ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject git commit: ARGUS-9: lookup for topologies from Storm Policy Management is added
Date Sun, 14 Sep 2014 19:14:45 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 6fb304002 -> f9f9f0eb4


ARGUS-9: lookup for topologies from Storm Policy Management is added


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/f9f9f0eb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/f9f9f0eb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/f9f9f0eb

Branch: refs/heads/master
Commit: f9f9f0eb4dd2fabd309017decd12c1994d1033b0
Parents: 6fb3040
Author: sneethiraj <sneethir@apache.org>
Authored: Sun Sep 14 15:12:05 2014 -0400
Committer: sneethiraj <sneethir@apache.org>
Committed: Sun Sep 14 15:14:13 2014 -0400

----------------------------------------------------------------------
 .../com/xasecure/storm/client/StormClient.java  | 223 +++++++++++++++++++
 .../storm/client/json/model/Topology.java       |  47 ++++
 .../client/json/model/TopologyListResponse.java |  38 ++++
 .../com/xasecure/biz/AssetConnectionMgr.java    |  15 ++
 .../main/java/com/xasecure/biz/AssetMgr.java    |  25 +++
 .../main/java/com/xasecure/rest/AssetREST.java  |   9 +
 .../src/main/webapp/scripts/modules/XALinks.js  |  11 +
 .../scripts/views/storm/StormPolicyCreate.js    |   4 +-
 .../scripts/views/storm/StormPolicyForm.js      |   2 +-
 .../scripts/views/storm/StormTableLayout.js     |   4 +-
 10 files changed, 373 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/lookup-client/src/main/java/com/xasecure/storm/client/StormClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/storm/client/StormClient.java b/lookup-client/src/main/java/com/xasecure/storm/client/StormClient.java
new file mode 100644
index 0000000..f3b5a3b
--- /dev/null
+++ b/lookup-client/src/main/java/com/xasecure/storm/client/StormClient.java
@@ -0,0 +1,223 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.xasecure.storm.client;
+
+import java.io.IOException;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.commons.io.FilenameUtils;
+import org.apache.hadoop.security.KrbPasswordSaverLoginModule;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
+import org.apache.log4j.Logger;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.xasecure.storm.client.json.model.Topology;
+import com.xasecure.storm.client.json.model.TopologyListResponse;
+
+
+
+public class StormClient {
+	
+	public static final Logger LOG = Logger.getLogger(StormClient.class) ;
+
+	private static final String EXPECTED_MIME_TYPE = "application/json";
+	
+	private static final String TOPOLOGY_LIST_API_ENDPOINT = "/api/v1/topology/summary" ;
+	
+
+	String stormUIUrl;
+	String userName;
+	String password;
+
+	public StormClient(String aStormUIUrl, String aUserName, String aPassword) {
+		
+		this.stormUIUrl = aStormUIUrl;
+		this.userName = aUserName ;
+		this.password = aPassword;
+		
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("Storm Client is build with url [" + aStormUIUrl + "] user: [" + aUserName +
"], password: [" + aPassword + "]");
+		}
+
+	}
+
+	public List<String> getTopologyList(final String topologyNameMatching) {
+		
+		List<String> ret = new ArrayList<String>();
+		
+		PrivilegedAction<ArrayList<String>> topologyListGetter = new PrivilegedAction<ArrayList<String>>()
{
+			@Override
+			public ArrayList<String> run() {
+				
+				ArrayList<String> lret = new ArrayList<String>();
+				
+				String url = stormUIUrl + TOPOLOGY_LIST_API_ENDPOINT ;
+				
+				Client client = null ;
+				ClientResponse response = null ;
+				
+				try {
+					client = Client.create() ;
+					
+					WebResource webResource = client.resource(url);
+					
+					response = webResource.accept(EXPECTED_MIME_TYPE)
+						    .get(ClientResponse.class);
+					
+					if (response != null) {
+						if (response.getStatus() == 200) {
+							String jsonString = response.getEntity(String.class);
+							Gson gson = new GsonBuilder().setPrettyPrinting().create();
+							TopologyListResponse topologyListResponse = gson.fromJson(jsonString, TopologyListResponse.class);
+							if (topologyListResponse != null) {
+								if (topologyListResponse.getTopologyList() != null) {
+									for(Topology topology : topologyListResponse.getTopologyList()) {
+										String toplogyName = topology.getName() ;
+										if (toplogyName != null) {
+											if (topologyNameMatching == null || topologyNameMatching.isEmpty() || FilenameUtils.wildcardMatch(topology.getName(),
topologyNameMatching)) {
+												lret.add(toplogyName) ;
+											}
+										}
+									}
+								}
+							}
+							
+						}
+					}
+				}
+				finally {
+					
+					if (response != null) {
+						response.close();
+					}
+					
+					if (client != null) {
+						client.destroy(); 
+					}
+				
+				}
+				
+				return lret ;
+			}
+		} ;
+		
