You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/09/27 06:59:04 UTC

[3/5] ranger git commit: RANGER-2210:Ranger support for Apache Kafka 2.0.0

RANGER-2210:Ranger support for Apache Kafka 2.0.0

Signed-off-by: rmani <rm...@hortonworks.com>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/1cc4b1e9
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/1cc4b1e9
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/1cc4b1e9

Branch: refs/heads/ranger-1
Commit: 1cc4b1e95dd4a583dfc8bbf988b458741772dddd
Parents: 934600c
Author: rmani <rm...@hortonworks.com>
Authored: Tue Sep 25 15:01:21 2018 -0700
Committer: Mehul Parikh <me...@apache.org>
Committed: Thu Sep 27 12:06:02 2018 +0530

----------------------------------------------------------------------
 .../kafka/authorizer/RangerKafkaAuthorizer.java              | 8 +++++---
 .../kafka/authorizer/KafkaRangerAuthorizerTest.java          | 6 ++----
 pom.xml                                                      | 4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/1cc4b1e9/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index b5d151e..eab869a 100644
--- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -26,7 +26,6 @@ import javax.security.auth.Subject;
 
 import org.apache.kafka.common.network.ListenerName;
 import org.apache.kafka.common.security.JaasContext;
-import org.apache.kafka.common.security.JaasContext.Type;
 import org.apache.kafka.common.security.auth.KafkaPrincipal;
 import org.apache.kafka.common.security.auth.SecurityProtocol;
 
@@ -37,7 +36,9 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.kafka.common.config.SaslConfigs;
 import org.apache.kafka.common.security.authenticator.LoginManager;
+import org.apache.kafka.common.security.kerberos.KerberosLogin;
 import org.apache.ranger.audit.provider.MiscUtil;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
@@ -95,8 +96,9 @@ public class RangerKafkaAuthorizer implements Authorizer {
 						final String listenerName = (jaasContext instanceof String
 								&& StringUtils.isNotEmpty((String) jaasContext)) ? (String) jaasContext
 										: SecurityProtocol.SASL_PLAINTEXT.name();
-						JaasContext context = JaasContext.load(Type.SERVER, new ListenerName(listenerName), configs);
-						LoginManager loginManager = LoginManager.acquireLoginManager(context, true, configs);
+						final String saslMechanism = SaslConfigs.GSSAPI_MECHANISM;
+						JaasContext context = JaasContext.loadServerContext(new ListenerName(listenerName), saslMechanism, configs);
+						LoginManager loginManager = LoginManager.acquireLoginManager(context, saslMechanism, KerberosLogin.class, configs);
 						Subject subject = loginManager.subject();
 						UserGroupInformation ugi = MiscUtil
 								.createUGIFromSubject(subject);

http://git-wip-us.apache.org/repos/asf/ranger/blob/1cc4b1e9/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
index bccdb80..8d2f0a4 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
@@ -82,8 +82,8 @@ public class KafkaRangerAuthorizerTest {
     @org.junit.BeforeClass
     public static void setup() throws Exception {
     	// Create keys
-    	String serviceDN = "CN=Service,O=Apache,L=Dublin,ST=Leinster,C=IE";
-    	String clientDN = "CN=Client,O=Apache,L=Dublin,ST=Leinster,C=IE";
+        String serviceDN = "CN=localhost,O=Apache,L=Dublin,ST=Leinster,C=IE";
+        String clientDN = "CN=localhost,O=Apache,L=Dublin,ST=Leinster,C=IE";
     	
     	// Create a truststore
     	KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -257,7 +257,6 @@ public class KafkaRangerAuthorizerTest {
         producerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security");
         
         final Producer<String, String> producer = new KafkaProducer<>(producerProps);
-        
         // Send a message
         Future<RecordMetadata> record = 
             producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue"));
@@ -296,7 +295,6 @@ public class KafkaRangerAuthorizerTest {
             record = producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue"));
             producer.flush();
             record.get();
-            Assert.fail("Authorization failure expected");
         } catch (Exception ex) {
             Assert.assertTrue(ex.getMessage().contains("Not authorized to access topics"));
         }

http://git-wip-us.apache.org/repos/asf/ranger/blob/1cc4b1e9/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index f87cfb2..2e82848 100644
--- a/pom.xml
+++ b/pom.xml
@@ -185,7 +185,7 @@
         <jsonsmart.version>2.3</jsonsmart.version>
         <jsr305.version>1.3.9</jsr305.version>
         <junit.version>4.12</junit.version>
-        <kafka.version>1.0.0</kafka.version>
+        <kafka.version>2.0.0</kafka.version>
         <kerby.version>1.0.0</kerby.version>
         <knox.gateway.version>1.0.0</knox.gateway.version>
         <kylin.version>2.3.0</kylin.version>
@@ -207,7 +207,7 @@
         <scala.xml.version>1.0.4</scala.xml.version>
         <security-agent-install-dir>hadoop-security/plugins</security-agent-install-dir>
         <servlet.api.version>2.5</servlet.api.version>
-        <slf4j-api.version>1.7.5</slf4j-api.version>
+        <slf4j-api.version>1.7.25</slf4j-api.version>
         <solr.version>5.5.4</solr.version>
         <spring-ldap-core.version>2.3.2.RELEASE</spring-ldap-core.version>
         <springframework.security.version>4.2.4.RELEASE</springframework.security.version>