You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2017/02/14 00:17:03 UTC
incubator-atlas git commit: ATLAS-1546: Hive hook should choose
appropriate JAAS config when host uses kerberos ticket-cache
Repository: incubator-atlas
Updated Branches:
refs/heads/master 29396c9df -> 169ab553c
ATLAS-1546: Hive hook should choose appropriate JAAS config when host uses kerberos ticket-cache
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/169ab553
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/169ab553
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/169ab553
Branch: refs/heads/master
Commit: 169ab553c6aa5af753f6be6142d29e78c701cf05
Parents: 29396c9
Author: nixonrodrigues <ni...@freestoneinfotech.com>
Authored: Fri Feb 10 18:58:52 2017 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Feb 13 16:15:33 2017 -0800
----------------------------------------------------------------------
.../security/InMemoryJAASConfiguration.java | 53 +++++++++++++++--
...ConfigurationTicketBasedKafkaClientTest.java | 60 ++++++++++++++++++++
common/src/test/resources/atlas-jaas.properties | 7 ++-
.../java/org/apache/atlas/hook/AtlasHook.java | 31 ++++++++++
release-log.txt | 1 +
5 files changed, 145 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/169ab553/common/src/main/java/org/apache/atlas/security/InMemoryJAASConfiguration.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/atlas/security/InMemoryJAASConfiguration.java b/common/src/main/java/org/apache/atlas/security/InMemoryJAASConfiguration.java
index ff80eca..8be6658 100644
--- a/common/src/main/java/org/apache/atlas/security/InMemoryJAASConfiguration.java
+++ b/common/src/main/java/org/apache/atlas/security/InMemoryJAASConfiguration.java
@@ -127,12 +127,15 @@ public final class InMemoryJAASConfiguration extends Configuration {
private static final String JAAS_CONFIG_LOGIN_MODULE_CONTROL_FLAG_PARAM = "loginModuleControlFlag";
private static final String JAAS_CONFIG_LOGIN_OPTIONS_PREFIX = "option";
private static final String JAAS_PRINCIPAL_PROP = "principal";
+ private static final Map<String, String> configSectionRedirects = new HashMap<>();
private Configuration parent = null;
private Map<String, List<AppConfigurationEntry>> applicationConfigEntryMap = new HashMap<>();
public static void init(String propFile) throws AtlasException {
- LOG.debug("==> InMemoryJAASConfiguration.init( {} )", propFile);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> InMemoryJAASConfiguration.init({})", propFile);
+ }
InputStream in = null;
@@ -161,7 +164,9 @@ public final class InMemoryJAASConfiguration extends Configuration {
}
}
- LOG.debug("<== InMemoryJAASConfiguration.init( {} )", propFile);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== InMemoryJAASConfiguration.init({})", propFile);
+ }
}
public static void init(org.apache.commons.configuration.Configuration atlasConfiguration) throws AtlasException {
@@ -192,10 +197,26 @@ public final class InMemoryJAASConfiguration extends Configuration {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
- LOG.trace("==> InMemoryJAASConfiguration.getAppConfigurationEntry( {} )", name);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> InMemoryJAASConfiguration.getAppConfigurationEntry({})", name);
+ }
AppConfigurationEntry[] ret = null;
- List<AppConfigurationEntry> retList = applicationConfigEntryMap.get(name);
+ List<AppConfigurationEntry> retList = null;
+ String redirectedName = getConfigSectionRedirect(name);
+
+ if (redirectedName != null) {
+ retList = applicationConfigEntryMap.get(redirectedName);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Redirected jaasConfigSection ({} -> {}): ", name, redirectedName, retList);
+ }
+ }
+
+ if (retList == null || retList.size() == 0) {
+ retList = applicationConfigEntryMap.get(name);
+ }
+
if (retList == null || retList.size() == 0) {
if (parent != null) {
ret = parent.getAppConfigurationEntry(name);
@@ -206,7 +227,9 @@ public final class InMemoryJAASConfiguration extends Configuration {
ret = retList.toArray(ret);
}
- LOG.trace("==> InMemoryJAASConfiguration.getAppConfigurationEntry( {} ) : {}", name, ArrayUtils.toString(ret));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== InMemoryJAASConfiguration.getAppConfigurationEntry({}): {}", name, ArrayUtils.toString(ret));
+ }
return ret;
}
@@ -344,10 +367,28 @@ public final class InMemoryJAASConfiguration extends Configuration {
}
}
- LOG.debug("<== InMemoryJAASConfiguration.initialize()");
+ LOG.debug("<== InMemoryJAASConfiguration.initialize({})", applicationConfigEntryMap);
}
private static boolean isNumeric(String str) {
return str.matches("-?\\d+(\\.\\d+)?"); //match a number with optional '-' and decimal.
