Merge pull request #2709 from atlanhq/accesscontrolv2-nb

Refactorings and metric loggings
atlanhq · Jan 3, 2024 · d9c0c13 · d9c0c13
2 parents 283afec + 55f22b5
commit d9c0c13
Show file tree

Hide file tree

Showing 7 changed files with 74 additions and 37 deletions.
diff --git a/repository/src/main/java/org/apache/atlas/authorizer/AuthorizerUtils.java b/repository/src/main/java/org/apache/atlas/authorizer/AuthorizerUtils.java
@@ -9,6 +9,7 @@
 import org.apache.atlas.model.instance.AtlasEntity;
 import org.apache.atlas.model.instance.AtlasEntityHeader;
 import org.apache.atlas.type.AtlasTypeRegistry;
+import org.apache.atlas.utils.AtlasPerfMetrics;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -24,30 +25,8 @@ public class AuthorizerUtils {
 
     private static final Logger LOG = LoggerFactory.getLogger(AuthorizerUtils.class);
 
-    private EntityDiscoveryService discoveryService;
-    private static AtlasTypeRegistry typeRegistry;
     private static AuthorizerUtils  authorizerUtils;
 
-    public AuthorizerUtils (EntityDiscoveryService discoveryService, AtlasTypeRegistry typeRegistry) {
-        try {
-            this.discoveryService = discoveryService;
-            this.typeRegistry = typeRegistry;
-
-            LOG.info("==> AtlasAuthorization");
-        } catch (Exception e) {
-            LOG.error("==> AtlasAuthorization -> Error!");
-        }
-    }
-
-    public static AuthorizerUtils getInstance(EntityDiscoveryService discoveryService, AtlasTypeRegistry typeRegistry) {
-        synchronized (AuthorizerUtils.class) {
-            if (authorizerUtils == null) {
-                authorizerUtils = new AuthorizerUtils(discoveryService, typeRegistry);
-            }
-            return authorizerUtils;
-        }
-    }
-
     public static void verifyUpdateEntityAccess(AtlasEntityHeader entityHeader) throws AtlasBaseException {
         if (!SKIP_UPDATE_AUTH_CHECK_TYPES.contains(entityHeader.getTypeName())) {
             verifyAccess(entityHeader.getGuid(), AtlasPrivilege.ENTITY_UPDATE.getType());
@@ -61,6 +40,7 @@ public static void verifyDeleteEntityAccess(AtlasEntityHeader entityHeader) thro
     }
 
     public static void verifyEntityCreateAccess(AtlasEntity entity, AtlasPrivilege action) throws AtlasBaseException {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("verifyEntityCreateAccess");
         String userName = AuthorizerCommon.getCurrentUserName();
 
         if (StringUtils.isEmpty(userName) || RequestContext.get().isImportInProgress()) {
@@ -76,10 +56,13 @@ public static void verifyEntityCreateAccess(AtlasEntity entity, AtlasPrivilege a
             }
         } catch (AtlasBaseException e) {
             throw e;
+        } finally {
+            RequestContext.get().endMetricRecord(recorder);
         }
     }
 
     public static void verifyAccess(String guid, String action) throws AtlasBaseException {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("verifyAccess");
         String userName = AuthorizerCommon.getCurrentUserName();
 
         if (StringUtils.isEmpty(userName) || RequestContext.get().isImportInProgress()) {
@@ -92,10 +75,13 @@ public static void verifyAccess(String guid, String action) throws AtlasBaseExce
             }
         } catch (AtlasBaseException e) {
             throw e;
+        } finally {
+            RequestContext.get().endMetricRecord(recorder);
         }
     }
 
     public static void verifyAccessForEvaluator(String entityTypeName, String entityQualifiedName, String action) throws AtlasBaseException {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("verifyAccessForEvaluator");
         String userName = AuthorizerCommon.getCurrentUserName();
 
         if (StringUtils.isEmpty(userName) || RequestContext.get().isImportInProgress()) {
@@ -108,10 +94,13 @@ public static void verifyAccessForEvaluator(String entityTypeName, String entity
             }
         } catch (AtlasBaseException e) {
             throw e;
+        } finally {
+            RequestContext.get().endMetricRecord(recorder);
         }
     }
 
