Google Git
Sign in
apache / ranger / 81591157210e8a0245a4101ec0dafc36f4137cc0 / . / security-admin / src / main / java / org / apache / ranger / rest / AssetREST.java
blob: e5ef779f4396996c42e12942e3d01e8c75cce5dd [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ranger.rest;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.Encoded;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.biz.AssetMgr;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.ServiceUtil;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.annotation.RangerAnnotationClassName;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.security.context.RangerAPIList;
import org.apache.ranger.service.XAccessAuditService;
import org.apache.ranger.service.XAssetService;
import org.apache.ranger.service.XCredentialStoreService;
import org.apache.ranger.service.XPolicyExportAuditService;
import org.apache.ranger.service.XPolicyService;
import org.apache.ranger.service.XResourceService;
import org.apache.ranger.service.XTrxLogService;
import org.apache.ranger.view.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
@Path("assets")
@Component
@Scope("request")
@RangerAnnotationJSMgrName("AssetMgr")
@Transactional(propagation = Propagation.REQUIRES_NEW)
public class AssetREST {
private static final Logger logger = LoggerFactory.getLogger(AssetREST.class);
@Autowired
RangerSearchUtil searchUtil;
@Autowired
AssetMgr assetMgr;
@Autowired
XAssetService xAssetService;
@Autowired
XResourceService xResourceService;
@Autowired
XPolicyService xPolicyService;
@Autowired
XCredentialStoreService xCredentialStoreService;
@Autowired
RESTErrorUtil restErrorUtil;
@Autowired
XPolicyExportAuditService xPolicyExportAudits;
@Autowired
XTrxLogService xTrxLogService;
@Autowired
RangerBizUtil msBizUtil;
@Autowired
XAccessAuditService xAccessAuditService;
@Autowired
ServiceUtil serviceUtil;
@Autowired
ServiceREST serviceREST;
@Autowired
RangerDaoManager daoManager;
@GET
@Path("/assets/{id}")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_X_ASSET + "\")")
public VXAsset getXAsset(@PathParam("id") Long id) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.getXAsset(" + id + ")");
}
RangerService service = serviceREST.getService(id);
VXAsset ret = serviceUtil.toVXAsset(service);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.getXAsset(" + id + "): " + ret);
}
return ret;
}
@POST
@Path("/assets")
@Consumes({ "application/json" })
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.CREATE_X_ASSET + "\")")
public VXAsset createXAsset(VXAsset vXAsset) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.createXAsset(" + vXAsset + ")");
}
RangerService service = serviceUtil.toRangerService(vXAsset);
RangerService createdService = serviceREST.createService(service);
VXAsset ret = serviceUtil.toVXAsset(createdService);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.createXAsset(" + vXAsset + "): " + ret);
}
return ret;
}
@PUT
@Path("/assets/{id}")
@Consumes({ "application/json" })
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.UPDATE_X_ASSET + "\")")
public VXAsset updateXAsset(VXAsset vXAsset) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.updateXAsset(" + vXAsset + ")");
}
RangerService service = serviceUtil.toRangerService(vXAsset);
RangerService updatedService = serviceREST.updateService(service, null);
VXAsset ret = serviceUtil.toVXAsset(updatedService);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.updateXAsset(" + vXAsset + "): " + ret);
}
return ret;
}
@DELETE
@Path("/assets/{id}")
@RangerAnnotationClassName(class_name = VXAsset.class)
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.DELETE_X_ASSET + "\")")
public void deleteXAsset(@PathParam("id") Long id,
@Context HttpServletRequest request) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.deleteXAsset(" + id + ")");
}
serviceREST.deleteService(id);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.deleteXAsset(" + id + ")");
}
}
@POST
@Path("/assets/testConfig")
@Consumes({ "application/json" })
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.TEST_CONFIG + "\")")
public VXResponse configTest(VXAsset vXAsset) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.configTest(" + vXAsset + ")");
}
RangerService service = serviceUtil.toRangerService(vXAsset);
VXResponse ret = serviceREST.validateConfig(service);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.testConfig(" + vXAsset + "): " + ret);
}
return ret;
}
@GET
@Path("/assets")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_ASSETS + "\")")
