RANGER-5529: RangerAuthorizer update to be REST friendly (#890)

Author: mneethiraj

authz-api/src/main/java/org/apache/ranger/authz/api/RangerAuthorizer.java

@@ -28,6 +28,7 @@
 import org.apache.ranger.authz.model.RangerMultiAuthzResult;
 import org.apache.ranger.authz.model.RangerResourceInfo;
 import org.apache.ranger.authz.model.RangerResourcePermissions;
+import org.apache.ranger.authz.model.RangerResourcePermissionsRequest;
 import org.apache.ranger.authz.model.RangerUserInfo;
 
 import java.util.HashMap;
@@ -56,7 +57,7 @@ protected RangerAuthorizer(Properties properties) {
 
     public abstract RangerMultiAuthzResult authorize(RangerMultiAuthzRequest request) throws RangerAuthzException;
 
-    public abstract RangerResourcePermissions getResourcePermissions(RangerResourceInfo resource, RangerAccessContext context) throws RangerAuthzException;
+    public abstract RangerResourcePermissions getResourcePermissions(RangerResourcePermissionsRequest request) throws RangerAuthzException;
 
     protected void validateRequest(RangerAuthzRequest request) throws RangerAuthzException {
         validateUserInfo(request.getUser());
@@ -78,6 +79,11 @@ protected void validateRequest(RangerMultiAuthzRequest request) throws RangerAut
         validateAccessContext(request.getContext());
     }
 
+    protected void validateRequest(RangerResourcePermissionsRequest request) throws RangerAuthzException {
+        validateResourceInfo(request.getResource());
+        validateAccessContext(request.getContext());
+    }
+
     protected void validateUserInfo(RangerUserInfo user) throws RangerAuthzException {
         if (user == null || StringUtils.isBlank(user.getName())) {
             throw new RangerAuthzException(INVALID_REQUEST_USER_INFO_MISSING);

authz-api/src/main/java/org/apache/ranger/authz/model/RangerResourcePermissionsRequest.java

@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authz.model;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+import java.util.Objects;
+
+@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class RangerResourcePermissionsRequest {
+    private String              requestId;
+    private RangerResourceInfo  resource;
+    private RangerAccessContext context;
+
+    public RangerResourcePermissionsRequest() {
+    }
+
+    public RangerResourcePermissionsRequest(RangerResourceInfo resource, RangerAccessContext context) {
+        this(null, resource, context);
+    }
+
+    public RangerResourcePermissionsRequest(String requestId, RangerResourceInfo resource, RangerAccessContext context) {
+        this.requestId = requestId;
+        this.resource  = resource;
+        this.context   = context;
+    }
+
+    public String getRequestId() {
+        return requestId;
+    }
+
+    public void setRequestId(String requestId) {
+        this.requestId = requestId;
+    }
+
+    public RangerResourceInfo getResource() {
+        return resource;
+    }
+
+    public void setResource(RangerResourceInfo resource) {
+        this.resource = resource;
+    }
+
+    public RangerAccessContext getContext() {
+        return context;
+    }
+
+    public void setContext(RangerAccessContext context) {
+        this.context = context;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(requestId, resource, context);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        } else if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+
+        RangerResourcePermissionsRequest that = (RangerResourcePermissionsRequest) o;
+
+        return Objects.equals(requestId, that.requestId) &&
+                Objects.equals(resource, that.resource) &&
+                Objects.equals(context, that.context);
+    }
+
+    @Override
+    public String toString() {
+        return "RangerResourcePermissionsRequest{" +
+                "requestId='" + requestId + '\'' +
+                ", resource=" + resource +
+                ", context=" + context +
+                '}';
+    }
+}

authz-api/src/test/java/org/apache/ranger/authz/DummyAuthorizer.java

@@ -20,13 +20,12 @@
 package org.apache.ranger.authz;
 
 import org.apache.ranger.authz.api.RangerAuthorizer;
-import org.apache.ranger.authz.model.RangerAccessContext;
 import org.apache.ranger.authz.model.RangerAuthzRequest;
 import org.apache.ranger.authz.model.RangerAuthzResult;
 import org.apache.ranger.authz.model.RangerMultiAuthzRequest;
 import org.apache.ranger.authz.model.RangerMultiAuthzResult;
-import org.apache.ranger.authz.model.RangerResourceInfo;
 import org.apache.ranger.authz.model.RangerResourcePermissions;
+import org.apache.ranger.authz.model.RangerResourcePermissionsRequest;
 
 import java.util.Properties;
 
@@ -54,7 +53,7 @@ public RangerMultiAuthzResult authorize(RangerMultiAuthzRequest request) {
     }
 
     @Override
-    public RangerResourcePermissions getResourcePermissions(RangerResourceInfo resource, RangerAccessContext context) {
+    public RangerResourcePermissions getResourcePermissions(RangerResourcePermissionsRequest request) {
         return null;
     }
 }

authz-embedded/src/main/java/org/apache/ranger/authz/embedded/RangerAuthzPlugin.java

@@ -35,8 +35,8 @@
 import org.apache.ranger.authz.model.RangerAuthzResult.PolicyInfo;
 import org.apache.ranger.authz.model.RangerAuthzResult.ResultInfo;
 import org.apache.ranger.authz.model.RangerAuthzResult.RowFilterResult;
-import org.apache.ranger.authz.model.RangerResourceInfo;
 import org.apache.ranger.authz.model.RangerResourcePermissions;
+import org.apache.ranger.authz.model.RangerResourcePermissionsRequest;
 import org.apache.ranger.authz.model.RangerUserInfo;
 import org.apache.ranger.authz.util.RangerResourceNameParser;
 import org.apache.ranger.plugin.model.RangerPolicy;
@@ -64,7 +64,7 @@
 import static org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator.ACCESS_CONDITIONAL;
 import static org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator.ACCESS_DENIED;
 
