diff --git a/internal/pkg/rbac/ranger/client.go b/internal/pkg/rbac/ranger/client.go index 3acc584..5029b74 100644 --- a/internal/pkg/rbac/ranger/client.go +++ b/internal/pkg/rbac/ranger/client.go @@ -9,6 +9,8 @@ import ( "net/http" "strings" "time" + + "github.com/hladush/go-telemetry/pkg/telemetry" ) const ( @@ -16,6 +18,10 @@ const ( getServicePoliciesEndpoint = `/service/public/v2/api/service/%s/policy` ) +var ( + executeRequestMethod = telemetry.NewMethod("ranger_execute_request", "heimdall") +) + //go:generate go run github.com/vektra/mockery/v2@v2.53.4 --name=Client --output=./mocks --outpkg=mocks type Client interface { GetUsers() (map[string]*User, error) @@ -128,13 +134,18 @@ func (c *client) createRequest(method, endpoint string, reqBody interface{}) (*h } func (c *client) executeRequest(method string, endpoint string, v interface{}, reqBody interface{}) error { + executeRequestMethod.CountRequest() + defer executeRequestMethod.RecordLatency(time.Now()) + req, err := c.createRequest(method, endpoint, reqBody) if err != nil { + executeRequestMethod.CountError() return err } resp, err := c.client.Do(req) if err != nil { + executeRequestMethod.CountError() return err } defer resp.Body.Close() @@ -147,9 +158,12 @@ func (c *client) executeRequest(method string, endpoint string, v interface{}, r return nil } + executeRequestMethod.CountError() return fmt.Errorf("request to %s failed with status %s\n%s", req.URL.String(), resp.Status, bodyString) } + executeRequestMethod.CountSuccess() + vals, _ := io.ReadAll(resp.Body) resp.Body = io.NopCloser(bytes.NewReader(vals)) if v != nil { @@ -161,6 +175,9 @@ func (c *client) executeRequest(method string, endpoint string, v interface{}, r // executeBatchRequest performs paginated API requests and returns all aggregated results func (c *client) executeBatchRequest(method string, endpoint string) ([]getResponse, error) { + executeRequestMethod.CountRequest("batch") + defer executeRequestMethod.RecordLatency(time.Now(), "batch") + results := make([]getResponse, 500) pageSize := 500 startIndex := 0 @@ -188,4 +205,4 @@ func (c *client) executeBatchRequest(method string, endpoint string) ([]getRespo } return results, nil -} \ No newline at end of file +} diff --git a/internal/pkg/rbac/ranger/ranger.go b/internal/pkg/rbac/ranger/ranger.go index 7c4eb79..24ad26d 100644 --- a/internal/pkg/rbac/ranger/ranger.go +++ b/internal/pkg/rbac/ranger/ranger.go @@ -110,7 +110,6 @@ func (r *Ranger) HasAccess(user string, query string) (bool, error) { return true, nil } - func (r *Ranger) SyncState() error { // receive all policies from ranger policies, err := r.Client.GetPolicies(r.ServiceName) diff --git a/internal/pkg/rbac/ranger/tests/group_policy_test.go b/internal/pkg/rbac/ranger/tests/group_policy_test.go index 6bc1efc..36e71fa 100644 --- a/internal/pkg/rbac/ranger/tests/group_policy_test.go +++ b/internal/pkg/rbac/ranger/tests/group_policy_test.go @@ -206,15 +206,15 @@ func getDefaultGroupAllowPolicy(accessType []string) *ranger.Policy { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -243,15 +243,15 @@ func getDefaultAllActionsGroupPolicyWithExcludeForDefaultGroup(excludeAccess []s PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -289,15 +289,15 @@ func getAllowAllPolicyWithDenyForGroup(denyAccess []string) []*ranger.Policy { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -336,15 +336,15 @@ func getAllowAllPolicyWithDenyAndExceptionForGroup(denyAccess, exceptionAccess [ PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -382,4 +382,4 @@ func getAllowAllPolicyWithDenyAndExceptionForGroup(denyAccess, exceptionAccess [ }, }, } -} \ No newline at end of file +} diff --git a/internal/pkg/rbac/ranger/tests/ranger_policy_check_test.go b/internal/pkg/rbac/ranger/tests/ranger_policy_check_test.go index 2096bd6..3dda28e 100644 --- a/internal/pkg/rbac/ranger/tests/ranger_policy_check_test.go +++ b/internal/pkg/rbac/ranger/tests/ranger_policy_check_test.go @@ -49,15 +49,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -90,15 +90,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -131,15 +131,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -190,15 +190,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -220,15 +220,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -261,11 +261,11 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, }, @@ -298,15 +298,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"*"}, + RawValues: []string{"*"}, IsExcludes: false, }, }, @@ -339,15 +339,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table_*"}, + RawValues: []string{"table_*"}, IsExcludes: false, }, }, @@ -388,15 +388,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -437,15 +437,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -486,15 +486,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"public"}, + RawValues: []string{"public"}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -543,15 +543,15 @@ func TestRangerPolicyCheck(t *testing.T) { PolicyPriority: 