RANGER-246 Review feedback and allow kafka consumer groups Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/94cf87d8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/94cf87d8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/94cf87d8
Branch: refs/heads/tag-policy Commit: 94cf87d8854873d6db4b94fc634ec996fc406f52 Parents: 8cf1857 Author: Don Bosco Durai <[email protected]> Authored: Sat Jun 6 19:21:31 2015 -0700 Committer: Don Bosco Durai <[email protected]> Committed: Sat Jun 6 19:21:31 2015 -0700 ---------------------------------------------------------------------- .../apache/ranger/audit/provider/MiscUtil.java | 1 - .../ranger/audit/queue/AuditAsyncQueue.java | 2 +- .../ranger/audit/queue/AuditBatchQueue.java | 2 +- .../ranger/audit/queue/AuditFileSpool.java | 22 +++++++++++--------- .../ranger/audit/queue/AuditSummaryQueue.java | 2 +- .../kafka/authorizer/RangerKafkaAuthorizer.java | 6 ++++++ 6 files changed, 21 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/94cf87d8/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java index 907b9b8..6eee55c 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java @@ -420,7 +420,6 @@ public class MiscUtil { logger.info("Setting UGI=" + newUGI ); } else { logger.error("UGI is null. Not setting it."); - ugiLoginUser = null; } logger.info("Setting SUBJECT"); subjectLoginUser = newSubject; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/94cf87d8/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditAsyncQueue.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditAsyncQueue.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditAsyncQueue.java index 9b4fcbd..e7adef2 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditAsyncQueue.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditAsyncQueue.java @@ -127,7 +127,7 @@ public class AuditAsyncQueue extends AuditQueue implements Runnable { @Override public void run() { try { - if (isConsumerDestination) { + if (isConsumerDestination && MiscUtil.getUGILoginUser() != null) { PrivilegedAction<Void> action = new PrivilegedAction<Void>() { public Void run() { runDoAs(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/94cf87d8/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java index dca3030..e625d16 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java @@ -209,7 +209,7 @@ public class AuditBatchQueue extends AuditQueue implements Runnable { @Override public void run() { try { - if (isConsumerDestination) { + if (isConsumerDestination && MiscUtil.getUGILoginUser() != null) { PrivilegedAction<Void> action = new PrivilegedAction<Void>() { public Void run() { runDoAs(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/94cf87d8/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java index 4a4e707..b83329a 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java @@ -109,8 +109,6 @@ public class AuditFileSpool implements Runnable { boolean isDrain = false; boolean isDestDown = true; - int ugiVersion = -1; - private Gson gson = null; public AuditFileSpool(AuditQueue queueProvider, @@ -755,15 +753,19 @@ public class AuditFileSpool implements Runnable { @Override public void run() { try { - PrivilegedAction<Void> action = new PrivilegedAction<Void>() { - public Void run() { - runDoAs(); - return null; + if (MiscUtil.getUGILoginUser() != null) { + PrivilegedAction<Void> action = new PrivilegedAction<Void>() { + public Void run() { + runDoAs(); + return null; + }; }; - }; - logger.info("Running fileSpool " + consumerProvider.getName() - + " as user " + MiscUtil.getUGILoginUser()); - MiscUtil.getUGILoginUser().doAs(action); + logger.info("Running fileSpool " + consumerProvider.getName() + + " as user " + MiscUtil.getUGILoginUser()); + MiscUtil.getUGILoginUser().doAs(action); + } else { + runDoAs(); + } } catch (Throwable t) { logger.fatal("Exited thread without abnormaly. queue=" + consumerProvider.getName(), t); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/94cf87d8/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java index 56ba55e..70c322d 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java @@ -147,7 +147,7 @@ public class AuditSummaryQueue extends AuditQueue implements Runnable { @Override public void run() { try { - if (isConsumerDestination) { + if (isConsumerDestination && MiscUtil.getUGILoginUser() != null) { PrivilegedAction<Void> action = new PrivilegedAction<Void>() { public Void run() { runDoAs(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/94cf87d8/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java index f982bbf..9ce38a9 100644 --- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java +++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java @@ -135,6 +135,12 @@ public class RangerKafkaAuthorizer implements Authorizer { "Authorizer is still not initialized"); return false; } + + //TODO: If resource type if consumer group, then allow it by default + if(resource.resourceType().equals(ResourceType.CLUSTER)) { + return true; + } + String userName = null; if (session.principal() != null) { userName = session.principal().getName();
