You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Ankita Sinha <an...@freestoneinfotech.com> on 2016/04/28 09:33:44 UTC

Review Request 46764: Modify ranger kms to use service identity to download policies from ranger admin in kerberos environment

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46764/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-957
    https://issues.apache.org/jira/browse/RANGER-957


Repository: ranger


Description
-------

As Ranger now supports Kerberos authentication, Make changes in download policies section for Ranger KMS to use Ranger KMS Kerberos credential.

Also handle lookup and Test connection for Ranger KMS in kerberized environment.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java afa347e 
  agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java 1f3987f 
  agents-common/src/main/resources/resourcenamemap.properties 9bfaf61 
  kms/config/kms-webapp/dbks-site.xml f649264 
  kms/pom.xml af2138a 
  kms/scripts/install.properties fceae8f 
  kms/scripts/ranger-kms 74ecd05 
  kms/scripts/setup.sh 6019526 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java 79652f3 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java f4f9d3e 
  kms/src/main/webapp/WEB-INF/web.xml 6aef672 
  plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 34ac4b9 
  plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java 6a79433 
  plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java 5e96a1c 
  plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java 6b96515 
  security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 82dc190 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java e0f22d2 
  security-admin/src/main/resources/resourcenamemap.properties 16bf704 
  src/main/assembly/kms.xml 44276cc 

Diff: https://reviews.apache.org/r/46764/diff/


Testing
-------

1. Tested Ranger KMS on simple environment with installation.
2. Tested Key operation on simple environment.
3. Tested Ranger KMS on kerberos environment with installation.
4. Tested Key operation on kerberos environment.
5. Tested download policy, test connection and resource lookup in kerberos environment.


Thanks,

Ankita Sinha

Re: Review Request 46764: Modify ranger kms to use service identity to download policies from ranger admin in kerberos environment

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46764/#review130913
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On April 28, 2016, 7:33 a.m., Ankita Sinha wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46764/
> -----------------------------------------------------------
> 
> (Updated April 28, 2016, 7:33 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-957
>     https://issues.apache.org/jira/browse/RANGER-957
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> As Ranger now supports Kerberos authentication, Make changes in download policies section for Ranger KMS to use Ranger KMS Kerberos credential.
> 
> Also handle lookup and Test connection for Ranger KMS in kerberized environment.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java afa347e 
>   agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java 1f3987f 
>   agents-common/src/main/resources/resourcenamemap.properties 9bfaf61 
>   kms/config/kms-webapp/dbks-site.xml f649264 
>   kms/pom.xml af2138a 
>   kms/scripts/install.properties fceae8f 
>   kms/scripts/ranger-kms 74ecd05 
>   kms/scripts/setup.sh 6019526 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java 79652f3 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java f4f9d3e 
>   kms/src/main/webapp/WEB-INF/web.xml 6aef672 
>   plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 34ac4b9 
>   plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java 6a79433 
>   plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java 5e96a1c 
>   plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java 6b96515 
>   security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 82dc190 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java e0f22d2 
>   security-admin/src/main/resources/resourcenamemap.properties 16bf704 
>   src/main/assembly/kms.xml 44276cc 
> 
> Diff: https://reviews.apache.org/r/46764/diff/
> 
> 
> Testing
> -------
> 
> 1. Tested Ranger KMS on simple environment with installation.
> 2. Tested Key operation on simple environment.
> 3. Tested Ranger KMS on kerberos environment with installation.
> 4. Tested Key operation on kerberos environment.
> 5. Tested download policy, test connection and resource lookup in kerberos environment.
> 
> 
> Thanks,
> 
> Ankita Sinha
> 
>