You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/03/22 21:19:49 UTC
[ranger] branch ranger-2.2 updated: RANGER-3212: Java client
support for kerberos, SSL and packaging
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new b31f38b RANGER-3212: Java client support for kerberos,SSL and packaging
b31f38b is described below
commit b31f38b74876f8463f9da89b6991610e6b5bf5c3
Author: Abhishek Kumar <ab...@cloudera.com>
AuthorDate: Thu Mar 18 17:35:19 2021 -0400
RANGER-3212: Java client support for kerberos,SSL and packaging
Signed-off-by: Sailaja Polavarapu <sp...@cloudera.com>
---
distro/pom.xml | 5 +-
distro/src/main/assembly/sample-client.xml | 104 ++++++++++++++++++
.../main/java/org/apache/ranger/RangerClient.java | 35 +++---
.../java/org/apache/ranger/RangerClientConfig.java | 119 ---------------------
.../sample-client/conf/config.properties | 21 ----
ranger-examples/sample-client/conf/ssl-client.xml | 31 ++++++
.../sample-client/scripts/run-sample-client.sh | 34 +++++-
.../ranger/examples/sampleclient/SampleClient.java | 8 +-
8 files changed, 188 insertions(+), 169 deletions(-)
diff --git a/distro/pom.xml b/distro/pom.xml
index 264b46e..314e31d 100644
--- a/distro/pom.xml
+++ b/distro/pom.xml
@@ -40,8 +40,8 @@
<artifactId>maven-assembly-plugin</artifactId>
<version>${assembly.plugin.version}</version>
<configuration>
- <finalName>ranger-${project.version}</finalName>
- <outputDirectory>../target</outputDirectory>
+ <finalName>ranger-${project.version}</finalName>
+ <outputDirectory>../target</outputDirectory>
</configuration>
<executions>
<execution>
@@ -75,6 +75,7 @@
<descriptor>src/main/assembly/plugin-elasticsearch.xml</descriptor>
<descriptor>src/main/assembly/plugin-schema-registry.xml</descriptor>
<descriptor>src/main/assembly/plugin-presto.xml</descriptor>
+ <descriptor>src/main/assembly/sample-client.xml</descriptor>
</descriptors>
</configuration>
</execution>
diff --git a/distro/src/main/assembly/sample-client.xml b/distro/src/main/assembly/sample-client.xml
new file mode 100644
index 0000000..bd79d8e
--- /dev/null
+++ b/distro/src/main/assembly/sample-client.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<assembly>
+ <id>sample-client</id>
+ <formats>
+ <format>tar.gz</format>
+ </formats>
+ <baseDirectory>${project.name}-${project.version}-sample-client</baseDirectory>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <moduleSets>
+ <moduleSet>
+ <useAllReactorProjects>true</useAllReactorProjects>
+ <includes>
+ <include>org.apache.ranger:sample-client</include>
+ <include>org.apache.ranger:ranger-intg</include>
+ <include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ranger-plugins-cred</include>
+ </includes>
+ <binaries>
+ <outputDirectory>lib</outputDirectory>
+ <includeDependencies>true</includeDependencies>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <includes>
+ <include>commons-cli:commons-cli</include>
+ <include>commons-logging:commons-logging:jar:${commons.logging.version}</include>
+ <include>commons-lang:commons-lang</include>
+ <include>org.apache.commons:commons-lang3</include>
+ <include>org.apache.commons:commons-compress</include>
+ <include>com.google.code.gson:gson</include>
+ <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
+ <include>org.slf4j:slf4j-log4j12</include>
+ <include>log4j:log4j</include>
+ <include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
+ <include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
+ <include>org.eclipse.persistence:eclipselink</include>
+ <include>org.eclipse.persistence:javax.persistence</include>
+ <include>commons-collections:commons-collections</include>
