This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 7b66386 RANGER-2777:Ranger Knox Plugin failed to download Roles
7b66386 is described below
commit 7b66386ebbd81337888cbc3b5b0fc65c2a8aa4a1
Author: Ramesh Mani <[email protected]>
AuthorDate: Sat Apr 4 13:36:10 2020 -0700
RANGER-2777:Ranger Knox Plugin failed to download Roles
---
.../apache/ranger/plugin/util/RangerRESTUtils.java | 73 ----------------------
.../admin/client/RangerAdminJersey2RESTClient.java | 56 ++++++++++++-----
2 files changed, 42 insertions(+), 87 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
index 3e402aa..adf0c0a 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
@@ -26,7 +26,6 @@ import java.net.UnknownHostException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.conf.Configuration;
import com.kstruct.gethostname4j.Hostname;
/**
@@ -45,9 +44,6 @@ public class RangerRESTUtils {
public static final String REST_URL_SECURE_SERVICE_GRANT_ACCESS
= "/service/plugins/secure/services/grant/";
public static final String REST_URL_SECURE_SERVICE_REVOKE_ACCESS
= "/service/plugins/secure/services/revoke/";
- public static final String
REST_URL_ROLE_GET_FOR_SECURE_SERVICE_IF_UPDATED =
"/service/roles/secure/download/";
- public static final String REST_URL_ROLE_GET_FOR_SERVICE_IF_UPDATED
= "/service/roles/download/";
-
public static final String REST_URL_SERVICE_CREATE_ROLE =
"/service/public/v2/api/roles/";
public static final String REST_URL_SERVICE_DROP_ROLE =
"/service/public/v2/api/roles/name/";
public static final String REST_URL_SERVICE_GET_ALL_ROLES =
"/service/public/v2/api/roles/names/";
@@ -102,75 +98,6 @@ public class RangerRESTUtils {
}
}
- public String getPolicyRestUrl(String propertyPrefix, Configuration
config) {
- String url = config.get(propertyPrefix + ".policy.rest.url");
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerRESTUtils.getPolicyRestUrl(" + url
+ ")");
- }
-
- return url;
- }
-
- public String getSsslConfigFileName(String propertyPrefix,
Configuration config) {
- String sslConfigFileName = config.get(propertyPrefix +
".policy.rest.ssl.config.file");
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerRESTUtils.getSsslConfigFileName("
+ sslConfigFileName + ")");
- }
-
- return sslConfigFileName;
- }
-
- public String getUrlForPolicyUpdate(String baseUrl, String serviceName)
{
- String url = baseUrl +
REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName;
-
- return url;
- }
-
- public String getUrlForRoleUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_ROLE_GET_FOR_SERVICE_IF_UPDATED
+ serviceName;
-
- return url;
- }
-
-
- public String getSecureUrlForPolicyUpdate(String baseUrl, String
serviceName) {
- String url = baseUrl +
REST_URL_POLICY_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName;
- return url;
- }
-
- public String getSecureUrlForRoleUpdate(String baseUrl, String
serviceName) {
- String url = baseUrl +
REST_URL_ROLE_GET_FOR_SECURE_SERVICE_IF_UPDATED + serviceName;
- return url;
- }
-
- public String getUrlForTagUpdate(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_GET_SERVICE_TAGS_IF_UPDATED +
serviceName;
-
- return url;
- }
-
- public String getSecureUrlForTagUpdate(String baseUrl, String
serviceName) {
- String url = baseUrl +
REST_URL_GET_SECURE_SERVICE_TAGS_IF_UPDATED + serviceName;
- return url;
- }
-
- public boolean isSsl(String _baseUrl) {
- return !StringUtils.isEmpty(_baseUrl) &&
_baseUrl.toLowerCase().startsWith("https");
- }
-
- public String getUrlForGrantAccess(String baseUrl, String serviceName) {
- String url = baseUrl + REST_URL_SERVICE_GRANT_ACCESS +
serviceName;
-
- return url;
- }
-
- public String getUrlForRevokeAccess(String baseUrl, String serviceName)
{
- String url = baseUrl + REST_URL_SERVICE_REVOKE_ACCESS +
serviceName;
-
- return url;
- }
public String getPluginId(String serviceName, String appId) {
String hostName = null;
diff --git
a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index b2184b6..1beef86 100644
---
a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++
b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -20,6 +20,8 @@
package org.apache.ranger.admin.client;
import java.lang.reflect.Type;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
import java.security.PrivilegedAction;
import java.util.Date;
import java.util.HashMap;
@@ -61,13 +63,11 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
// none of the members are public -- this is only for testability.
