You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ankita Sinha <an...@freestoneinfotech.com> on 2016/05/06 10:25:42 UTC
Review Request 47064: Kerberos : Ranger Admin to perform Key
operations using Principal / keytab of RangerAdmin from UI
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47064/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-973
https://issues.apache.org/jira/browse/RANGER-973
Repository: ranger
Description
-------
**Problem Statement**
Currently even in kerberos environment Ranger admin sends request using repo config user. As now Ranger Admin and Ranger KMS are working in kerberos environment, request for key operations from UI needs to go using ranger admin credentials.
**Need to improve following features**
1. KMS to use rangeradmin credentials for test connection, resource lookup and for encrytpion key operation from Ranger admin UI Encryption tab.
2. Download Policy Session Log was created in every policy refresher call, so in x_auth_session it is getting bulk of downloadpolicy session log.
3. To add ambari service check user in default policy using service config custom property
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java 8991872
agents-common/src/main/resources/resourcenamemap.properties 72d78d2
kms/config/kms-webapp/kms-site.xml b61d1b2
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java 271392b
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java c247a44
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java aa4c65a
security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 2f77e2d
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ab0798b
security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b837a68
security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 106d910
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml e3f9f03
security-admin/src/main/resources/resourcenamemap.properties e4a2edf
Diff: https://reviews.apache.org/r/47064/diff/
Testing
-------
1. Tested KMS on simple environment with key operation and zone operation.
2. Tested KMS on kerberos environment with key operation and zone operation.
3. Checked download policy session log in table and audit on UI setting it enable and disable in xml file.
4. Tested adding custom config in service for ambari service check user.
Thanks,
Ankita Sinha
Re: Review Request 47064: Kerberos : Ranger Admin to perform Key
operations using Principal / keytab of RangerAdmin from UI
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47064/#review132387
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On May 6, 2016, 10:25 a.m., Ankita Sinha wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47064/
> -----------------------------------------------------------
>
> (Updated May 6, 2016, 10:25 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-973
> https://issues.apache.org/jira/browse/RANGER-973
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement**
> Currently even in kerberos environment Ranger admin sends request using repo config user. As now Ranger Admin and Ranger KMS are working in kerberos environment, request for key operations from UI needs to go using ranger admin credentials.
>
> **Need to improve following features**
>
> 1. KMS to use rangeradmin credentials for test connection, resource lookup and for encrytpion key operation from Ranger admin UI Encryption tab.
>
> 2. Download Policy Session Log was created in every policy refresher call, so in x_auth_session it is getting bulk of downloadpolicy session log.
>
> 3. To add ambari service check user in default policy using service config custom property
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java 8991872
> agents-common/src/main/resources/resourcenamemap.properties 72d78d2
> kms/config/kms-webapp/kms-site.xml b61d1b2
> plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java 271392b
> plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java c247a44
> plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java aa4c65a
> security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 2f77e2d
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ab0798b
> security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b837a68
> security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 106d910
> security-admin/src/main/resources/conf.dist/ranger-admin-site.xml e3f9f03
> security-admin/src/main/resources/resourcenamemap.properties e4a2edf
>
> Diff: https://reviews.apache.org/r/47064/diff/
>
>
> Testing
> -------
>
> 1. Tested KMS on simple environment with key operation and zone operation.
> 2. Tested KMS on kerberos environment with key operation and zone operation.
> 3. Checked download policy session log in table and audit on UI setting it enable and disable in xml file.
> 4. Tested adding custom config in service for ambari service check user.
>
>
> Thanks,
>
> Ankita Sinha
>
>