subject:"Review Request 72847\: RANGER\-2998 \: API for Ranger KMS service status"

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-20 Thread Mehul Parikh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/#review221906
---


Ship it!




Ship It!

- Mehul Parikh


On Sept. 20, 2020, 1:11 p.m., Dhaval Shah wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72847/
> ---
> 
> (Updated Sept. 20, 2020, 1:11 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
> Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
> Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2998
> https://issues.apache.org/jira/browse/RANGER-2998
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to construct the API which can be accessible without user credentials 
> for Ranger KMS service status. So when service Ranger KMS is successfully 
> started there should be status saying "Ranger KMS is up and running" when we 
> hit particular API.
> 
> 
> Diffs
> -
> 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
>  944b3d483 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
> da8f71599 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/72847/diff/3/
> 
> 
> Testing
> ---
> 
> Successfully tested the status API.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-20 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/#review221905
---


Ship it!




Ship It!

- Madhan Neethiraj


On Sept. 20, 2020, 1:11 p.m., Dhaval Shah wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72847/
> ---
> 
> (Updated Sept. 20, 2020, 1:11 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
> Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
> Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2998
> https://issues.apache.org/jira/browse/RANGER-2998
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to construct the API which can be accessible without user credentials 
> for Ranger KMS service status. So when service Ranger KMS is successfully 
> started there should be status saying "Ranger KMS is up and running" when we 
> hit particular API.
> 
> 
> Diffs
> -
> 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
>  944b3d483 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
> da8f71599 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/72847/diff/3/
> 
> 
> Testing
> ---
> 
> Successfully tested the status API.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-20 Thread Dhaval Shah



> On Sept. 16, 2020, 6:45 p.m., Madhan Neethiraj wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
> > Lines 131 (patched)
> > 
> >
> > As Ramesh suggested, consider narrowing down unauthenticated URL to 
> > only specific methods - like /kms/api/status.
> > 
> > Also, instead of handling this in Java code, consider updating 
> > security-applicationContext.xml to list URLs that can be accessed without 
> > authentication - like:
> >   

I have changed the url pattern from /kms/api to /kms/api/status.
RangerKMS does not have security-applicationContext.xml of spring security. You 
are referring to security admin module which is not applicable for RangerKMS. 
Futher the new api /kms/api/status gets blocked by KMSAuthenticationFilter and 
KMSMDCFilter in web.xml ( 
https://github.com/apache/ranger/blob/master/kms/src/main/webapp/WEB-INF/web.xml#L63)
 due to which I have kept the IF check in filter class.


- Dhaval


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/#review221877
---


On Sept. 20, 2020, 1:11 p.m., Dhaval Shah wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72847/
> ---
> 
> (Updated Sept. 20, 2020, 1:11 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
> Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
> Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2998
> https://issues.apache.org/jira/browse/RANGER-2998
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to construct the API which can be accessible without user credentials 
> for Ranger KMS service status. So when service Ranger KMS is successfully 
> started there should be status saying "Ranger KMS is up and running" when we 
> hit particular API.
> 
> 
> Diffs
> -
> 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
>  944b3d483 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
> da8f71599 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/72847/diff/3/
> 
> 
> Testing
> ---
> 
> Successfully tested the status API.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-20 Thread Dhaval Shah


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/
---

(Updated Sept. 20, 2020, 1:11 p.m.)


Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
Mani, and Velmurugan Periasamy.


Bugs: RANGER-2998
https://issues.apache.org/jira/browse/RANGER-2998


Repository: ranger


Description
---

Need to construct the API which can be accessible without user credentials for 
Ranger KMS service status. So when service Ranger KMS is successfully started 
there should be status saying "Ranger KMS is up and running" when we hit 
particular API.


Diffs (updated)
-

  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
 944b3d483 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
da8f71599 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java 
PRE-CREATION 


Diff: https://reviews.apache.org/r/72847/diff/3/

Changes: https://reviews.apache.org/r/72847/diff/2-3/


Testing
---

Successfully tested the status API.


Thanks,

Dhaval Shah

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-16 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/#review221877
---




kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
Lines 131 (patched)


As Ramesh suggested, consider narrowing down unauthenticated URL to only 
specific methods - like /kms/api/status.

Also, instead of handling this in Java code, consider updating 
security-applicationContext.xml to list URLs that can be accessed without 
authentication - like:
  


- Madhan Neethiraj


On Sept. 16, 2020, 6:38 p.m., Dhaval Shah wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72847/
> ---
> 
> (Updated Sept. 16, 2020, 6:38 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
> Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
> Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2998
> https://issues.apache.org/jira/browse/RANGER-2998
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to construct the API which can be accessible without user credentials 
> for Ranger KMS service status. So when service Ranger KMS is successfully 
> started there should be status saying "Ranger KMS is up and running" when we 
> hit particular API.
> 
> 
> Diffs
> -
> 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
>  944b3d483 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
> da8f71599 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/72847/diff/2/
> 
> 
> Testing
> ---
> 
> Successfully tested the status API.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-16 Thread Dhaval Shah


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/
---

(Updated Sept. 16, 2020, 6:38 p.m.)


Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
Mani, and Velmurugan Periasamy.


Bugs: RANGER-2998
https://issues.apache.org/jira/browse/RANGER-2998


Repository: ranger


Description
---

Need to construct the API which can be accessible without user credentials for 
Ranger KMS service status. So when service Ranger KMS is successfully started 
there should be status saying "Ranger KMS is up and running" when we hit 
particular API.


Diffs (updated)
-

  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
 944b3d483 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
da8f71599 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java 
PRE-CREATION 


Diff: https://reviews.apache.org/r/72847/diff/2/

Changes: https://reviews.apache.org/r/72847/diff/1-2/


Testing
---

Successfully tested the status API.


Thanks,

Dhaval Shah

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-16 Thread Dhaval Shah



> On Sept. 16, 2020, 3:44 p.m., Ramesh Mani wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
> > Lines 77 (patched)
> > 
> >
> > do we need to check only the "/kms/api/status" path here and rest go 
> > through the regular flow?

Yes. APIs such as "/kms/v1/" are written in KMS.java require authentication and 
authorization.


- Dhaval


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/#review221875
---


On Sept. 16, 2020, 6:31 p.m., Dhaval Shah wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72847/
> ---
> 
> (Updated Sept. 16, 2020, 6:31 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
> Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
> Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2998
> https://issues.apache.org/jira/browse/RANGER-2998
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to construct the API which can be accessible without user credentials 
> for Ranger KMS service status. So when service Ranger KMS is successfully 
> started there should be status saying "Ranger KMS is up and running" when we 
> hit particular API.
> 
> 
> Diffs
> -
> 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
>  944b3d483 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
> da8f71599 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/72847/diff/1/
> 
> 
> Testing
> ---
> 
> Successfully tested the status API.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

2020-09-16 Thread Dhaval Shah


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/
---

(Updated Sept. 16, 2020, 6:31 p.m.)


Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, 
Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh 
Mani, and Velmurugan Periasamy.


Bugs: RANGER-2998
https://issues.apache.org/jira/browse/RANGER-2998


Repository: ranger


Description
---

Need to construct the API which can be accessible without user credentials for 
Ranger KMS service status. So when service Ranger KMS is successfully started 
there should be status saying "Ranger KMS is up and running" when we hit 
particular API.


Diffs
-

  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
 944b3d483 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
da8f71599 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java 
PRE-CREATION 


Diff: https://reviews.apache.org/r/72847/diff/1/


Testing
---

Successfully tested the status API.


Thanks,

Dhaval Shah

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status

8 matches

Site Navigation

Mail list logo

Footer information