KEY_RESOURCE_VOLUME, ozoneObj.getVolumeName());
- }
- rangerResource.setValue(KEY_RESOURCE_BUCKET, ozoneObj.getBucketName());
- if (ozoneObj.getResourceType() == OzoneObj.ResourceType.KEY) {
- rangerResource.setValue(KEY_RESOURCE_KEY, ozoneObj.getKeyName());
- }
- } else {
- LOG.error("Unsupported resource = " + resource);
- MiscUtil.logErrorMessageByInterval(LOG, "Unsupported resource type " + ozoneObj.getResourceType() + " for resource = " + resource
- + ", request=" + rangerRequest);
- return returnValue;
- }
+ if (RangerPerfTracer.isPerfTraceEnabled(PERF_OZONEAUTH_REQUEST_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_OZONEAUTH_REQUEST_LOG, String.format("RangerOzoneAuthorizer.authorize(resource = %s)", resource));
+ }
- try {
- RangerAccessResult result = rangerPlugin
- .isAccessAllowed(rangerRequest);
- if (result == null) {
- LOG.error("Ranger Plugin returned null. Returning false");
- } else {
- returnValue = result.getIsAllowed();
- }
- } catch (Throwable t) {
- LOG.error("Error while calling isAccessAllowed(). request="
- + rangerRequest, t);
- }
- RangerPerfTracer.log(perf);
+ Date eventTime = new Date();
+ String accessType = mapToRangerAccessType(operation);
- if (LOG.isDebugEnabled()) {
- LOG.debug("rangerRequest=" + rangerRequest + ", return="
- + returnValue);
- }
- return returnValue;
- }
+ if (accessType == null) {
+ String message = String.format("Unsupported access type. operation = %s", operation);
- private String mapToRangerAccessType(ACLType operation) {
- String rangerAccessType = null;
- switch (operation) {
- case READ:
- rangerAccessType = ACCESS_TYPE_READ;
- break;
- case WRITE:
- rangerAccessType = ACCESS_TYPE_WRITE;
- break;
- case CREATE:
- rangerAccessType = ACCESS_TYPE_CREATE;
- break;
- case DELETE:
- rangerAccessType = ACCESS_TYPE_DELETE;
- break;
- case LIST:
- rangerAccessType = ACCESS_TYPE_LIST;
- break;
- case READ_ACL:
- rangerAccessType = ACCESS_TYPE_READ_ACL;
- break;
- case WRITE_ACL:
- rangerAccessType = ACCESS_TYPE_WRITE_ACL;
- break;
- }
- return rangerAccessType;
- }
+ MiscUtil.logErrorMessageByInterval(LOG, message);
+ LOG.error("{}, resource = {}", message, resource);
+
+ return false;
+ }
+
+ String clusterName = rangerPlugin.getClusterName();
+ RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl();
+
+ rangerRequest.setUser(ugi.getShortUserName());
+ rangerRequest.setUserGroups(Sets.newHashSet(ugi.getGroupNames()));
+ rangerRequest.setClientIPAddress(context.getIp().getHostAddress());
+ rangerRequest.setRemoteIPAddress(context.getIp().getHostAddress());
+ rangerRequest.setAccessTime(eventTime);
+
+ RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
+
+ rangerResource.setOwnerUser(context.getOwnerName());
+ rangerRequest.setResource(rangerResource);
+ rangerRequest.setAccessType(accessType);
+ rangerRequest.setAction(accessType);
+ rangerRequest.setRequestData(resource);
+ rangerRequest.setClusterName(clusterName);
+
+ if (ozoneObj.getResourceType() == OzoneObj.ResourceType.VOLUME) {
+ rangerResource.setValue(KEY_RESOURCE_VOLUME, ozoneObj.getVolumeName());
+ } else if (ozoneObj.getResourceType() == OzoneObj.ResourceType.BUCKET || ozoneObj.getResourceType() == OzoneObj.ResourceType.KEY) {
+ if (ozoneObj.getStoreType() == OzoneObj.StoreType.S3) {
+ rangerResource.setValue(KEY_RESOURCE_VOLUME, "s3Vol");
+ } else {
+ rangerResource.setValue(KEY_RESOURCE_VOLUME, ozoneObj.getVolumeName());
+ }
+
+ rangerResource.setValue(KEY_RESOURCE_BUCKET, ozoneObj.getBucketName());
+
+ if (ozoneObj.getResourceType() == OzoneObj.ResourceType.KEY) {
+ rangerResource.setValue(KEY_RESOURCE_KEY, ozoneObj.getKeyName());
+ }
+ } else {
+ LOG.error("Unsupported resource = {}", resource);
+
+ String message = String.format("Unsupported resource type = %s for resource = %s, request = %s", ozoneObj.getResourceType(), resource, rangerRequest);
