This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 6d05bb8 KNOX-1835 - Jupyter Enterprise Gateway - KERNEL_USERNAME
should be added when not present (#79)
6d05bb8 is described below
commit 6d05bb882a78403470d161a7f7116a147b69fb0a
Author: Bhanu Teja Allaparthi <[email protected]>
AuthorDate: Fri Mar 29 11:53:37 2019 -0700
KNOX-1835 - Jupyter Enterprise Gateway - KERNEL_USERNAME should be added
when not present (#79)
---
gateway-release/pom.xml | 6 +-
.../main/resources/services/jkg/1.1.2/service.xml | 13 +--
gateway-service-jkg/pom.xml | 63 +++++++++++++
.../org/apache/knox/gateway/jkg/JkgDispatch.java | 105 +++++++++++++++++++++
pom.xml | 16 +++-
5 files changed, 185 insertions(+), 18 deletions(-)
diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml
index c55da16..b500844 100644
--- a/gateway-release/pom.xml
+++ b/gateway-release/pom.xml
@@ -28,7 +28,7 @@
<artifactId>gateway-release</artifactId>
<name>gateway-release</name>
<description>The gateway binary release packaging.</description>
-
+
<profiles>
<profile>
<id>package</id>
@@ -214,6 +214,10 @@
</dependency>
<dependency>
<groupId>org.apache.knox</groupId>
+ <artifactId>gateway-service-jkg</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.knox</groupId>
<artifactId>gateway-service-tgs</artifactId>
</dependency>
<dependency>
diff --git
a/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
b/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
index fff3f63..5d7e4eb 100644
---
a/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
+++
b/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
@@ -28,24 +28,13 @@
<rewrite apply="JKG/jkg/inbound/api/kernelspecs/query"
to="request.url"/>
</route>
<route path="/jkg/api/kernels">
- <policies>
- <policy role="webappsec"/>
- <policy role="authentication"/>
- <policy role="rewrite"/>
- <policy role="authorization"/>
- </policies>
<rewrite apply="JKG/jkg/inbound/api/kernelsurl" to="request.url"/>
<rewrite apply="JKG/jkg/outbound/api/kernels" to="response.body"/>
<rewrite apply="JKG/jkg/inbound/api/kernels" to="request.body"/>
</route>
<route path="/jkg/api/kernels/*">
- <policies>
- <policy role="webappsec"/>
- <policy role="authentication"/>
- <policy role="rewrite"/>
- <policy role="authorization"/>
- </policies>
<rewrite apply="JKG/jkg/inbound/api/kernel/query"
to="request.url"/>
</route>
</routes>
+ <dispatch classname="org.apache.knox.gateway.jkg.JkgDispatch"/>
</service>
diff --git a/gateway-service-jkg/pom.xml b/gateway-service-jkg/pom.xml
new file mode 100644
index 0000000..799bed5
--- /dev/null
+++ b/gateway-service-jkg/pom.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway</artifactId>
+ <version>1.3.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>gateway-service-jkg</artifactId>
+ <name>gateway-service-jkg</name>
+ <description>The extension to the gateway for supporting jkg.</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway-provider-rewrite</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway-test-utils</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git
a/gateway-service-jkg/src/main/java/org/apache/knox/gateway/jkg/JkgDispatch.java
b/gateway-service-jkg/src/main/java/org/apache/knox/gateway/jkg/JkgDispatch.java
new file mode 100644
index 0000000..6b6839f
--- /dev/null
+++
b/gateway-service-jkg/src/main/java/org/apache/knox/gateway/jkg/JkgDispatch.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.jkg;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.knox.gateway.dispatch.DefaultDispatch;
+import org.apache.knox.gateway.filter.rewrite.impl.UrlRewriteRequestStream;
+import org.apache.knox.gateway.security.SubjectUtils;
+
+
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+
+/**
+ * This specialized dispatch provides Jupyter Kernel Gateway specific features
to the
+ * default dispatch.
