prashantpogde commented on a change in pull request #2059:
URL: https://github.com/apache/ozone/pull/2059#discussion_r602007077
##########
File path:
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/multitenant/MultiTenantGateKeeperRangerPlugin.java
##########
@@ -0,0 +1,358 @@
+package org.apache.hadoop.ozone.om.multitenant;
+
+import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_RANGER_ADMIN_CREATE_GROUP_HTTP_ENDPOINT;
+import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_RANGER_ADMIN_CREATE_POLICY_HTTP_ENDPOINT;
+import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_RANGER_ADMIN_CREATE_USER_HTTP_ENDPOINT;
+import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_RANGER_ADMIN_DELETE_GROUP_HTTP_ENDPOINT;
+import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_RANGER_ADMIN_DELETE_POLICY_HTTP_ENDPOINT;
+import static
org.apache.hadoop.ozone.OzoneConsts.OZONE_OM_RANGER_ADMIN_DELETE_USER_HTTP_ENDPOINT;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_RANGER_HTTPS_ADMIN_API_PASSWD;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_RANGER_HTTPS_ADMIN_API_USER;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_RANGER_HTTPS_ADDRESS_KEY;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_RANGER_OM_CONNECTION_REQUEST_TIMEOUT;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_RANGER_OM_CONNECTION_REQUEST_TIMEOUT_DEFAULT;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_RANGER_OM_CONNECTION_TIMEOUT;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_RANGER_OM_CONNECTION_TIMEOUT_DEFAULT;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_RANGER_OM_IGNORE_SERVER_CERT;
+import static
org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_RANGER_OM_IGNORE_SERVER_CERT_DEFAULT;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.commons.net.util.Base64;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.security.acl.IOzoneObj;
+import org.apache.hadoop.ozone.security.acl.RequestContext;
+import
org.apache.hadoop.security.authentication.client.AuthenticationException;
+import org.codehaus.jettison.json.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.oracle.javafx.jmx.json.JSONException;
+
+import javafx.util.Pair;
+
+public class MultiTenantGateKeeperRangerPlugin implements
+ MultiTenantGateKeeper {
+ private static final Logger LOG = LoggerFactory
+ .getLogger(MultiTenantGateKeeperRangerPlugin.class);
+
+ private static OzoneConfiguration conf;
+ private static boolean ignoreServerCert = false;
+ private static int connectionTimeout;
+ private static int connectionRequestTimeout;
+ private static String authHeaderValue;
+
+ @Override
+ public void init(Configuration configuration) throws IOException {
+ conf = (OzoneConfiguration)configuration;
+ initializeRangerConnection();
+ }
+
+ private void initializeRangerConnection() {
+ setupRangerConnectionConfig();
+ if (ignoreServerCert) {
+ setupRangerIgnoreServerCertificate();
+ }
+ setupRangerConnectionAuthHeader();
+ }
+
+ private void setupRangerConnectionConfig() {
+ connectionTimeout = (int) conf.getTimeDuration(
+ OZONE_RANGER_OM_CONNECTION_TIMEOUT,
+ conf.get(
+ OZONE_RANGER_OM_CONNECTION_TIMEOUT,
+ OZONE_RANGER_OM_CONNECTION_TIMEOUT_DEFAULT),
+ TimeUnit.MILLISECONDS);
+ connectionRequestTimeout = (int)conf.getTimeDuration(
+ OZONE_RANGER_OM_CONNECTION_REQUEST_TIMEOUT,
+ conf.get(
+ OZONE_RANGER_OM_CONNECTION_REQUEST_TIMEOUT,
+ OZONE_RANGER_OM_CONNECTION_REQUEST_TIMEOUT_DEFAULT),
+ TimeUnit.MILLISECONDS
+ );
+ ignoreServerCert = (boolean) conf.getBoolean(
+ OZONE_RANGER_OM_IGNORE_SERVER_CERT,
+ OZONE_RANGER_OM_IGNORE_SERVER_CERT_DEFAULT);
+ }
+
+ private void setupRangerIgnoreServerCertificate() {
+ // Create a trust manager that does not validate certificate chains
