[
https://issues.apache.org/jira/browse/KNOX-1872?focusedWorklogId=253975&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-253975
]
ASF GitHub Bot logged work on KNOX-1872:
----------------------------------------
Author: ASF GitHub Bot
Created on: 04/Jun/19 19:23
Start Date: 04/Jun/19 19:23
Worklog Time Spent: 10m
Work Description: risdenk commented on pull request #98: KNOX-1872 -
Update Ranger service definitions to support trusted proxy
URL: https://github.com/apache/knox/pull/98
## What changes were proposed in this pull request?
Make Ranger service definitions support trusted proxy by default
## How was this patch tested?
* `mvn -T.5C clean verify -Ppackage,release`
* Tested proxying Ranger UI and API with updated service definitions on
Kerberized cluster
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 253975)
Time Spent: 10m
Remaining Estimate: 0h
> Update Ranger service definitions to support trusted proxy
> ----------------------------------------------------------
>
> Key: KNOX-1872
> URL: https://issues.apache.org/jira/browse/KNOX-1872
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
> Fix For: 1.3.0
>
> Attachments:
> 0001-KNOX-1872-Update-service.xml-for-Ranger-UI-service-t.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> In order to support knox trusted proxy for Ranger UI, corresponding
> service.xml need to be updated. That way, the request will contain doAs in
> the request parameter as well as the corresponding tokens instead of basic
> auth credentials of end user.
> Also, add new version of the service definition that defaults to trusted
> proxy for both Ranger UI & Ranger Admin APIs.
> Following is the sample service.xml for ranger UI trusted proxy testing:
> <service role="RANGERUI" name="rangerui" version="0.5.0">
> <policies>
> <policy role="webappsec"/>
> *{color:#de350b}<policy role="authentication" />{color}*
> <policy role="rewrite"/>
> <policy role="identity-assertion"/>
> <policy role="authorization"/>
> </policies>
> <routes>
> <route path="/ranger">
> <rewrite apply="RANGERUI/rangerui/inbound/root" to="request.url"/>
> <rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
> <rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
> </route>
> <route path="/ranger/**">
> <rewrite apply="RANGERUI/rangerui/inbound/path" to="request.url"/>
> <rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
> <rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
> </route>
> <route path="/ranger/**?**">
> <rewrite apply="RANGERUI/rangerui/inbound/query" to="request.url"/>
> <rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
> <rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
> </route>
> </routes>
> <dispatch
> classname="{color:#de350b}*org.apache.knox.gateway.dispatch.DefaultDispatch*{color}"/>
> </service>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