-public class RangerAuthzPlugin {
+class RangerAuthzPlugin {
     private static final Logger LOG = LoggerFactory.getLogger(RangerAuthzPlugin.class);
 
     private final RangerBasePlugin                      plugin;
@@ -154,15 +154,15 @@ public RangerAuthzResult authorize(RangerAuthzRequest request, RangerAuthzAuditH
         return ret;
     }
 
-    public RangerResourcePermissions getResourcePermissions(RangerResourceInfo resource, RangerAccessContext context) throws RangerAuthzException {
-        RangerResourcePermissions ret     = new RangerResourcePermissions();
-        RangerAccessRequestImpl   request = new RangerAccessRequestImpl();
+    public RangerResourcePermissions getResourcePermissions(RangerResourcePermissionsRequest request) throws RangerAuthzException {
+        RangerResourcePermissions ret = new RangerResourcePermissions();
+        RangerAccessRequestImpl   req = new RangerAccessRequestImpl();
 
-        ret.setResource(resource);
-        request.setResource(getResource(resource.getName(), null));
-        initializeRequest(request, null, context);
+        ret.setResource(request.getResource());
+        req.setResource(getResource(request.getResource().getName(), null));
+        initializeRequest(req, null, request.getContext());
 
-        RangerResourceACLs acls = plugin.getResourceACLs(request);
+        RangerResourceACLs acls = plugin.getResourceACLs(req);
 
         if (acls != null) {
             for (Map.Entry<String, Map<String, RangerResourceACLs.AccessResult>> entry : acls.getUserACLs().entrySet()) {

authz-embedded/src/main/java/org/apache/ranger/authz/embedded/RangerEmbeddedAuthorizer.java

@@ -30,8 +30,8 @@
 import org.apache.ranger.authz.model.RangerAuthzResult.AccessDecision;
 import org.apache.ranger.authz.model.RangerMultiAuthzRequest;
 import org.apache.ranger.authz.model.RangerMultiAuthzResult;
-import org.apache.ranger.authz.model.RangerResourceInfo;
 import org.apache.ranger.authz.model.RangerResourcePermissions;
+import org.apache.ranger.authz.model.RangerResourcePermissionsRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -106,29 +106,29 @@ public RangerMultiAuthzResult authorize(RangerMultiAuthzRequest request) throws
         }
     }
 
-    public RangerAuthzResult authorize(RangerAuthzRequest request, RangerAuthzAuditHandler auditHandler) throws RangerAuthzException {
+    @Override
+    public RangerResourcePermissions getResourcePermissions(RangerResourcePermissionsRequest request) throws RangerAuthzException {
         validateRequest(request);
 
         RangerAuthzPlugin plugin = getOrCreatePlugin(request.getContext().getServiceName(), request.getContext().getServiceType());
 
-        return authorize(request, plugin, auditHandler);
+        return plugin.getResourcePermissions(request);
     }
 
-    public RangerMultiAuthzResult authorize(RangerMultiAuthzRequest request, RangerAuthzAuditHandler auditHandler) throws RangerAuthzException {
+    public RangerAuthzResult authorize(RangerAuthzRequest request, RangerAuthzAuditHandler auditHandler) throws RangerAuthzException {
         validateRequest(request);
 
         RangerAuthzPlugin plugin = getOrCreatePlugin(request.getContext().getServiceName(), request.getContext().getServiceType());
 
         return authorize(request, plugin, auditHandler);
     }
 
-    @Override
-    public RangerResourcePermissions getResourcePermissions(RangerResourceInfo resource, RangerAccessContext context) throws RangerAuthzException {
-        validateAccessContext(context);
+    public RangerMultiAuthzResult authorize(RangerMultiAuthzRequest request, RangerAuthzAuditHandler auditHandler) throws RangerAuthzException {
+        validateRequest(request);
 
-        RangerAuthzPlugin plugin = getOrCreatePlugin(context.getServiceName(), context.getServiceType());
+        RangerAuthzPlugin plugin = getOrCreatePlugin(request.getContext().getServiceName(), request.getContext().getServiceType());
 
-        return plugin.getResourcePermissions(resource, context);
+        return authorize(request, plugin, auditHandler);
     }
 
     @Override

authz-embedded/src/test/java/org/apache/ranger/authz/embedded/TestEmbeddedAuthorizer.java

@@ -30,6 +30,7 @@
 import org.apache.ranger.authz.model.RangerMultiAuthzResult;
 import org.apache.ranger.authz.model.RangerResourceInfo;
 import org.apache.ranger.authz.model.RangerResourcePermissions;
+import org.apache.ranger.authz.model.RangerResourcePermissionsRequest;
 import org.junit.jupiter.api.Test;
 
 import java.io.InputStream;
@@ -86,7 +87,7 @@ private void runResourcePermissionsTest(String testName) throws Exception {
                     continue;
                 }
 
-                RangerResourcePermissions permissions = authorizer.getResourcePermissions(test.resource, test.context);
+                RangerResourcePermissions permissions = authorizer.getResourcePermissions(new RangerResourcePermissionsRequest(test.resource, test.context));
 
                 assertEquals(test.permissions, permissions, "Resource permissions do not match for resource=" + test.resource);
             }