     public static void verifyRelationshipAccess(String action, String endOneGuid, String endTwoGuid) throws AtlasBaseException {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("verifyRelationshipAccess");
         String userName = AuthorizerCommon.getCurrentUserName();
 
         if (StringUtils.isEmpty(userName) || RequestContext.get().isImportInProgress()) {
@@ -124,10 +113,13 @@ public static void verifyRelationshipAccess(String action, String endOneGuid, St
             }
         } catch (AtlasBaseException e) {
             throw e;
+        } finally {
+            RequestContext.get().endMetricRecord(recorder);
         }
     }
 
     public static void verifyRelationshipCreateAccess(String action, String relationshipType, AtlasEntityHeader endOneEntity, AtlasEntityHeader endTwoEntity) throws AtlasBaseException {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("verifyRelationshipCreateAccess");
         String userName = AuthorizerCommon.getCurrentUserName();
 
         if (StringUtils.isEmpty(userName) || RequestContext.get().isImportInProgress()) {
@@ -141,6 +133,8 @@ public static void verifyRelationshipCreateAccess(String action, String relation
             }
         } catch (AtlasBaseException e) {
             throw e;
+        } finally {
+            RequestContext.get().endMetricRecord(recorder);
         }
     }
 

diff --git a/repository/src/main/java/org/apache/atlas/authorizer/EntityAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/EntityAuthorizer.java
@@ -49,6 +49,7 @@ public static boolean isAccessAllowedInMemory(AtlasEntity entity, String action)
     }
 
     public static boolean isAccessAllowedInMemory(AtlasEntity entity, String action, String policyType) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("isAccessAllowedInMemory."+policyType);
         List<RangerPolicy> policies = PoliciesStore.getRelevantPolicies(null, null, "atlas_abac", Arrays.asList(action), policyType);
         List<String> filterCriteriaList = new ArrayList<>();
         for (RangerPolicy policy : policies) {
@@ -88,10 +89,12 @@ public static boolean isAccessAllowedInMemory(AtlasEntity entity, String action,
             ret = validateResourcesForCreateEntityInMemory(tagPolicies, entity);
         }
 
+        RequestContext.get().endMetricRecord(recorder);
         return ret;
     }
 
     private static boolean validateResourcesForCreateEntityInMemory(List<RangerPolicy> resourcePolicies, AtlasEntity entity) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("validateResourcesForCreateEntityInMemory");
         RangerPolicy matchedPolicy = null;
         Set<String> entityTypes = AuthorizerCommon.getTypeAndSupertypesList(entity.getTypeName());
 
@@ -186,11 +189,12 @@ private static boolean validateResourcesForCreateEntityInMemory(List<RangerPolic
             }
         }
 
+        RequestContext.get().endMetricRecord(recorder);
         return false;
     }
 
     public static boolean validateFilterCriteriaWithEntity(JsonNode data, AtlasEntity entity) {
-        AtlasPerfMetrics.MetricRecorder convertJsonToQueryMetrics = RequestContext.get().startMetricRecord("validateFilterCriteriaWithEntity");
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("validateFilterCriteriaWithEntity");
         String condition = data.get("condition").asText();
         JsonNode criterion = data.get("criterion");
 
@@ -226,11 +230,12 @@ public static boolean validateFilterCriteriaWithEntity(JsonNode data, AtlasEntit
             }
         }
 
-        RequestContext.get().endMetricRecord(convertJsonToQueryMetrics);
+        RequestContext.get().endMetricRecord(recorder);
         return result;
     }
 
     private static boolean evaluateFilterCriteria(JsonNode crit, AtlasEntity entity, Set<String> assetTypes) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("evaluateFilterCriteria");
         String operator = crit.get("operator").asText();
         String attributeName = crit.get("attributeName").asText();
         String attributeValue = crit.get("attributeValue").asText();
@@ -345,10 +350,12 @@ private static boolean evaluateFilterCriteria(JsonNode crit, AtlasEntity entity,
             default: LOG.warn("Found unknown operator {}", operator);
         }
 
