This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-1.1 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-1.1 by this push: new e1b035f5e RANGER-3856: Ranger admin client updated with option to work with non-kerberized server e1b035f5e is described below commit e1b035f5e442b2a605239b14381cd60f040b6d50 Author: Ankita Sinha <ank...@apache.org> AuthorDate: Mon Aug 22 14:03:37 2022 +0530 RANGER-3856: Ranger admin client updated with option to work with non-kerberized server --- .../ranger/admin/client/RangerAdminRESTClient.java | 25 +++++++++++++++++----- .../admin/client/RangerAdminJersey2RESTClient.java | 18 ++++++++++++++-- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java index dddfbc7fe..fc49ef052 100644 --- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java +++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java @@ -53,6 +53,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { private String clusterName; private RangerRESTClient restClient; private RangerRESTUtils restUtils = new RangerRESTUtils(); + private boolean forceNonKerberos = false; public static <T> GenericType<List<T>> getGenericType(final T clazz) { @@ -84,6 +85,8 @@ public class RangerAdminRESTClient implements RangerAdminClient { clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".ambari.cluster.name", ""); int restClientConnTimeOutMs = RangerConfiguration.getInstance().getInt(propertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000); int restClientReadTimeOutMs = RangerConfiguration.getInstance().getInt(propertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000); + this.forceNonKerberos = RangerConfiguration.getInstance().getBoolean(propertyPrefix + ".forceNonKerberos", false); + if (!StringUtil.isEmpty(tmpUrl)) { url = tmpUrl.trim(); } @@ -102,7 +105,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { ServicePolicies ret = null; UserGroupInformation user = MiscUtil.getUGILoginUser(); - boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + boolean isSecureMode = isKerberosEnabled(user); ClientResponse response = null; if (isSecureMode) { if (LOG.isDebugEnabled()) { @@ -174,7 +177,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { ClientResponse response = null; UserGroupInformation user = MiscUtil.getUGILoginUser(); - boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + boolean isSecureMode = isKerberosEnabled(user); if (isSecureMode) { PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() { @@ -219,7 +222,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { ClientResponse response = null; UserGroupInformation user = MiscUtil.getUGILoginUser(); - boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + boolean isSecureMode = isKerberosEnabled(user); if (isSecureMode) { PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() { @@ -287,7 +290,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { ClientResponse response = null; WebResource webResource = null; UserGroupInformation user = MiscUtil.getUGILoginUser(); - boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + boolean isSecureMode = isKerberosEnabled(user); if (isSecureMode) { PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() { @@ -358,7 +361,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { List<String> ret = null; String emptyString = ""; UserGroupInformation user = MiscUtil.getUGILoginUser(); - boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + boolean isSecureMode = isKerberosEnabled(user); final WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES) .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceName) @@ -396,4 +399,16 @@ public class RangerAdminRESTClient implements RangerAdminClient { return ret; } + public boolean isKerberosEnabled(UserGroupInformation user) { + final boolean ret; + + if (forceNonKerberos) { + ret = false; + } else { + ret = user != null && UserGroupInformation.isSecurityEnabled() && user.hasKerberosCredentials(); + } + + return ret; + } + } diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java index d856f898b..8712945ae 100644 --- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java @@ -66,6 +66,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { String _pluginId = null; int _restClientConnTimeOutMs; int _restClientReadTimeOutMs; + boolean forceNonKerberos = false; @Override public void init(String serviceName, String appId, String configPropertyPrefix) { @@ -81,6 +82,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { _restClientConnTimeOutMs = RangerConfiguration.getInstance().getInt(configPropertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000); _restClientReadTimeOutMs = RangerConfiguration.getInstance().getInt(configPropertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000); _clusterName = RangerConfiguration.getInstance().get(configPropertyPrefix + ".ambari.cluster.name", ""); + forceNonKerberos = RangerConfiguration.getInstance().getBoolean(configPropertyPrefix + ".forceNonKerberos", false); LOG.info("Init params: " + String.format("Base URL[%s], SSL Congig filename[%s], ServiceName=[%s]", _baseUrl, _sslConfigFileName, _serviceName)); @@ -100,7 +102,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } UserGroupInformation user = MiscUtil.getUGILoginUser(); - boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + boolean isSecureMode = isKerberosEnabled(user); String url = null; ServicePolicies servicePolicies = null; @@ -261,7 +263,7 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } UserGroupInformation user = MiscUtil.getUGILoginUser(); - boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); + boolean isSecureMode = isKerberosEnabled(user); String url = null; ServiceTags serviceTags = null; @@ -405,4 +407,16 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { return _client; } + + public boolean isKerberosEnabled(UserGroupInformation user) { + final boolean ret; + + if (forceNonKerberos) { + ret = false; + } else { + ret = user != null && UserGroupInformation.isSecurityEnabled() && user.hasKerberosCredentials(); + } + + return ret; + } }