+		try {
+			ret = executeUnderKerberos(this.userName, this.password, topologyListGetter) ;
+		} catch (IOException e) {
+			LOG.error("Unable to get Topology list from [" + stormUIUrl + "]", e) ;
+		}
+		
+		return ret;
+	}
+	
+	
+	
+	
+
+	public static <T> T executeUnderKerberos(String userName, String password,
+			PrivilegedAction<T> action) throws IOException {
+
+		class MySecureClientLoginConfiguration extends
+				javax.security.auth.login.Configuration {
+
+			private String userName;
+			private String password ;
+
+			MySecureClientLoginConfiguration(String aUserName,
+					String password) {
+				this.userName = aUserName;
+				this.password = password;
+			}
+
+			@Override
+			public AppConfigurationEntry[] getAppConfigurationEntry(
+					String appName) {
+
+				Map<String, String> kerberosOptions = new HashMap<String, String>();
+				kerberosOptions.put("principal", this.userName);
+				kerberosOptions.put("debug", "false");
+				kerberosOptions.put("useKeyTab", "false");
+				kerberosOptions.put(KrbPasswordSaverLoginModule.USERNAME_PARAM, this.userName);
+				kerberosOptions.put(KrbPasswordSaverLoginModule.PASSWORD_PARAM, this.password);
+				kerberosOptions.put("doNotPrompt", "true");
+				kerberosOptions.put("useFirstPass", "true");
+				kerberosOptions.put("tryFirstPass","false") ;
+				kerberosOptions.put("storeKey", "true");
+				kerberosOptions.put("refreshKrb5Config", "true");
+
+
+
+				AppConfigurationEntry KEYTAB_KERBEROS_LOGIN = new AppConfigurationEntry(
+						KerberosUtil.getKrb5LoginModuleName(),
+						AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, kerberosOptions);
+				return new AppConfigurationEntry[] { KEYTAB_KERBEROS_LOGIN };
+			}
+
+		}
+		;
+
+		T ret = null;
+
+		Subject subject = null;
+		LoginContext loginContext = null;
+
+		try {
+			subject = new Subject();
+			MySecureClientLoginConfiguration loginConf = new MySecureClientLoginConfiguration(
+					userName, password);
+			loginContext = new LoginContext("hadoop-keytab-kerberos", subject,
+					null, loginConf);
+			loginContext.login();
+
+			Subject loginSubj = loginContext.getSubject();
+
+			if (loginSubj != null) {
+				ret = Subject.doAs(loginSubj, action);
+			}
+		} catch (LoginException le) {
+			throw new IOException("Login failure", le);
+		} finally {
+			if (loginContext != null) {
+				if (subject != null) {
+					try {
+						loginContext.logout();
+					} catch (LoginException e) {
+						throw new IOException("logout failure", e);
+					}
+				}
+			}
+		}
+
+		return ret;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/lookup-client/src/main/java/com/xasecure/storm/client/json/model/Topology.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/storm/client/json/model/Topology.java
b/lookup-client/src/main/java/com/xasecure/storm/client/json/model/Topology.java
new file mode 100644
index 0000000..229eb54
--- /dev/null
+++ b/lookup-client/src/main/java/com/xasecure/storm/client/json/model/Topology.java
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.xasecure.storm.client.json.model;
+
+public class Topology {
+	private String id ;
+	private String name ;
+	private String status ;
+	
+	public String getId() {
+		return id;
+	}
+	public void setId(String id) {
+		this.id = id;
+	}
+	public String getName() {
+		return name;
+	}
+	public void setName(String name) {
+		this.name = name;
+	}
+	public String getStatus() {
+		return status;
+	}
+	public void setStatus(String status) {
+		this.status = status;
+	}
+	
+	
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/lookup-client/src/main/java/com/xasecure/storm/client/json/model/TopologyListResponse.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/storm/client/json/model/TopologyListResponse.java
b/lookup-client/src/main/java/com/xasecure/storm/client/json/model/TopologyListResponse.java
new file mode 100644
index 0000000..486f3d2
--- /dev/null
+++ b/lookup-client/src/main/java/com/xasecure/storm/client/json/model/TopologyListResponse.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.xasecure.storm.client.json.model;
+
+import java.util.List;
+
+import com.google.gson.annotations.SerializedName;
+
+public class TopologyListResponse {
+	@SerializedName("topologies")
+	private List<Topology>	topologyList;
+
+	public List<Topology> getTopologyList() {
+		return topologyList;
+	}
+
+	public void setTopologyList(List<Topology> topologyList) {
+		this.topologyList = topologyList;
+	}
+	
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
index ad0a1a0..03ac341 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
@@ -40,6 +40,7 @@ import com.xasecure.hadoop.client.HadoopFS;
 import com.xasecure.hbase.client.HBaseClient;
 import com.xasecure.hive.client.HiveClient;
 import com.xasecure.knox.client.KnoxClient;
+import com.xasecure.storm.client.StormClient;
 import com.xasecure.view.VXAsset;
 
