This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 647726ad6 [ranger] KUDU-3558 Error out early when keytab file flag is
empty
647726ad6 is described below
commit 647726ad6b2aab0c6a6d34e16e027debd8a827eb
Author: Ashwani Raina <[email protected]>
AuthorDate: Fri Mar 1 16:51:27 2024 +0530
[ranger] KUDU-3558 Error out early when keytab file flag is empty
This patch enables ranger client to catch a missing keytab file
scenario early on before even starting the Ranger subprocess.
Upon detection, log the error message and avoid spawning the
Ranger subprocess. This helps in debugging of scenario when
Kerberos is disabled and Ranger subprocess is started without doing
prechecks only to find out in later stage during Ranger plugin init.
The patch also modifies two existing tests by adding dummy keytab
file path to make it pass as before. Also, add a test to empty keytab
file scenario.
Change-Id: Iaf4df18f91a479f5d1ce4d959bd2dbb5e395eb1b
Reviewed-on: http://gerrit.cloudera.org:8080/21097
Tested-by: Alexey Serbin <[email protected]>
Reviewed-by: Alexey Serbin <[email protected]>
---
src/kudu/ranger/ranger_client-test.cc | 8 ++++++++
src/kudu/ranger/ranger_client.cc | 6 ++++++
2 files changed, 14 insertions(+)
diff --git a/src/kudu/ranger/ranger_client-test.cc
b/src/kudu/ranger/ranger_client-test.cc
index 6e204418f..4b2e02c44 100644
--- a/src/kudu/ranger/ranger_client-test.cc
+++ b/src/kudu/ranger/ranger_client-test.cc
@@ -50,6 +50,7 @@
#include "kudu/util/test_macros.h"
#include "kudu/util/test_util.h"
+DECLARE_string(keytab_file);
DECLARE_string(log_dir);
DECLARE_string(ranger_config_path);
DECLARE_string(ranger_log_config_dir);
@@ -346,14 +347,21 @@ TEST_F(RangerClientTest, TestInvalidJARFails) {
ASSERT_FALSE(ValidateRangerConfiguration());
}
+TEST_F(RangerClientTest, TestEmptyKeytabFile) {
+ FLAGS_ranger_config_path = test_dir_;
+ ASSERT_FALSE(ValidateRangerConfiguration());
+}
+
TEST_F(RangerClientTest, TestMultipleInvalidJARsLeftUnchecked) {
FLAGS_ranger_config_path = test_dir_;
FLAGS_ranger_jar_path =
"/this/is/not/a/real/location/hopefully.jar:/another/invalid/path.jar";
+ FLAGS_keytab_file = "/this/is/a/dummy/keytab_file";
ASSERT_TRUE(ValidateRangerConfiguration());
}
TEST_F(RangerClientTest, TestDefaultJARPath) {
FLAGS_ranger_config_path = test_dir_;
+ FLAGS_keytab_file = "/this/is/a/dummy/keytab_file";
ASSERT_TRUE(ValidateRangerConfiguration());
}
diff --git a/src/kudu/ranger/ranger_client.cc b/src/kudu/ranger/ranger_client.cc
index 7baac4c99..da79fe96d 100644
--- a/src/kudu/ranger/ranger_client.cc
+++ b/src/kudu/ranger/ranger_client.cc
@@ -392,6 +392,12 @@ bool ValidateRangerConfiguration() {
ranger_jar_path);
return false;
}
+
+ // If kerberos keytab file is not provided, ranger subprocess cannot start.
+ if (FLAGS_keytab_file.empty()) {
+ LOG(ERROR) << Substitute("--keytab_file is not set");
+ return false;
+ }
}
return true;
}
