This is an automated email from the ASF dual-hosted git repository.

mehul pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.2 by this push:
     new 72200f3  RANGER-2998 : API for Ranger KMS service status
72200f3 is described below

commit 72200f343f60254b75daf3d4f3eac0be804a6a64
Author: Dhaval B. Shah <[email protected]>
AuthorDate: Sun Sep 20 18:36:42 2020 +0530

    RANGER-2998 : API for Ranger KMS service status
    
    Signed-off-by: Mehul Parikh <[email protected]>
---
 .../key/kms/server/KMSAuthenticationFilter.java    | 55 ++++++++++++----------
 .../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 31 +++++++-----
 .../crypto/key/kms/server/RangerKMSRestApi.java    | 41 ++++++++++++++++
 3 files changed, 91 insertions(+), 36 deletions(-)

diff --git 
a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
index 944b3d4..ca13a53 100644
--- 
a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
+++ 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
@@ -49,6 +49,7 @@ public class KMSAuthenticationFilter
 
   public static final String CONFIG_PREFIX = KMSConfiguration.CONFIG_PREFIX +
       "authentication.";
+  static final String RANGER_KMS_REST_API_PATH = "/kms/api/status";
 
   @Override
   protected Properties getConfiguration(String configPrefix,
@@ -126,32 +127,38 @@ public class KMSAuthenticationFilter
   public void doFilter(ServletRequest request, ServletResponse response,
       FilterChain filterChain) throws IOException, ServletException {
     KMSResponse kmsResponse = new KMSResponse(response);
-    super.doFilter(request, kmsResponse, filterChain);
+    String path = ((HttpServletRequest) request).getRequestURI();
+       if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
+               filterChain.doFilter(request, response);
+               } else {
+                       super.doFilter(request, kmsResponse, filterChain);
 
-    if (kmsResponse.statusCode != HttpServletResponse.SC_OK &&
-        kmsResponse.statusCode != HttpServletResponse.SC_CREATED &&
-        kmsResponse.statusCode != HttpServletResponse.SC_UNAUTHORIZED) {
-      KMSWebApp.getInvalidCallsMeter().mark();
-    }
+                       if (kmsResponse.statusCode != HttpServletResponse.SC_OK
+                                       && kmsResponse.statusCode != 
HttpServletResponse.SC_CREATED
+                                       && kmsResponse.statusCode != 
HttpServletResponse.SC_UNAUTHORIZED) {
+                               KMSWebApp.getInvalidCallsMeter().mark();
+                       }
 
-    // HttpServletResponse.SC_UNAUTHORIZED is because the request does not
-    // belong to an authenticated user.
-    if (kmsResponse.statusCode == HttpServletResponse.SC_UNAUTHORIZED) {
-      KMSWebApp.getUnauthenticatedCallsMeter().mark();
-      String method = ((HttpServletRequest) request).getMethod();
-      StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
-      String queryString = ((HttpServletRequest) request).getQueryString();
-      if (queryString != null) {
-        requestURL.append("?").append(queryString);
-      }
+                       // HttpServletResponse.SC_UNAUTHORIZED is because the 
request does not
+                       // belong to an authenticated user.
+                       if (kmsResponse.statusCode == 
HttpServletResponse.SC_UNAUTHORIZED) {
 
-      if (!method.equals("OPTIONS")) {
-        // an HTTP OPTIONS request is made as part of the SPNEGO authentication
-        // sequence. We do not need to audit log it, since it doesn't belong
-        // to KMS context. KMS server doesn't handle OPTIONS either.
-        KMSWebApp.getKMSAudit().unauthenticated(request.getRemoteHost(), 
method,
-          requestURL.toString(), kmsResponse.msg);
-      }
-    }
+                               KMSWebApp.getUnauthenticatedCallsMeter().mark();
+                               String method = ((HttpServletRequest) 
request).getMethod();
+                               StringBuffer requestURL = ((HttpServletRequest) 
request).getRequestURL();
+                               String queryString = ((HttpServletRequest) 
request).getQueryString();
+                               if (queryString != null) {
+                                       
requestURL.append("?").append(queryString);
+                               }
+
+                               if (!method.equals("OPTIONS")) {
+                                       // an HTTP OPTIONS request is made as 
part of the SPNEGO authentication
+                                       // sequence. We do not need to audit 
log it, since it doesn't belong
+                                       // to KMS context. KMS server doesn't 
handle OPTIONS either.
+                                       
KMSWebApp.getKMSAudit().unauthenticated(request.getRemoteHost(), method, 
requestURL.toString(),
+                                                       kmsResponse.msg);
+                               }
+                       }
+               }
   }
 }
diff --git 
a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index da8f715..f0e92b8 100644
--- 
a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -20,7 +20,6 @@ package org.apache.hadoop.crypto.key.kms.server;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.security.UserGroupInformation;
 import 
org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
-
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -36,7 +35,8 @@ import java.io.IOException;
  */
 @InterfaceAudience.Private
 public class KMSMDCFilter implements Filter {
-
+       
+       static final String RANGER_KMS_REST_API_PATH = "/kms/api/status";
   private static class Data {
     private UserGroupInformation ugi;
     private String method;
@@ -72,18 +72,25 @@ public class KMSMDCFilter implements Filter {
       FilterChain chain)
       throws IOException, ServletException {
     try {
-      DATA_TL.remove();
-      UserGroupInformation ugi = HttpUserGroupInformation.get();
-      String method = ((HttpServletRequest) request).getMethod();
-      StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
-      String queryString = ((HttpServletRequest) request).getQueryString();
-      if (queryString != null) {
-        requestURL.append("?").append(queryString);
-      }
-      DATA_TL.set(new Data(ugi, method, requestURL.toString()));
-      chain.doFilter(request, response);
+        String path = ((HttpServletRequest) request).getRequestURI();
+           
+            if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
+               chain.doFilter(request, response);
+             } else {
+                             DATA_TL.remove();
+                             UserGroupInformation ugi = 
HttpUserGroupInformation.get();
+                             String method = ((HttpServletRequest) 
request).getMethod();
+                             StringBuffer requestURL = ((HttpServletRequest) 
request).getRequestURL();
+                             String queryString = ((HttpServletRequest) 
request).getQueryString();
+                             if (queryString != null) {
+                               requestURL.append("?").append(queryString);
+                             }
+                             DATA_TL.set(new Data(ugi, method, 
requestURL.toString()));
+                             chain.doFilter(request, response);
+           }
     } finally {
       DATA_TL.remove();
+      
     }
   }
 
diff --git 
a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
new file mode 100644
index 0000000..04d26f7
--- /dev/null
+++ 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.crypto.key.kms.server;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.google.gson.JsonObject;
+
+@Path("/api")
+public class RangerKMSRestApi {
+       static final Logger LOG = 
LoggerFactory.getLogger(RangerKMSRestApi.class);
+       @GET
+       @Path("status")
+       public Response getStatus() {
+               JsonObject jsonObject = new JsonObject();
+               jsonObject.addProperty("status", "Ranger KMS service is 
running");
+               return 
Response.status(200).type(MediaType.APPLICATION_JSON).entity(jsonObject.toString()).build();
+                       
+       }
+
+}

Reply via email to