public VXAssetList searchXAssets(@Context HttpServletRequest request) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.searchXAssets()");
}
VXAssetList ret = new VXAssetList();
SearchFilter filter = searchUtil.getSearchFilterFromLegacyRequestForRepositorySearch(request, xAssetService.sortFields);
List<RangerService> services = serviceREST.getServices(filter);
if(services != null) {
List<VXAsset> assets = new ArrayList<VXAsset>();
for(RangerService service : services) {
VXAsset asset = serviceUtil.toVXAsset(service);
if(asset != null) {
assets.add(asset);
}
}
ret.setVXAssets(assets);
}
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.searchXAssets(): count=" + ret.getListSize());
}
return ret;
}
@GET
@Path("/assets/count")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.COUNT_X_ASSETS + "\")")
public VXLong countXAssets(@Context HttpServletRequest request) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.countXAssets()");
}
SearchFilter filter = searchUtil.getSearchFilterFromLegacyRequest(request, xResourceService.sortFields);
filter.setMaxRows(Integer.MAX_VALUE);
List<RangerService> services = serviceREST.getServices(filter);
int servicesCount = 0;
if (services != null) {
for (RangerService service : services) {
VXAsset asset = serviceUtil.toVXAsset(service);
if (asset != null) {
servicesCount++;
}
}
}
VXLong ret = new VXLong();
ret.setValue(servicesCount);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.countXAssets(): " + ret);
}
return ret;
}
@GET
@Path("/resources/{id}")
@Produces({ "application/json" })
public VXResource getXResource(@PathParam("id") Long id) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.getXResource(" + id + ")");
}
RangerPolicy policy = null;
RangerService service = null;
policy = serviceREST.getPolicy(id);
if(policy != null) {
service = serviceREST.getServiceByName(policy.getService());
}
VXResource ret = serviceUtil.toVXResource(policy, service);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.getXResource(" + id + "): " + ret);
}
return ret;
}
@POST
@Path("/resources")
@Consumes({ "application/json" })
@Produces({ "application/json" })
public VXResource createXResource(VXResource vXResource) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.createXResource(" + vXResource + ")");
}
RangerService service = serviceREST.getService(vXResource.getAssetId());
RangerPolicy policy = serviceUtil.toRangerPolicy(vXResource, service);
RangerPolicy createdPolicy = serviceREST.createPolicy(policy, null);
VXResource ret = serviceUtil.toVXResource(createdPolicy, service);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.createXResource(" + vXResource + "): " + ret);
}
return ret;
}
@PUT
@Path("/resources/{id}")
@Consumes({ "application/json" })
@Produces({ "application/json" })
public VXResource updateXResource(VXResource vXResource , @PathParam("id") Long id) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.updateXResource(" + vXResource + ")");
}
// if vXResource.id is specified, it should be same as the param 'id'
if (vXResource.getId() == null) {
vXResource.setId(id);
} else if(!vXResource.getId().equals(id)) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "resource Id mismatch", true);
}
RangerService service = serviceREST.getService(vXResource.getAssetId());
RangerPolicy policy = serviceUtil.toRangerPolicy(vXResource, service);
RangerPolicy updatedPolicy = serviceREST.updatePolicy(policy, policy.getId());
VXResource ret = serviceUtil.toVXResource(updatedPolicy, service);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.updateXResource(" + vXResource + "): " + ret);
}
return ret;
}
@DELETE
@Path("/resources/{id}")
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
@RangerAnnotationClassName(class_name = VXResource.class)
public void deleteXResource(@PathParam("id") Long id,
@Context HttpServletRequest request) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.deleteXResource(" + id + ")");
}
serviceREST.deletePolicy(id);
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.deleteXResource(" + id + ")");
}
}
@GET
@Path("/resources")
@Produces({ "application/json" })
public VXResourceList searchXResources(@Context HttpServletRequest request) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.searchXResources()");
}
VXResourceList ret = new VXResourceList();
SearchFilter filter = searchUtil.getSearchFilterFromLegacyRequest(request, xResourceService.sortFields);
List<RangerPolicy> policies = serviceREST.getPolicies(filter);
if(policies != null) {
List<VXResource> resources = new ArrayList<VXResource>();
for(RangerPolicy policy : policies) {
RangerService service = serviceREST.getServiceByName(policy.getService());