+ <include>com.sun.jersey:jersey-bundle</include>
+ <include>commons-io:commons-io</include>
+ <include>com.google.guava:guava:jar:${google.guava.version}</include>
+ <include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include>
+ <include>org.noggit:noggit:jar:${noggit.version}</include>
+ <include>org.codehaus.jackson:jackson-core-asl</include>
+ <include>org.codehaus.jackson:jackson-jaxrs</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl</include>
+ <include>org.codehaus.jackson:jackson-xc</include>
+ <include>org.apache.ranger:ranger-plugins-audit</include>
+ <include>org.apache.htrace:htrace-core4</include>
+ <include>com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}</include>
+ <include>net.java.dev.jna:jna:jar:${jna.version}</include>
+ <include>net.java.dev.jna:jna-platform:jar:${jna-platform.version}</include>
+ <include>com.fasterxml.woodstox:woodstox-core:jar:${fasterxml.woodstox.version}</include>
+ <include>org.codehaus.woodstox:stax2-api:jar:${codehaus.woodstox.stax2api.version}</include>
+ </includes>
+ </binaries>
+ </moduleSet>
+ </moduleSets>
+
+ <fileSets>
+ <fileSet>
+ <outputDirectory></outputDirectory>
+ <directory>${project.parent.basedir}/ranger-examples/sample-client/scripts</directory>
+ <includes>
+ <include>*.sh</include>
+ </includes>
+ <fileMode>755</fileMode>
+ </fileSet>
+ <fileSet>
+ <outputDirectory></outputDirectory>
+ <directory>${project.parent.basedir}/ranger-examples/sample-client/conf</directory>
+ <includes>
+ <include>*.xml</include>
+ </includes>
+ <fileMode>755</fileMode>
+ </fileSet>
+ <fileSet>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <outputDirectory>lib</outputDirectory>
+ <directory>${project.parent.basedir}/ranger-examples/sample-client/src/main/resources</directory>
+ <includes>
+ <include>*.properties</include>
+ </includes>
+ </fileSet>
+ </fileSets>
+</assembly>
\ No newline at end of file
diff --git a/intg/src/main/java/org/apache/ranger/RangerClient.java b/intg/src/main/java/org/apache/ranger/RangerClient.java
index bef3857..c7e32dc 100644
--- a/intg/src/main/java/org/apache/ranger/RangerClient.java
+++ b/intg/src/main/java/org/apache/ranger/RangerClient.java
@@ -141,31 +141,24 @@ public class RangerClient {
private boolean isSecureMode = false;
private Subject sub = null;
- public RangerClient(String configFile) {
- RangerClientConfig cfg = new RangerClientConfig(configFile);
- restClient = new RangerRESTClient(cfg.getURL(), cfg.getSslConfigFile(), new Configuration());
+ public RangerClient(String hostName, String authType, String username, String password, String configFile) {
+ restClient = new RangerRESTClient(hostName, configFile, new Configuration());
- String authenticationType = cfg.getAuthenticationType();
- String principal = cfg.getPrincipal();
- String keytab = cfg.getKeytab();
-
- if (AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
- isSecureMode = true;
- try {
- sub = SecureClientLogin.loginUserFromKeytab(principal,keytab);
- } catch (IOException e) {
- LOG.error(e.getMessage());
- }
- } else LOG.error("Authentication credentials missing/invalid");
+ if (AUTH_KERBEROS.equalsIgnoreCase(authType)) {
+ if (SecureClientLogin.isKerberosCredentialExists(username, password)) {
+ isSecureMode = true;
+ try {
+ sub = SecureClientLogin.loginUserFromKeytab(username, password);
+ } catch (IOException e) {
+ LOG.error(e.getMessage());
+ }
+ } else LOG.error("Authentication credentials missing/invalid");
+ } else {
+ restClient.setBasicAuthInfo(username, password);
+ }
}
- public RangerClient(String hostname, String username, String password) {