+ MiscUtil.logErrorMessageByInterval(LOG, message);
+
+ return false;
+ }
+
+ try {
+ RangerAccessResult result = rangerPlugin.isAccessAllowed(rangerRequest);
+
+ if (result == null) {
+ LOG.error("Ranger Plugin returned null. Returning false");
+ } else {
+ returnValue = result.getIsAllowed();
+ }
+ } catch (Throwable t) {
+ LOG.error("Error while calling isAccessAllowed(). request = {}", rangerRequest, t);
+ }
+
+ RangerPerfTracer.log(perf);
+
+ LOG.debug("rangerRequest = {}, return = {}", rangerRequest, returnValue);
+
+ return returnValue;
+ }
+
+ private String mapToRangerAccessType(ACLType operation) {
+ final String rangerAccessType;
+
+ switch (operation) {
+ case READ:
+ rangerAccessType = ACCESS_TYPE_READ;
+ break;
+ case WRITE:
+ rangerAccessType = ACCESS_TYPE_WRITE;
+ break;
+ case CREATE:
+ rangerAccessType = ACCESS_TYPE_CREATE;
+ break;
+ case DELETE:
+ rangerAccessType = ACCESS_TYPE_DELETE;
+ break;
+ case LIST:
+ rangerAccessType = ACCESS_TYPE_LIST;
+ break;
+ case READ_ACL:
+ rangerAccessType = ACCESS_TYPE_READ_ACL;
+ break;
+ case WRITE_ACL:
+ rangerAccessType = ACCESS_TYPE_WRITE_ACL;
+ break;
+ default:
+ LOG.error("Unknown operation!");
+ rangerAccessType = null;
+ break;
+ }
+
+ return rangerAccessType;
+ }
}
-
diff --git a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
index 08dc56e..19d7b7e 100644
--- a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
+++ b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
@@ -22,10 +22,10 @@
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.service.RangerBaseService;
import org.apache.ranger.plugin.service.ResourceLookupContext;
@@ -40,17 +40,16 @@
import java.util.Map;
public class RangerServiceOzone extends RangerBaseService {
-
private static final Logger LOG = LoggerFactory.getLogger(RangerServiceOzone.class);
- public static final String ACCESS_TYPE_READ = "read";
- public static final String ACCESS_TYPE_WRITE = "write";
- public static final String ACCESS_TYPE_CREATE = "create";
- public static final String ACCESS_TYPE_LIST = "list";
- public static final String ACCESS_TYPE_DELETE = "delete";
- public static final String ACCESS_TYPE_READ_ACL = "read_acl";
- public static final String ACCESS_TYPE_WRITE_ACL = "write_acl";
- public static final String ACCESS_TYPE_ALL = "all";
+ public static final String ACCESS_TYPE_READ = "read";
+ public static final String ACCESS_TYPE_WRITE = "write";
+ public static final String ACCESS_TYPE_CREATE = "create";
+ public static final String ACCESS_TYPE_LIST = "list";
+ public static final String ACCESS_TYPE_DELETE = "delete";
+ public static final String ACCESS_TYPE_READ_ACL = "read_acl";
+ public static final String ACCESS_TYPE_WRITE_ACL = "write_acl";
+ public static final String ACCESS_TYPE_ALL = "all";
public RangerServiceOzone() {
super();
@@ -62,90 +61,89 @@ public void init(RangerServiceDef serviceDef, RangerService service) {
}
@Override
- public Map<String,Object> validateConfig() throws Exception {
- Map<String, Object> ret = new HashMap<String, Object>();
- String serviceName = getServiceName();
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerServiceOzone.validateConfig Service: (" + serviceName + " )");
- }
+ public Map<String, Object> validateConfig() throws Exception {
+ Map<String, Object> ret = new HashMap<>();
+ String serviceName = getServiceName();
- if ( configs != null) {
- try {
+ LOG.debug("<== RangerServiceOzone.validateConfig Service: ({})", serviceName);
+
+ if (configs != null) {
+ try {
ret = OzoneResourceMgr.connectionTest(serviceName, configs);
} catch (HadoopException e) {
- LOG.error("<== RangerServiceOzone.validateConfig Error: " + e.getMessage(),e);
+ LOG.error("<== RangerServiceOzone.validateConfig Error: {}", e.getMessage(), e);
