ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/3] incubator-ranger git commit: RANGER-552 Need to get UGI from keytab, instead of subject
Date Sun, 14 Jun 2015 07:31:08 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/tag-policy 96e450a43 -> 327ecb3c5


RANGER-552 Need to get UGI from keytab, instead of subject


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/aa695b17
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/aa695b17
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/aa695b17

Branch: refs/heads/tag-policy
Commit: aa695b17adf099e8860e5108e0bbf36bdd86f819
Parents: d283d6c
Author: Don Bosco Durai <bosco@apache.org>
Authored: Fri Jun 12 18:56:51 2015 -0700
Committer: Don Bosco Durai <bosco@apache.org>
Committed: Sat Jun 13 13:00:01 2015 -0700

----------------------------------------------------------------------
 .../ranger/audit/provider/BaseAuditHandler.java | 19 ++++-
 .../apache/ranger/audit/provider/MiscUtil.java  | 87 ++++++++++++--------
 .../apache/ranger/audit/queue/AuditQueue.java   | 12 +++
 3 files changed, 79 insertions(+), 39 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/aa695b17/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
index 3859a7e..30db18b 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
@@ -169,6 +169,10 @@ public abstract class BaseAuditHandler implements AuditHandler {
 		this.parentPath = parentPath;
 	}
 
+	public String getFinalPath() {
+		return getName();
+	}
+
 	public void setName(String name) {
 		providerName = name;
 	}
@@ -249,22 +253,31 @@ public abstract class BaseAuditHandler implements AuditHandler {
 			lastStatusLogTime = currTime;
 
 			long diffCount = totalCount - lastIntervalCount;
-			if (diffCount == 0) {
-				return;
-			}
 			long diffSuccess = totalSuccessCount - lastIntervalSuccessCount;
 			long diffFailed = totalFailedCount - lastIntervalFailedCount;
 			long diffStashed = totalStashedCount - lastStashedCount;
 			long diffDeferred = totalDeferredCount - lastDeferredCount;
 
+			if (diffCount == 0 && diffSuccess == 0 && diffFailed == 0
+					&& diffStashed == 0 && diffDeferred == 0) {
+				return;
+			}
+
 			lastIntervalCount = totalCount;
 			lastIntervalSuccessCount = totalSuccessCount;
 			lastIntervalFailedCount = totalFailedCount;
 			lastStashedCount = totalStashedCount;
 			lastDeferredCount = totalDeferredCount;
 
+			String finalPath = "";
+			String tFinalPath = getFinalPath();
+			if (!getName().equals(tFinalPath)) {
+				finalPath = ", finalDestination=" + tFinalPath;
+			}
+
 			String msg = "Audit Status Log: name="
 					+ getName()
+					+ finalPath
 					+ ", interval="
 					+ formatIntervalForLog(diffTime)
 					+ ", events="

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/aa695b17/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index bfded93..a3a3a84 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -37,8 +37,6 @@ import javax.security.auth.Subject;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.security.UserGroupInformation;
@@ -435,7 +433,8 @@ public class MiscUtil {
 				// Do not remove the below statement. The default
 				// getLoginUser does some initialization which is needed
 				// for getUGIFromSubject() to work.
-				logger.info("Default UGI before using Subject from Kafka:"
+				UserGroupInformation.getLoginUser();
+				logger.info("Default UGI before using new Subject:"
 						+ UserGroupInformation.getLoginUser());
 			} catch (Throwable t) {
 				logger.error(t);
@@ -549,7 +548,7 @@ public class MiscUtil {
 	public static void authWithKerberos(String keytab, String principal,
 			String nameRules) {
 
-		if (keytab == null) {
+		if (keytab == null || principal == null) {
 			return;
 		}
 		Subject serverSubject = new Subject();
@@ -570,44 +569,60 @@ public class MiscUtil {
 				KerberosName.setRules(nameRules);
 			}
 
