You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2017/07/03 19:19:41 UTC
Review Request 60627: ATLAS-1906 :- Atlas client should support
setting hadoop-jwt token in header
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60627/
-----------------------------------------------------------
Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, Sarath Subramanian, and Hemanth Yamijala.
Bugs: ATLAS-1906
https://issues.apache.org/jira/browse/ATLAS-1906
Repository: atlas
Description
-------
This patch adds support to AtlasClient(Rest) to add Knox SSO Cookie as authentication header for Atlas.
Currently Atlas Client supports UGI & Basic Auth, as part of this jira i will overload the Atlas Client constructor to support Knox SSO cookie by adding below constructor.
AtlasClient(atlasURL, cookieName, CookieValue, path, domain);
AtlasClient(atlasURL, Cookie);
Diffs
-----
client/src/main/java/org/apache/atlas/AtlasAdminClient.java b61b2bf
client/src/main/java/org/apache/atlas/AtlasBaseClient.java 98da51e
client/src/main/java/org/apache/atlas/AtlasClient.java ec482da
client/src/main/java/org/apache/atlas/AtlasClientV2.java 7e287e7
common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java 09d8085
Diff: https://reviews.apache.org/r/60627/diff/1/
Testing
-------
Unit test cases are running fine using mvn clean install.
Ran Quick Start and Atlas admin script using the new Atlasclient Constructor.
AltasClient(atlasUrl, new Cookie("hadoop-jwt" , "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IktOT1hTU08iLCJleHAiOjE1MDE5NzUzNTV9.K7lTaXniXJtrdkXAG_k7MwhWpL363NPC75fA4hvY7ilNXCOr-_gVV-ZLndVxMGFmbSl-cLHv3ormDH2W2hvUQhUDvXg3QN5iQGlEoVDPjO6O1yoNnMBW0VgVhAbSimRQ5NTMgAF09gkTsPIfG8Qhu2kcvkKEMFOfcsDyrKn2cRM");
Thanks,
Nixon Rodrigues
Re: Review Request 60627: ATLAS-1906 :- Atlas client should support
setting hadoop-jwt token in header
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60627/
-----------------------------------------------------------
(Updated July 6, 2017, 8:12 a.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, Sarath Subramanian, and Hemanth Yamijala.
Changes
-------
This patch includes changes to handle review comments from David & Apoorv.
Bugs: ATLAS-1906
https://issues.apache.org/jira/browse/ATLAS-1906
Repository: atlas
Description
-------
This patch adds support to AtlasClient(Rest) to add Knox SSO Cookie as authentication header for Atlas.
Currently Atlas Client supports UGI & Basic Auth, as part of this jira i will overload the Atlas Client constructor to support Knox SSO cookie by adding below constructor.
AtlasClient(atlasURL, cookieName, CookieValue, path, domain);
AtlasClient(atlasURL, Cookie);
Diffs (updated)
-----
client/src/main/java/org/apache/atlas/AtlasAdminClient.java b61b2bf
client/src/main/java/org/apache/atlas/AtlasBaseClient.java 98da51e
client/src/main/java/org/apache/atlas/AtlasClient.java ec482da
client/src/main/java/org/apache/atlas/AtlasClientV2.java 7e287e7
Diff: https://reviews.apache.org/r/60627/diff/4/
Changes: https://reviews.apache.org/r/60627/diff/3-4/
Testing
-------
Unit test cases are running fine using mvn clean install.
Ran Quick Start and Atlas admin script using the new Atlasclient Constructor.
AltasClient(atlasUrl, new Cookie("hadoop-jwt" , "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IktOT1hTU08iLCJleHAiOjE1MDE5NzUzNTV9.K7lTaXniXJtrdkXAG_k7MwhWpL363NPC75fA4hvY7ilNXCOr-_gVV-ZLndVxMGFmbSl-cLHv3ormDH2W2hvUQhUDvXg3QN5iQGlEoVDPjO6O1yoNnMBW0VgVhAbSimRQ5NTMgAF09gkTsPIfG8Qhu2kcvkKEMFOfcsDyrKn2cRM");
Thanks,
Nixon Rodrigues
Re: Review Request 60627: ATLAS-1906 :- Atlas client should support
setting hadoop-jwt token in header
Posted by Ashwin Rajeev <ar...@hortonworks.com>.