VXResource resource = serviceUtil.toVXResource(policy, service);
if(resource != null) {
resources.add(resource);
}
}
ret.setVXResources(resources);
}
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.searchXResources(): count=" + ret.getResultSize());
}
return ret;
}
@GET
@Path("/resources/count")
@Produces({ "application/json" })
public VXLong countXResources(@Context HttpServletRequest request) {
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.countXResources()");
}
VXLong ret = new VXLong();
ret.setValue(searchXResources(request).getListSize());
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.countXAssets(): " + ret);
}
return ret;
}
@GET
@Path("/credstores/{id}")
@Produces({ "application/json" })
public VXCredentialStore getXCredentialStore(@PathParam("id") Long id) {
return assetMgr.getXCredentialStore(id);
}
@POST
@Path("/credstores")
@Consumes({ "application/json" })
@Produces({ "application/json" })
public VXCredentialStore createXCredentialStore(
VXCredentialStore vXCredentialStore) {
return assetMgr.createXCredentialStore(vXCredentialStore);
}
@PUT
@Path("/credstores")
@Consumes({ "application/json" })
@Produces({ "application/json" })
public VXCredentialStore updateXCredentialStore(
VXCredentialStore vXCredentialStore) {
return assetMgr.updateXCredentialStore(vXCredentialStore);
}
@DELETE
@Path("/credstores/{id}")
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
@RangerAnnotationClassName(class_name = VXCredentialStore.class)
public void deleteXCredentialStore(@PathParam("id") Long id,
@Context HttpServletRequest request) {
boolean force = false;
assetMgr.deleteXCredentialStore(id, force);
}
@GET
@Path("/credstores")
@Produces({ "application/json" })
public VXCredentialStoreList searchXCredentialStores(
@Context HttpServletRequest request) {
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, xCredentialStoreService.sortFields);
return assetMgr.searchXCredentialStores(searchCriteria);
}
@GET
@Path("/credstores/count")
@Produces({ "application/json" })
public VXLong countXCredentialStores(@Context HttpServletRequest request) {
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, xCredentialStoreService.sortFields);
return assetMgr.getXCredentialStoreSearchCount(searchCriteria);
}
@GET
@Path("/resource/{id}")
@Produces({ "application/json" })
public Response getXResourceFile(@Context HttpServletRequest request,
@PathParam("id") Long id) {
String fileType = searchUtil.extractString(request,
new SearchCriteria(), "fileType", "File type",
StringUtil.VALIDATION_TEXT);
VXResource resource = getXResource(id);
Response response=null;
if(resource!=null && StringUtils.isNotEmpty(fileType)){
File file = null;
file=assetMgr.getXResourceFile(resource, fileType);
if(file!=null){
response=Response.ok(file, MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition","attachment;filename=" + file.getName()).build();
file=null;
}
}
return response;
}
@GET
@Path("/policyList/{repository}")
@Produces({ "application/json" })
@Encoded
public String getResourceJSON(@Context HttpServletRequest request,
@PathParam("repository") String repository) {
String epoch = request.getParameter("epoch");
X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
String ipAddress = request.getHeader("X-FORWARDED-FOR");
boolean isSecure = request.isSecure();
String policyCount = request.getParameter("policyCount");
String agentId = request.getParameter("agentId");
Long lastKnowPolicyVersion = Long.valueOf(-1);
String capabilityVector = "0";
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true);
ServicePolicies servicePolicies = null;
try {
servicePolicies = serviceREST.getServicePoliciesIfUpdated(repository, lastKnowPolicyVersion, 0L, agentId, "", "", false, capabilityVector, request);
} catch(Exception excp) {
logger.error("failed to retrieve policies for repository " + repository, excp);
}
RangerService service = serviceUtil.getServiceByName(repository);
List<RangerPolicy> policies = servicePolicies != null ? servicePolicies.getPolicies() : null;
long policyUpdTime = (servicePolicies != null && servicePolicies.getPolicyUpdateTime() != null) ? servicePolicies.getPolicyUpdateTime().getTime() : 0l;
VXAsset vAsset = serviceUtil.toVXAsset(service);
List<VXResource> vResourceList = new ArrayList<VXResource>();
if(policies != null) {
for(RangerPolicy policy : policies) {
vResourceList.add(serviceUtil.toVXResource(policy, service));
}
}
String file = assetMgr.getLatestRepoPolicy(vAsset, vResourceList, policyUpdTime,
certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId);
return file;
