This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 6b1240afc KUDU-3359 Allow multi-JAR cp for Ranger client
6b1240afc is described below
commit 6b1240afc7e7d4c5730ff6fc61927177df607b2a
Author: Attila Bukor <[email protected]>
AuthorDate: Mon Aug 14 13:51:58 2023 +0200
KUDU-3359 Allow multi-JAR cp for Ranger client
In order to let Ranger client to write audit to HDFS, Hadoop client
JARs need to be loaded. To make sure this is possible to do, this commit
changes the behavior of the ranger_jar_path to allow colon-separated JAR
classpaths to be passed to Java.
Change-Id: If137b5541b948506372db50e984eeee7e05dfd22
Reviewed-on: http://gerrit.cloudera.org:8080/20346
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <[email protected]>
---
src/kudu/ranger/ranger_client-test.cc | 19 +++++++++++
src/kudu/ranger/ranger_client.cc | 60 +++++++++++++++++++----------------
src/kudu/ranger/ranger_client.h | 3 ++
3 files changed, 55 insertions(+), 27 deletions(-)
diff --git a/src/kudu/ranger/ranger_client-test.cc
b/src/kudu/ranger/ranger_client-test.cc
index 878a47820..6e204418f 100644
--- a/src/kudu/ranger/ranger_client-test.cc
+++ b/src/kudu/ranger/ranger_client-test.cc
@@ -54,6 +54,7 @@ DECLARE_string(log_dir);
DECLARE_string(ranger_config_path);
DECLARE_string(ranger_log_config_dir);
DECLARE_string(ranger_log_level);
+DECLARE_string(ranger_jar_path);
DECLARE_string(ranger_java_extra_args);
DECLARE_bool(ranger_logtostdout);
DECLARE_bool(ranger_overwrite_log_config);
@@ -339,6 +340,24 @@ TEST_F(RangerClientTest,
TestAuthorizeActionsAllAuthorized) {
ASSERT_EQ(3, actions.size());
}
+TEST_F(RangerClientTest, TestInvalidJARFails) {
+ FLAGS_ranger_config_path = test_dir_;
+ FLAGS_ranger_jar_path = "/this/is/not/a/real/location/hopefully.jar";
+ ASSERT_FALSE(ValidateRangerConfiguration());
+}
+
+TEST_F(RangerClientTest, TestMultipleInvalidJARsLeftUnchecked) {
+ FLAGS_ranger_config_path = test_dir_;
+ FLAGS_ranger_jar_path =
"/this/is/not/a/real/location/hopefully.jar:/another/invalid/path.jar";
+ ASSERT_TRUE(ValidateRangerConfiguration());
+}
+
+TEST_F(RangerClientTest, TestDefaultJARPath) {
+ FLAGS_ranger_config_path = test_dir_;
+ ASSERT_TRUE(ValidateRangerConfiguration());
+}
+
+
class RangerClientTestBase : public KuduTest {
public:
RangerClientTestBase()
diff --git a/src/kudu/ranger/ranger_client.cc b/src/kudu/ranger/ranger_client.cc
index 53be4c182..318c0568f 100644
--- a/src/kudu/ranger/ranger_client.cc
+++ b/src/kudu/ranger/ranger_client.cc
@@ -69,7 +69,9 @@ DEFINE_string(ranger_java_extra_args, "",
DEFINE_string(ranger_jar_path, "",
"Path to the JAR file containing the Ranger subprocess. If "
"not specified, the default JAR file path is expected to be "
- "next to the master binary.");
+ "next to the master binary. It can be a colon-separated list of "
+ "JARs. If it is, the paths are not verified and passed straight
to "
+ "Java.");
DEFINE_string(ranger_receiver_fifo_dir, "",
"Directory in which to create a fifo used to receive messages "
@@ -233,32 +235,6 @@ string JavaPath() {
return FLAGS_ranger_java_path;
}
-bool ValidateRangerConfiguration() {
- if (!FLAGS_ranger_config_path.empty()) {
- // First, check the specified Java path.
- const string java_path = JavaPath();
- if (!Env::Default()->FileExists(java_path)) {
- // Otherwise, since the specified path is not absolute, check if
- // the Java binary is on the PATH.
- string p;
- Status s = Subprocess::Call({ "which", java_path }, "", &p);
- if (!s.ok()) {
- LOG(ERROR) << Substitute("--ranger_java_path has invalid java binary
path: $0",
- java_path);
- return false;
- }
- }
- const string ranger_jar_path = RangerJarPath();
- if (!Env::Default()->FileExists(ranger_jar_path)) {
- LOG(ERROR) << Substitute("--ranger_jar_path has invalid JAR file path:
$0",
- ranger_jar_path);
- return false;
- }
- }
- return true;
-}
-GROUP_FLAG_VALIDATOR(ranger_config_flags, ValidateRangerConfiguration);
-
bool ValidateLog4jLevel(const char* /*flagname*/, const string& value) {
static const vector<string> kLevels = {
"all",
@@ -387,6 +363,36 @@ Status BuildArgv(const string& fifo_path, const string&
log_properties_path,
} // anonymous namespace
+bool ValidateRangerConfiguration() {
+ if (!FLAGS_ranger_config_path.empty()) {
+ // First, check the specified Java path.
+ const string java_path = JavaPath();
+ if (!Env::Default()->FileExists(java_path)) {
+ // Otherwise, since the specified path is not absolute, check if
+ // the Java binary is on the PATH.
+ string p;
+ Status s = Subprocess::Call({ "which", java_path }, "", &p);
+ if (!s.ok()) {
+ LOG(ERROR) << Substitute("--ranger_java_path has invalid java binary
path: $0",
+ java_path);
+ return false;
+ }
+ }
+ const string ranger_jar_path = RangerJarPath();
+
+ // If the JAR path contains a colon, we skip verifying the paths and leave
+ // it to Java.
+ if (ranger_jar_path.find(':') == string::npos &&
+ !Env::Default()->FileExists(ranger_jar_path)) {
+ LOG(ERROR) << Substitute("--ranger_jar_path has invalid JAR file path:
$0",
+ ranger_jar_path);
+ return false;
+ }
+ }
+ return true;
+}
+GROUP_FLAG_VALIDATOR(ranger_config_flags, ValidateRangerConfiguration);
+
#define CINIT(member, x) member = METRIC_##x.Instantiate(entity)
#define HISTINIT(member, x) member = METRIC_##x.Instantiate(entity)
RangerSubprocessMetrics::RangerSubprocessMetrics(const
scoped_refptr<MetricEntity>& entity) {
diff --git a/src/kudu/ranger/ranger_client.h b/src/kudu/ranger/ranger_client.h
index baf74ed3e..9d9e66c78 100644
--- a/src/kudu/ranger/ranger_client.h
+++ b/src/kudu/ranger/ranger_client.h
@@ -130,5 +130,8 @@ class RangerClient {
scoped_refptr<MetricEntity> metric_entity_;
};
+// Validate Ranger configuration.
+bool ValidateRangerConfiguration();
+
} // namespace ranger
} // namespace kudu
