You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2014/10/03 02:34:24 UTC
[1/2] git commit: Argus-88
Repository: incubator-argus
Updated Branches:
refs/heads/master e8eb9aeb3 -> 61b3f4a35
Argus-88
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/3c7f3ff4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/3c7f3ff4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/3c7f3ff4
Branch: refs/heads/master
Commit: 3c7f3ff4d2d165318049df9118b54e2e361d893f
Parents: d11f2ed
Author: rmani <rm...@hortonworks.com>
Authored: Thu Oct 2 16:37:03 2014 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Thu Oct 2 16:37:03 2014 -0700
----------------------------------------------------------------------
.../com/xasecure/hadoop/client/HadoopFS.java | 12 +++-
.../hadoop/client/config/BaseClient.java | 13 +++-
.../hadoop/client/config/HadoopClassLoader.java | 5 +-
.../client/config/HadoopConfigHolder.java | 39 ++++++++++--
.../com/xasecure/hbase/client/HBaseClient.java | 31 +---------
.../com/xasecure/hive/client/HiveClient.java | 65 ++++++++------------
6 files changed, 84 insertions(+), 81 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java b/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
index b2c5b08..7b6e8b7 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/HadoopFS.java
@@ -24,10 +24,11 @@ import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
-
import javax.security.auth.Subject;
import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
@@ -37,7 +38,9 @@ import com.xasecure.hadoop.client.config.BaseClient;
import com.xasecure.hadoop.client.exceptions.HadoopException;
public class HadoopFS extends BaseClient {
-
+
+ private static final Log LOG = LogFactory.getLog(HadoopFS.class) ;
+
public HadoopFS(String dataSource) {
super(dataSource) ;
}
@@ -57,10 +60,13 @@ public class HadoopFS extends BaseClient {
if (fileMatching != null && fileMatching.trim().length() > 0) {
filterRegEx = fileMatching.trim() ;
}
+
Configuration conf = new Configuration() ;
+
FileSystem fs = null ;
try {
fs = FileSystem.get(conf) ;
+
FileStatus[] fileStats = fs.listStatus(new Path(baseDir)) ;
if (fileStats != null) {
for(FileStatus stat : fileStats) {
@@ -89,6 +95,7 @@ public class HadoopFS extends BaseClient {
public List<String> listFiles(final String baseDir, final String fileMatching) {
+
PrivilegedAction<List<String>> action = new PrivilegedAction<List<String>>() {
@Override
public List<String> run() {
@@ -99,7 +106,6 @@ public class HadoopFS extends BaseClient {
return Subject.doAs(getLoginSubject(),action) ;
}
-
public static final void main(String[] args) {
if (args.length < 2) {
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
index 5630795..44f343c 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/BaseClient.java
@@ -24,12 +24,15 @@ import java.util.HashMap;
import javax.security.auth.Subject;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.SecureClientLogin;
-import org.apache.hadoop.security.UserGroupInformation;
+import com.xasecure.hadoop.client.HadoopFS;
import com.xasecure.hadoop.client.exceptions.HadoopException;
public abstract class BaseClient {
+ private static final Log LOG = LogFactory.getLog(HadoopFS.class) ;
private String dataSource ;
private Subject loginSubject ;
@@ -71,19 +74,23 @@ public abstract class BaseClient {
}
String keyTabFile = configHolder.getKeyTabFile() ;
if (keyTabFile != null) {
- if ( UserGroupInformation.isSecurityEnabled() ) {
+ if ( configHolder.isKerberosAuthentication() ) {
+ LOG.info("Init Login: security enabled, using username/keytab");
loginSubject = SecureClientLogin.loginUserFromKeytab(userName, keyTabFile) ;
}
else {
+ LOG.info("Init Login: using username");