> On July 5, 2017, 5:45 p.m., Apoorv Naik wrote:
> > client/src/main/java/org/apache/atlas/AtlasBaseClient.java
> > Lines 111 (patched)
> > <https://reviews.apache.org/r/60627/diff/3/?file=1769556#file1769556line111>
> >
> > Should we make this more generic so that a non-hadoop ecosytem can also benefit for such a use case ?
+1
- Ashwin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60627/#review179662
-----------------------------------------------------------
On July 5, 2017, 2:37 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60627/
> -----------------------------------------------------------
>
> (Updated July 5, 2017, 2:37 p.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, Sarath Subramanian, and Hemanth Yamijala.
>
>
> Bugs: ATLAS-1906
> https://issues.apache.org/jira/browse/ATLAS-1906
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch adds support to AtlasClient(Rest) to add Knox SSO Cookie as authentication header for Atlas.
>
> Currently Atlas Client supports UGI & Basic Auth, as part of this jira i will overload the Atlas Client constructor to support Knox SSO cookie by adding below constructor.
>
> AtlasClient(atlasURL, cookieName, CookieValue, path, domain);
> AtlasClient(atlasURL, Cookie);
>
>
> Diffs
> -----
>
> client/src/main/java/org/apache/atlas/AtlasAdminClient.java b61b2bf
> client/src/main/java/org/apache/atlas/AtlasBaseClient.java 98da51e
> client/src/main/java/org/apache/atlas/AtlasClient.java ec482da
> client/src/main/java/org/apache/atlas/AtlasClientV2.java 7e287e7
> common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java 09d8085
>
>
> Diff: https://reviews.apache.org/r/60627/diff/3/
>
>
> Testing
> -------
>
> Unit test cases are running fine using mvn clean install.
> Ran Quick Start and Atlas admin script using the new Atlasclient Constructor.
>
> AltasClient(atlasUrl, new Cookie("hadoop-jwt" , "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IktOT1hTU08iLCJleHAiOjE1MDE5NzUzNTV9.K7lTaXniXJtrdkXAG_k7MwhWpL363NPC75fA4hvY7ilNXCOr-_gVV-ZLndVxMGFmbSl-cLHv3ormDH2W2hvUQhUDvXg3QN5iQGlEoVDPjO6O1yoNnMBW0VgVhAbSimRQ5NTMgAF09gkTsPIfG8Qhu2kcvkKEMFOfcsDyrKn2cRM");
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 60627: ATLAS-1906 :- Atlas client should support
setting hadoop-jwt token in header
Posted by Apoorv Naik <na...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60627/#review179662
-----------------------------------------------------------
client/src/main/java/org/apache/atlas/AtlasBaseClient.java
Lines 111 (patched)
<https://reviews.apache.org/r/60627/#comment254471>
Should we make this more generic so that a non-hadoop ecosytem can also benefit for such a use case ?
common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
Lines 46 (patched)
<https://reviews.apache.org/r/60627/#comment254476>
Does it make sense to add a check in the callAPI to maybe log a warning if knox is enabled and no cookie is set ?
Also where is **isKnoxSsoEnabled** used ?
- Apoorv Naik
On July 5, 2017, 2:37 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60627/
> -----------------------------------------------------------
>
> (Updated July 5, 2017, 2:37 p.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, Sarath Subramanian, and Hemanth Yamijala.
>
>
> Bugs: ATLAS-1906
> https://issues.apache.org/jira/browse/ATLAS-1906
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch adds support to AtlasClient(Rest) to add Knox SSO Cookie as authentication header for Atlas.
>
> Currently Atlas Client supports UGI & Basic Auth, as part of this jira i will overload the Atlas Client constructor to support Knox SSO cookie by adding below constructor.
>
> AtlasClient(atlasURL, cookieName, CookieValue, path, domain);
> AtlasClient(atlasURL, Cookie);
>
>
> Diffs
> -----
>
> client/src/main/java/org/apache/atlas/AtlasAdminClient.java b61b2bf
> client/src/main/java/org/apache/atlas/AtlasBaseClient.java 98da51e
> client/src/main/java/org/apache/atlas/AtlasClient.java ec482da
> client/src/main/java/org/apache/atlas/AtlasClientV2.java 7e287e7
> common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java 09d8085
>
>
> Diff: https://reviews.apache.org/r/60627/diff/3/
>
>
> Testing
> -------
>
> Unit test cases are running fine using mvn clean install.
