ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject incubator-ranger git commit: RANGER-1182: Remove code duplication around the PrivilegedAction handling
Date Tue, 18 Oct 2016 03:58:28 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master 1f138601a -> 22259e9d9


RANGER-1182: Remove code duplication around the PrivilegedAction handling

Signed-off-by: Selvamohan Neethiraj <sneethir@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/22259e9d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/22259e9d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/22259e9d

Branch: refs/heads/master
Commit: 22259e9d9a3572cf2392996f787a6b3dc8ad0672
Parents: 1f13860
Author: Zsombor Gegesy <gzsombor@gmail.com>
Authored: Thu Oct 6 22:41:09 2016 +0200
Committer: Selvamohan Neethiraj <sneethir@apache.org>
Committed: Mon Oct 17 23:58:20 2016 -0400

----------------------------------------------------------------------
 .../audit/destination/HDFSAuditDestination.java | 12 ++-----
 .../audit/destination/SolrAuditDestination.java | 33 ++++---------------
 .../apache/ranger/audit/provider/MiscUtil.java  | 26 +++++++++++++++
 .../provider/kafka/KafkaAuditProvider.java      | 34 +++++---------------
 .../audit/provider/solr/SolrAuditProvider.java  | 23 ++++---------
 5 files changed, 48 insertions(+), 80 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
index ebe6ab9..3a13db2 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
@@ -153,7 +153,7 @@ public class HDFSAuditDestination extends AuditDestination {
 						+ ". Will write to HDFS file=" + currentFileName);
 			}
 
-			PrivilegedExceptionAction<PrintWriter> action = new PrivilegedExceptionAction<PrintWriter>()
{
+			final PrintWriter out = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<PrintWriter>()
{
 				@Override
 				public PrintWriter run()  throws Exception {
 					PrintWriter out = getLogFileStream();
@@ -162,15 +162,7 @@ public class HDFSAuditDestination extends AuditDestination {
 					}
 					return out;
 				};
-			};
-
-			PrintWriter out = null;
-			UserGroupInformation ugi =  MiscUtil.getUGILoginUser();
-			if ( ugi != null) {
-				out = ugi.doAs(action);
-			} else {
-				out = action.run();
-			}
+			});
 
 			// flush and check the stream for errors
 			if (out.checkError()) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
index c8f4f13..f67dfd7 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
@@ -114,22 +114,15 @@ public class SolrAuditDestination extends AuditDestination {
 							// Instantiate
 							HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
 							final String zkhosts =zkHosts;
-							PrivilegedExceptionAction<CloudSolrClient> action = new PrivilegedExceptionAction<CloudSolrClient>()
{
+							final CloudSolrClient solrCloudClient = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<CloudSolrClient>()
{
 								@Override
 								public CloudSolrClient run()  throws Exception {
 									CloudSolrClient solrCloudClient = new CloudSolrClient(
 											zkhosts);
 									return solrCloudClient;
 								};
-							};
+							});
 
-							CloudSolrClient solrCloudClient = null;
-							UserGroupInformation ugi = MiscUtil.getUGILoginUser();
-							if (ugi != null) {
-								solrCloudClient = ugi.doAs(action);
-							} else {
-								solrCloudClient = action.run();
-							}
 							solrCloudClient.setDefaultCollection(collectionName);
 							me = solrClient = solrCloudClient;
 						} catch (Throwable t) {
@@ -144,22 +137,15 @@ public class SolrAuditDestination extends AuditDestination {
 							LOG.info("Connecting to Solr using URLs=" + solrURLs);
 							HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
 							final List<String> solrUrls = solrURLs;
-							PrivilegedExceptionAction<LBHttpSolrClient> action = new PrivilegedExceptionAction<LBHttpSolrClient>()
{
+							final LBHttpSolrClient lbSolrClient = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<LBHttpSolrClient>()
{
 								@Override
 								public LBHttpSolrClient run()  throws Exception {
 									LBHttpSolrClient lbSolrClient = new LBHttpSolrClient(
 											solrUrls.get(0));
 									return lbSolrClient;
 								};
-							};
+							});
 
-							LBHttpSolrClient lbSolrClient = null;
-							UserGroupInformation ugi = MiscUtil.getUGILoginUser();
-							if (ugi != null) {
-								lbSolrClient = ugi.doAs(action);
-							} else {
-								lbSolrClient = action.run();
-							}
 							lbSolrClient.setConnectionTimeout(1000);
 
 							for (int i = 1; i < solrURLs.size(); i++) {
@@ -235,21 +221,14 @@ public class SolrAuditDestination extends AuditDestination {
 				docs.add(document);
 			}
 			try {
-				PrivilegedExceptionAction<UpdateResponse> action = new PrivilegedExceptionAction<UpdateResponse>()
{
+				final UpdateResponse response = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<UpdateResponse>()
{
 					@Override
 					public UpdateResponse run()  throws Exception {
 						UpdateResponse response = solrClient.add(docs);
 						return response;
 					};
-				};
+				});
 
-				UpdateResponse response = null;
-				UserGroupInformation ugi = MiscUtil.getUGILoginUser();
-				if (ugi != null) {
-					response = ugi.doAs(action);
-				} else {
-					response = action.run();
-				}
 				if (response.getStatus() != 0) {
 					addFailedCount(events.size());
 					logFailedEvent(events, response.toString());