loginSubject = SecureClientLogin.login(userName) ;
}
}
else {
String password = configHolder.getPassword() ;
- if ( UserGroupInformation.isSecurityEnabled() ) {
+ if ( configHolder.isKerberosAuthentication() ) {
+ LOG.info("Init Login: using username/password");
loginSubject = SecureClientLogin.loginUserWithPassword(userName, password) ;
}
else {
+ LOG.info("Init Login: security not enabled, using username");
loginSubject = SecureClientLogin.login(userName) ;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
index 2e40e44..7142bfa 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopClassLoader.java
@@ -66,11 +66,10 @@ public class HadoopClassLoader extends ClassLoader {
String suffix = ".txt" ;
Properties prop = confHolder.getProperties(aResourceName) ;
-
+ LOG.debug("Building XML for: " + prop.toString());
if (prop != null && prop.size() > 0) {
-
if (aResourceName.contains(".")) {
- int lastDotFound = aResourceName.indexOf(".") ;
+ int lastDotFound = aResourceName.indexOf(".") ;
prefix = aResourceName.substring(0,lastDotFound) + "-" ;
suffix = aResourceName.substring(lastDotFound) ;
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
index 7a72620..6702954 100644
--- a/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
+++ b/lookup-client/src/main/java/com/xasecure/hadoop/client/config/HadoopConfigHolder.java
@@ -24,11 +24,13 @@ import java.io.InputStream;
import java.util.HashMap;
import java.util.Properties;
-import com.xasecure.hadoop.client.exceptions.HadoopException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import com.xasecure.hadoop.client.exceptions.HadoopException;
public class HadoopConfigHolder {
-
+ private static final Log LOG = LogFactory.getLog(HadoopConfigHolder.class) ;
public static final String GLOBAL_LOGIN_PARAM_PROP_FILE = "hadoop-login.properties" ;
public static final String DEFAULT_DATASOURCE_PARAM_PROP_FILE = "datasource.properties" ;
public static final String RESOURCEMAP_PROP_FILE = "resourcenamemap.properties" ;
@@ -37,6 +39,9 @@ public class HadoopConfigHolder {
public static final String XASECURE_LOGIN_USER_NAME_PROP = "username" ;
public static final String XASECURE_LOGIN_KEYTAB_FILE_PROP = "keytabfile" ;
public static final String XASECURE_LOGIN_PASSWORD = "password" ;
+ public static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication";
+ public static final String HADOOP_SECURITY_AUTHENTICATION_METHOD = "kerberos";
+
private static boolean initialized = false ;
private static HashMap<String,HashMap<String,Properties>> dataSource2ResourceListMap = new HashMap<String,HashMap<String,Properties>>() ;
@@ -110,7 +115,9 @@ public class HadoopConfigHolder {
private void initConnectionProp() {
for(String key : connectionProperties.keySet()) {
+
String resourceName = getResourceName(key) ;
+
if (resourceName == null) {
resourceName = XASECURE_SECTION_NAME ;
}
@@ -231,9 +238,15 @@ public class HadoopConfigHolder {
userName = prop.getProperty(XASECURE_LOGIN_USER_NAME_PROP) ;
keyTabFile = prop.getProperty(XASECURE_LOGIN_KEYTAB_FILE_PROP) ;
password = prop.getProperty(XASECURE_LOGIN_PASSWORD) ;
- isKerberosAuth = (userName != null) && (userName.indexOf("@") > -1) ;
- }
+ if ( getHadoopSecurityAuthentication() != null) {
+ isKerberosAuth = ( getHadoopSecurityAuthentication().equalsIgnoreCase(HADOOP_SECURITY_AUTHENTICATION_METHOD));
+ }
+ else {
+ isKerberosAuth = (userName != null) && (userName.indexOf("@") > -1) ;
+ }
+
+ }
}
private void initClassLoader() {
@@ -305,6 +318,22 @@ public class HadoopConfigHolder {
return ret ;
}
+ public String getHadoopSecurityAuthentication() {
+ Properties repoParam = null ;
+ String ret = null;
+
+ HashMap<String,Properties> resourceName2PropertiesMap = dataSource2ResourceListMap.get(this.getDatasourceName()) ;
