tessl/maven-org-apache-ranger--ranger-plugins-common
Common library for Apache Ranger plugins providing shared functionality, models, and utilities for security policy enforcement across various big data components.
—
Pending
admin-client.mddocs/
Admin Client
Client interface for communicating with Ranger Admin server to retrieve policies, roles, service definitions, and perform administrative operations like granting and revoking access permissions.
Capabilities
RangerAdminClient
Main interface for communicating with Ranger Admin server.
/**
* Interface for communicating with Ranger Admin server
*/
public interface RangerAdminClient {
/**
* Initialize the admin client
* @param serviceName - Name of the service
* @param appId - Application identifier
* @param configPropertyPrefix - Configuration property prefix
* @param config - Hadoop configuration
*/
void init(String serviceName, String appId, String configPropertyPrefix, Configuration config);
/**
* Get service policies if updated since last known version
* @param lastKnownVersion - Last known policy version
* @param lastActivationTimeInMillis - Last activation time
* @return Service policies if updated, null otherwise
* @throws Exception if communication fails
*/
ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception;
/**
* Get roles if updated since last known version
* @param lastKnownRoleVersion - Last known role version
* @param lastActivationTimeInMillis - Last activation time
* @return Ranger roles if updated, null otherwise
* @throws Exception if communication fails
*/
RangerRoles getRolesIfUpdated(long lastKnownRoleVersion, long lastActivationTimeInMillis) throws Exception;
/**
* Create a new role
* @param request - Role creation request
* @return Created role
* @throws Exception if creation fails
*/
RangerRole createRole(RangerRole request) throws Exception;
/**
* Drop an existing role
* @param execUser - Executing user
* @param roleName - Name of role to drop
* @throws Exception if drop fails
*/
void dropRole(String execUser, String roleName) throws Exception;
/**
* Get all roles
* @param execUser - Executing user
* @return List of all role names
* @throws Exception if retrieval fails
*/
List<String> getAllRoles(String execUser) throws Exception;
/**
* Get roles for a specific user
* @param execUser - User to get roles for
* @return List of role names for the user
* @throws Exception if retrieval fails
*/
List<String> getUserRoles(String execUser) throws Exception;
/**
* Get a specific role
* @param execUser - Executing user
* @param roleName - Name of role to retrieve
* @return Role information
* @throws Exception if retrieval fails
*/
RangerRole getRole(String execUser, String roleName) throws Exception;
/**
* Grant a role to users/groups
* @param request - Role grant request
* @throws Exception if grant fails
*/
void grantRole(GrantRevokeRoleRequest request) throws Exception;
/**
* Revoke a role from users/groups
* @param request - Role revoke request
* @throws Exception if revoke fails
*/
void revokeRole(GrantRevokeRoleRequest request) throws Exception;
/**
* Grant access permissions
* @param request - Access grant request
* @throws Exception if grant fails
*/
void grantAccess(GrantRevokeRequest request) throws Exception;
/**
* Revoke access permissions
* @param request - Access revoke request
* @throws Exception if revoke fails
*/
void revokeAccess(GrantRevokeRequest request) throws Exception;
/**
* Get service tags if updated since last known version
* @param lastKnownVersion - Last known tag version
* @param lastActivationTimeInMillis - Last activation time
* @return Service tags if updated, null otherwise
* @throws Exception if retrieval fails
*/
ServiceTags getServiceTagsIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception;
/**
* Get tag types matching a pattern
* @param tagTypePattern - Pattern to match tag types
* @return List of matching tag type names
* @throws Exception if retrieval fails
*/
List<String> getTagTypes(String tagTypePattern) throws Exception;
/**
* Get user store if updated since last known version
* @param lastKnownUserStoreVersion - Last known user store version
* @param lastActivationTimeInMillis - Last activation time
* @return User store if updated, null otherwise
* @throws Exception if retrieval fails
*/
RangerUserStore getUserStoreIfUpdated(long lastKnownUserStoreVersion, long lastActivationTimeInMillis) throws Exception;
}AbstractRangerAdminClient
Abstract base class providing common admin client functionality.