throw e;
}
}
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerServiceOzone.validateConfig Response : (" + ret + " )");
- }
+ LOG.debug("<== RangerServiceOzone.validateConfig Response : ({})", ret);
return ret;
}
@Override
public List<String> lookupResource(ResourceLookupContext context) throws Exception {
- List<String> ret = new ArrayList<String>();
- String serviceName = getServiceName();
- String serviceType = getServiceType();
- Map<String,String> configs = getConfigs();
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerServiceOzone.lookupResource Context: (" + context + ")");
- }
+ List<String> ret = new ArrayList<>();
+ String serviceName = getServiceName();
+ String serviceType = getServiceType();
+ Map<String, String> configs = getConfigs();
+
+ LOG.debug("==> RangerServiceOzone.lookupResource Context: ({})", context);
+
if (context != null) {
try {
- ret = OzoneResourceMgr.getOzoneResources(serviceName, serviceType, configs,context);
+ ret = OzoneResourceMgr.getOzoneResources(serviceName, serviceType, configs, context);
} catch (Exception e) {
- LOG.error( "<==RangerServiceOzone.lookupResource Error : " + e);
+ LOG.error("<==RangerServiceOzone.lookupResource Error : ", e);
throw e;
}
}
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerServiceOzone.lookupResource Response: (" + ret + ")");
- }
+
+ LOG.debug("<== RangerServiceOzone.lookupResource Response: ({})", ret);
+
return ret;
}
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> RangerServiceOzone.getDefaultRangerPolicies() ");
- }
+ LOG.debug("==> RangerServiceOzone.getDefaultRangerPolicies() ");
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
- for (RangerPolicy defaultPolicy : ret) {
- if (defaultPolicy.getName().startsWith("all")) {
- RangerPolicyItem policyItemOwner = new RangerPolicyItem();
- policyItemOwner.setUsers(Collections.singletonList(RangerPolicyEngine.RESOURCE_OWNER));
- policyItemOwner.setAccesses(Collections.singletonList(new RangerPolicyItemAccess(ACCESS_TYPE_ALL)));
- policyItemOwner.setDelegateAdmin(true);
- defaultPolicy.addPolicyItem(policyItemOwner);
+ for (RangerPolicy defaultPolicy : ret) {
+ if (defaultPolicy.getName().startsWith("all")) {
+ RangerPolicyItem policyItemOwner = new RangerPolicyItem();
- if (StringUtils.isNotBlank(lookUpUser)) {
- RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
- List<RangerPolicy.RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE));
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_LIST));
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_DELETE));
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ_ACL));
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE_ACL));
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_ALL));
- policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
- policyItemForLookupUser.setAccesses(accessListForLookupUser);
- policyItemForLookupUser.setDelegateAdmin(false);
- defaultPolicy.addPolicyItem(policyItemForLookupUser);
- }
- }
- }
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerServiceOzone.getDefaultRangerPolicies() : " + ret);
+ policyItemOwner.setUsers(Collections.singletonList(RangerPolicyEngine.RESOURCE_OWNER));
+ policyItemOwner.setAccesses(Collections.singletonList(new RangerPolicyItemAccess(ACCESS_TYPE_ALL)));
+ policyItemOwner.setDelegateAdmin(true);
+
+ defaultPolicy.addPolicyItem(policyItemOwner);
+
+ if (StringUtils.isNotBlank(lookUpUser)) {
+ RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
+ List<RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<>();
+
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_LIST));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_DELETE));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ_ACL));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE_ACL));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_ALL));