+        RequestContext.get().endMetricRecord(recorder);
         return false;
     }
 
     public static boolean isAccessAllowed(String guid, String action) throws AtlasBaseException {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("EntityAuthorizer.isAccessAllowed");
         if (guid == null) {
             return false;
         }
@@ -370,6 +377,8 @@ public static boolean isAccessAllowed(String guid, String action) throws AtlasBa
         if (count != null && count > 0) {
             return true;
         }
+
+        RequestContext.get().endMetricRecord(recorder);
         return false;
     }
 
@@ -398,6 +407,7 @@ public static boolean isAccessAllowedEvaluator(String entityTypeName, String ent
     }
 
     public static Map<String, Object> getElasticsearchDSL(String persona, String purpose, List<String> actions) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("EntityAuthorizer.getElasticsearchDSL");
         Map<String, Object> allowDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, POLICY_TYPE_ALLOW);
         Map<String, Object> denyDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, POLICY_TYPE_DENY);
         Map<String, Object> finaDsl = new HashMap<>();
@@ -407,10 +417,12 @@ public static Map<String, Object> getElasticsearchDSL(String persona, String pur
         if (denyDsl != null) {
             finaDsl.put("must_not", denyDsl);
         }
+        RequestContext.get().endMetricRecord(recorder);
         return getMap("bool", finaDsl);
     }
 
     private static Integer getCountFromElasticsearch(String query) throws AtlasBaseException {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("EntityAuthorizer.getCountFromElasticsearch");
         RestClient restClient = getLowLevelClient();
         AtlasElasticsearchQuery elasticsearchQuery = new AtlasElasticsearchQuery("janusgraph_vertex_index", restClient);
         Map<String, Object> elasticsearchResult = null;
@@ -419,6 +431,7 @@ private static Integer getCountFromElasticsearch(String query) throws AtlasBaseE
         if (elasticsearchResult!=null) {
             count = (Integer) elasticsearchResult.get("total");
         }
+        RequestContext.get().endMetricRecord(recorder);
         return count;
     }
 
@@ -455,6 +468,4 @@ public static Map<String, Object> getElasticsearchDSLForPolicyType(String person
         return getMap("bool", boolClause);
 
     }
-
-
 }
diff --git a/...s/discovery/JsonToElasticsearchQuery.java → .../authorizer/JsonToElasticsearchQuery.java b/...s/discovery/JsonToElasticsearchQuery.java → .../authorizer/JsonToElasticsearchQuery.java
@@ -1,4 +1,4 @@
-package org.apache.atlas.discovery;
+package org.apache.atlas.authorizer;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;

diff --git a/repository/src/main/java/org/apache/atlas/authorizer/ListAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/ListAuthorizer.java
@@ -3,8 +3,9 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.atlas.discovery.JsonToElasticsearchQuery;
+import org.apache.atlas.RequestContext;
 import org.apache.atlas.plugin.model.RangerPolicy;
+import org.apache.atlas.utils.AtlasPerfMetrics;
 
 import java.util.*;
 
@@ -13,6 +14,7 @@
 public class ListAuthorizer {
 
     public static Map<String, Object> getElasticsearchDSL(String persona, String purpose, List<String> actions) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("ListAuthorizer.getElasticsearchDSL");
         Map<String, Object> allowDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, POLICY_TYPE_ALLOW);
         Map<String, Object> denyDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, POLICY_TYPE_DENY);
         Map<String, Object> finaDsl = new HashMap<>();
@@ -22,10 +24,13 @@ public static Map<String, Object> getElasticsearchDSL(String persona, String pur
         if (denyDsl != null) {
             finaDsl.put("must_not", denyDsl);
         }
+
+        RequestContext.get().endMetricRecord(recorder);
         return getMap("bool", finaDsl);
     }
 
     public static Map<String, Object> getElasticsearchDSLForPolicyType(String persona, String purpose, List<String> actions, String policyType) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("ListAuthorizer.getElasticsearchDSLForPolicyType."+ policyType);
         List<RangerPolicy> resourcePolicies = PoliciesStore.getRelevantPolicies(persona, purpose, "atlas", actions, policyType);
         List<Map<String, Object>> resourcePoliciesClauses = getDSLForResourcePolicies(resourcePolicies);
 