1, Resources: &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{"default_catalog"}, + RawValues: []string{"default_catalog"}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{"internal"}, + RawValues: []string{"internal"}, IsExcludes: true, }, Table: &ranger.ResourceField{ - RawValues: []string{"table1"}, + RawValues: []string{"table1"}, IsExcludes: false, }, }, @@ -749,15 +749,15 @@ func runTests(t *testing.T, tests []testCase) { func createResourceWithExcludeOptionForTable(catalogs, schemas, table string, excludeTable bool) *ranger.Resource { return &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{catalogs}, + RawValues: []string{catalogs}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{schemas}, + RawValues: []string{schemas}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{table}, + RawValues: []string{table}, IsExcludes: excludeTable, }, } @@ -766,15 +766,15 @@ func createResourceWithExcludeOptionForTable(catalogs, schemas, table string, ex func createResourceWithExcludeOptionForSchema(catalog, schema, table string, excludeSchema bool) *ranger.Resource { return &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{catalog}, + RawValues: []string{catalog}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{schema}, + RawValues: []string{schema}, IsExcludes: excludeSchema, }, Table: &ranger.ResourceField{ - RawValues: []string{table}, + RawValues: []string{table}, IsExcludes: false, }, } @@ -783,15 +783,15 @@ func createResourceWithExcludeOptionForSchema(catalog, schema, table string, exc func createResourceWithExcludeOptionForCatalog(catalogs, schemas, tables string, excludeCatalog bool) *ranger.Resource { return &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{catalogs}, + RawValues: []string{catalogs}, IsExcludes: excludeCatalog, }, Schema: &ranger.ResourceField{ - RawValues: []string{schemas}, + RawValues: []string{schemas}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{tables}, + RawValues: []string{tables}, IsExcludes: false, }, } @@ -800,15 +800,15 @@ func createResourceWithExcludeOptionForCatalog(catalogs, schemas, tables string, func createResource(catalogs, schemas, tables string) *ranger.Resource { return &ranger.Resource{ Catalog: &ranger.ResourceField{ - RawValues: []string{catalogs}, + RawValues: []string{catalogs}, IsExcludes: false, }, Schema: &ranger.ResourceField{ - RawValues: []string{schemas}, + RawValues: []string{schemas}, IsExcludes: false, }, Table: &ranger.ResourceField{ - RawValues: []string{tables}, + RawValues: []string{tables}, IsExcludes: false, }, } @@ -844,4 +844,4 @@ func getMockRangerClient(users map[string]*ranger.User, policies []*ranger.Polic m.On("GetUsers").Return(users, nil) m.On("GetPolicies", serviceName).Return(policies, nil) return m -} \ No newline at end of file +} diff --git a/internal/pkg/sql/parser/sql.go b/internal/pkg/sql/parser/sql.go index 7e54a51..ebb83e4 100644 --- a/internal/pkg/sql/parser/sql.go +++ b/internal/pkg/sql/parser/sql.go @@ -50,7 +50,6 @@ type AccessReceiver interface { ParseAccess(sql string) ([]Access, error) } - func (t *TableAccess) QualifiedName() string { return fmt.Sprintf("%s.%s.%s", t.Catalog, t.Schema, t.Table) -} \ No newline at end of file +} diff --git a/internal/pkg/sql/parser/trino/listener.go b/internal/pkg/sql/parser/trino/listener.go index 06cb6c4..27682af 100644 --- a/internal/pkg/sql/parser/trino/listener.go +++ b/internal/pkg/sql/parser/trino/listener.go @@ -1,8 +1,8 @@ package trino import ( - "github.com/patterninc/heimdall/internal/pkg/sql/parser/trino/grammar" "github.com/patterninc/heimdall/internal/pkg/sql/parser" + "github.com/patterninc/heimdall/internal/pkg/sql/parser/trino/grammar" ) type trinoListener struct { diff --git a/internal/pkg/sql/parser/trino/parser.go b/internal/pkg/sql/parser/trino/parser.go index aaf6dd7..caea289 100644 --- a/internal/pkg/sql/parser/trino/parser.go +++ b/internal/pkg/sql/parser/trino/parser.go @@ -1,12 +1,19 @@ package trino import ( + "time" + "github.com/antlr4-go/antlr/v4" - + "github.com/hladush/go-telemetry/pkg/telemetry" + "github.com/patterninc/heimdall/internal/pkg/sql/parser" "github.com/patterninc/heimdall/internal/pkg/sql/parser/trino/grammar" ) +var ( + parseAccessMethod = telemetry.NewMethod("trino_parse_access", "heimdall") +) + type TrinoAccessReceiver struct { defaultCatalog string } @@ -16,6 +23,8 @@ func NewTrinoAccessReceiver(defaultCatalog string) *TrinoAccessReceiver { } func (t *TrinoAccessReceiver) ParseAccess(sql string) ([]parser.Access, error) { + parseAccessMethod.CountRequest() + defer parseAccessMethod.RecordLatency(time.Now()) is := antlr.NewInputStream(sql) lexer := grammar.NewTrinoLexer(is) tokens := antlr.NewCommonTokenStream(lexer, 0) diff --git a/pkg/rbac/rbac.go b/pkg/rbac/rbac.go index 2dc2c6a..53e43fd 100644 --- a/pkg/rbac/rbac.go +++ b/pkg/rbac/rbac.go @@ -4,4 +4,4 @@ type RBAC interface { Init() error HasAccess(user string, query string) (bool, error) GetName() string -} \ No newline at end of file +}