ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sailaja Polavarapu <spolavar...@hortonworks.com>
Subject Re: Review Request 69319: RANGER-2049: Added support for doAs for Ranger REST APIs with Kerberized mode
Date Tue, 13 Nov 2018 00:36:13 GMT


> On Nov. 12, 2018, 7:24 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
> > Lines 253 (patched)
> > <https://reviews.apache.org/r/69319/diff/1/?file=2106987#file2106987line253>
> >
> >     why log this debug or warn depending on log level? Shouldn't this be logged
at warn level always?

If debug is enabled we are logging the exception trace as well.


- Sailaja


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69319/#review210477
-----------------------------------------------------------


On Nov. 12, 2018, 7 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69319/
> -----------------------------------------------------------
> 
> (Updated Nov. 12, 2018, 7 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2049
>     https://issues.apache.org/jira/browse/RANGER-2049
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Introduced new configuration to enable trusted proxy for ranger. Added support for ranger
admin to handle doAs in the request parameter and trusted proxy configuration is enabled for
kerberized mode. Used hadoop library to validate proxy user configuraiton and autorize accordingly.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
d20a203ea 
> 
> 
> Diff: https://reviews.apache.org/r/69319/diff/2/
> 
> 
> Testing
> -------
> 
> 1. Patched 2.0 cluster with the ranger admin changes and tested functionality with trusted
proxy configuration enabled.
> 2. Also ran some basic regression tests with trusted proxy disabled.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message