This is an automated email from the ASF dual-hosted git repository. spolavarapu pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push: new b31f38b RANGER-3212: Java client support for kerberos,SSL and packaging b31f38b is described below commit b31f38b74876f8463f9da89b6991610e6b5bf5c3 Author: Abhishek Kumar <abhishek.ku...@cloudera.com> AuthorDate: Thu Mar 18 17:35:19 2021 -0400 RANGER-3212: Java client support for kerberos,SSL and packaging Signed-off-by: Sailaja Polavarapu <spolavar...@cloudera.com> --- distro/pom.xml | 5 +- distro/src/main/assembly/sample-client.xml | 104 ++++++++++++++++++ .../main/java/org/apache/ranger/RangerClient.java | 35 +++--- .../java/org/apache/ranger/RangerClientConfig.java | 119 --------------------- .../sample-client/conf/config.properties | 21 ---- ranger-examples/sample-client/conf/ssl-client.xml | 31 ++++++ .../sample-client/scripts/run-sample-client.sh | 34 +++++- .../ranger/examples/sampleclient/SampleClient.java | 8 +- 8 files changed, 188 insertions(+), 169 deletions(-) diff --git a/distro/pom.xml b/distro/pom.xml index 264b46e..314e31d 100644 --- a/distro/pom.xml +++ b/distro/pom.xml @@ -40,8 +40,8 @@ <artifactId>maven-assembly-plugin</artifactId> <version>${assembly.plugin.version}</version> <configuration> - <finalName>ranger-${project.version}</finalName> - <outputDirectory>../target</outputDirectory> + <finalName>ranger-${project.version}</finalName> + <outputDirectory>../target</outputDirectory> </configuration> <executions> <execution> @@ -75,6 +75,7 @@ <descriptor>src/main/assembly/plugin-elasticsearch.xml</descriptor> <descriptor>src/main/assembly/plugin-schema-registry.xml</descriptor> <descriptor>src/main/assembly/plugin-presto.xml</descriptor> + <descriptor>src/main/assembly/sample-client.xml</descriptor> </descriptors> </configuration> </execution> diff --git a/distro/src/main/assembly/sample-client.xml b/distro/src/main/assembly/sample-client.xml new file mode 100644 index 0000000..bd79d8e --- /dev/null +++ b/distro/src/main/assembly/sample-client.xml @@ -0,0 +1,104 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<assembly> + <id>sample-client</id> + <formats> + <format>tar.gz</format> + </formats> + <baseDirectory>${project.name}-${project.version}-sample-client</baseDirectory> + <includeBaseDirectory>false</includeBaseDirectory> + <moduleSets> + <moduleSet> + <useAllReactorProjects>true</useAllReactorProjects> + <includes> + <include>org.apache.ranger:sample-client</include> + <include>org.apache.ranger:ranger-intg</include> + <include>org.apache.ranger:ranger-plugins-common</include> + <include>org.apache.ranger:ranger-plugins-cred</include> + </includes> + <binaries> + <outputDirectory>lib</outputDirectory> + <includeDependencies>true</includeDependencies> + <unpack>false</unpack> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <includes> + <include>commons-cli:commons-cli</include> + <include>commons-logging:commons-logging:jar:${commons.logging.version}</include> + <include>commons-lang:commons-lang</include> + <include>org.apache.commons:commons-lang3</include> + <include>org.apache.commons:commons-compress</include> + <include>com.google.code.gson:gson</include> + <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include> + <include>org.slf4j:slf4j-log4j12</include> + <include>log4j:log4j</include> + <include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include> + <include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include> + <include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include> + <include>org.eclipse.persistence:eclipselink</include> + <include>org.eclipse.persistence:javax.persistence</include> + <include>commons-collections:commons-collections</include> + <include>com.sun.jersey:jersey-bundle</include> + <include>commons-io:commons-io</include> + <include>com.google.guava:guava:jar:${google.guava.version}</include> + <include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include> + <include>org.noggit:noggit:jar:${noggit.version}</include> + <include>org.codehaus.jackson:jackson-core-asl</include> + <include>org.codehaus.jackson:jackson-jaxrs</include> + <include>org.codehaus.jackson:jackson-mapper-asl</include> + <include>org.codehaus.jackson:jackson-xc</include> + <include>org.apache.ranger:ranger-plugins-audit</include> + <include>org.apache.htrace:htrace-core4</include> + <include>com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}</include> + <include>net.java.dev.jna:jna:jar:${jna.version}</include> + <include>net.java.dev.jna:jna-platform:jar:${jna-platform.version}</include> + <include>com.fasterxml.woodstox:woodstox-core:jar:${fasterxml.woodstox.version}</include> + <include>org.codehaus.woodstox:stax2-api:jar:${codehaus.woodstox.stax2api.version}</include> + </includes> + </binaries> + </moduleSet> + </moduleSets> + + <fileSets> + <fileSet> + <outputDirectory></outputDirectory> + <directory>${project.parent.basedir}/ranger-examples/sample-client/scripts</directory> + <includes> + <include>*.sh</include> + </includes> + <fileMode>755</fileMode> + </fileSet> + <fileSet> + <outputDirectory></outputDirectory> + <directory>${project.parent.basedir}/ranger-examples/sample-client/conf</directory> + <includes> + <include>*.xml</include> + </includes> + <fileMode>755</fileMode> + </fileSet> + <fileSet> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <outputDirectory>lib</outputDirectory> + <directory>${project.parent.basedir}/ranger-examples/sample-client/src/main/resources</directory> + <includes> + <include>*.properties</include> + </includes> + </fileSet> + </fileSets> +</assembly> \ No newline at end of file diff --git a/intg/src/main/java/org/apache/ranger/RangerClient.java b/intg/src/main/java/org/apache/ranger/RangerClient.java index bef3857..c7e32dc 100644 --- a/intg/src/main/java/org/apache/ranger/RangerClient.java +++ b/intg/src/main/java/org/apache/ranger/RangerClient.java @@ -141,31 +141,24 @@ public class RangerClient { private boolean isSecureMode = false; private Subject sub = null; - public RangerClient(String configFile) { - RangerClientConfig cfg = new RangerClientConfig(configFile); - restClient = new RangerRESTClient(cfg.getURL(), cfg.getSslConfigFile(), new Configuration()); + public RangerClient(String hostName, String authType, String username, String password, String configFile) { + restClient = new RangerRESTClient(hostName, configFile, new Configuration()); - String authenticationType = cfg.getAuthenticationType(); - String principal = cfg.getPrincipal(); - String keytab = cfg.getKeytab(); - - if (AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) { - isSecureMode = true; - try { - sub = SecureClientLogin.loginUserFromKeytab(principal,keytab); - } catch (IOException e) { - LOG.error(e.getMessage()); - } - } else LOG.error("Authentication credentials missing/invalid"); + if (AUTH_KERBEROS.equalsIgnoreCase(authType)) { + if (SecureClientLogin.isKerberosCredentialExists(username, password)) { + isSecureMode = true; + try { + sub = SecureClientLogin.loginUserFromKeytab(username, password); + } catch (IOException e) { + LOG.error(e.getMessage()); + } + } else LOG.error("Authentication credentials missing/invalid"); + } else { + restClient.setBasicAuthInfo(username, password); + } } - public RangerClient(String hostname, String username, String password) { - restClient = new RangerRESTClient(hostname, "", new Configuration()); - - restClient.setBasicAuthInfo(username, password); - } - public RangerClient(RangerRESTClient restClient) { this.restClient = restClient; } diff --git a/intg/src/main/java/org/apache/ranger/RangerClientConfig.java b/intg/src/main/java/org/apache/ranger/RangerClientConfig.java deleted file mode 100644 index 68ef0ff..0000000 --- a/intg/src/main/java/org/apache/ranger/RangerClientConfig.java +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.*; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Properties; - -public class RangerClientConfig { - - private static final Logger LOG = LoggerFactory.getLogger(RangerClientConfig.class); - - private static final String RANGER_ADMIN_URL = "ranger.client.url"; - private static final String AUTH_TYPE = "ranger.client.authentication.type"; - private static final String CLIENT_KERBEROS_PRINCIPAL = "ranger.client.kerberos.principal"; - private static final String CLIENT_KERBEROS_KEYTAB = "ranger.client.kerberos.keytab"; - private static final String CLIENT_SSL_CONFIG_FILE = "ranger.client.ssl.config.filename"; - - - private final Properties props; - - RangerClientConfig(String configFileName){ - props = readProperties(configFileName); - } - - public Properties readProperties(String fileName) { - Properties ret = null; - InputStream inStr = null; - URL fileURL = null; - File f = new File(fileName); - - if (f.exists() && f.isFile() && f.canRead()) { - try { - inStr = new FileInputStream(f); - fileURL = f.toURI().toURL(); - } catch (FileNotFoundException exception) { - LOG.error("Error processing input file:" + fileName + " or no privilege for reading file " + fileName, exception); - } catch (MalformedURLException malformedException) { - LOG.error("Error processing input file:" + fileName + " cannot be converted to URL " + fileName, malformedException); - } - } else { - fileURL = getClass().getResource(fileName); - - if (fileURL == null && !fileName.startsWith("/")) { - fileURL = getClass().getResource("/" + fileName); - } - - if (fileURL == null) { - fileURL = ClassLoader.getSystemClassLoader().getResource(fileName); - - if (fileURL == null && !fileName.startsWith("/")) { - fileURL = ClassLoader.getSystemClassLoader().getResource("/" + fileName); - } - } - } - - if (fileURL != null) { - try { - inStr = fileURL.openStream(); - - Properties