/**
* Abstract base implementation of RangerAdminClient
*/
public abstract class AbstractRangerAdminClient implements RangerAdminClient {
/**
* Gson instance for JSON processing
*/
protected Gson gson;
/**
* Initialize the admin client
*/
public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config);
/**
* Check if Kerberos is enabled for the user
* @param user - User group information
* @return True if Kerberos is enabled
*/
public boolean isKerberosEnabled(UserGroupInformation user);
// All interface methods with default implementations
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception;
public RangerRoles getRolesIfUpdated(long lastKnownRoleVersion, long lastActivationTimeInMillis) throws Exception;
public RangerRole createRole(RangerRole request) throws Exception;
public void dropRole(String execUser, String roleName) throws Exception;
public List<String> getAllRoles(String execUser) throws Exception;
public List<String> getUserRoles(String execUser) throws Exception;
public RangerRole getRole(String execUser, String roleName) throws Exception;
public void grantRole(GrantRevokeRoleRequest request) throws Exception;
public void revokeRole(GrantRevokeRoleRequest request) throws Exception;
public void grantAccess(GrantRevokeRequest request) throws Exception;
public void revokeAccess(GrantRevokeRequest request) throws Exception;
public ServiceTags getServiceTagsIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception;
public List<String> getTagTypes(String tagTypePattern) throws Exception;
public RangerUserStore getUserStoreIfUpdated(long lastKnownUserStoreVersion, long lastActivationTimeInMillis) throws Exception;
}RangerAdminRESTClient
REST client implementation for communicating with Ranger Admin server.
/**
* REST client implementation for Ranger Admin communication
*/
public class RangerAdminRESTClient extends AbstractRangerAdminClient {
/**
* Initialize the REST client with configuration
* @param serviceName - Name of the service
* @param appId - Application identifier
* @param propertyPrefix - Configuration property prefix
* @param config - Hadoop configuration
*/
public void init(String serviceName, String appId, String propertyPrefix, Configuration config);
}Grant/Revoke Data Types
Data transfer objects for grant and revoke operations.
/**
* Data for grant/revoke operations
*/
public class GrantRevokeData implements java.io.Serializable {
/**
* Default constructor
*/
public GrantRevokeData();
/**
* Get the grantor user
* @return Grantor username
*/
public String getGrantor();
/**
* Set the grantor user
* @param grantor - Grantor username
*/
public void setGrantor(String grantor);
/**
* Get repository name
* @return Repository name
*/
public String getRepositoryName();
/**
* Set repository name
* @param repositoryName - Repository name
*/
public void setRepositoryName(String repositoryName);
/**
* Get repository type
* @return Repository type
*/
public String getRepositoryType();
/**
* Set repository type
* @param repositoryType - Repository type
*/
public void setRepositoryType(String repositoryType);
/**
* Get databases
* @return Databases string
*/
public String getDatabases();
/**
* Set databases
* @param databases - Databases string
*/
public void setDatabases(String databases);
/**
* Get tables
* @return Tables string
*/
public String getTables();
/**
* Set tables
* @param tables - Tables string
*/
public void setTables(String tables);
/**
* Get columns
* @return Columns string
*/
public String getColumns();
/**
* Set columns
* @param columns - Columns string
*/
public void setColumns(String columns);
/**
* Get column families
* @return Column families string
*/
public String getColumnFamilies();
/**
* Set column families
* @param columnFamilies - Column families string
*/
public void setColumnFamilies(String columnFamilies);
/**
* Get permission mappings
* @return List of permission mappings
*/
public List<PermMap> getPermMapList();
/**
* Set permission mappings
* @param permMapList - List of permission mappings
*/
public void setPermMapList(List<PermMap> permMapList);