None of these is meant to be accessible
private static final Log LOG =
LogFactory.getLog(RangerAdminJersey2RESTClient.class);
- RangerRESTUtils _utils = new RangerRESTUtils();
-
+
boolean _isSSL = false;
volatile Client _client = null;
SSLContext _sslContext = null;
HostnameVerifier _hv;
- String _baseUrl = "";
String _sslConfigFileName = null;
String _serviceName = null;
String _clusterName = null;
@@ -79,6 +79,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
private int lastKnownActiveUrlIndex;
private List<String> configURLs;
private final String pluginCapabilities = Long.toHexString(new
RangerPluginCapability().getPluginCapabilities());
+ private static final int MAX_PLUGIN_ID_LEN = 255;
@Override
public void init(String serviceName, String appId, String
configPropertyPrefix, Configuration config) {
@@ -88,13 +89,13 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
super.init(serviceName, appId, configPropertyPrefix, config);
- _serviceName = serviceName;
- _pluginId = _utils.getPluginId(serviceName, appId);
- String tmpUrl = _utils.getPolicyRestUrl(configPropertyPrefix,
config);
- _sslConfigFileName =
_utils.getSsslConfigFileName(configPropertyPrefix, config);
+ _serviceName = serviceName;
+ _pluginId = getPluginId(serviceName,
appId);
+ String tmpUrl = config.get(configPropertyPrefix
+ ".policy.rest.url");
+ _sslConfigFileName =
config.get(configPropertyPrefix + ".policy.rest.ssl.config.file");
_restClientConnTimeOutMs = config.getInt(configPropertyPrefix +
".policy.rest.client.connection.timeoutMs", 120 * 1000);
_restClientReadTimeOutMs = config.getInt(configPropertyPrefix +
".policy.rest.client.read.timeoutMs", 30 * 1000);
- _clusterName = config.get(configPropertyPrefix +
".access.cluster.name", "");
+ _clusterName = config.get(configPropertyPrefix +
".access.cluster.name", "");
if(StringUtil.isEmpty(_clusterName)){
_clusterName =config.get(configPropertyPrefix +
".ambari.cluster.name", "");
}
@@ -109,9 +110,9 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
configURLs = StringUtil.getURLs(tmpUrl);
this.lastKnownActiveUrlIndex = new
Random().nextInt(configURLs.size());
- _baseUrl = configURLs.get(this.lastKnownActiveUrlIndex);
- _isSSL = _utils.isSsl(_baseUrl);
- LOG.info("Init params: " + String.format("Base URL[%s], SSL
Config filename[%s], ServiceName=[%s], SupportsPolicyDeltas=[%s],
ConfigURLs=[%s]", _baseUrl, _sslConfigFileName, _serviceName,
_supportsPolicyDeltas, _supportsTagDeltas, configURLs));
+ String url = configURLs.get(this.lastKnownActiveUrlIndex);
+ _isSSL = isSsl(url);
+ LOG.info("Init params: " + String.format("Base URL[%s], SSL
Config filename[%s], ServiceName=[%s], SupportsPolicyDeltas=[%s],
ConfigURLs=[%s]", url, _sslConfigFileName, _serviceName, _supportsPolicyDeltas,
_supportsTagDeltas, configURLs));
_client = getClient();
_client.property(ClientProperties.CONNECT_TIMEOUT,
_restClientConnTimeOutMs);
@@ -234,7 +235,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
LOG.debug("Checking Roles if updated as user :
" + user);
}
- relativeURL =
_utils.getSecureUrlForRoleUpdate(_baseUrl, _serviceName);
+ relativeURL =
RangerRESTUtils.REST_URL_SERVICE_SERCURE_GET_USER_GROUP_ROLES + _serviceName;
final String secureRelativeUrl = relativeURL;
PrivilegedAction<Response> action = new
PrivilegedAction<Response>() {
public Response run() {
@@ -247,7 +248,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
LOG.debug("Checking Roles if updated with old
api call");
}
- relativeURL = _utils.getUrlForRoleUpdate(_baseUrl,
_serviceName);
+ relativeURL =
RangerRESTUtils.REST_URL_SERVICE_GET_USER_GROUP_ROLES + _serviceName;
response = get(queryParams, relativeURL);
}
@@ -537,7 +538,7 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
LOG.warn("Failed to communicate with Ranger
Admin, URL : " + configURLs.get(currentIndex));
if (index == configURLs.size() - 1) {
throw new ClientHandlerException(
- "Failed to communicate
with all Ranger Admin's URL's : [ " + configURLs + " ]");
+ "Failed to communicate
with all Ranger Admin's URL's : [ " + configURLs + " ]", e);
}
}
}
@@ -558,4 +559,31 @@ public class RangerAdminJersey2RESTClient extends
AbstractRangerAdminClient {
private void setLastKnownActiveUrlIndex(int lastKnownActiveUrlIndex) {
this.lastKnownActiveUrlIndex = lastKnownActiveUrlIndex;
}
+
+ private boolean isSsl(String url) {
+ return !StringUtils.isEmpty(url) &&
url.toLowerCase().startsWith("https");
+ }
+
+ private String getPluginId(String serviceName, String appId) {
+ String hostName = null;
+
+ try {
+ hostName = InetAddress.getLocalHost().getHostName();
+ } catch (UnknownHostException e) {
+ LOG.error("ERROR: Unable to find hostname for the agent
", e);
+ hostName = "unknownHost";
+ }
+
+ String ret = hostName + "-" + serviceName;
+
+ if(! StringUtils.isEmpty(appId)) {
+ ret = appId + "@" + ret;
+ }
+
+ if (ret.length() > MAX_PLUGIN_ID_LEN ) {
+ ret = ret.substring(0,MAX_PLUGIN_ID_LEN);
+ }
+
+ return ret ;
+ }
}
