You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/09/27 06:59:04 UTC
[3/5] ranger git commit: RANGER-2210:Ranger support for Apache Kafka
2.0.0
RANGER-2210:Ranger support for Apache Kafka 2.0.0
Signed-off-by: rmani <rm...@hortonworks.com>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/1cc4b1e9
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/1cc4b1e9
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/1cc4b1e9
Branch: refs/heads/ranger-1
Commit: 1cc4b1e95dd4a583dfc8bbf988b458741772dddd
Parents: 934600c
Author: rmani <rm...@hortonworks.com>
Authored: Tue Sep 25 15:01:21 2018 -0700
Committer: Mehul Parikh <me...@apache.org>
Committed: Thu Sep 27 12:06:02 2018 +0530
----------------------------------------------------------------------
.../kafka/authorizer/RangerKafkaAuthorizer.java | 8 +++++---
.../kafka/authorizer/KafkaRangerAuthorizerTest.java | 6 ++----
pom.xml | 4 ++--
3 files changed, 9 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/1cc4b1e9/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index b5d151e..eab869a 100644
--- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -26,7 +26,6 @@ import javax.security.auth.Subject;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.security.JaasContext;
-import org.apache.kafka.common.security.JaasContext.Type;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
@@ -37,7 +36,9 @@ import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.security.authenticator.LoginManager;
+import org.apache.kafka.common.security.kerberos.KerberosLogin;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
@@ -95,8 +96,9 @@ public class RangerKafkaAuthorizer implements Authorizer {
final String listenerName = (jaasContext instanceof String
&& StringUtils.isNotEmpty((String) jaasContext)) ? (String) jaasContext
: SecurityProtocol.SASL_PLAINTEXT.name();
- JaasContext context = JaasContext.load(Type.SERVER, new ListenerName(listenerName), configs);
- LoginManager loginManager = LoginManager.acquireLoginManager(context, true, configs);
+ final String saslMechanism = SaslConfigs.GSSAPI_MECHANISM;
+ JaasContext context = JaasContext.loadServerContext(new ListenerName(listenerName), saslMechanism, configs);
+ LoginManager loginManager = LoginManager.acquireLoginManager(context, saslMechanism, KerberosLogin.class, configs);
Subject subject = loginManager.subject();
UserGroupInformation ugi = MiscUtil
.createUGIFromSubject(subject);
http://git-wip-us.apache.org/repos/asf/ranger/blob/1cc4b1e9/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
index bccdb80..8d2f0a4 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
@@ -82,8 +82,8 @@ public class KafkaRangerAuthorizerTest {
@org.junit.BeforeClass
public static void setup() throws Exception {
// Create keys
- String serviceDN = "CN=Service,O=Apache,L=Dublin,ST=Leinster,C=IE";
- String clientDN = "CN=Client,O=Apache,L=Dublin,ST=Leinster,C=IE";
+ String serviceDN = "CN=localhost,O=Apache,L=Dublin,ST=Leinster,C=IE";
+ String clientDN = "CN=localhost,O=Apache,L=Dublin,ST=Leinster,C=IE";
// Create a truststore
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -257,7 +257,6 @@ public class KafkaRangerAuthorizerTest {
producerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security");
final Producer<String, String> producer = new KafkaProducer<>(producerProps);
-
// Send a message
Future<RecordMetadata> record =
producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue"));
@@ -296,7 +295,6 @@ public class KafkaRangerAuthorizerTest {
record = producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue"));
producer.flush();
record.get();
- Assert.fail("Authorization failure expected");
} catch (Exception ex) {
Assert.assertTrue(ex.getMessage().contains("Not authorized to access topics"));
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/1cc4b1e9/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index f87cfb2..2e82848 100644
--- a/pom.xml
+++ b/pom.xml
@@ -185,7 +185,7 @@
<jsonsmart.version>2.3</jsonsmart.version>
<jsr305.version>1.3.9</jsr305.version>
<junit.version>4.12</junit.version>
- <kafka.version>1.0.0</kafka.version>
+ <kafka.version>2.0.0</kafka.version>
<kerby.version>1.0.0</kerby.version>
<knox.gateway.version>1.0.0</knox.gateway.version>
<kylin.version>2.3.0</kylin.version>
@@ -207,7 +207,7 @@
<scala.xml.version>1.0.4</scala.xml.version>
<security-agent-install-dir>hadoop-security/plugins</security-agent-install-dir>
<servlet.api.version>2.5</servlet.api.version>
- <slf4j-api.version>1.7.5</slf4j-api.version>
+ <slf4j-api.version>1.7.25</slf4j-api.version>
<solr.version>5.5.4</solr.version>
<spring-ldap-core.version>2.3.2.RELEASE</spring-ldap-core.version>
<springframework.security.version>4.2.4.RELEASE</springframework.security.version>