}
@GET
@Path("/exportAudit")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_POLICY_EXPORT_AUDITS + "\")")
public VXPolicyExportAuditList searchXPolicyExportAudits(
@Context HttpServletRequest request) {
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, xPolicyExportAudits.sortFields);
searchUtil.extractString(request, searchCriteria, "agentId",
"The XA agent id pulling the policies.",
StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "clientIP",
"The XA agent ip pulling the policies.",
StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "repositoryName",
"Repository name for which export was done.",
StringUtil.VALIDATION_TEXT);
searchUtil.extractInt(request, searchCriteria, "httpRetCode",
"HTTP response code for exported policy.");
searchUtil.extractDate(request, searchCriteria, "startDate",
"Start Date", null);
searchUtil.extractDate(request, searchCriteria, "endDate",
"End Date", null);
searchUtil.extractString(request, searchCriteria, "cluster",
"Cluster Name", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "zoneName",
"Zone Name", StringUtil.VALIDATION_TEXT);
return assetMgr.searchXPolicyExportAudits(searchCriteria);
}
@GET
@Path("/report")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_REPORT_LOGS + "\")")
public VXTrxLogList getReportLogs(@Context HttpServletRequest request){
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, xTrxLogService.sortFields);
searchUtil.extractInt(request, searchCriteria, "objectClassType", "audit type.");
searchUtil.extractInt(request, searchCriteria, "objectId", "Object ID");
searchUtil.extractString(request, searchCriteria, "attributeName",
"Attribute Name", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "action",
"CRUD Action Type", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "sessionId",
"Session Id", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "owner",
"Owner", StringUtil.VALIDATION_TEXT);
searchUtil.extractDate(request, searchCriteria, "startDate", "Trasaction date since", "MM/dd/yyyy");
searchUtil.extractDate(request, searchCriteria, "endDate", "Trasaction date till", "MM/dd/yyyy");
return assetMgr.getReportLogs(searchCriteria);
}
@GET
@Path("/report/{transactionId}")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_TRANSACTION_REPORT + "\")")
public VXTrxLogList getTransactionReport(@Context HttpServletRequest request,
@PathParam("transactionId") String transactionId){
return assetMgr.getTransactionReport(transactionId);
}
@GET
@Path("/accessAudit")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_ACCESS_LOGS + "\")")
public VXAccessAuditList getAccessLogs(@Context HttpServletRequest request){
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, xAccessAuditService.sortFields);
searchUtil.extractString(request, searchCriteria, "accessType",
"Access Type", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "aclEnforcer",
"Access Enforcer", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "agentId",
"Application", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "repoName",
"Service Name", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "sessionId",
"Session ID", StringUtil.VALIDATION_TEXT);
searchUtil.extractStringList(request, searchCriteria, "requestUser",
"Users", "requestUser", null, StringUtil.VALIDATION_TEXT);
searchUtil.extractStringList(request, searchCriteria, "excludeUser",
"Exclude Users", "-requestUser", null, StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "requestData",
"Request Data", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "resourcePath",
"Resource Name", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "clientIP",
"Client IP", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "resourceType",
"Resource Type", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request,searchCriteria,"excludeServiceUser",
"Exclude Service User",StringUtil.VALIDATION_TEXT);
searchUtil.extractInt(request, searchCriteria, "auditType", "Audit Type");
searchUtil.extractInt(request, searchCriteria, "accessResult", "Result");
searchUtil.extractInt(request, searchCriteria, "assetId", "Asset ID");
searchUtil.extractLong(request, searchCriteria, "policyId", "Policy ID");
searchUtil.extractInt(request, searchCriteria, "repoType", "Service Type");
searchUtil.extractDate(request, searchCriteria, "startDate","Start Date", "MM/dd/yyyy");
searchUtil.extractDate(request, searchCriteria, "endDate", "End Date", "MM/dd/yyyy");
searchUtil.extractString(request, searchCriteria, "tags", "tags", null);
searchUtil.extractString(request, searchCriteria, "cluster", "Cluster Name", StringUtil.VALIDATION_TEXT);