+
+ policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
+ policyItemForLookupUser.setAccesses(accessListForLookupUser);
+ policyItemForLookupUser.setDelegateAdmin(false);
+
+ defaultPolicy.addPolicyItem(policyItemForLookupUser);
+ }
+ }
}
+
+ LOG.debug("<== RangerServiceOzone.getDefaultRangerPolicies() : {}", ret);
+
return ret;
}
-
}
diff --git a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
index 0bda6b6..6937776 100644
--- a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
+++ b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
@@ -29,30 +29,40 @@
import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
+
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
public class OzoneClient extends BaseClient {
+ private static final Logger LOG = LoggerFactory.getLogger(OzoneClient.class);
- private static final Logger LOG = LoggerFactory.getLogger(OzoneClient.class);
- private static final String ERR_MSG = "You can still save the repository and start creating policies, but you " +
- "would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.";
+ private static final String ERR_MSG = "You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.";
- private final OzoneConfiguration conf;
- private org.apache.hadoop.ozone.client.OzoneClient ozoneClient = null;
+ private final OzoneConfiguration conf;
+ private org.apache.hadoop.ozone.client.OzoneClient ozoneClient;
- public OzoneClient(String serviceName, Map<String,String> connectionProperties) throws Exception{
- super(serviceName,connectionProperties, "ozone-client");
+ public OzoneClient(String serviceName, Map<String, String> connectionProperties) throws Exception {
+ super(serviceName, connectionProperties, "ozone-client");
+
conf = new OzoneConfiguration();
+
Set<String> rangerInternalPropertyKeys = getConfigHolder().getRangerInternalPropertyKeys();
- for (Map.Entry<String, String> entry: connectionProperties.entrySet()) {
+
+ for (Map.Entry<String, String> entry : connectionProperties.entrySet()) {
String key = entry.getKey();
String value = entry.getValue();
+
if (!rangerInternalPropertyKeys.contains(key) && value != null) {
conf.set(key, value);
}
}
+
Subject.doAs(getLoginSubject(), (PrivilegedExceptionAction<Void>) () -> {
String[] serviceIds = conf.getTrimmedStrings("ozone.om.service.ids", "ozone1");
ozoneClient = OzoneClientFactory.getRpcClient(serviceIds[0], conf);
@@ -60,24 +70,56 @@ public OzoneClient(String serviceName, Map<String,String> connectionProperties)
});
}
+ public static Map<String, Object> connectionTest(String serviceName, Map<String, String> connectionProperties) throws Exception {
+ Map<String, Object> responseData = new HashMap<>();
+ OzoneClient connectionObj = null;
+ boolean connectivityStatus = false;
+ List<String> testResult;
+
+ try {
+ connectionObj = new OzoneClient(serviceName, connectionProperties);
+ testResult = connectionObj.getVolumeList("");
+
+ if (testResult != null && testResult.size() != 0) {
+ connectivityStatus = true;
+ }
+
+ if (connectivityStatus) {
+ String successMsg = "ConnectionTest Successful";
+
+ generateResponseDataMap(true, successMsg, successMsg, null, null, responseData);
+ } else {
+ String failureMsg = "Unable to retrieve any volumes using given parameters.";
+ String errorMsg = failureMsg + ERR_MSG;
+
+ generateResponseDataMap(false, failureMsg, errorMsg, null, null, responseData);
+ }
+ } finally {
+ if (connectionObj != null) {
+ connectionObj.close();
+ }
+ }
+
+ return responseData;
+ }
+
public void close() {
try {
ozoneClient.close();
} catch (IOException e) {
LOG.error("Unable to close Ozone Client connection", e);
}
-
}