}
+
+ public static void setConfigSectionRedirect(String name, String redirectTo) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("setConfigSectionRedirect({}, {})", name, redirectTo);
+ }
+
+ if (name != null) {
+ if (redirectTo != null) {
+ configSectionRedirects.put(name, redirectTo);
+ } else {
+ configSectionRedirects.remove(name);
+ }
+ }
+ }
+
+ private static String getConfigSectionRedirect(String name) {
+ return name != null ? configSectionRedirects.get(name) : null;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/169ab553/common/src/test/java/org/apache/atlas/security/InMemoryJAASConfigurationTicketBasedKafkaClientTest.java
----------------------------------------------------------------------
diff --git a/common/src/test/java/org/apache/atlas/security/InMemoryJAASConfigurationTicketBasedKafkaClientTest.java b/common/src/test/java/org/apache/atlas/security/InMemoryJAASConfigurationTicketBasedKafkaClientTest.java
new file mode 100644
index 0000000..3d8175f
--- /dev/null
+++ b/common/src/test/java/org/apache/atlas/security/InMemoryJAASConfigurationTicketBasedKafkaClientTest.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.security;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+import org.testng.annotations.Test;
+
+
+@Test
+public class InMemoryJAASConfigurationTicketBasedKafkaClientTest extends TestCase {
+
+ private static final String ATLAS_JAAS_PROP_FILE = "atlas-jaas.properties";
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ try {
+ InMemoryJAASConfiguration.init(ATLAS_JAAS_PROP_FILE);
+ InMemoryJAASConfiguration.setConfigSectionRedirect("KafkaClient", "ticketBased-KafkaClient");
+ } catch (Throwable t) {
+ fail("InMemoryJAASConfiguration.init() is not expected to throw Exception:" + t);
+ }
+ }
+
+ protected void tearDown() throws Exception {
+ super.tearDown();
+ }
+
+
+ @Test
+ public void testGetAppConfigurationEntryStringForticketBasedKafkaClient() {
+
+ AppConfigurationEntry[] entries =
+ Configuration.getConfiguration().getAppConfigurationEntry("KafkaClient");
+ Assert.assertNotNull(entries);
+ Assert.assertEquals((String) entries[0].getOptions().get("useTicketCache"), "true");
+ }
+
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/169ab553/common/src/test/resources/atlas-jaas.properties
----------------------------------------------------------------------
diff --git a/common/src/test/resources/atlas-jaas.properties b/common/src/test/resources/atlas-jaas.properties
index 90a5682..9412fae 100644
--- a/common/src/test/resources/atlas-jaas.properties
+++ b/common/src/test/resources/atlas-jaas.properties
@@ -54,4 +54,9 @@ atlas.jaas.myClient.1.option.useKeyTab = true
atlas.jaas.myClient.1.option.storeKey = true
atlas.jaas.myClient.1.option.serviceName = kafka
atlas.jaas.myClient.1.option.keyTab = /etc/security/keytabs/kafka_client.keytab
-atlas.jaas.myClient.1.option.principal = kafka-client-1@EXAMPLE.COM
\ No newline at end of file
+atlas.jaas.myClient.1.option.principal = kafka-client-1@EXAMPLE.COM
+
+
+atlas.jaas.ticketBased-KafkaClient.loginModuleControlFlag=required
+atlas.jaas.ticketBased-KafkaClient.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
+atlas.jaas.ticketBased-KafkaClient.option.useTicketCache=true
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/169ab553/notification/src/main/java/org/apache/atlas/hook/AtlasHook.java
----------------------------------------------------------------------
diff --git a/notification/src/main/java/org/apache/atlas/hook/AtlasHook.java b/notification/src/main/java/org/apache/atlas/hook/AtlasHook.java
index 0534910..c8df08c 100644
--- a/notification/src/main/java/org/apache/atlas/hook/AtlasHook.java
+++ b/notification/src/main/java/org/apache/atlas/hook/AtlasHook.java
@@ -26,6 +26,7 @@ import org.apache.atlas.notification.NotificationException;
import org.apache.atlas.notification.NotificationInterface;
import org.apache.atlas.notification.NotificationModule;
import org.apache.atlas.notification.hook.HookNotification;
+import org.apache.atlas.security.InMemoryJAASConfiguration;
import org.apache.atlas.typesystem.Referenceable;
import org.apache.atlas.typesystem.json.InstanceSerialization;
import org.apache.commons.configuration.Configuration;
@@ -78,6 +79,12 @@ public abstract class AtlasHook {
failedMessagesLogger.init();
}
+ if (!isLoginKeytabBased()) {
+ if (isLoginTicketBased()) {
+ InMemoryJAASConfiguration.setConfigSectionRedirect("KafkaClient", "ticketBased-KafkaClient");
+ }
+ }
+
notificationRetryInterval = atlasProperties.getInt(ATLAS_NOTIFICATION_RETRY_INTERVAL, 1000);
Injector injector = Guice.createInjector(new NotificationModule());
notifInterface = injector.getInstance(NotificationInterface.class);
@@ -210,4 +217,28 @@ public abstract class AtlasHook {
}
}
+ private static boolean isLoginKeytabBased() {
+ boolean ret = false;
+
+ try {
+ ret = UserGroupInformation.isLoginKeytabBased();
+ } catch (Exception excp) {
+ LOG.error("error in determining whether to use ticket-cache or keytab for KafkaClient JAAS configuration", excp);
+ }
+
+ return ret;
+ }
+
+ private static boolean isLoginTicketBased() {
+ boolean ret = false;
+
+ try {
+ ret = UserGroupInformation.isLoginTicketBased();
+ } catch (Exception excp) {
+ LOG.error("error in determining whether to use ticket-cache or keytab for KafkaClient JAAS configuration", excp);
+ }
+
+ return ret;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/169ab553/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 6c13d70..44f4658 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -9,6 +9,7 @@ ATLAS-1060 Add composite indexes for exact match performance improvements for al
ATLAS-1127 Modify creation and modification timestamps to Date instead of Long(sumasai)
ALL CHANGES:
+ATLAS-1546 Hive hook should choose appropriate JAAS config when host uses kerberos ticket-cache (nixonrodrigues,gss2002 via mneethiraj)
ATLAS-1539 Integration tests in projects which use the typesystem test jar (e.g. webapp) can now be run successfully when invoked in the project directory (dkantor)
ATLAS-1542 Atlas server fails to start if duplicate types are found during Typesystem bootstrap (svimal2106)
ATLAS-1535 Some webapp tests are failing due to a stale Titan transaction (jnhagelberg)