/**
* Set Hive-specific data
* @param grantor - Grantor user
* @param repositoryName - Repository name
* @param databases - Database names
* @param tables - Table names
* @param columns - Column names
* @param permMap - Permission mapping
*/
public void setHiveData(String grantor, String repositoryName, String databases, String tables, String columns, PermMap permMap);
/**
* Set HBase-specific data
* @param grantor - Grantor user
* @param repositoryName - Repository name
* @param tables - Table names
* @param columns - Column names
* @param columnFamilies - Column family names
* @param permMap - Permission mapping
*/
public void setHBaseData(String grantor, String repositoryName, String tables, String columns, String columnFamilies, PermMap permMap);
/**
* Convert to JSON
* @return JSON string representation
*/
public String toJson();
/**
* Permission mapping class
*/
public static class PermMap implements java.io.Serializable {
/**
* Default constructor
*/
public PermMap();
/**
* Constructor with single user, group, and permission
* @param user - Username
* @param group - Group name
* @param perm - Permission
*/
public PermMap(String user, String group, String perm);
/**
* Constructor with lists of users, groups, and permissions
* @param userList - List of users
* @param groupList - List of groups
* @param permList - List of permissions
*/
public PermMap(List<String> userList, List<String> groupList, List<String> permList);
/**
* Get user list
* @return List of users
*/
public List<String> getUserList();
/**
* Get group list
* @return List of groups
*/
public List<String> getGroupList();
/**
* Get permission list
* @return List of permissions
*/
public List<String> getPermList();
/**
* Add a user
* @param user - Username to add
*/
public void addUser(String user);
/**
* Add a group
* @param group - Group name to add
*/
public void addGroup(String group);
/**
* Add a permission
* @param perm - Permission to add
*/
public void addPerm(String perm);
/**
* Convert to JSON
* @return JSON string representation
*/
public String toJson();
}
}REST Response
Response object for REST operations.
/**
* REST response object
*/
public class RESTResponse implements java.io.Serializable {
/**
* Success status code
*/
public static final int STATUS_SUCCESS = 0;
/**
* Error status code
*/
public static final int STATUS_ERROR = 1;
/**
* Validation error status code
*/
public static final int STATUS_VALIDATION = 2;
/**
* Warning status code
*/
public static final int STATUS_WARN = 3;
/**
* Info status code
*/
public static final int STATUS_INFO = 4;
/**
* Partial success status code
*/
public static final int STATUS_PARTIAL_SUCCESS = 5;
/**
* Maximum response status value
*/
public static final int ResponseStatus_MAX = 5;
/**
* Get HTTP status code
* @return HTTP status code
*/
public int getHttpStatusCode();
/**
* Set HTTP status code
* @param httpStatusCode - HTTP status code
*/
public void setHttpStatusCode(int httpStatusCode);
/**
* Get status code
* @return Status code
*/
public int getStatusCode();
/**
* Set status code
* @param statusCode - Status code
*/
public void setStatusCode(int statusCode);
/**
* Get message description
* @return Message description
*/
public String getMsgDesc();
/**
* Set message description
* @param msgDesc - Message description
*/
public void setMsgDesc(String msgDesc);
/**
* Get message list
* @return List of messages
*/
public List<Message> getMessageList();
/**
* Set message list
* @param messageList - List of messages
*/
public void setMessageList(List<Message> messageList);
/**
* Get combined message
* @return Combined message string
*/
public String getMessage();
/**
* Create REST response from client response
* @param response - Client response
* @return REST response
*/
public static RESTResponse fromClientResponse(ClientResponse response);
/**
* Convert to JSON
* @return JSON string representation
*/
public String toJson();
/**
* Create from JSON
* @param jsonString - JSON string
* @return REST response
*/
public static RESTResponse fromJson(String jsonString);
/**