public List<String> getVolumeList(String volumePrefix) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> OzoneClient getVolume volumePrefix : " + volumePrefix);
- }
+ LOG.debug("==> OzoneClient getVolume volumePrefix : {}", volumePrefix);
List<String> ret = new ArrayList<>();
+
try {
if (ozoneClient != null) {
Iterator<? extends OzoneVolume> ozoneVolList = ozoneClient.getObjectStore().listVolumes(volumePrefix);
+
if (ozoneVolList != null) {
while (ozoneVolList.hasNext()) {
ret.add(ozoneVolList.next().getName());
@@ -86,25 +128,24 @@ public List<String> getVolumeList(String volumePrefix) {
}
} catch (IOException e) {
LOG.error("Unable to get Volume List");
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneClient.getVolumeList() Error : " , e);
- }
+ LOG.debug("<== OzoneClient.getVolumeList() Error : ", e);
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneClient.getVolumeList(): " + ret);
- }
+
+ LOG.debug("<== OzoneClient.getVolumeList(): {}", ret);
+
return ret;
}
public List<String> getBucketList(String bucketPrefix, List<String> finalVolumeList) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> OzoneClient getBucketList bucketPrefix : " + bucketPrefix);
- }
+ LOG.debug("==> OzoneClient getBucketList bucketPrefix : {}", bucketPrefix);
+
List<String> ret = new ArrayList<>();
+
try {
- if (ozoneClient != null && finalVolumeList != null && !finalVolumeList.isEmpty()){
+ if (ozoneClient != null && finalVolumeList != null && !finalVolumeList.isEmpty()) {
for (String ozoneVol : finalVolumeList) {
Iterator<? extends OzoneBucket> ozoneBucketList = ozoneClient.getObjectStore().getVolume(ozoneVol).listBuckets(bucketPrefix);
+
if (ozoneBucketList != null) {
while (ozoneBucketList.hasNext()) {
ret.add(ozoneBucketList.next().getName());
@@ -114,30 +155,31 @@ public List<String> getBucketList(String bucketPrefix, List<String> finalVolumeL
}
} catch (IOException e) {
LOG.error("Unable to get Volume List");
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneClient.getVolumeList() Error : " , e);
- }
+ LOG.debug("<== OzoneClient.getVolumeList() Error : ", e);
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneClient.getVolumeList(): " + ret);
- }
+
+ LOG.debug("<== OzoneClient.getVolumeList(): {}", ret);
+
return ret;
}
public List<String> getKeyList(String keyPrefix, List<String> finalVolumeList, List<String> finalBucketList) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> OzoneClient getKeyList keyPrefix : " + keyPrefix);
- }
+ LOG.debug("==> OzoneClient getKeyList keyPrefix : {}", keyPrefix);
+
List<String> ret = new ArrayList<>();
+
try {
if (ozoneClient != null && finalVolumeList != null && !finalVolumeList.isEmpty()) {
for (String ozoneVol : finalVolumeList) {
Iterator<? extends OzoneBucket> ozoneBucketIterator = ozoneClient.getObjectStore().getVolume(ozoneVol).listBuckets(null);
+
if (ozoneBucketIterator != null) {
while (ozoneBucketIterator.hasNext()) {
OzoneBucket currentBucket = ozoneBucketIterator.next();
+
if (finalBucketList.contains(currentBucket.getName())) {
Iterator<? extends OzoneKey> ozoneKeyIterator = currentBucket.listKeys(keyPrefix);
+
if (ozoneKeyIterator != null) {
while (ozoneKeyIterator.hasNext()) {
ret.add(ozoneKeyIterator.next().getName());
@@ -150,44 +192,11 @@ public List<String> getKeyList(String keyPrefix, List<String> finalVolumeList, L
}
} catch (IOException e) {
LOG.error("Unable to get Volume List");
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneClient.getVolumeList() Error : " , e);
- }
+ LOG.debug("<== OzoneClient.getVolumeList() Error : ", e);
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneClient.getVolumeList(): " + ret);
- }
+
+ LOG.debug("<== OzoneClient.getVolumeList(): {}", ret);
+
return ret;
}
-
- public static Map<String, Object> connectionTest(String serviceName,
- Map<String, String> connectionProperties) throws Exception {