prop = new Properties(); - - prop.load(inStr); - - ret = prop; - } catch (Exception excp) { - LOG.error("failed to load properties from file '" + fileName + "'", excp); - } finally { - if (inStr != null) { - try { - inStr.close(); - } catch (Exception excp) { - // ignore - } - } - } - } - return ret; - } - public String getURL() { return props.getProperty(RANGER_ADMIN_URL); } - - public String getPrincipal(){ - return props.getProperty(CLIENT_KERBEROS_PRINCIPAL); - } - - public String getKeytab(){ - return props.getProperty(CLIENT_KERBEROS_KEYTAB); - } - - public String getSslConfigFile(){ - return props.getProperty(CLIENT_SSL_CONFIG_FILE); - } - - public String getAuthenticationType(){ - return props.getProperty(AUTH_TYPE); - } - -} diff --git a/ranger-examples/sample-client/conf/config.properties b/ranger-examples/sample-client/conf/config.properties deleted file mode 100644 index 5be772a..0000000 --- a/ranger-examples/sample-client/conf/config.properties +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -ranger.client.url=https://localhost:6182 -# Authentication properties -ranger.client.authentication.type=kerberos -ranger.client.kerberos.principal= -ranger.client.kerberos.keytab= -ranger.client.ssl.config.filename= \ No newline at end of file diff --git a/ranger-examples/sample-client/conf/ssl-client.xml b/ranger-examples/sample-client/conf/ssl-client.xml new file mode 100644 index 0000000..7d73d12 --- /dev/null +++ b/ranger-examples/sample-client/conf/ssl-client.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value></value> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value></value> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.type</name> + <value></value> + </property> +</configuration> \ No newline at end of file diff --git a/ranger-examples/sample-client/scripts/run-sample-client.sh b/ranger-examples/sample-client/scripts/run-sample-client.sh index 2260476..8740801 100755 --- a/ranger-examples/sample-client/scripts/run-sample-client.sh +++ b/ranger-examples/sample-client/scripts/run-sample-client.sh @@ -40,11 +40,35 @@ while getopts "n:h" opt; do esac done -prompt="Sample Authentication User Name:" -read -p "$prompt" userName -prompt="Sample Authentication User Password:" -read -p "$prompt" -s password +if [[ $HOST == https* ]] ; +then + prompt="SSL Configuration File:" + read -p "$prompt" config + JAVA_CMD="$JAVA_CMD -c $config" +fi +prompt="Kerberos Login (y/n)? " +read -p "$prompt" -n 1 -r printf "\n" -JAVA_CMD="$JAVA_CMD -u $userName -p $password" +if [[ $REPLY =~ ^[Yy]$ ]] +then + prompt="Sample Kerberos Principal:" + read -r -p "$prompt" userName + prompt="Sample Kerberos Keytab:" + read -r -p "$prompt" password + printf "\n" + JAVA_CMD="$JAVA_CMD -k kerberos -u $userName -p $password" +elif [[ $REPLY =~ ^[Nn]$ ]] +then + prompt="Sample Authentication User Name:" + read -r -p "$prompt" userName + prompt="Sample Authentication User Password:" + read -r -p "$prompt" -s password + printf "\n" + JAVA_CMD="$JAVA_CMD -k basic -u $userName -p $password" +else + printf "Incorrect response \n" + exit +fi + printf "Java command : $JAVA_CMD\n" $JAVA_CMD \ No newline at end of file diff --git a/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java b/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java index b6ab313..b380127 100644 --- a/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java +++ b/ranger-examples/sample-client/src/main/java/org/apache/ranger/examples/sampleclient/SampleClient.java @@ -42,12 +42,16 @@ public class SampleClient { Options options = new Options(); Option host = OptionBuilder.hasArgs(1).isRequired().withLongOpt("host").withDescription("hostname").create('h'); + Option auth = OptionBuilder.hasArgs(1).isRequired().withLongOpt("authType").withDescription("Authentication Type").create('k'); Option user = OptionBuilder.hasArgs(1).isRequired().withLongOpt("user").withDescription("username").create('u'); Option pass = OptionBuilder.hasArgs(1).isRequired().withLongOpt("pass").withDescription("password").create('p'); + Option conf = OptionBuilder.hasArgs(1).withLongOpt("config").withDescription("configuration").create('c'); options.addOption(host); + options.addOption(auth); options.addOption(user); options.addOption(pass); + options.addOption(conf); CommandLineParser parser = new BasicParser(); CommandLine cmd; @@ -61,8 +65,10 @@ public class SampleClient { String hostName = cmd.getOptionValue('h'); String userName = cmd.getOptionValue('u'); String password = cmd.getOptionValue('p'); + String cfg = cmd.getOptionValue('c'); + String authType = cmd.getOptionValue('k'); - RangerClient rangerClient = new RangerClient(hostName, userName, password); + RangerClient rangerClient = new RangerClient(hostName, authType, userName, password, cfg); String serviceDefName = "sampleServiceDef"; String serviceName = "sampleService";