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index 4515843..f204d36 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -21,6 +21,8 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.rmi.dgc.VMID;
 import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
@@ -510,6 +512,30 @@ public class MiscUtil {
 		return ret;
 	}
 
+	/**
+	 * Execute the {@link PrivilegedExceptionAction} on the {@link UserGroupInformation} if
it's set, otherwise call it directly
+	 */
+	public static <X> X executePrivilegedAction(final PrivilegedExceptionAction<X>
action) throws Exception {
+		final UserGroupInformation ugi = getUGILoginUser();
+		if (ugi != null) {
+			return ugi.doAs(action);
+		} else {
+			return action.run();
+		}
+	}
+
+	/**
+	 * Execute the {@link PrivilegedAction} on the {@link UserGroupInformation} if it's set,
otherwise call it directly.
+	 */
+	public static <X> X executePrivilegedAction(final PrivilegedAction<X> action)
{
+		final UserGroupInformation ugi = getUGILoginUser();
+		if (ugi != null) {
+			return ugi.doAs(action);
+		} else {
+			return action.run();
+		}
+	}
+
 	public static Subject getSubjectLoginUser() {
 		return subjectLoginUser;
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
index 915c965..ab77bf2 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
@@ -77,20 +77,14 @@ public class KafkaAuditProvider extends AuditDestination {
 				LOG.info("Connecting to Kafka producer using properties:"
 						+ kakfaProps.toString());
 
-				PrivilegedAction<Producer<String, String>> action = new PrivilegedAction<Producer<String,
String>>() {
+				producer  = MiscUtil.executePrivilegedAction(new PrivilegedAction<Producer<String,
String>>() {
 					@Override
 					public Producer<String, String> run(){
 						Producer<String, String> producer = new KafkaProducer<String, String>(kakfaProps);
 						return producer;
 					};
-				};
+				});
 
-				UserGroupInformation ugi =  MiscUtil.getUGILoginUser();
-				if ( ugi != null) {
-					producer = ugi.doAs(action);
-				} else {
-					producer = action.run();
-				}
 				initDone = true;
 			}
 		} catch (Throwable t) {
@@ -123,20 +117,15 @@ public class KafkaAuditProvider extends AuditDestination {
 				// TODO: Add partition key
 				final ProducerRecord<String, String> keyedMessage = new ProducerRecord<String,
String>(
 						topic, message);
-				PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
+
+				MiscUtil.executePrivilegedAction(new PrivilegedAction<Void>() {
 					@Override
 					public Void run(){
 						producer.send(keyedMessage);
 						return null;
 					};
-				};
+				});
 
-				UserGroupInformation ugi =  MiscUtil.getUGILoginUser();
-				if ( ugi != null) {
-					ugi.doAs(action);
-				} else {
-					action.run();
-				}
 			} else {
 				LOG.info("AUDIT LOG (Kafka Down):" + message);
 			}
@@ -183,20 +172,13 @@ public class KafkaAuditProvider extends AuditDestination {
 		LOG.info("stop() called");
 		if (producer != null) {
 			try {
-				PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>()
{
+				MiscUtil.executePrivilegedAction(new PrivilegedAction<Void>() {
 					@Override
-					public Void run() throws Exception{
+					public Void run() {
 						producer.close();
 						return null;
 					};
-				};
-				MiscUtil.getUGILoginUser().doAs(action);
-				UserGroupInformation ugi =  MiscUtil.getUGILoginUser();
-				if ( ugi != null) {
-					ugi.doAs(action);
-				} else {
-					action.run();
-				}
+				});
 			} catch (Throwable t) {
 				LOG.error("Error closing Kafka producer");
 			}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22259e9d/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
index 8a2bfb6..881d899 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
@@ -93,19 +93,14 @@ public class SolrAuditProvider extends AuditDestination {
 
 					try {
 						// TODO: Need to support SolrCloud also
-						PrivilegedExceptionAction<SolrClient> action = new PrivilegedExceptionAction<SolrClient>()
{
+						solrClient = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<SolrClient>()
{
 							@Override
 							public SolrClient run()  throws Exception {
 								SolrClient solrClient = new HttpSolrClient(solrURL);
 								return solrClient;
 							};
-						};
-						UserGroupInformation ugi = MiscUtil.getUGILoginUser();
-						if (ugi != null) {
-							solrClient = ugi.doAs(action);
-						} else {
-							solrClient = action.run();
-						}
+						});
+
 						me = solrClient;
 						if (solrClient instanceof HttpSolrClient) {
 							HttpSolrClient httpSolrClient = (HttpSolrClient) solrClient;
@@ -173,20 +168,14 @@ public class SolrAuditProvider extends AuditDestination {
 			}
 			// Convert AuditEventBase to Solr document
 			final SolrInputDocument document = toSolrDoc(authzEvent);
-			UpdateResponse response = null;
-			PrivilegedExceptionAction<UpdateResponse> action = new PrivilegedExceptionAction<UpdateResponse>()
{
+			final UpdateResponse response = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<UpdateResponse>()
{
 				@Override
 				public UpdateResponse run()  throws Exception {
 					UpdateResponse response = solrClient.add(document);
 					return response;
 				};
-			};
-			UserGroupInformation ugi = MiscUtil.getUGILoginUser();
-			if (ugi != null) {
-				response = ugi.doAs(action);
-			} else {
-				response = action.run();
-			}
+			});
+
 			if (response.getStatus() != 0) {
 				lastFailTime = System.currentTimeMillis();
 


Mime
View raw message