You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by bhavik patel <bh...@gmail.com> on 2020/07/06 05:42:58 UTC
Re: Review Request 72591: RANGER-2861 : Support username and keytab to
authenticate ES service to use as an Ranger Audit Store
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/
-----------------------------------------------------------
(Updated July 6, 2020, 5:42 a.m.)
Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2861
https://issues.apache.org/jira/browse/RANGER-2861
Repository: ranger
Description
-------
Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also required to support username and keytab.
Diffs (updated)
-----
agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java bda582a
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java PRE-CREATION
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java PRE-CREATION
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java PRE-CREATION
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java PRE-CREATION
distro/src/main/assembly/admin-web.xml a632011
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java 886091e
security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java a060877
Diff: https://reviews.apache.org/r/72591/diff/2/
Changes: https://reviews.apache.org/r/72591/diff/1-2/
Testing
-------
After setting the ES username and passowrd(keytab) in install.properties ranger admin is able to read audit logs from ES also ranger plugins able to write the logs to ES.
Thanks,
bhavik patel
Re: Review Request 72591: RANGER-2861 : Support username and keytab to
authenticate ES service to use as an Ranger Audit Store
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/#review221166
-----------------------------------------------------------
Ship it!
Ship It!
- Pradeep Agrawal
On July 6, 2020, 5:42 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72591/
> -----------------------------------------------------------
>
> (Updated July 6, 2020, 5:42 a.m.)
>
>
> Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2861
> https://issues.apache.org/jira/browse/RANGER-2861
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also required to support username and keytab.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java bda582a
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java PRE-CREATION
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java PRE-CREATION
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java PRE-CREATION
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java PRE-CREATION
> distro/src/main/assembly/admin-web.xml a632011
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java 886091e
> security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java a060877
>
>
> Diff: https://reviews.apache.org/r/72591/diff/2/
>
>
> Testing
> -------
>
> After setting the ES username and passowrd(keytab) in install.properties ranger admin is able to read audit logs from ES also ranger plugins able to write the logs to ES.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 72591: RANGER-2861 : Support username and keytab to
authenticate ES service to use as an Ranger Audit Store
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/#review221167
-----------------------------------------------------------
Ship it!
Ship It!
- Pradeep Agrawal
On July 6, 2020, 5:42 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72591/
> -----------------------------------------------------------
>
> (Updated July 6, 2020, 5:42 a.m.)
>
>
> Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2861
> https://issues.apache.org/jira/browse/RANGER-2861
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also required to support username and keytab.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java bda582a
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java PRE-CREATION
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java PRE-CREATION
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java PRE-CREATION
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java PRE-CREATION
> distro/src/main/assembly/admin-web.xml a632011
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java 886091e
> security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java a060877
>
>
> Diff: https://reviews.apache.org/r/72591/diff/2/
>
>
> Testing
> -------
>
> After setting the ES username and passowrd(keytab) in install.properties ranger admin is able to read audit logs from ES also ranger plugins able to write the logs to ES.
>
>
> Thanks,
>
> bhavik patel
>
>