+ */
+public class JkgDispatch extends DefaultDispatch {
+
+ @Override
+ public void doPost(URI url, HttpServletRequest request, HttpServletResponse
response)
+ throws IOException, URISyntaxException {
+ super.doPost(url, new JkgHttpServletRequest(request), response);
+ }
+
+ /**
+ * HttpServletRequest that adds or sets the KERNEL_USERNAME parameter on the
json body
+ */
+ private class JkgHttpServletRequest extends HttpServletRequestWrapper {
+ private final List<String> kernelEndpoints = Arrays.asList("/kernels");
+
+ JkgHttpServletRequest(HttpServletRequest request) {
+ super(request);
+ }
+
+ @Override
+ public ServletInputStream getInputStream() throws IOException {
+ ServletInputStream inputStream = super.getInputStream();
+
+ HttpServletRequest request = (HttpServletRequest)getRequest();
+ String requestURI = request.getRequestURI();
+ if(matchkernelEndpoints(requestURI)) {
+ // Parse the json object from the request
+ ObjectMapper objectMapper = new ObjectMapper();
+
+ Map<String, Object> jsonMap = objectMapper.readValue(inputStream, new
TypeReference<Map<String,Object>>(){});
+
+ Map<String, Object> envMap =
objectMapper.convertValue(jsonMap.get("env"), Map.class);
+ // Force the KERNEL_USERNAME to be set to the remote user
+ envMap.put("KERNEL_USERNAME",
SubjectUtils.getCurrentEffectivePrincipalName());
+
+ jsonMap.put("env", envMap);
+
+ // Create the new ServletInputStream with modified json map.
+ String s = objectMapper.writeValueAsString(jsonMap);
+ return new UrlRewriteRequestStream(new
ByteArrayInputStream(s.getBytes(StandardCharsets.UTF_8)));
+ }
+
+ return inputStream;
+ }
+
+ private boolean matchkernelEndpoints(String requestURI) {
+ for(String endpoint : kernelEndpoints) {
+ if(requestURI.endsWith(endpoint) || requestURI.endsWith(endpoint +
'/')) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public BufferedReader getReader() throws IOException {
+ return new BufferedReader(new InputStreamReader(getInputStream(),
StandardCharsets.UTF_8));
+ }
+ }
+}
diff --git a/pom.xml b/pom.xml
index dfe00a0..6952341 100644
--- a/pom.xml
+++ b/pom.xml
@@ -105,6 +105,7 @@
<module>gateway-service-knoxssout</module>
<module>gateway-service-knoxtoken</module>
<module>gateway-service-livy</module>
+ <module>gateway-service-jkg</module>
<module>gateway-service-health</module>
<module>gateway-service-webhdfs</module>
<module>gateway-service-tgs</module>
@@ -989,6 +990,11 @@
</dependency>
<dependency>
<groupId>org.apache.knox</groupId>
+ <artifactId>gateway-service-jkg</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.knox</groupId>
<artifactId>gateway-service-definitions</artifactId>
<version>${project.version}</version>
</dependency>
@@ -1234,19 +1240,19 @@
<artifactId>groovy-json</artifactId>
<version>${groovy.version}</version>
</dependency>
-
+
<dependency>
<groupId>org.fusesource.jansi</groupId>
<artifactId>jansi</artifactId>
<version>${jansi.version}</version>
</dependency>
-
+
<dependency>
<groupId>jline</groupId>
<artifactId>jline</artifactId>
<version>${jline.version}</version>
</dependency>
-
+
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
@@ -1257,7 +1263,7 @@
<artifactId>httpcore</artifactId>
<version>${httpcore.version}</version>
</dependency>
-
+
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
@@ -1779,7 +1785,7 @@
<artifactId>javax.websocket-client-api</artifactId>
<version>${javax.websocket-api.version}</version>
</dependency>
-
+
<dependency>
<groupId>org.eclipse.jetty.websocket</groupId>
<artifactId>websocket-api</artifactId>
