You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2020/04/04 20:37:05 UTC
[ranger] branch master updated: RANGER-2777:Ranger Knox Plugin
failed to download Roles
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 7b66386 RANGER-2777:Ranger Knox Plugin failed to download Roles
7b66386 is described below
commit 7b66386ebbd81337888cbc3b5b0fc65c2a8aa4a1
Author: Ramesh Mani <ra...@gmail.com>
AuthorDate: Sat Apr 4 13:36:10 2020 -0700
RANGER-2777:Ranger Knox Plugin failed to download Roles
---
.../apache/ranger/plugin/util/RangerRESTUtils.java | 73 ----------------------
.../admin/client/RangerAdminJersey2RESTClient.java | 56 ++++++++++++-----
2 files changed, 42 insertions(+), 87 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
index 3e402aa..adf0c0a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
@@ -26,7 +26,6 @@ import java.net.UnknownHostException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.conf.Configuration;
import com.kstruct.gethostname4j.Hostname;
/**
@@ -45,9 +44,6 @@ public class RangerRESTUtils {
public static final String REST_URL_SECURE_SERVICE_GRANT_ACCESS = "/service/plugins/secure/services/grant/";
public static final String REST_URL_SECURE_SERVICE_REVOKE_ACCESS = "/service/plugins/secure/services/revoke/";
- public static final String REST_URL_ROLE_GET_FOR_SECURE_SERVICE_IF_UPDATED = "/service/roles/secure/download/";
- public static final String REST_URL_ROLE_GET_FOR_SERVICE_IF_UPDATED = "/service/roles/download/";
-
public static final String REST_URL_SERVICE_CREATE_ROLE = "/service/public/v2/api/roles/";
public static final String REST_URL_SERVICE_DROP_ROLE = "/service/public/v2/api/roles/name/";
public static final String REST_URL_SERVICE_GET_ALL_ROLES = "/service/public/v2/api/roles/names/";
@@ -102,75 +98,6 @@ public class RangerRESTUtils {
}
}
- public String getPolicyRestUrl(String propertyPrefix, Configuration config) {
- String url = config.get(propertyPrefix + ".policy.rest.url");
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerRESTUtils.getPolicyRestUrl(" + url + ")");
- }
-
- return url;
- }
-
- public String getSsslConfigFileName(String propertyPrefix, Configuration config) {
- String sslConfigFileName = config.get(propertyPrefix + ".policy.rest.ssl.config.file");
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerRESTUtils.getSsslConfigFileName(" + sslConfigFileName + ")");
- }
-
- return sslConfigFileName;
- }
-
- public String getUrlForPolicyUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName;
-
- return url;
- }
-
- public String getUrlForRoleUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_ROLE_GET_FOR_SERVICE_IF_UPDATED + serviceName;
-
- return url;
- }
-
-
- public String getSecureUrlForPolicyUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName;
- return url;
- }
-
- public String getSecureUrlForRoleUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_ROLE_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName;
- return url;
- }
-
- public String getUrlForTagUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_GET_SERVICE_TAGS_IF_UPDATED + serviceName;
-
- return url;
- }
-
- public String getSecureUrlForTagUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceName;
- return url;
- }
-
- public boolean isSsl(String _baseUrl) {
- return !StringUtils.isEmpty(_baseUrl) && _baseUrl.toLowerCase().startsWith("https");
- }
-
- public String getUrlForGrantAccess(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_SERVICE_GRANT_ACCESS + serviceName;
-
- return url;
- }
-
- public String getUrlForRevokeAccess(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_SERVICE_REVOKE_ACCESS + serviceName;
-
- return url;
- }
public String getPluginId(String serviceName, String appId) {
String hostName = null;
diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index b2184b6..1beef86 100644
--- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -20,6 +20,8 @@
package org.apache.ranger.admin.client;
import java.lang.reflect.Type;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
import java.security.PrivilegedAction;
import java.util.Date;
import java.util.HashMap;
@@ -61,13 +63,11 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
// none of the members are public -- this is only for testability. None of these is meant to be accessible
private static final Log LOG = LogFactory.getLog(RangerAdminJersey2RESTClient.class);
- RangerRESTUtils _utils = new RangerRESTUtils();
-
+
boolean _isSSL = false;
volatile Client _client = null;
SSLContext _sslContext = null;
HostnameVerifier _hv;
- String _baseUrl = "";