@@ -55,8 +60,8 @@ public static Map<String, Object> getElasticsearchDSLForPolicyType(String person
             boolClause.put("minimum_should_match", 1);
         }
 
+        RequestContext.get().endMetricRecord(recorder);
         return getMap("bool", boolClause);
-
     }
 
     public static List<Map<String, Object>> getDSLForResourcePolicies(List<RangerPolicy> policies) {

diff --git a/repository/src/main/java/org/apache/atlas/authorizer/PoliciesStore.java b/repository/src/main/java/org/apache/atlas/authorizer/PoliciesStore.java
@@ -1,8 +1,10 @@
 package org.apache.atlas.authorizer;
 
+import org.apache.atlas.RequestContext;
 import org.apache.atlas.plugin.model.RangerPolicy;
 import org.apache.atlas.plugin.util.RangerRoles;
 import org.apache.atlas.plugin.util.RangerUserStore;
+import org.apache.atlas.utils.AtlasPerfMetrics;
 import org.apache.commons.collections.CollectionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -54,6 +56,7 @@ private static List<RangerPolicy> getAbacPolicies() {
     }
 
     public static List<RangerPolicy> getRelevantPolicies(String persona, String purpose, String serviceName, List<String> actions, String policyType) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getRelevantPolicies");
         String policyQualifiedNamePrefix = null;
         if (persona != null && !persona.isEmpty()) {
             policyQualifiedNamePrefix = persona;
@@ -85,11 +88,13 @@ public static List<RangerPolicy> getRelevantPolicies(String persona, String purp
             policies = getFilteredPoliciesForUser(policies, user, groups, roles, policyType);
             policies = getFilteredPoliciesForActions(policies, actions, policyType);
         }
-        return policies;
 
+        RequestContext.get().endMetricRecord(recorder);
+        return policies;
     }
 
     static List<RangerPolicy> getFilteredPoliciesForQualifiedName(List<RangerPolicy> policies, String qualifiedNamePrefix) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForQualifiedName");
         if (qualifiedNamePrefix != null && !qualifiedNamePrefix.isEmpty()) {
             List<RangerPolicy> filteredPolicies = new ArrayList<>();
             for(RangerPolicy policy : policies) {
@@ -99,10 +104,13 @@ static List<RangerPolicy> getFilteredPoliciesForQualifiedName(List<RangerPolicy>
             }
             return filteredPolicies;
         }
+
+        RequestContext.get().endMetricRecord(recorder);
         return policies;
     }
 
     private static List<RangerPolicy> getFilteredPoliciesForActions(List<RangerPolicy> policies, List<String> actions, String type) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForActions");
         List<RangerPolicy> filteredPolicies = new ArrayList<>();
         for(RangerPolicy policy : policies) {
             RangerPolicy.RangerPolicyItem policyItem = null;
@@ -123,10 +131,14 @@ private static List<RangerPolicy> getFilteredPoliciesForActions(List<RangerPolic
                 }
             }
         }
+
+        RequestContext.get().endMetricRecord(recorder);
         return filteredPolicies;
     }
 
     private static List<RangerPolicy> getFilteredPoliciesForUser(List<RangerPolicy> policies, String user, List<String> groups, List<String> roles, String type) {
+        AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForUser");
+
         List<RangerPolicy> filterPolicies = new ArrayList<>();
         for(RangerPolicy policy : policies) {
             RangerPolicy.RangerPolicyItem policyItem = null;
@@ -147,6 +159,8 @@ private static List<RangerPolicy> getFilteredPoliciesForUser(List<RangerPolicy>
                 }
             }
         }
+
+        RequestContext.get().endMetricRecord(recorder);
         return filterPolicies;
     }
 }