- restClient = new RangerRESTClient(hostname, "", new Configuration());
-
- restClient.setBasicAuthInfo(username, password);
- }
-
public RangerClient(RangerRESTClient restClient) {
this.restClient = restClient;
}
diff --git a/intg/src/main/java/org/apache/ranger/RangerClientConfig.java b/intg/src/main/java/org/apache/ranger/RangerClientConfig.java
deleted file mode 100644
index 68ef0ff..0000000
--- a/intg/src/main/java/org/apache/ranger/RangerClientConfig.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.*;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Properties;
-
-public class RangerClientConfig {
-
- private static final Logger LOG = LoggerFactory.getLogger(RangerClientConfig.class);
-
- private static final String RANGER_ADMIN_URL = "ranger.client.url";
- private static final String AUTH_TYPE = "ranger.client.authentication.type";
- private static final String CLIENT_KERBEROS_PRINCIPAL = "ranger.client.kerberos.principal";
- private static final String CLIENT_KERBEROS_KEYTAB = "ranger.client.kerberos.keytab";
- private static final String CLIENT_SSL_CONFIG_FILE = "ranger.client.ssl.config.filename";
-
-
- private final Properties props;
-
- RangerClientConfig(String configFileName){
- props = readProperties(configFileName);
- }
-
- public Properties readProperties(String fileName) {
- Properties ret = null;
- InputStream inStr = null;
- URL fileURL = null;
- File f = new File(fileName);
-
- if (f.exists() && f.isFile() && f.canRead()) {
- try {
- inStr = new FileInputStream(f);
- fileURL = f.toURI().toURL();
- } catch (FileNotFoundException exception) {
- LOG.error("Error processing input file:" + fileName + " or no privilege for reading file " + fileName, exception);
- } catch (MalformedURLException malformedException) {
- LOG.error("Error processing input file:" + fileName + " cannot be converted to URL " + fileName, malformedException);
- }
- } else {
- fileURL = getClass().getResource(fileName);
-
- if (fileURL == null && !fileName.startsWith("/")) {
- fileURL = getClass().getResource("/" + fileName);
- }
-
- if (fileURL == null) {
- fileURL = ClassLoader.getSystemClassLoader().getResource(fileName);
-
- if (fileURL == null && !fileName.startsWith("/")) {
- fileURL = ClassLoader.getSystemClassLoader().getResource("/" + fileName);
- }
- }
- }
-
- if (fileURL != null) {
- try {
- inStr = fileURL.openStream();
-
- Properties prop = new Properties();
-
- prop.load(inStr);
-
- ret = prop;
- } catch (Exception excp) {
- LOG.error("failed to load properties from file '" + fileName + "'", excp);
- } finally {
- if (inStr != null) {
- try {
- inStr.close();
- } catch (Exception excp) {
- // ignore
- }
- }
- }
- }
- return ret;
- }
- public String getURL() { return props.getProperty(RANGER_ADMIN_URL); }
-
- public String getPrincipal(){
- return props.getProperty(CLIENT_KERBEROS_PRINCIPAL);
- }
-
- public String getKeytab(){
- return props.getProperty(CLIENT_KERBEROS_KEYTAB);
- }
-
- public String getSslConfigFile(){
- return props.getProperty(CLIENT_SSL_CONFIG_FILE);
- }
-
- public String getAuthenticationType(){
- return props.getProperty(AUTH_TYPE);
- }
-
-}
diff --git a/ranger-examples/sample-client/conf/config.properties b/ranger-examples/sample-client/conf/config.properties
deleted file mode 100644
index 5be772a..0000000
--- a/ranger-examples/sample-client/conf/config.properties
+++ /dev/null
@@ -1,21 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-ranger.client.url=https://localhost:6182
-# Authentication properties
-ranger.client.authentication.type=kerberos
-ranger.client.kerberos.principal=
-ranger.client.kerberos.keytab=