+ TrustManager[] trustAllCerts = new TrustManager[]{
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ }
+ };
+
+ try {
+ SSLContext sc = SSLContext.getInstance("SSL");
+ sc.init(null, trustAllCerts, new java.security.SecureRandom());
+ HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ } catch (Exception e) {
+ LOG.info("Setting DefaultSSLSocketFactory failed.");
+ }
+ }
+
+ private void setupRangerConnectionAuthHeader() {
+ String userName = conf.get(OZONE_OM_RANGER_HTTPS_ADMIN_API_USER);
+ String passwd = conf.get(OZONE_OM_RANGER_HTTPS_ADMIN_API_PASSWD);
+ String auth = userName + ":" + passwd;
+ byte[] encodedAuth =
+ Base64.encodeBase64(auth.getBytes(StandardCharsets.UTF_8));
+ authHeaderValue = "Basic " + new String(encodedAuth);
+ }
+
+
+ @Override
+ public void shutdown() throws Exception {
+ // TBD
+ }
+
+ @Override
+ public void grantAccess(BucketNameSpace bucketNameSpace,
+ OzoneMultiTenantPrincipal user, ACLType aclType) {
+ // TBD
+ }
+
+ @Override
+ public void revokeAccess(BucketNameSpace bucketNameSpace,
+ OzoneMultiTenantPrincipal user, ACLType aclType) {
+ // TBD
+ }
+
+ @Override
+ public void grantAccess(AccountNameSpace accountNameSpace,
+ OzoneMultiTenantPrincipal user, ACLType aclType) {
+ // TBD
+ }
+
+ @Override
+ public void revokeAccess(AccountNameSpace accountNameSpace,
+ OzoneMultiTenantPrincipal user, ACLType aclType) {
+ // TBD
+ }
+
+ @Override
+ public List<Pair<BucketNameSpace, ACLType>>
+ getAllBucketNameSpaceAccessess(OzoneMultiTenantPrincipal user) {
+ // TBD
+ return null;
+ }
+
+ @Override
+ public boolean checkAccess(BucketNameSpace bucketNameSpace,
+ OzoneMultiTenantPrincipal user) {
+ // TBD
+ return true;
+ }
+
+ @Override
+ public boolean checkAccess(AccountNameSpace accountNameSpace,
+ OzoneMultiTenantPrincipal user) {
+ // TBD
+ return true;
+ }
+
+ @Override
+ public boolean checkAccess(IOzoneObj ozoneObject, RequestContext context)
+ throws OMException {
+ // TBD
+ return true;
+ }
+ private String getCreateUserJsonString(String userName,
+ List<String> groupIDs)
+ throws Exception {
+ String groupIdList = groupIDs.stream().collect(Collectors.joining("\",\"",
+ "",""));
+ String jsonCreateUserString = "{ \"name\":\"" + userName + "\"," +
+ "\"firstName\":\"" + userName + "\"," +
+ " \"loginId\": \"" + userName + "\"," +
+ " \"password\" : \"user1pass\"," +
+ " \"userRoleList\":[\"ROLE_USER\"]," +
+ " \"groupIdList\":[\"" + groupIdList +"\"] " +
+ " }";
+ return jsonCreateUserString;
+ }
+
+ public String createUser(String userName, List<String> groupIDs)
+ throws Exception {
+ String rangerHttpsAddress = conf.get(OZONE_RANGER_HTTPS_ADDRESS_KEY);
+ String rangerAdminUrl =
+ rangerHttpsAddress + OZONE_OM_RANGER_ADMIN_CREATE_USER_HTTP_ENDPOINT;
+
+ String jsonCreateUserString = getCreateUserJsonString(userName, groupIDs);
+
+ HttpsURLConnection conn = makeHttpsPostCall(rangerAdminUrl,
+ jsonCreateUserString,"POST", false);
+ String userInfo = getReponseData(conn);
+ String userIDCreated;
+ try {
+ JSONObject jObject = new JSONObject(userInfo.toString());
+ userIDCreated = jObject.getString("id");
+ System.out.println("User ID is : " + userIDCreated);
+ } catch (JSONException e) {
+ e.printStackTrace();
+ throw e;
+ }
+ return userIDCreated;
+ }
+
+ private String getCreateGroupJsonString(String groupName) throws Exception {
+ String jsonCreateGroupString = "{ \"name\":\"" + groupName + "\"," +
+ " \"description\":\"test\" " +
+ " }";
+ return jsonCreateGroupString;
+ }
+
+ public String createGroup(String groupName) throws Exception {
+ String rangerHttpsAddress = conf.get(OZONE_RANGER_HTTPS_ADDRESS_KEY);
Review comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