+
+ if ( resourceName2PropertiesMap != null) {
+ repoParam=resourceName2PropertiesMap.get(DEFAULT_RESOURCE_NAME);
+ }
+
+ if ( repoParam != null ) {
+ ret = (String)repoParam.get(HADOOP_SECURITY_AUTHENTICATION);
+ }
+ return ret;
+ }
+
public String getUserName() {
return userName;
}
@@ -325,7 +354,7 @@ public class HadoopConfigHolder {
return isKerberosAuth;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java b/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
index eaca5bc..dcb80d7 100644
--- a/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
+++ b/lookup-client/src/main/java/com/xasecure/hbase/client/HBaseClient.java
@@ -37,7 +37,6 @@ import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.security.SecureClientLogin;
-import org.apache.hadoop.security.UserGroupInformation;
import com.xasecure.hadoop.client.config.BaseClient;
@@ -48,13 +47,11 @@ public class HBaseClient extends BaseClient {
private Subject subj = null ;
public HBaseClient(String dataSource) {
- super(dataSource) ;
- initHBase() ;
+ super(dataSource) ;
}
public HBaseClient(String dataSource,HashMap<String,String> connectionProp) {
- super(dataSource, addDefaultHBaseProp(connectionProp)) ;
- initHBase() ;
+ super(dataSource, addDefaultHBaseProp(connectionProp)) ;
}
//TODO: temporary solution - to be added to the UI for HBase
@@ -77,32 +74,10 @@ public class HBaseClient extends BaseClient {
}
return connectionProp;
}
-
- public void initHBase() {
- try {
- if (UserGroupInformation.isSecurityEnabled()) {
- LOG.info("initHBase:security enabled");
- if (getConfigHolder().getKeyTabFile() == null) {
- LOG.info("initHBase: using username/password");
- subj = SecureClientLogin.loginUserWithPassword(getConfigHolder().getUserName(), getConfigHolder().getPassword()) ;
- }
- else {
- LOG.info("initHBase: using username/keytab");
- subj = SecureClientLogin.loginUserFromKeytab(getConfigHolder().getUserName() , getConfigHolder().getKeyTabFile()) ;
- }
- }
- else {
- LOG.info("initHBase: security not enabled, using username");
- subj = SecureClientLogin.login(getConfigHolder().getUserName()) ;
- }
- } catch (IOException e) {
- LOG.error("Unable to perform secure login to Hbase environment [" + getConfigHolder().getDatasourceName() + "]", e);
- }
- }
public boolean getHBaseStatus() {
boolean hbaseStatus = false;
-
+ subj = getLoginSubject();
if (subj != null) {
ClassLoader prevCl = Thread.currentThread().getContextClassLoader() ;
try {
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3c7f3ff4/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
----------------------------------------------------------------------
diff --git a/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java b/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
index c9312d4..8b697ad 100644
--- a/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
+++ b/lookup-client/src/main/java/com/xasecure/hive/client/HiveClient.java
@@ -20,7 +20,6 @@
package com.xasecure.hive.client;
import java.io.Closeable;
-import java.io.IOException;
import java.security.PrivilegedAction;
import java.sql.Connection;
import java.sql.Driver;
@@ -38,7 +37,6 @@ import javax.security.auth.Subject;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.security.SecureClientLogin;
import com.xasecure.hadoop.client.config.BaseClient;
import com.xasecure.hadoop.client.exceptions.HadoopException;
@@ -48,6 +46,8 @@ public class HiveClient extends BaseClient implements Closeable {
private static final Log LOG = LogFactory.getLog(HiveClient.class) ;
Connection con = null ;
+ boolean isKerberosAuth=false;
+
public HiveClient(String dataSource) {
super(dataSource) ;