- Map<String, Object> responseData = new HashMap<>();
- OzoneClient connectionObj = null;
- boolean connectivityStatus = false;
- List<String> testResult;
-
- try {
- connectionObj = new OzoneClient(serviceName, connectionProperties);
- testResult = connectionObj.getVolumeList("");
- if (testResult != null && testResult.size() != 0) {
- connectivityStatus = true;
- }
- if (connectivityStatus) {
- String successMsg = "ConnectionTest Successful";
- generateResponseDataMap(true, successMsg, successMsg,
- null, null, responseData);
- } else {
- String failureMsg = "Unable to retrieve any volumes using given parameters.";
- generateResponseDataMap(false, failureMsg, failureMsg + ERR_MSG,
- null, null, responseData);
- }
- } finally {
- if (connectionObj != null) {
- connectionObj.close();
- }
- }
-
- return responseData;
- }
}
diff --git a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneConnectionMgr.java b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneConnectionMgr.java
index 54dbc7f..a88b557 100644
--- a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneConnectionMgr.java
+++ b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneConnectionMgr.java
@@ -32,33 +32,33 @@
public class OzoneConnectionMgr {
private static final Logger LOG = LoggerFactory.getLogger(OzoneConnectionMgr.class);
- protected ConcurrentMap<String, OzoneClient> ozoneConnectionCache;
- protected ConcurrentMap<String, Boolean> repoConnectStatusMap;
+ protected ConcurrentMap<String, OzoneClient> ozoneConnectionCache;
+ protected ConcurrentMap<String, Boolean> repoConnectStatusMap;
-
- public OzoneConnectionMgr() {
- ozoneConnectionCache = new ConcurrentHashMap<String, OzoneClient>();
- repoConnectStatusMap = new ConcurrentHashMap<String, Boolean>();
+ public OzoneConnectionMgr() {
+ ozoneConnectionCache = new ConcurrentHashMap<>();
+ repoConnectStatusMap = new ConcurrentHashMap<>();
}
-
- public OzoneClient getOzoneConnection(final String serviceName, final String serviceType, final Map<String,String> configs) {
- OzoneClient ozoneClient = null;
+ public OzoneClient getOzoneConnection(final String serviceName, final String serviceType, final Map<String, String> configs) {
+ OzoneClient ozoneClient = null;
if (serviceType != null) {
// get it from the cache
ozoneClient = ozoneConnectionCache.get(serviceName);
+
if (ozoneClient == null) {
if (configs != null) {
-
final Callable<OzoneClient> connectOzone = () -> new OzoneClient(serviceName, configs);
+
try {
ozoneClient = TimedEventUtil.timedTask(connectOzone, 5, TimeUnit.SECONDS);
- } catch(Exception e){
- LOG.error("Error connecting ozone repository : " + serviceName +" using config : "+ configs, e);
+ } catch (Exception e) {
+ LOG.error("Error connecting ozone repository: {} using config: {}", serviceName, configs, e);
}
OzoneClient oldClient;
+
if (ozoneClient != null) {
oldClient = ozoneConnectionCache.putIfAbsent(serviceName, ozoneClient);
} else {
@@ -70,28 +70,36 @@ public OzoneClient getOzoneConnection(final String serviceName, final String ser
if (ozoneClient != null) {
ozoneClient.close();
}
+
ozoneClient = oldClient;
}
+
repoConnectStatusMap.put(serviceName, true);
} else {
- LOG.error("Connection Config not defined for asset :" + serviceName, new Throwable());
+ String message = String.format("Connection Config not defined for asset: %s", serviceName);
+
+ LOG.error(message, new IllegalStateException(message));
}
} else {
try {
ozoneClient.getVolumeList(null);
- } catch(Exception e) {
+ } catch (Exception e) {
ozoneConnectionCache.remove(serviceName);
/*
* There is a possibility that some other thread is also using this connection that we are going to close but
* presumably the connection is bad which is why we are closing it, so damage should not be much.
