You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by bhavik patel <bh...@gmail.com> on 2020/07/06 05:42:58 UTC

Re: Review Request 72591: RANGER-2861 : Support username and keytab to authenticate ES service to use as an Ranger Audit Store

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/
-----------------------------------------------------------

(Updated July 6, 2020, 5:42 a.m.)


Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2861
    https://issues.apache.org/jira/browse/RANGER-2861


Repository: ranger


Description
-------

Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also required to support username and keytab.


Diffs (updated)
-----

  agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java bda582a 
  agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java PRE-CREATION 
  agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java PRE-CREATION 
  agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java PRE-CREATION 
  agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java PRE-CREATION 
  distro/src/main/assembly/admin-web.xml a632011 
  embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java 886091e 
  security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java a060877 


Diff: https://reviews.apache.org/r/72591/diff/2/

Changes: https://reviews.apache.org/r/72591/diff/1-2/


Testing
-------

After setting the ES username and passowrd(keytab) in install.properties ranger admin is able to read audit logs from ES also ranger plugins able to write the logs to ES.


Thanks,

bhavik patel

Re: Review Request 72591: RANGER-2861 : Support username and keytab to authenticate ES service to use as an Ranger Audit Store

Posted by Pradeep Agrawal <pr...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/#review221166
-----------------------------------------------------------


Ship it!




Ship It!

- Pradeep Agrawal


On July 6, 2020, 5:42 a.m., bhavik patel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72591/
> -----------------------------------------------------------
> 
> (Updated July 6, 2020, 5:42 a.m.)
> 
> 
> Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2861
>     https://issues.apache.org/jira/browse/RANGER-2861
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also required to support username and keytab.
> 
> 
> Diffs
> -----
> 
>   agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java bda582a 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java PRE-CREATION 
>   distro/src/main/assembly/admin-web.xml a632011 
>   embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java 886091e 
>   security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java a060877 
> 
> 
> Diff: https://reviews.apache.org/r/72591/diff/2/
> 
> 
> Testing
> -------
> 
> After setting the ES username and passowrd(keytab) in install.properties ranger admin is able to read audit logs from ES also ranger plugins able to write the logs to ES.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 72591: RANGER-2861 : Support username and keytab to authenticate ES service to use as an Ranger Audit Store

Posted by Pradeep Agrawal <pr...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/#review221167
-----------------------------------------------------------


Ship it!




Ship It!

- Pradeep Agrawal


On July 6, 2020, 5:42 a.m., bhavik patel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72591/
> -----------------------------------------------------------
> 
> (Updated July 6, 2020, 5:42 a.m.)
> 
> 
> Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2861
>     https://issues.apache.org/jira/browse/RANGER-2861
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also required to support username and keytab.
> 
> 
> Diffs
> -----
> 
>   agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java bda582a 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java PRE-CREATION 
>   distro/src/main/assembly/admin-web.xml a632011 
>   embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java 886091e 
>   security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java a060877 
> 
> 
> Diff: https://reviews.apache.org/r/72591/diff/2/
> 
> 
> Testing
> -------
> 
> After setting the ES username and passowrd(keytab) in install.properties ranger admin is able to read audit logs from ES also ranger plugins able to write the logs to ES.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>