 @Component
@@ -382,5 +383,19 @@ public class AssetConnectionMgr {
 		hadoopConnectionCache.remove(dataSourceName);
 		return getHadoopConnection(dataSourceName);
 	}
+	
+    public static StormClient getStormClient(final String stormUIURL, String userName, String
password) {
+        StormClient stormClient = null;
+        if (stormUIURL == null || stormUIURL.isEmpty()) {
+            logger.error("Can not create KnoxClient: stormUIURL is empty");
+        } else if (userName == null || userName.isEmpty()) {
+            logger.error("Can not create KnoxClient: knoxAdminUser is empty");
+        } else if (password == null || password.isEmpty()) {
+            logger.error("Can not create KnoxClient: knoxAdminPassword is empty");
+        } else {
+            stormClient =  new StormClient(stormUIURL, userName, password);
+        }
+        return stormClient;
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index 5d938ea..ded8e91 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -86,6 +86,7 @@ import com.xasecure.service.XGroupService;
 import com.xasecure.service.XPermMapService;
 import com.xasecure.service.XTrxLogService;
 import com.xasecure.service.XUserService;
+import com.xasecure.storm.client.StormClient;
 import com.xasecure.util.RestUtil;
 import com.xasecure.view.VXAccessAuditList;
 import com.xasecure.view.VXAsset;
@@ -3037,4 +3038,28 @@ public class AssetMgr extends AssetMgrBase {
 		
 		return vXResource;
 	}
+	
+    public VXStringList getStormResources(final String dataSourceName,String topologyName)
{
+        VXStringList ret = null ;
+        XXAsset asset = xADaoManager.getXXAsset().findByAssetName(dataSourceName);
+        String config = asset.getConfig() ;
+        if (config == null || config.trim().isEmpty()) {
+                logger.error("Connection Config is empty");
+
+        } else {
+                final HashMap<String, String> configMap = (HashMap<String, String>)
jsonUtil.jsonToMap(config);
+                String url = configMap.get("nimbus.url");
+                String username = configMap.get("username");
+                String password = configMap.get("password");
+                ret = getStormResources(url, username, password,topologyName) ;
+        }
+        return ret ;
+    }
+
+    public VXStringList getStormResources(String url, String username, String password,String
topologyName) {
+        final StormClient stormClient = AssetConnectionMgr.getStormClient(url, username,
password);
+        List<String> toplogyList = stormClient.getTopologyList(topologyName) ;
+        return msBizUtil.mapStringListToVStringList(toplogyList) ;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
index 32bb1bb..0096285 100644
--- a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
+++ b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
@@ -371,6 +371,15 @@ public class AssetREST {
 		return assetMgr.getKnoxResources(dataSourceName, topologyName, serviceName);
 	}
 	
