This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-1.1
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-1.1 by this push:
new e1b035f5e RANGER-3856: Ranger admin client updated with option to work
with non-kerberized server
e1b035f5e is described below
commit e1b035f5e442b2a605239b14381cd60f040b6d50
Author: Ankita Sinha <[email protected]>
AuthorDate: Mon Aug 22 14:03:37 2022 +0530
RANGER-3856: Ranger admin client updated with option to work with
non-kerberized server
---
.../ranger/admin/client/RangerAdminRESTClient.java | 25 +++++++++++++++++-----
.../admin/client/RangerAdminJersey2RESTClient.java | 18 ++++++++++++++--
2 files changed, 36 insertions(+), 7 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index dddfbc7fe..fc49ef052 100644
---
a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++
b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -53,6 +53,7 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
private String clusterName;
private RangerRESTClient restClient;
private RangerRESTUtils restUtils = new RangerRESTUtils();
+ private boolean forceNonKerberos = false;
public static <T> GenericType<List<T>> getGenericType(final T clazz) {
@@ -84,6 +85,8 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
clusterName =
RangerConfiguration.getInstance().get(propertyPrefix + ".ambari.cluster.name",
"");
int restClientConnTimeOutMs =
RangerConfiguration.getInstance().getInt(propertyPrefix +
".policy.rest.client.connection.timeoutMs", 120 * 1000);
int restClientReadTimeOutMs =
RangerConfiguration.getInstance().getInt(propertyPrefix +
".policy.rest.client.read.timeoutMs", 30 * 1000);
+ this.forceNonKerberos =
RangerConfiguration.getInstance().getBoolean(propertyPrefix +
".forceNonKerberos", false);
+
if (!StringUtil.isEmpty(tmpUrl)) {
url = tmpUrl.trim();
}
@@ -102,7 +105,7 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
ServicePolicies ret = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null &&
UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
ClientResponse response = null;
if (isSecureMode) {
if (LOG.isDebugEnabled()) {
@@ -174,7 +177,7 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null &&
UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
@@ -219,7 +222,7 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
ClientResponse response = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null &&
UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
@@ -287,7 +290,7 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
ClientResponse response = null;
WebResource webResource = null;
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null &&
UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
if (isSecureMode) {
PrivilegedAction<ClientResponse> action = new
PrivilegedAction<ClientResponse>() {
@@ -358,7 +361,7 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
List<String> ret = null;
String emptyString = "";
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null &&
UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
final WebResource webResource =
createWebResource(RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES)
.queryParam(RangerRESTUtils.SERVICE_NAME_PARAM,
serviceName)
@@ -396,4 +399,16 @@ public class RangerAdminRESTClient implements
RangerAdminClient {
return ret;
}
+ public boolean isKerberosEnabled(UserGroupInformation user) {
+ final boolean ret;
+
+ if (forceNonKerberos) {
+ ret = false;
+ } else {
+ ret = user != null && UserGroupInformation.isSecurityEnabled() &&
user.hasKerberosCredentials();
+ }
+
+ return ret;
+ }
+
}
diff --git
a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index d856f898b..8712945ae 100644
---
a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++
b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -66,6 +66,7 @@ public class RangerAdminJersey2RESTClient implements
RangerAdminClient {
String _pluginId = null;
int _restClientConnTimeOutMs;
int _restClientReadTimeOutMs;
+ boolean forceNonKerberos = false;
@Override
public void init(String serviceName, String appId, String
configPropertyPrefix) {
@@ -81,6 +82,7 @@ public class RangerAdminJersey2RESTClient implements
RangerAdminClient {
_restClientConnTimeOutMs =
RangerConfiguration.getInstance().getInt(configPropertyPrefix +
".policy.rest.client.connection.timeoutMs", 120 * 1000);
_restClientReadTimeOutMs =
RangerConfiguration.getInstance().getInt(configPropertyPrefix +
".policy.rest.client.read.timeoutMs", 30 * 1000);
_clusterName =
RangerConfiguration.getInstance().get(configPropertyPrefix +
".ambari.cluster.name", "");
+ forceNonKerberos =
RangerConfiguration.getInstance().getBoolean(configPropertyPrefix +
".forceNonKerberos", false);
LOG.info("Init params: " + String.format("Base URL[%s], SSL
Congig filename[%s], ServiceName=[%s]", _baseUrl, _sslConfigFileName,
_serviceName));
@@ -100,7 +102,7 @@ public class RangerAdminJersey2RESTClient implements
RangerAdminClient {
}
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null &&
UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String url = null;
ServicePolicies servicePolicies = null;
@@ -261,7 +263,7 @@ public class RangerAdminJersey2RESTClient implements
RangerAdminClient {
}
UserGroupInformation user = MiscUtil.getUGILoginUser();
- boolean isSecureMode = user != null &&
UserGroupInformation.isSecurityEnabled();
+ boolean isSecureMode = isKerberosEnabled(user);
String url = null;
ServiceTags serviceTags = null;
@@ -405,4 +407,16 @@ public class RangerAdminJersey2RESTClient implements
RangerAdminClient {
return _client;
}
+
+ public boolean isKerberosEnabled(UserGroupInformation user) {
+ final boolean ret;
+
+ if (forceNonKerberos) {
+ ret = false;
+ } else {
+ ret = user != null && UserGroupInformation.isSecurityEnabled() &&
user.hasKerberosCredentials();
+ }
+
+ return ret;
+ }
}