* Message class for REST responses
*/
public static class Message implements java.io.Serializable {
/**
* Get message name
* @return Message name
*/
public String getName();
/**
* Set message name
* @param name - Message name
*/
public void setName(String name);
/**
* Get resource bundle key
* @return Resource bundle key
*/
public String getRbKey();
/**
* Set resource bundle key
* @param rbKey - Resource bundle key
*/
public void setRbKey(String rbKey);
/**
* Get message text
* @return Message text
*/
public String getMessage();
/**
* Set message text
* @param message - Message text
*/
public void setMessage(String message);
/**
* Get object ID
* @return Object ID
*/
public Long getObjectId();
/**
* Set object ID
* @param objectId - Object ID
*/
public void setObjectId(Long objectId);
/**
* Get field name
* @return Field name
*/
public String getFieldName();
/**
* Set field name
* @param fieldName - Field name
*/
public void setFieldName(String fieldName);
/**
* Convert to JSON
* @return JSON string representation
*/
public String toJson();
}
}Usage Examples:
import org.apache.ranger.admin.client.RangerAdminRESTClient;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.hadoop.conf.Configuration;
// Initialize admin client
RangerAdminRESTClient adminClient = new RangerAdminRESTClient();
Configuration config = new Configuration();
config.set("ranger.plugin.hdfs.service.name", "hdfs-service");
config.set("ranger.plugin.hdfs.policy.rest.url", "http://ranger-admin:6080");
adminClient.init("hdfs-service", "HDFSPlugin", "ranger.plugin.hdfs", config);
// Get policies
long lastKnownVersion = 0;
ServicePolicies policies = adminClient.getServicePoliciesIfUpdated(lastKnownVersion, System.currentTimeMillis());
if (policies != null) {
System.out.println("Retrieved " + policies.getPolicies().size() + " policies");
System.out.println("Policy version: " + policies.getPolicyVersion());
}
// Grant access
GrantRevokeRequest grantRequest = new GrantRevokeRequest();
grantRequest.setGrantor("admin");
grantRequest.setUsers(Set.of("alice", "bob"));
grantRequest.setGroups(Set.of("analysts"));
grantRequest.setAccessTypes(Set.of("read", "write"));
Map<String, String> resource = new HashMap<>();
resource.put("path", "/data/analytics/*");
grantRequest.setResource(resource);
grantRequest.setIsRecursive(true);
try {
adminClient.grantAccess(grantRequest);
System.out.println("Access granted successfully");
} catch (Exception e) {
System.err.println("Failed to grant access: " + e.getMessage());
}
// Revoke access
GrantRevokeRequest revokeRequest = new GrantRevokeRequest();
revokeRequest.setGrantor("admin");
revokeRequest.setUsers(Set.of("alice"));
revokeRequest.setAccessTypes(Set.of("write"));
revokeRequest.setResource(resource);
try {
adminClient.revokeAccess(revokeRequest);
System.out.println("Access revoked successfully");
} catch (Exception e) {
System.err.println("Failed to revoke access: " + e.getMessage());
}
// Get roles
try {
List<String> allRoles = adminClient.getAllRoles("admin");
System.out.println("Available roles: " + allRoles);
List<String> userRoles = adminClient.getUserRoles("alice");
System.out.println("Alice's roles: " + userRoles);
} catch (Exception e) {
System.err.println("Failed to retrieve roles: " + e.getMessage());
}Configuration Properties
Common configuration properties for admin clients:
ranger.plugin.<service>.service.name: Name of the Ranger serviceranger.plugin.<service>.policy.rest.url: URL of Ranger Admin serverranger.plugin.<service>.policy.rest.client.connection.timeoutMs: Connection timeoutranger.plugin.<service>.policy.rest.client.read.timeoutMs: Read timeoutranger.plugin.<service>.policy.pollIntervalMs: Policy refresh interval
Error Handling
Admin client operations can throw exceptions for various reasons:
- Network connectivity issues
- Authentication/authorization failures
- Invalid request parameters
- Server-side errors
Always wrap admin client calls in try-catch blocks and handle exceptions appropriately.
Install with Tessl CLI
npx tessl i tessl/maven-org-apache-ranger--ranger-plugins-common