This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 391877b  RANGER-3140:Ranger ShutdownHook hook to be called in 
RangerHBaseCoprocessor preShutdown apis for a clean shutdown of HBase
391877b is described below

commit 391877b92e385a0f815798e4fb57cbaf8a93c22b
Author: Ramesh Mani <[email protected]>
AuthorDate: Mon Jan 4 23:33:32 2021 -0800

    RANGER-3140:Ranger ShutdownHook hook to be called in RangerHBaseCoprocessor 
preShutdown apis for a clean shutdown of HBase
    
    Signed-off-by: Ramesh Mani <[email protected]>
---
 .../audit/provider/AuditProviderFactory.java       |  7 +++-
 .../apache/ranger/audit/queue/AuditFileSpool.java  |  1 +
 .../authorization/hbase/AuthorizationSession.java  |  2 +-
 .../hbase/RangerAuthorizationCoprocessor.java      | 44 ++++++++++++++++++++++
 4 files changed, 52 insertions(+), 2 deletions(-)

diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java
 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java
index 1be9c2f..f971a76 100644
--- 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java
+++ 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java
@@ -19,6 +19,7 @@
 package org.apache.ranger.audit.provider;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Properties;
 import java.util.concurrent.Semaphore;
@@ -71,6 +72,7 @@ public class AuditProviderFactory {
        private String componentAppType = "";
        private boolean mInitDone = false;
        private JVMShutdownHook jvmShutdownHook = null;
+       private ArrayList<String> hbaseAppTypes = new 
ArrayList<>(Arrays.asList("hbaseMaster","hbaseRegional"));
 
        public AuditProviderFactory() {
                LOG.info("AuditProviderFactory: creating..");
@@ -476,7 +478,10 @@ public class AuditProviderFactory {
        private void installJvmSutdownHook(Properties props) {
                int shutdownHookMaxWaitSeconds = MiscUtil.getIntProperty(props, 
AUDIT_SHUTDOWN_HOOK_MAX_WAIT_SEC, AUDIT_SHUTDOWN_HOOK_MAX_WAIT_SEC_DEFAULT);
                jvmShutdownHook = new JVMShutdownHook(mProvider, 
shutdownHookMaxWaitSeconds);
-               ShutdownHookManager.get().addShutdownHook(jvmShutdownHook, 
RANGER_AUDIT_SHUTDOWN_HOOK_PRIORITY);
+               String appType = this.componentAppType;
+               if (appType != null && !hbaseAppTypes.contains(appType)) {
+                       
ShutdownHookManager.get().addShutdownHook(jvmShutdownHook, 
RANGER_AUDIT_SHUTDOWN_HOOK_PRIORITY);
+               }
        }
 
        private static class RangerAsyncAuditCleanup implements Runnable {
diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java 
b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
index cbd819d..f8c2aa5 100644
--- 
a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
+++ 
b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
@@ -864,6 +864,7 @@ public class AuditFileSpool implements Runnable {
                                }
                        } catch (InterruptedException e) {
                                logger.info("Caught exception in consumer 
thread. Shutdown might be in progress");
+                               break;
                        } catch (Throwable t) {
                                logger.error("Exception in destination writing 
thread.", t);
                        }
diff --git 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
index 1b13d3b..95ab504 100644
--- 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
+++ 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
@@ -243,7 +243,7 @@ public class AuthorizationSession {
                }
                
                boolean authorized = isAuthorized();
-               if (_auditHandler != null) {
+               if (_auditHandler != null && isAudited()) {
                        List<AuthzAuditEvent> events = null;
                        /*
                         * What we log to audit depends on authorization 
status.  For success we log all accumulated events.  In case of failure
diff --git 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index d9872ff..2232953 100644
--- 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -58,10 +58,13 @@ import org.apache.hadoop.hbase.util.Pair;
 import org.apache.hadoop.hbase.wal.WALEdit;
 import org.apache.hadoop.security.AccessControlException;
 import org.apache.ranger.audit.model.AuthzAuditEvent;
+import org.apache.ranger.audit.provider.AuditProviderFactory;
 import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
 import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -1022,6 +1025,7 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
        @Override
        public void preShutdown(ObserverContext<MasterCoprocessorEnvironment> 
c) throws IOException {
                requirePermission(c, "shutdown", Permission.Action.ADMIN);
+               cleanUp_HBaseRangerPlugin();
        }
        @Override
        public void preSnapshot(ObserverContext<MasterCoprocessorEnvironment> 
ctx, SnapshotDescription snapshot, TableDescriptor hTableDescriptor) throws 
IOException {
@@ -1031,10 +1035,12 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
        @Override
        public void preStopMaster(ObserverContext<MasterCoprocessorEnvironment> 
c) throws IOException {
                requirePermission(c, "stopMaster", Permission.Action.ADMIN);
+               cleanUp_HBaseRangerPlugin();
        }
        @Override
        public void 
preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> env) 
throws IOException {
                requirePermission(env, "stop", Permission.Action.ADMIN);
+               cleanUp_HBaseRangerPlugin();
        }
        @Override
        public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> 
c, RegionInfo regionInfo, boolean force) throws IOException {
@@ -1645,6 +1651,24 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
 
                return ret;
        }
+
+       private void cleanUp_HBaseRangerPlugin() {
+               if (LOG.isDebugEnabled()) {
+                       LOG.debug("==> 
RangerAuthorizationCoprocessor.cleanUp_HBaseRangerPlugin()");
+               }
+               if (hbasePlugin != null) {
+                       hbasePlugin.setHBaseShuttingDown(true);
+                       hbasePlugin.cleanup();
+                       AuditProviderFactory auditProviderFactory = 
hbasePlugin.getAuditProviderFactory();
+                       if (auditProviderFactory != null) {
+                               auditProviderFactory.shutdown();
+                       }
+               }
+               if (LOG.isDebugEnabled()) {
+                       LOG.debug("<== 
RangerAuthorizationCoprocessor.cleanUp_HBaseRangerPlugin() completed!");
+               }
+       }
+
        private String getCommandString(String operationName, String 
tableNameStr, Map<String,Object> opMetaData) {
                StringBuilder ret = new StringBuilder();
                if (!HbaseConstants.HBASE_META_TABLE.equals(tableNameStr)) {
@@ -1787,10 +1811,30 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
 
 
 class RangerHBasePlugin extends RangerBasePlugin {
+       private static final Log LOG = 
LogFactory.getLog(RangerHBasePlugin.class);
+       boolean isHBaseShuttingDown  = false;
+
        public RangerHBasePlugin(String appType) {
                super("hbase", appType);
        }
 
+       public void setHBaseShuttingDown(boolean hbaseShuttingDown) {
+               isHBaseShuttingDown = hbaseShuttingDown;
+       }
+
+       @Override
+       public RangerAccessResult isAccessAllowed(RangerAccessRequest request, 
RangerAccessResultProcessor resultProcessor) {
+               RangerAccessResult ret = null;
+               if (isHBaseShuttingDown) {
+                       ret = new 
RangerAccessResult(RangerPolicy.POLICY_TYPE_ACCESS, this.getServiceName(), 
this.getServiceDef(), request);
+                       ret.setIsAllowed(true);
+                       ret.setIsAudited(false);
+                       LOG.warn("Auth request came after HBase shutdown....");
+               } else {
+                       ret = super.isAccessAllowed(request, resultProcessor);
+               }
+               return ret;
+       }
 }
 
 

Reply via email to