You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2022/08/17 22:24:26 UTC
[ranger] branch master updated: RANGER-3856: Ranger admin client updated with option to work with non-kerberized server
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new d9f825dab RANGER-3856: Ranger admin client updated with option to work with non-kerberized server
d9f825dab is described below
commit d9f825dab865b05eea0bce1ec2a289e0bcc65659
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Fri Aug 12 09:20:14 2022 -0700
RANGER-3856: Ranger admin client updated with option to work with non-kerberized server
---
.../admin/client/AbstractRangerAdminClient.java | 16 ++++++++++
.../ranger/admin/client/RangerAdminRESTClient.java | 34 +++++++++++-----------
.../admin/client/RangerAdminJersey2RESTClient.java | 14 ++++-----
3 files changed, 40 insertions(+), 24 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
index 1ad5ec01e..a65c18708 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
@@ -22,6 +22,7 @@ package org.apache.ranger.admin.client;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.util.*;
import org.slf4j.Logger;
@@ -34,6 +35,8 @@ public abstract class AbstractRangerAdminClient implements RangerAdminClient {
protected Gson gson;
+ private boolean forceNonKerberos = false;
+
@Override
public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
Gson gson = null;
@@ -45,6 +48,7 @@ public abstract class AbstractRangerAdminClient implements RangerAdminClient {
}
this.gson = gson;
+ this.forceNonKerberos = config.getBoolean(configPropertyPrefix + ".forceNonKerberos", false);
}
@Override
@@ -116,4 +120,16 @@ public abstract class AbstractRangerAdminClient implements RangerAdminClient {
public RangerUserStore getUserStoreIfUpdated(long lastKnownUserStoreVersion, long lastActivationTimeInMillis) throws Exception {
return null;
}
+
+ public boolean isKerberosEnabled(UserGroupInformation user) {
+ final boolean ret;
+
+ if (forceNonKerberos) {
+ ret = false;
+ } else {
+ ret = user != null && UserGroupInformation.isSecurityEnabled() && user.hasKerberosCredentials();
+ }
+
+ return ret;
+ }
}
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index 8edb3cbe8..9cd0fd263 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -184,7 +184,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_CREATE_ROLE;
Map <String, String> queryParams = new HashMap<String, String> ();
@@ -239,7 +239,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
@@ -294,7 +294,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
String emptyString = "";
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_USER_ROLES + execUser;
if (isSecureMode) {
@@ -349,7 +349,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
String emptyString = "";
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_ALL_ROLES;
Map<String, String> queryParams = new HashMap<String, String>();
@@ -407,7 +407,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
RangerRole ret = null;
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_ROLE_INFO + roleName;
Map<String, String> queryParams = new HashMap<String, String>();
@@ -465,7 +465,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_GRANT_ROLE + serviceNameUrlParam;
if (isSecureMode) {
@@ -513,7 +513,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String relativeURL = RangerRESTUtils.REST_URL_SERVICE_REVOKE_ROLE + serviceNameUrlParam;
if (isSecureMode) {
@@ -561,7 +561,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
@@ -613,7 +613,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
@@ -704,7 +704,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
List<String> ret = null;
String emptyString = "";
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(RangerRESTUtils.SERVICE_NAME_PARAM, serviceNameUrlParam);
@@ -755,7 +755,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final RangerUserStore ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final ClientResponse response;
Map<String, String> queryParams = new HashMap<String, String>();
@@ -838,7 +838,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final ServicePolicies ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final ClientResponse response = getRangerAdminPolicyDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED || response.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
@@ -888,7 +888,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final ServicePolicies ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final ClientResponse response = getRangerAdminPolicyDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED || response.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
@@ -1016,7 +1016,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final ServiceTags ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final ClientResponse response = getRangerAdminTagDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
@@ -1070,7 +1070,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final ServiceTags ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final ClientResponse response = getRangerAdminTagDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
@@ -1198,7 +1198,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final RangerRoles ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final ClientResponse response = getRangerRolesDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis, user, isSecureMode);
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED || response.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
@@ -1253,7 +1253,7 @@ public class RangerAdminRESTClient extends AbstractRangerAdminClient {
final RangerRoles ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final ClientResponse response = getRangerRolesDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis, user, isSecureMode);
if (response == null || response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED || response.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index 09f46eb15..e257f34d8 100644
--- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -289,7 +289,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
final RangerUserStore ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final Response response;
Map<String, String> queryParams = new HashMap<String, String>();
@@ -538,7 +538,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
final ServicePolicies ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final Response response = getRangerAdminPolicyDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
int httpResponseCode = response == null ? -1 : response.getStatus();
@@ -604,7 +604,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
final ServicePolicies ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final Response response = getRangerAdminPolicyDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
int httpResponseCode = response == null ? -1 : response.getStatus();
@@ -754,7 +754,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
final ServiceTags ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final Response response = getTagsDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
int httpResponseCode = response == null ? -1 : response.getStatus();
@@ -820,7 +820,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
final ServiceTags ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final Response response = getTagsDownloadResponse(lastKnownVersion, lastActivationTimeInMillis, user, isSecureMode);
int httpResponseCode = response == null ? -1 : response.getStatus();
@@ -968,7 +968,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
final RangerRoles ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final Response response = getRoleDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis, user, isSecureMode);
int httpResponseCode = response == null ? -1 : response.getStatus();
@@ -1034,7 +1034,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
final RangerRoles ret;
final UserGroupInformation user = MiscUtil.getUGILoginUser();
- final boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();
+ final boolean isSecureMode = isKerberosEnabled(user);
final Response response = getRoleDownloadResponse(lastKnownRoleVersion, lastActivationTimeInMillis, user, isSecureMode);
int httpResponseCode = response == null ? -1 : response.getStatus();