> Ran Quick Start and Atlas admin script using the new Atlasclient Constructor.
>
> AltasClient(atlasUrl, new Cookie("hadoop-jwt" , "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IktOT1hTU08iLCJleHAiOjE1MDE5NzUzNTV9.K7lTaXniXJtrdkXAG_k7MwhWpL363NPC75fA4hvY7ilNXCOr-_gVV-ZLndVxMGFmbSl-cLHv3ormDH2W2hvUQhUDvXg3QN5iQGlEoVDPjO6O1yoNnMBW0VgVhAbSimRQ5NTMgAF09gkTsPIfG8Qhu2kcvkKEMFOfcsDyrKn2cRM");
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 60627: ATLAS-1906 :- Atlas client should support
setting hadoop-jwt token in header
Posted by David Radley <da...@uk.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60627/#review179657
-----------------------------------------------------------
client/src/main/java/org/apache/atlas/AtlasClient.java
Lines 136 (patched)
<https://reviews.apache.org/r/60627/#comment254467>
how do we know that the supplied cookie is the knox one? I suggest we validate that it is the cookie we are interested in. I assume we want to reject the request if it is not the knox one.
client/src/main/java/org/apache/atlas/AtlasClientV2.java
Lines 139 (patched)
<https://reviews.apache.org/r/60627/#comment254465>
haddop => hadoop
common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
Lines 53 (patched)
<https://reviews.apache.org/r/60627/#comment254466>
should the error message relate to knox enabled not Kerberos?
- David Radley
On July 5, 2017, 2:37 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60627/
> -----------------------------------------------------------
>
> (Updated July 5, 2017, 2:37 p.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, Sarath Subramanian, and Hemanth Yamijala.
>
>
> Bugs: ATLAS-1906
> https://issues.apache.org/jira/browse/ATLAS-1906
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch adds support to AtlasClient(Rest) to add Knox SSO Cookie as authentication header for Atlas.
>
> Currently Atlas Client supports UGI & Basic Auth, as part of this jira i will overload the Atlas Client constructor to support Knox SSO cookie by adding below constructor.
>
> AtlasClient(atlasURL, cookieName, CookieValue, path, domain);
> AtlasClient(atlasURL, Cookie);
>
>
> Diffs
> -----
>
> client/src/main/java/org/apache/atlas/AtlasAdminClient.java b61b2bf
> client/src/main/java/org/apache/atlas/AtlasBaseClient.java 98da51e
> client/src/main/java/org/apache/atlas/AtlasClient.java ec482da
> client/src/main/java/org/apache/atlas/AtlasClientV2.java 7e287e7
> common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java 09d8085
>
>
> Diff: https://reviews.apache.org/r/60627/diff/3/
>
>
> Testing
> -------
>
> Unit test cases are running fine using mvn clean install.
> Ran Quick Start and Atlas admin script using the new Atlasclient Constructor.
>
> AltasClient(atlasUrl, new Cookie("hadoop-jwt" , "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IktOT1hTU08iLCJleHAiOjE1MDE5NzUzNTV9.K7lTaXniXJtrdkXAG_k7MwhWpL363NPC75fA4hvY7ilNXCOr-_gVV-ZLndVxMGFmbSl-cLHv3ormDH2W2hvUQhUDvXg3QN5iQGlEoVDPjO6O1yoNnMBW0VgVhAbSimRQ5NTMgAF09gkTsPIfG8Qhu2kcvkKEMFOfcsDyrKn2cRM");
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 60627: ATLAS-1906 :- Atlas client should support
setting hadoop-jwt token in header
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60627/
-----------------------------------------------------------
(Updated July 5, 2017, 2:37 p.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, Sarath Subramanian, and Hemanth Yamijala.
Changes
-------
This patch includes change in getting secureClient when hadoopJWtCookie is set.
Tested this changes with Basic Auth with TLS, and also when hadoopJWtCookie is set when Atlas is TLS enabled.