searchUtil.extractStringList(request, searchCriteria, "zoneName", "Zone Name List", "zoneName", null, null);
searchUtil.extractString(request, searchCriteria, "agentHost", "Agent Host Name", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "eventId", "Event Id", null);
boolean isKeyAdmin = msBizUtil.isKeyAdmin();
boolean isAuditKeyAdmin = msBizUtil.isAuditKeyAdmin();
XXServiceDef xxServiceDef = daoManager.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME);
if(isKeyAdmin && xxServiceDef != null || isAuditKeyAdmin && xxServiceDef != null){
searchCriteria.getParamList().put("repoType", xxServiceDef.getId());
}
else if (xxServiceDef != null) {
searchCriteria.getParamList().put("-repoType", xxServiceDef.getId());
}
return assetMgr.getAccessLogs(searchCriteria);
}
@POST
@Path("/resources/grant")
@Consumes({ "application/json" })
@Produces({ "application/json" })
public VXPolicy grantPermission(@Context HttpServletRequest request,VXPolicy vXPolicy) {
RESTResponse ret = null;
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.grantPermission(" + vXPolicy + ")");
}
if ( vXPolicy != null) {
String serviceName = vXPolicy.getRepositoryName();
GrantRevokeRequest grantRevokeRequest = serviceUtil.toGrantRevokeRequest(vXPolicy);
try {
ret = serviceREST.grantAccess(serviceName, grantRevokeRequest, request);
} catch(WebApplicationException excp) {
throw excp;
} catch (Throwable e) {
logger.error( HttpServletResponse.SC_BAD_REQUEST + "Grant Access Failed for the request " + vXPolicy, e);
throw restErrorUtil.createRESTException("Grant Access Failed for the request: " + vXPolicy + ". " + e.getMessage());
}
} else {
logger.error( HttpServletResponse.SC_BAD_REQUEST + "Bad Request parameter");
throw restErrorUtil.createRESTException("Bad Request parameter");
}
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.grantPermission(" + ret + ")");
}
// TO DO Current Grant REST doesn't return a policy so returning a null value. Has to be replace with VXpolicy.
return vXPolicy;
}
@POST
@Path("/resources/revoke")
@Consumes({ "application/json" })
@Produces({ "application/json" })
public VXPolicy revokePermission(@Context HttpServletRequest request,VXPolicy vXPolicy) {
RESTResponse ret = null;
if(logger.isDebugEnabled()) {
logger.debug("==> AssetREST.revokePermission(" + vXPolicy + ")");
}
if ( vXPolicy != null) {
String serviceName = vXPolicy.getRepositoryName();
GrantRevokeRequest grantRevokeRequest = serviceUtil.toGrantRevokeRequest(vXPolicy);
try {
ret = serviceREST.revokeAccess(serviceName, grantRevokeRequest, request);
} catch(WebApplicationException excp) {
throw excp;
} catch (Throwable e) {
logger.error( HttpServletResponse.SC_BAD_REQUEST + "Revoke Access Failed for the request " + vXPolicy, e);
throw restErrorUtil.createRESTException("Revoke Access Failed for the request: " + vXPolicy + ". " + e.getMessage());
}
} else {
logger.error( HttpServletResponse.SC_BAD_REQUEST + "Bad Request parameter");
throw restErrorUtil.createRESTException("Bad Request parameter");
}
if(logger.isDebugEnabled()) {
logger.debug("<== AssetREST.revokePermission(" + ret + ")");
}
return vXPolicy;
}
@GET
@Path("/ugsyncAudits")
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_UGSYNC_AUDITS + "\")")
public VXUgsyncAuditInfoList getUgsyncAudits(@Context HttpServletRequest request){
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, xAccessAuditService.sortFields);
searchUtil.extractString(request, searchCriteria, "userName",
"User Name", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "sessionId",
"Session Id", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "syncSource",
"Sync Source", StringUtil.VALIDATION_TEXT);
searchUtil.extractString(request, searchCriteria, "syncSourceInfo",
"Sync Source Info", StringUtil.VALIDATION_TEXT);
searchUtil.extractLong(request, searchCriteria, "noOfUsers", "No of Users");
searchUtil.extractLong(request, searchCriteria, "noOfGroups", "No of Groups");
searchUtil.extractDate(request, searchCriteria, "startDate",
"Start Date", "MM/dd/yyyy");
searchUtil.extractDate(request, searchCriteria, "endDate", "End Date",
"MM/dd/yyyy");
return assetMgr.getUgsyncAudits(searchCriteria);
}
@GET
@Path("/ugsyncAudits/{syncSource}")
@Encoded
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_UGSYNC_AUDITS_BY_SYNCSOURCE + "\")")
public VXUgsyncAuditInfoList getUgsyncAuditsBySyncSource(@PathParam("syncSource") String syncSource){
VXUgsyncAuditInfoList vxUgsyncAuditInfoList = new VXUgsyncAuditInfoList();
vxUgsyncAuditInfoList = assetMgr.getUgsyncAuditsBySyncSource(syncSource);
return vxUgsyncAuditInfoList;
}
}