RANGER-2210:Ranger support for Apache Kafka 2.0.0 Signed-off-by: rmani <rm...@hortonworks.com>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/ea4cf885 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/ea4cf885 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/ea4cf885 Branch: refs/heads/ranger-1 Commit: ea4cf885b072a8ef068092529b0c5c43770e756a Parents: 92fe4c4 Author: rmani <rm...@hortonworks.com> Authored: Tue Sep 25 15:01:21 2018 -0700 Committer: Mehul Parikh <me...@apache.org> Committed: Mon Dec 17 15:13:11 2018 +0530 ---------------------------------------------------------------------- .../kafka/authorizer/RangerKafkaAuthorizer.java | 8 +++++--- .../kafka/authorizer/KafkaRangerAuthorizerTest.java | 6 ++---- pom.xml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/ea4cf885/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java index 1745ad9..8a661d8 100644 --- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java +++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java @@ -26,7 +26,6 @@ import javax.security.auth.Subject; import org.apache.kafka.common.network.ListenerName; import org.apache.kafka.common.security.JaasContext; -import org.apache.kafka.common.security.JaasContext.Type; import org.apache.kafka.common.security.auth.KafkaPrincipal; import org.apache.kafka.common.security.auth.SecurityProtocol; @@ -37,7 +36,9 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.kafka.common.config.SaslConfigs; import org.apache.kafka.common.security.authenticator.LoginManager; +import org.apache.kafka.common.security.kerberos.KerberosLogin; import org.apache.ranger.audit.provider.MiscUtil; import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl; import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl; @@ -96,8 +97,9 @@ public class RangerKafkaAuthorizer implements Authorizer { final String listenerName = (jaasContext instanceof String && StringUtils.isNotEmpty((String) jaasContext)) ? (String) jaasContext : SecurityProtocol.SASL_PLAINTEXT.name(); - JaasContext context = JaasContext.load(Type.SERVER, new ListenerName(listenerName), configs); - LoginManager loginManager = LoginManager.acquireLoginManager(context, true, configs); + final String saslMechanism = SaslConfigs.GSSAPI_MECHANISM; + JaasContext context = JaasContext.loadServerContext(new ListenerName(listenerName), saslMechanism, configs); + LoginManager loginManager = LoginManager.acquireLoginManager(context, saslMechanism, KerberosLogin.class, configs); Subject subject = loginManager.subject(); UserGroupInformation ugi = MiscUtil .createUGIFromSubject(subject); http://git-wip-us.apache.org/repos/asf/ranger/blob/ea4cf885/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java index bccdb80..8d2f0a4 100644 --- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java +++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java @@ -82,8 +82,8 @@ public class KafkaRangerAuthorizerTest { @org.junit.BeforeClass public static void setup() throws Exception { // Create keys - String serviceDN = "CN=Service,O=Apache,L=Dublin,ST=Leinster,C=IE"; - String clientDN = "CN=Client,O=Apache,L=Dublin,ST=Leinster,C=IE"; + String serviceDN = "CN=localhost,O=Apache,L=Dublin,ST=Leinster,C=IE"; + String clientDN = "CN=localhost,O=Apache,L=Dublin,ST=Leinster,C=IE"; // Create a truststore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); @@ -257,7 +257,6 @@ public class KafkaRangerAuthorizerTest { producerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security"); final Producer<String, String> producer = new KafkaProducer<>(producerProps); - // Send a message Future<RecordMetadata> record = producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue")); @@ -296,7 +295,6 @@ public class KafkaRangerAuthorizerTest { record = producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue")); producer.flush(); record.get(); - Assert.fail("Authorization failure expected"); } catch (Exception ex) { Assert.assertTrue(ex.getMessage().contains("Not authorized to access topics")); } http://git-wip-us.apache.org/repos/asf/ranger/blob/ea4cf885/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 7aa326c..3aa4ef1 100644 --- a/pom.xml +++ b/pom.xml @@ -181,7 +181,7 @@ <jsonsmart.version>2.3</jsonsmart.version> <jsr305.version>1.3.9</jsr305.version> <junit.version>4.12</junit.version> - <kafka.version>1.0.0</kafka.version> + <kafka.version>2.0.0</kafka.version> <kerby.version>1.0.0</kerby.version> <knox.gateway.version>1.1.0</knox.gateway.version> <kylin.version>2.5.0</kylin.version> @@ -203,7 +203,7 @@ <scala.xml.version>1.0.4</scala.xml.version> <security-agent-install-dir>hadoop-security/plugins</security-agent-install-dir> <servlet.api.version>2.5</servlet.api.version> - <slf4j-api.version>1.7.5</slf4j-api.version> + <slf4j-api.version>1.7.25</slf4j-api.version> <solr.version>5.5.4</solr.version> <spring-ldap-core.version>2.3.2.RELEASE</spring-ldap-core.version> <springframework.security.version>4.2.7.RELEASE</springframework.security.version>