Bugs: ATLAS-1906
https://issues.apache.org/jira/browse/ATLAS-1906
Repository: atlas
Description
-------
This patch adds support to AtlasClient(Rest) to add Knox SSO Cookie as authentication header for Atlas.
Currently Atlas Client supports UGI & Basic Auth, as part of this jira i will overload the Atlas Client constructor to support Knox SSO cookie by adding below constructor.
AtlasClient(atlasURL, cookieName, CookieValue, path, domain);
AtlasClient(atlasURL, Cookie);
Diffs (updated)
-----
client/src/main/java/org/apache/atlas/AtlasAdminClient.java b61b2bf
client/src/main/java/org/apache/atlas/AtlasBaseClient.java 98da51e
client/src/main/java/org/apache/atlas/AtlasClient.java ec482da
client/src/main/java/org/apache/atlas/AtlasClientV2.java 7e287e7
common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java 09d8085
Diff: https://reviews.apache.org/r/60627/diff/3/
Changes: https://reviews.apache.org/r/60627/diff/2-3/
Testing
-------
Unit test cases are running fine using mvn clean install.
Ran Quick Start and Atlas admin script using the new Atlasclient Constructor.
AltasClient(atlasUrl, new Cookie("hadoop-jwt" , "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IktOT1hTU08iLCJleHAiOjE1MDE5NzUzNTV9.K7lTaXniXJtrdkXAG_k7MwhWpL363NPC75fA4hvY7ilNXCOr-_gVV-ZLndVxMGFmbSl-cLHv3ormDH2W2hvUQhUDvXg3QN5iQGlEoVDPjO6O1yoNnMBW0VgVhAbSimRQ5NTMgAF09gkTsPIfG8Qhu2kcvkKEMFOfcsDyrKn2cRM");
Thanks,
Nixon Rodrigues
Re: Review Request 60627: ATLAS-1906 :- Atlas client should support
setting hadoop-jwt token in header
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60627/
-----------------------------------------------------------
(Updated July 4, 2017, 10:34 a.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, Sarath Subramanian, and Hemanth Yamijala.
Changes
-------
This patch includes setHadoopJWTCookie method in AtlasBaseClient, this method can be used to update the fresh hadoopJWT cookie when old cookie is expired instead creating the new object of AtlasClient.
Tested quickStart script with this AtlasClient api methods.
Bugs: ATLAS-1906
https://issues.apache.org/jira/browse/ATLAS-1906
Repository: atlas
Description
-------
This patch adds support to AtlasClient(Rest) to add Knox SSO Cookie as authentication header for Atlas.
Currently Atlas Client supports UGI & Basic Auth, as part of this jira i will overload the Atlas Client constructor to support Knox SSO cookie by adding below constructor.
AtlasClient(atlasURL, cookieName, CookieValue, path, domain);
AtlasClient(atlasURL, Cookie);
Diffs (updated)
-----
client/src/main/java/org/apache/atlas/AtlasAdminClient.java b61b2bf
client/src/main/java/org/apache/atlas/AtlasBaseClient.java 98da51e
client/src/main/java/org/apache/atlas/AtlasClient.java ec482da
client/src/main/java/org/apache/atlas/AtlasClientV2.java 7e287e7
common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java 09d8085
Diff: https://reviews.apache.org/r/60627/diff/2/
Changes: https://reviews.apache.org/r/60627/diff/1-2/
Testing
-------
Unit test cases are running fine using mvn clean install.
Ran Quick Start and Atlas admin script using the new Atlasclient Constructor.
AltasClient(atlasUrl, new Cookie("hadoop-jwt" , "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IktOT1hTU08iLCJleHAiOjE1MDE5NzUzNTV9.K7lTaXniXJtrdkXAG_k7MwhWpL363NPC75fA4hvY7ilNXCOr-_gVV-ZLndVxMGFmbSl-cLHv3ormDH2W2hvUQhUDvXg3QN5iQGlEoVDPjO6O1yoNnMBW0VgVhAbSimRQ5NTMgAF09gkTsPIfG8Qhu2kcvkKEMFOfcsDyrKn2cRM");
Thanks,
Nixon Rodrigues