String _sslConfigFileName = null;
String _serviceName = null;
String _clusterName = null;
@@ -79,6 +79,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
private int lastKnownActiveUrlIndex;
private List<String> configURLs;
private final String pluginCapabilities = Long.toHexString(new RangerPluginCapability().getPluginCapabilities());
+ private static final int MAX_PLUGIN_ID_LEN = 255;
@Override
public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
@@ -88,13 +89,13 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
super.init(serviceName, appId, configPropertyPrefix, config);
- _serviceName = serviceName;
- _pluginId = _utils.getPluginId(serviceName, appId);
- String tmpUrl = _utils.getPolicyRestUrl(configPropertyPrefix, config);
- _sslConfigFileName = _utils.getSsslConfigFileName(configPropertyPrefix, config);
+ _serviceName = serviceName;
+ _pluginId = getPluginId(serviceName, appId);
+ String tmpUrl = config.get(configPropertyPrefix + ".policy.rest.url");
+ _sslConfigFileName = config.get(configPropertyPrefix + ".policy.rest.ssl.config.file");
_restClientConnTimeOutMs = config.getInt(configPropertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000);
_restClientReadTimeOutMs = config.getInt(configPropertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000);
- _clusterName = config.get(configPropertyPrefix + ".access.cluster.name", "");
+ _clusterName = config.get(configPropertyPrefix + ".access.cluster.name", "");
if(StringUtil.isEmpty(_clusterName)){
_clusterName =config.get(configPropertyPrefix + ".ambari.cluster.name", "");
}
@@ -109,9 +110,9 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
configURLs = StringUtil.getURLs(tmpUrl);
this.lastKnownActiveUrlIndex = new Random().nextInt(configURLs.size());
- _baseUrl = configURLs.get(this.lastKnownActiveUrlIndex);
- _isSSL = _utils.isSsl(_baseUrl);
- LOG.info("Init params: " + String.format("Base URL[%s], SSL Config filename[%s], ServiceName=[%s], SupportsPolicyDeltas=[%s], ConfigURLs=[%s]", _baseUrl, _sslConfigFileName, _serviceName, _supportsPolicyDeltas, _supportsTagDeltas, configURLs));
+ String url = configURLs.get(this.lastKnownActiveUrlIndex);
+ _isSSL = isSsl(url);
+ LOG.info("Init params: " + String.format("Base URL[%s], SSL Config filename[%s], ServiceName=[%s], SupportsPolicyDeltas=[%s], ConfigURLs=[%s]", url, _sslConfigFileName, _serviceName, _supportsPolicyDeltas, _supportsTagDeltas, configURLs));
_client = getClient();
_client.property(ClientProperties.CONNECT_TIMEOUT, _restClientConnTimeOutMs);
@@ -234,7 +235,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
LOG.debug("Checking Roles if updated as user : " + user);
}
- relativeURL = _utils.getSecureUrlForRoleUpdate(_baseUrl, _serviceName);
+ relativeURL = RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USER_GROUP_ROLES + _serviceName;
final String secureRelativeUrl = relativeURL;
PrivilegedAction<Response> action = new PrivilegedAction<Response>() {
public Response run() {
@@ -247,7 +248,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
LOG.debug("Checking Roles if updated with old api call");
}
- relativeURL = _utils.getUrlForRoleUpdate(_baseUrl, _serviceName);
+ relativeURL = RangerRESTUtils.REST_URL_SERVICE_GET_USER_GROUP_ROLES + _serviceName;
response = get(queryParams, relativeURL);
}
@@ -537,7 +538,7 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
LOG.warn("Failed to communicate with Ranger Admin, URL : " + configURLs.get(currentIndex));
if (index == configURLs.size() - 1) {
throw new ClientHandlerException(
- "Failed to communicate with all Ranger Admin's URL's : [ " + configURLs + " ]");
+ "Failed to communicate with all Ranger Admin's URL's : [ " + configURLs + " ]", e);
}
}
}
@@ -558,4 +559,31 @@ public class RangerAdminJersey2RESTClient extends AbstractRangerAdminClient {
private void setLastKnownActiveUrlIndex(int lastKnownActiveUrlIndex) {
this.lastKnownActiveUrlIndex = lastKnownActiveUrlIndex;
}
+
+ private boolean isSsl(String url) {
+ return !StringUtils.isEmpty(url) && url.toLowerCase().startsWith("https");
+ }
+
+ private String getPluginId(String serviceName, String appId) {
+ String hostName = null;
+
+ try {
+ hostName = InetAddress.getLocalHost().getHostName();
+ } catch (UnknownHostException e) {
+ LOG.error("ERROR: Unable to find hostname for the agent ", e);
+ hostName = "unknownHost";
+ }
+
+ String ret = hostName + "-" + serviceName;
+
+ if(! StringUtils.isEmpty(appId)) {
+ ret = appId + "@" + ret;
+ }
+
+ if (ret.length() > MAX_PLUGIN_ID_LEN ) {
+ ret = ret.substring(0,MAX_PLUGIN_ID_LEN);
+ }
+
+ return ret ;
+ }
}