@@ -58,43 +58,27 @@ public class HiveClient extends BaseClient implements Closeable {
super(dataSource,connectionProp) ;
initHive() ;
}
-
public void initHive() {
- try {
- Subject subj = null ;
-
- if (getConfigHolder().isKerberosAuthentication()) {
- if (getConfigHolder().getKeyTabFile() != null) {
- LOG.info("Since KeyTab is provided, Trying to use SecureClientLogin with KeyTab based login");
- subj = SecureClientLogin.loginUserFromKeytab(getConfigHolder().getUserName() , getConfigHolder().getKeyTabFile()) ;
- }
- else {
- LOG.info("Since Password is provided, Trying to use SecureClientLogin with Password");
- subj = SecureClientLogin.loginUserWithPassword(getConfigHolder().getUserName() , getConfigHolder().getPassword()) ;
+
+ isKerberosAuth = getConfigHolder().isKerberosAuthentication();
+ if (isKerberosAuth) {
+ Subject.doAs(getLoginSubject(), new PrivilegedAction<Object>() {
+ public Object run() {
+ initConnection();
+ return null;
}
-
- Subject.doAs(subj, new PrivilegedAction<Object>() {
- public Object run() {
- initConnection();
- return null;
- }
- }) ;
-
- }
- else {
- LOG.info("Since Password is NOT provided, Trying to use UnSecure client with username and password");
- String userName = getConfigHolder().getUserName() ;
- String password = getConfigHolder().getPassword() ;
- initConnection(userName,password);
- }
- } catch (IOException e) {
- LOG.error("Unable to perform secure login to Hive environment [" + getConfigHolder().getDatasourceName() + "]", e);
+ }) ;
+ }
+ else {
+ LOG.info("Since Password is NOT provided, Trying to use UnSecure client with username and password");
+ String userName = getConfigHolder().getUserName() ;
+ String password = getConfigHolder().getPassword() ;
+ initConnection(userName,password);
}
+
}
-
-
public List<String> getDatabaseList(String databaseMatching) {
List<String> ret = new ArrayList<String>() ;
if (con != null) {
@@ -266,11 +250,11 @@ public class HiveClient extends BaseClient implements Closeable {
private void initConnection(String userName, String password) {
+
Properties prop = getConfigHolder().getXASecureSection() ;
-
String driverClassName = prop.getProperty("jdbc.driverClassName") ;
- String url = prop.getProperty("jdbc.url") ;
-
+ String url = prop.getProperty("jdbc.url") ;
+
if (driverClassName != null) {
try {
Driver driver = (Driver)Class.forName(driverClassName).newInstance() ;
@@ -280,20 +264,23 @@ public class HiveClient extends BaseClient implements Closeable {
}
}
+
try {
+
if (userName == null && password == null) {
con = DriverManager.getConnection(url) ;
}
else {
+
con = DriverManager.getConnection(url, userName, password) ;
+
}
+
} catch (SQLException e) {
throw new HadoopException("Unable to connect to Hive Thrift Server instance", e) ;
}
-
}
-
-
+
public static void main(String[] args) {
[2/2] git commit: Argus-88 - Fix for TestConnection check in Argus
Admin portal fails in Kerberos environment hdfs, hive and hbase repository
Posted by rm...@apache.org.
Argus-88 - Fix for TestConnection check in Argus Admin portal fails in
Kerberos environment hdfs, hive and hbase repository
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/61b3f4a3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/61b3f4a3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/61b3f4a3
Branch: refs/heads/master
Commit: 61b3f4a356df262bbcb1d9e0c6c4d62b6d500beb
Parents: 3c7f3ff e8eb9ae
Author: rmani <rm...@hortonworks.com>
Authored: Thu Oct 2 17:29:18 2014 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Thu Oct 2 17:34:15 2014 -0700
----------------------------------------------------------------------
hbase-agent/conf/hbase-site-changes.cfg | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------