+    @GET
+    @Path("/storm/resources")
+    @Produces({ "application/xml", "application/json" })
+    public VXStringList pullStormResources(@Context HttpServletRequest request) {
+        String dataSourceName = request.getParameter("dataSourceName");
+        String topologyName = request.getParameter("topologyName");
+        return assetMgr.getStormResources(dataSourceName, topologyName);
+    }
+	
 	@GET
 	@Path("/resources/count")
 	@Produces({ "application/xml", "application/json" })

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/security-admin/src/main/webapp/scripts/modules/XALinks.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js
index 286bdd3..9ea26be 100644
--- a/security-admin/src/main/webapp/scripts/modules/XALinks.js
+++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js
@@ -225,6 +225,17 @@ define(function(require) {
 					text : options.model.get('name') +' Policies',
 					title: options.model.get('name') +' Policies'
 				};
+            },
+            ManageStormPolicies : function(options){
+                var href = "javascript:void(0);";
+                if(_.has(options,'model')){
+                    href =  '#!/storm/'+options.model.id+"/policies";
+                }
+                return {
+                    href : href,
+                    text : options.model.get('name') +' Policies',
+                    title: options.model.get('name') +' Policies'
+                };
 			}
 	};      
        

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/security-admin/src/main/webapp/scripts/views/storm/StormPolicyCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/storm/StormPolicyCreate.js b/security-admin/src/main/webapp/scripts/views/storm/StormPolicyCreate.js
index 003c79a..9ea2692 100644
--- a/security-admin/src/main/webapp/scripts/views/storm/StormPolicyCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/storm/StormPolicyCreate.js
@@ -46,9 +46,9 @@ define(function(require){
     	},
     	breadCrumbs :function(){
     		if(this.model.isNew())
-    			return [XALinks.get('RepositoryManager'),XALinks.get('ManageKnoxPolicies',{model :
this.assetModel}),XALinks.get('PolicyCreate')];
+    			return [XALinks.get('RepositoryManager'),XALinks.get('ManageStormPolicies',{model
: this.assetModel}),XALinks.get('PolicyCreate')];
     		else
-    			return [XALinks.get('RepositoryManager'),XALinks.get('ManageKnoxPolicies',{model :
this.assetModel}),XALinks.get('PolicyEdit')];
+    			return [XALinks.get('RepositoryManager'),XALinks.get('ManageStormPolicies',{model
: this.assetModel}),XALinks.get('PolicyEdit')];
     	} , 
 		/** Layout sub regions */
     	regions: {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/security-admin/src/main/webapp/scripts/views/storm/StormPolicyForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/storm/StormPolicyForm.js b/security-admin/src/main/webapp/scripts/views/storm/StormPolicyForm.js
index 2db0a58..564cab6 100644
--- a/security-admin/src/main/webapp/scripts/views/storm/StormPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/storm/StormPolicyForm.js
@@ -284,7 +284,7 @@ define(function(require){
 						}
 					},
 					ajax: { 
-						url: "service/assets/knox/resources",
+						url: "service/assets/storm/resources",
 						dataType: 'json',
 						params : {
 							timeout: 3000

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f9f9f0eb/security-admin/src/main/webapp/scripts/views/storm/StormTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/storm/StormTableLayout.js b/security-admin/src/main/webapp/scripts/views/storm/StormTableLayout.js
index 5753e70..2f5b1f2 100644
--- a/security-admin/src/main/webapp/scripts/views/storm/StormTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/storm/StormTableLayout.js
@@ -51,7 +51,7 @@ define(function(require){
     		};
     	},
     	breadCrumbs : function(){
-    		return [XALinks.get('RepositoryManager'),XALinks.get('ManageKnoxPolicies',{model :
this.assetModel})];
+    		return [XALinks.get('RepositoryManager'),XALinks.get('ManageStormPolicies',{model :
this.assetModel})];
    		},
 		/** Layout sub regions */
     	regions: {
@@ -170,7 +170,7 @@ define(function(require){
 				topologies : {
 					label	: localization.tt("lbl.topologyName")+'(s)',
 					/*href: function(model){
-						return '#!/knox/'+model.get('assetId')+'/policy/' + model.id;
+						return '#!/storm/'+model.get('assetId')+'/policy/' + model.id;
 					},*/
 					editable:false,
 //					cell :'uri',


Mime
View raw message