-			List<LoginContext> loginContexts = new ArrayList<LoginContext>();
-			for (String spnegoPrincipal : spnegoPrincipals) {
-				try {
-					logger.info("Login using keytab " + keytab
-							+ ", for principal " + spnegoPrincipal);
-					final KerberosConfiguration kerberosConfiguration = new KerberosConfiguration(
-							keytab, spnegoPrincipal);
-					final LoginContext loginContext = new LoginContext("",
-							serverSubject, null, kerberosConfiguration);
-					loginContext.login();
-					successLoginCount++;
-					logger.info("Login success keytab " + keytab
-							+ ", for principal " + spnegoPrincipal);
-					loginContexts.add(loginContext);
-				} catch (Throwable t) {
-					logger.error("Login failed keytab " + keytab
-							+ ", for principal " + spnegoPrincipal, t);
+			boolean useKeytab = true;
+			if (!useKeytab) {
+				logger.info("Creating UGI with subject");
+				List<LoginContext> loginContexts = new ArrayList<LoginContext>();
+				for (String spnegoPrincipal : spnegoPrincipals) {
+					try {
+						logger.info("Login using keytab " + keytab
+								+ ", for principal " + spnegoPrincipal);
+						final KerberosConfiguration kerberosConfiguration = new KerberosConfiguration(
+								keytab, spnegoPrincipal);
+						final LoginContext loginContext = new LoginContext("",
+								serverSubject, null, kerberosConfiguration);
+						loginContext.login();
+						successLoginCount++;
+						logger.info("Login success keytab " + keytab
+								+ ", for principal " + spnegoPrincipal);
+						loginContexts.add(loginContext);
+					} catch (Throwable t) {
+						logger.error("Login failed keytab " + keytab
+								+ ", for principal " + spnegoPrincipal, t);
+					}
+					if (successLoginCount > 0) {
+						logger.info("Total login success count="
+								+ successLoginCount);
+						try {
+							UserGroupInformation
+									.loginUserFromSubject(serverSubject);
+							// UserGroupInformation ugi =
+							// createUGIFromSubject(serverSubject);
+							// if (ugi != null) {
+							// setUGILoginUser(ugi, serverSubject);
+							// }
+						} catch (Throwable e) {
+							logger.error("Error creating UGI from subject. subject="
+									+ serverSubject);
+						}
+					} else {
+						logger.error("Total logins were successfull from keytab="
+								+ keytab + ", principal=" + principal);
+					}
 				}
+			} else {
+				logger.info("Creating UGI from keytab directly. keytab="
+						+ keytab + ", principal=" + spnegoPrincipals[0]);
+				UserGroupInformation ugi = UserGroupInformation
+						.loginUserFromKeytabAndReturnUGI(spnegoPrincipals[0],
+								keytab);
+				MiscUtil.setUGILoginUser(ugi, null);
 			}
+
 		} catch (Throwable t) {
 			logger.error("Failed to login as [" + spnegoPrincipals + "]", t);
 		}
 
-		if (successLoginCount > 0) {
-			logger.info("Total login success count=" + successLoginCount);
-			try {
-				UserGroupInformation ugi = createUGIFromSubject(serverSubject);
-				if (ugi != null) {
-					setUGILoginUser(ugi, serverSubject);
-				}
-			} catch (Throwable e) {
-				logger.error("Error creating UGI from subject. subject="
-						+ serverSubject);
-			}
-		} else {
-			logger.error("Total logins were successfull from keytab=" + keytab
-					+ ", principal=" + principal);
-		}
 	}
 
 	static class LogHistory {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/aa695b17/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditQueue.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditQueue.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditQueue.java
index 000a658..88c9831 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditQueue.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditQueue.java
@@ -133,6 +133,18 @@ public abstract class AuditQueue extends BaseAuditHandler {
 	}
 
 	@Override
+	public String getFinalPath() {
+		if (consumer != null) {
+			if (consumer instanceof BaseAuditHandler) {
+				return ((BaseAuditHandler) consumer).getFinalPath();
+			} else {
+				return consumer.getName();
+			}
+		}
+		return getName();
+	}
+
+	@Override
 	public void setName(String name) {
 		super.setName(name);
 		if (consumer != null && consumer instanceof BaseAuditHandler) {


Mime
View raw message