Repository: knox Updated Branches: refs/heads/v1.2.0 634783426 -> c7984052e
KNOX-1098 - Livy proxyUser should be added when not present Signed-off-by: Kevin Risden <kris...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c7984052 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c7984052 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c7984052 Branch: refs/heads/v1.2.0 Commit: c7984052e1a831f799f292a747409fa46d5d3f12 Parents: 6347834 Author: Kevin Risden <kris...@apache.org> Authored: Wed Nov 14 14:40:52 2018 -0500 Committer: Kevin Risden <kris...@apache.org> Committed: Thu Nov 15 08:50:42 2018 -0500 ---------------------------------------------------------------------- gateway-release/pom.xml | 4 + .../resources/services/livy/0.4.0/rewrite.xml | 8 -- .../resources/services/livy/0.4.0/service.xml | 5 +- gateway-service-livy/pom.xml | 67 +++++++++++++ .../apache/knox/gateway/livy/LivyDispatch.java | 100 +++++++++++++++++++ pom.xml | 6 ++ 6 files changed, 178 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/c7984052/gateway-release/pom.xml ---------------------------------------------------------------------- diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml index 73a3169..8a72b96 100644 --- a/gateway-release/pom.xml +++ b/gateway-release/pom.xml @@ -186,6 +186,10 @@ </dependency> <dependency> <groupId>org.apache.knox</groupId> + <artifactId>gateway-service-livy</artifactId> + </dependency> + <dependency> + <groupId>org.apache.knox</groupId> <artifactId>gateway-service-tgs</artifactId> </dependency> <dependency> http://git-wip-us.apache.org/repos/asf/knox/blob/c7984052/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml index 013fa99..befa1e4 100644 --- a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml +++ b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml @@ -16,18 +16,10 @@ limitations under the License. --> <rules> - <rule name="LIVYSERVER/livy/user-name"> - <rewrite template="{$username}"/> - </rule> <rule dir="IN" name="LIVYSERVER/livy/root/inbound" pattern="*://*:*/**/livy/v1"> <rewrite template="{$serviceUrl[LIVYSERVER]}"/> </rule> <rule dir="IN" name="LIVYSERVER/livy/path/inbound" pattern="*://*:*/**/livy/v1/{path=**}?{**}"> <rewrite template="{$serviceUrl[LIVYSERVER]}/{path=**}?{**}"/> </rule> - <filter name="LIVYSERVER/livy/addusername/inbound"> - <content type="*/json"> - <apply path="$.proxyUser" rule="LIVYSERVER/livy/user-name"/> - </content> - </filter> </rules> http://git-wip-us.apache.org/repos/asf/knox/blob/c7984052/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml index ef71d1e..642ec2e 100644 --- a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml +++ b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml @@ -15,14 +15,11 @@ See the License for the specific language governing permissions and limitations under the License. --> - <service role="LIVYSERVER" name="livy" version="0.4.0"> <routes> - <route path="/livy/v1/sessions"> - <rewrite apply="LIVYSERVER/livy/addusername/inbound" to="request.body"/> - </route> <route path="/livy/v1/**?**"/> <route path="/livy/v1"/> <route path="/livy/v1/"/> </routes> + <dispatch classname="org.apache.knox.gateway.livy.LivyDispatch"/> </service> http://git-wip-us.apache.org/repos/asf/knox/blob/c7984052/gateway-service-livy/pom.xml ---------------------------------------------------------------------- diff --git a/gateway-service-livy/pom.xml b/gateway-service-livy/pom.xml new file mode 100644 index 0000000..d1a5041 --- /dev/null +++ b/gateway-service-livy/pom.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.knox</groupId> + <artifactId>gateway</artifactId> + <version>1.3.0-SNAPSHOT</version> + </parent> + + <artifactId>gateway-service-livy</artifactId> + <name>gateway-service-livy</name> + <description>The extension to the gateway for supporting Livy.</description> + + <dependencies> + <dependency> + <groupId>org.apache.knox</groupId> + <artifactId>gateway-spi</artifactId> + </dependency> + <dependency> + <groupId>org.apache.knox</groupId> + <artifactId>gateway-provider-rewrite</artifactId> + </dependency> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + </dependency> + + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + </dependency> + + <dependency> + <groupId>org.apache.knox</groupId> + <artifactId>gateway-test-utils</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/knox/blob/c7984052/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java ---------------------------------------------------------------------- diff --git a/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java b/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java new file mode 100644 index 0000000..a46af29 --- /dev/null +++ b/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java @@ -0,0 +1,100 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.livy; + +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.knox.gateway.dispatch.DefaultDispatch; +import org.apache.knox.gateway.filter.rewrite.impl.UrlRewriteRequestStream; +import org.apache.knox.gateway.security.SubjectUtils; + +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import java.util.List; +import java.util.Map; + +/** + * This specialized dispatch provides Livy specific features to the + * default dispatch. + */ +public class LivyDispatch extends DefaultDispatch { + + @Override + public void doPost(URI url, HttpServletRequest request, HttpServletResponse response) + throws IOException, URISyntaxException { + super.doPost(url, new LivyHttpServletRequest(request), response); + } + + /** + * HttpServletRequest that adds or sets the proxyUser parameter on the json body + */ + private class LivyHttpServletRequest extends HttpServletRequestWrapper { + private final List<String> proxyUserEndpoints = Arrays.asList("/batches", "/sessions"); + + LivyHttpServletRequest(HttpServletRequest request) { + super(request); + } + + @Override + public ServletInputStream getInputStream() throws IOException { + ServletInputStream inputStream = super.getInputStream(); + + HttpServletRequest request = (HttpServletRequest)getRequest(); + String requestURI = request.getRequestURI(); + if(matchProxyUserEndpoints(requestURI)) { + // Parse the json object from the request + ObjectMapper objectMapper = new ObjectMapper(); + Map<String, Object> jsonMap = objectMapper.readValue(inputStream, new TypeReference<Map<String,Object>>(){}); + + // Force the proxyUser to be set to the remote user + jsonMap.put("proxyUser", SubjectUtils.getCurrentEffectivePrincipalName()); + + // Create the new ServletInputStream with modified json map. + String s = objectMapper.writeValueAsString(jsonMap); + return new UrlRewriteRequestStream(new ByteArrayInputStream(s.getBytes(StandardCharsets.UTF_8))); + } + + return inputStream; + } + + private boolean matchProxyUserEndpoints(String requestURI) { + for(String endpoint : proxyUserEndpoints) { + if(requestURI.endsWith(endpoint) || requestURI.endsWith(endpoint + '/')) { + return true; + } + } + return false; + } + + @Override + public BufferedReader getReader() throws IOException { + return new BufferedReader(new InputStreamReader(getInputStream(), StandardCharsets.UTF_8)); + } + } +} + http://git-wip-us.apache.org/repos/asf/knox/blob/c7984052/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 6704ddf..98613ed 100644 --- a/pom.xml +++ b/pom.xml @@ -103,6 +103,7 @@ <module>gateway-service-knoxsso</module> <module>gateway-service-knoxssout</module> <module>gateway-service-knoxtoken</module> + <module>gateway-service-livy</module> <module>gateway-service-health</module> <module>gateway-service-webhdfs</module> <module>gateway-service-tgs</module> @@ -820,6 +821,11 @@ </dependency> <dependency> <groupId>org.apache.knox</groupId> + <artifactId>gateway-service-livy</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.knox</groupId> <artifactId>gateway-service-definitions</artifactId> <version>${project.version}</version> </dependency>