-ranger.client.ssl.config.filename=
\ No newline at end of file
diff --git a/ranger-examples/sample-client/conf/ssl-client.xml b/ranger-examples/sample-client/conf/ssl-client.xml
new file mode 100644
index 0000000..7d73d12
--- /dev/null
+++ b/ranger-examples/sample-client/conf/ssl-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value></value>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value></value>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.type</name>
+ <value></value>
+ </property>
+</configuration>
\ No newline at end of file
diff --git a/ranger-examples/sample-client/scripts/run-sample-client.sh b/ranger-examples/sample-client/scripts/run-sample-client.sh
index 2260476..8740801 100755
--- a/ranger-examples/sample-client/scripts/run-sample-client.sh
+++ b/ranger-examples/sample-client/scripts/run-sample-client.sh
@@ -40,11 +40,35 @@ while getopts "n:h" opt; do
esac
done
-prompt="Sample Authentication User Name:"
-read -p "$prompt" userName
-prompt="Sample Authentication User Password:"
-read -p "$prompt" -s password
+if [[ $HOST == https* ]] ;
+then
+ prompt="SSL Configuration File:"
+ read -p "$prompt" config
+ JAVA_CMD="$JAVA_CMD -c $config"
+fi
+prompt="Kerberos Login (y/n)? "
+read -p "$prompt" -n 1 -r
printf "\n"
-JAVA_CMD="$JAVA_CMD -u $userName -p $password"
+if [[ $REPLY =~ ^[Yy]$ ]]
+then
+ prompt="Sample Kerberos Principal:"
+ read -r -p "$prompt" userName
+ prompt="Sample Kerberos Keytab:"
+ read -r -p "$prompt" password
+ printf "\n"
+ JAVA_CMD="$JAVA_CMD -k kerberos -u $userName -p $password"
+elif [[ $REPLY =~ ^[Nn]$ ]]
+then
+ prompt="Sample Authentication User Name:"
+ read -r -p "$prompt" userName
+ prompt="Sample Authentication User Password:"
+ read -r -p "$prompt" -s password
+ printf "\n"
+ JAVA_CMD="$JAVA_CMD -k basic -u $userName -p $password"
+else
+ printf "Incorrect response \n"
+ exit
+fi
+
printf "Java command : $JAVA_CMD\n"
$JAVA_CMD
\ No newline at end of file
diff --git a/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java b/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java
index b6ab313..b380127 100644
--- a/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java
+++ b/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java
@@ -42,12 +42,16 @@ public class SampleClient {
Options options = new Options();
Option host = OptionBuilder.hasArgs(1).isRequired().withLongOpt("host").withDescription("hostname").create('h');
+ Option auth = OptionBuilder.hasArgs(1).isRequired().withLongOpt("authType").withDescription("Authentication Type").create('k');
Option user = OptionBuilder.hasArgs(1).isRequired().withLongOpt("user").withDescription("username").create('u');
Option pass = OptionBuilder.hasArgs(1).isRequired().withLongOpt("pass").withDescription("password").create('p');
+ Option conf = OptionBuilder.hasArgs(1).withLongOpt("config").withDescription("configuration").create('c');
options.addOption(host);
+ options.addOption(auth);
options.addOption(user);
options.addOption(pass);
+ options.addOption(conf);
CommandLineParser parser = new BasicParser();
CommandLine cmd;
@@ -61,8 +65,10 @@ public class SampleClient {
String hostName = cmd.getOptionValue('h');
String userName = cmd.getOptionValue('u');
String password = cmd.getOptionValue('p');
+ String cfg = cmd.getOptionValue('c');
+ String authType = cmd.getOptionValue('k');
- RangerClient rangerClient = new RangerClient(hostName, userName, password);
+ RangerClient rangerClient = new RangerClient(hostName, authType, userName, password, cfg);
String serviceDefName = "sampleServiceDef";
String serviceName = "sampleService";