*/
ozoneClient.close();
- ozoneClient = getOzoneConnection(serviceName,serviceType,configs);
+
+ ozoneClient = getOzoneConnection(serviceName, serviceType, configs);
}
}
} else {
- LOG.error("Asset not found with name "+serviceName, new Throwable());
+ String message = String.format("Asset not found with name: %s", serviceName);
+
+ LOG.error(message, new IllegalStateException(message));
}
+
return ozoneClient;
}
}
diff --git a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneResourceMgr.java b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneResourceMgr.java
index fa84312..bec2138 100644
--- a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneResourceMgr.java
+++ b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneResourceMgr.java
@@ -31,59 +31,54 @@
import java.util.concurrent.TimeUnit;
public class OzoneResourceMgr {
-
private static final Logger LOG = LoggerFactory.getLogger(OzoneResourceMgr.class);
- private static final String VOLUME = "volume";
- private static final String BUCKET = "bucket";
- private static final String KEY = "key";
+ private static final String VOLUME = "volume";
+ private static final String BUCKET = "bucket";
+ private static final String KEY = "key";
+ private OzoneResourceMgr() {
+ throw new UnsupportedOperationException("OzoneResourceMgr cannot be instantiated!");
+ }
public static Map<String, Object> connectionTest(String serviceName, Map<String, String> configs) throws Exception {
- Map<String, Object> ret = null;
+ Map<String, Object> ret;
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> OzoneResourceMgr.connectionTest ServiceName: "+ serviceName + "Configs" + configs );
- }
+ LOG.debug("==> OzoneResourceMgr.connectionTest ServiceName: {} Configs: {}", serviceName, configs);
try {
ret = OzoneClient.connectionTest(serviceName, configs);
} catch (HadoopException e) {
- LOG.error("<== OzoneResourceMgr.connectionTest Error: " + e);
+ LOG.error("<== OzoneResourceMgr.connectionTest Error: ", e);
throw e;
}
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneResourceMgr.connectionTest Result : "+ ret );
- }
+ LOG.debug("<== OzoneResourceMgr.connectionTest Result : {}", ret);
return ret;
}
- public static List<String> getOzoneResources(String serviceName, String serviceType, Map<String, String> configs, ResourceLookupContext context) throws Exception {
-
- String userInput = context.getUserInput();
- String resource = context.getResourceName();
+ public static List<String> getOzoneResources(String serviceName, String serviceType, Map<String, String> configs, ResourceLookupContext context) throws Exception {
+ String userInput = context.getUserInput();
+ String resource = context.getResourceName();
Map<String, List<String>> resourceMap = context.getResources();
- List<String> resultList = null;
- List<String> volumeList = null;
- List<String> bucketList = null;
- List<String> keyList = null;
- String volumePrefix = null;
- String bucketPrefix = null;
- String keyPrefix = null;
+ List<String> resultList = null;
+ List<String> volumeList = null;
+ List<String> bucketList = null;
+ List<String> keyList = null;
+ String volumePrefix = null;
+ String bucketPrefix = null;
+ String keyPrefix = null;
+ LOG.debug("<== OzoneResourceMgr.getOzoneResources() UserInput: {} resource: {} resourceMap: {}", userInput, resource, resourceMap);
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneResourceMgr.getOzoneResources() UserInput: \""+ userInput + "\" resource : " + resource + " resourceMap: " + resourceMap);
- }
-
- if ( userInput != null && resource != null) {
- if ( resourceMap != null && !resourceMap.isEmpty() ) {
+ if (userInput != null && resource != null) {
+ if (resourceMap != null && !resourceMap.isEmpty()) {
