You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2020/09/21 12:53:19 UTC
[ranger] branch master updated: RANGER-2998 : API for Ranger KMS
service status
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3f8df5d RANGER-2998 : API for Ranger KMS service status
3f8df5d is described below
commit 3f8df5d9bced7641e29f1469a52b5e8ab686e5d4
Author: Dhaval B. Shah <dh...@gmail.com>
AuthorDate: Sun Sep 20 18:36:42 2020 +0530
RANGER-2998 : API for Ranger KMS service status
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../key/kms/server/KMSAuthenticationFilter.java | 55 ++++++++++++----------
.../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 31 +++++++-----
.../crypto/key/kms/server/RangerKMSRestApi.java | 41 ++++++++++++++++
3 files changed, 91 insertions(+), 36 deletions(-)
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
index 944b3d4..ca13a53 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
@@ -49,6 +49,7 @@ public class KMSAuthenticationFilter
public static final String CONFIG_PREFIX = KMSConfiguration.CONFIG_PREFIX +
"authentication.";
+ static final String RANGER_KMS_REST_API_PATH = "/kms/api/status";
@Override
protected Properties getConfiguration(String configPrefix,
@@ -126,32 +127,38 @@ public class KMSAuthenticationFilter
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
KMSResponse kmsResponse = new KMSResponse(response);
- super.doFilter(request, kmsResponse, filterChain);
+ String path = ((HttpServletRequest) request).getRequestURI();
+ if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
+ filterChain.doFilter(request, response);
+ } else {
+ super.doFilter(request, kmsResponse, filterChain);
- if (kmsResponse.statusCode != HttpServletResponse.SC_OK &&
- kmsResponse.statusCode != HttpServletResponse.SC_CREATED &&
- kmsResponse.statusCode != HttpServletResponse.SC_UNAUTHORIZED) {
- KMSWebApp.getInvalidCallsMeter().mark();
- }
+ if (kmsResponse.statusCode != HttpServletResponse.SC_OK
+ && kmsResponse.statusCode != HttpServletResponse.SC_CREATED
+ && kmsResponse.statusCode != HttpServletResponse.SC_UNAUTHORIZED) {
+ KMSWebApp.getInvalidCallsMeter().mark();
+ }
- // HttpServletResponse.SC_UNAUTHORIZED is because the request does not
- // belong to an authenticated user.
- if (kmsResponse.statusCode == HttpServletResponse.SC_UNAUTHORIZED) {
- KMSWebApp.getUnauthenticatedCallsMeter().mark();
- String method = ((HttpServletRequest) request).getMethod();
- StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
- String queryString = ((HttpServletRequest) request).getQueryString();
- if (queryString != null) {
- requestURL.append("?").append(queryString);
- }
+ // HttpServletResponse.SC_UNAUTHORIZED is because the request does not
+ // belong to an authenticated user.
+ if (kmsResponse.statusCode == HttpServletResponse.SC_UNAUTHORIZED) {
- if (!method.equals("OPTIONS")) {
- // an HTTP OPTIONS request is made as part of the SPNEGO authentication
- // sequence. We do not need to audit log it, since it doesn't belong
- // to KMS context. KMS server doesn't handle OPTIONS either.
- KMSWebApp.getKMSAudit().unauthenticated(request.getRemoteHost(), method,
- requestURL.toString(), kmsResponse.msg);
- }
- }
+ KMSWebApp.getUnauthenticatedCallsMeter().mark();
+ String method = ((HttpServletRequest) request).getMethod();
+ StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
+ String queryString = ((HttpServletRequest) request).getQueryString();
+ if (queryString != null) {
+ requestURL.append("?").append(queryString);
+ }
+
+ if (!method.equals("OPTIONS")) {
+ // an HTTP OPTIONS request is made as part of the SPNEGO authentication
+ // sequence. We do not need to audit log it, since it doesn't belong
+ // to KMS context. KMS server doesn't handle OPTIONS either.
+ KMSWebApp.getKMSAudit().unauthenticated(request.getRemoteHost(), method, requestURL.toString(),
+ kmsResponse.msg);
+ }
+ }
+ }
}
}
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index da8f715..f0e92b8 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -20,7 +20,6 @@ package org.apache.hadoop.crypto.key.kms.server;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
-
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -36,7 +35,8 @@ import java.io.IOException;
*/
@InterfaceAudience.Private
public class KMSMDCFilter implements Filter {
-
+
+ static final String RANGER_KMS_REST_API_PATH = "/kms/api/status";
private static class Data {
private UserGroupInformation ugi;
private String method;
@@ -72,18 +72,25 @@ public class KMSMDCFilter implements Filter {
FilterChain chain)
throws IOException, ServletException {
try {
- DATA_TL.remove();
- UserGroupInformation ugi = HttpUserGroupInformation.get();
- String method = ((HttpServletRequest) request).getMethod();
- StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
- String queryString = ((HttpServletRequest) request).getQueryString();
- if (queryString != null) {
- requestURL.append("?").append(queryString);
- }
- DATA_TL.set(new Data(ugi, method, requestURL.toString()));
- chain.doFilter(request, response);
+ String path = ((HttpServletRequest) request).getRequestURI();
+
+ if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
+ chain.doFilter(request, response);
+ } else {
+ DATA_TL.remove();
+ UserGroupInformation ugi = HttpUserGroupInformation.get();
+ String method = ((HttpServletRequest) request).getMethod();
+ StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
+ String queryString = ((HttpServletRequest) request).getQueryString();
+ if (queryString != null) {
+ requestURL.append("?").append(queryString);
+ }
+ DATA_TL.set(new Data(ugi, method, requestURL.toString()));
+ chain.doFilter(request, response);
+ }
} finally {
DATA_TL.remove();
+
}
}
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
new file mode 100644
index 0000000..04d26f7
--- /dev/null
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.crypto.key.kms.server;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.google.gson.JsonObject;
+
+@Path("/api")
+public class RangerKMSRestApi {
+ static final Logger LOG = LoggerFactory.getLogger(RangerKMSRestApi.class);
+ @GET
+ @Path("status")
+ public Response getStatus() {
+ JsonObject jsonObject = new JsonObject();
+ jsonObject.addProperty("status", "Ranger KMS service is running");
+ return Response.status(200).type(MediaType.APPLICATION_JSON).entity(jsonObject.toString()).build();
+
+ }
+
+}