volumeList = resourceMap.get(VOLUME);
bucketList = resourceMap.get(BUCKET);
- keyList = resourceMap.get(KEY);
+ keyList = resourceMap.get(KEY);
}
+
switch (resource.trim().toLowerCase()) {
case VOLUME:
volumePrefix = userInput;
@@ -92,7 +87,7 @@ public static List<String> getOzoneResources(String serviceName, String serviceT
bucketPrefix = userInput;
break;
case KEY:
- keyPrefix = userInput;
+ keyPrefix = userInput;
break;
default:
break;
@@ -101,63 +96,32 @@ public static List<String> getOzoneResources(String serviceName, String serviceT
if (serviceName != null && userInput != null) {
try {
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> OzoneResourceMgr.getOzoneResources() UserInput: "+ userInput + " configs: " + configs + " volumeList: " + volumeList + " bucketList: "
- + bucketList + " keyList: " + keyList );
- }
+ LOG.debug("==> OzoneResourceMgr.getOzoneResources() UserInput: {} configs: {} volumeList: {} bucketList: {} keyList: {}", userInput, configs, volumeList, bucketList, keyList);
final OzoneClient ozoneClient = new OzoneConnectionMgr().getOzoneConnection(serviceName, serviceType, configs);
Callable<List<String>> callableObj = null;
- final String finalVolPrefix;
- final String finalBucketPrefix;
- final String finalKeyPrefix;
+ final String finalVolPrefix;
+ final String finalBucketPrefix;
+ final String finalKeyPrefix;
final List<String> finalvolumeList = volumeList;
final List<String> finalbucketList = bucketList;
- if ( ozoneClient != null) {
- if ( volumePrefix != null
- && !volumePrefix.isEmpty()){
- // get the DBList for given Input
+ if (ozoneClient != null) {
+ if (volumePrefix != null && !volumePrefix.isEmpty()) {
finalVolPrefix = volumePrefix;
- callableObj = new Callable<List<String>>() {
- @Override
- public List<String> call() {
- return ozoneClient.getVolumeList(finalVolPrefix);
- }
- };
- } else if ( bucketPrefix != null
- && !bucketPrefix.isEmpty()) {
- // get ColumnList for given Input
+ callableObj = () -> ozoneClient.getVolumeList(finalVolPrefix);
+ } else if (bucketPrefix != null && !bucketPrefix.isEmpty()) {
finalBucketPrefix = bucketPrefix;
- callableObj = new Callable<List<String>>() {
-
- @Override
- public List<String> call() {
- return ozoneClient.getBucketList(finalBucketPrefix,
- finalvolumeList);
- }
- };
- } else if ( keyPrefix != null
- && !keyPrefix.isEmpty()) {
- // get ColumnList for given Input
- finalKeyPrefix = keyPrefix;
-
- callableObj = new Callable<List<String>>() {
- @Override
- public List<String> call() {
- return ozoneClient.getKeyList(finalKeyPrefix,
- finalvolumeList,
- finalbucketList);
- }
- };
+ callableObj = () -> ozoneClient.getBucketList(finalBucketPrefix, finalvolumeList);
+ } else if (keyPrefix != null && !keyPrefix.isEmpty()) {
+ finalKeyPrefix = keyPrefix;
+ callableObj = () -> ozoneClient.getKeyList(finalKeyPrefix, finalvolumeList, finalbucketList);
}
if (callableObj != null) {
synchronized (ozoneClient) {
- resultList = TimedEventUtil.timedTask(callableObj, 5,
- TimeUnit.SECONDS);
+ resultList = TimedEventUtil.timedTask(callableObj, 5, TimeUnit.SECONDS);
}
} else {
LOG.error("Could not initiate at timedTask");
@@ -169,13 +133,8 @@ public List<String> call() {
}
}
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== OzoneResourceMgr.getOzoneResources() UserInput: "+ userInput + " configs: " + configs + " volumeList: " + volumeList + " bucketList: "
- + bucketList + " keyList: " + keyList + "Result :" + resultList );
+ LOG.debug("<== OzoneResourceMgr.getOzoneResources() UserInput: {} configs: {} volumeList: {} bucketList: {} keyList: {} Result: {}", userInput, configs, volumeList, bucketList, keyList, resultList);
- }
return resultList;
-
}
-
}