Re: Review Request 73270: RANGER-3233:Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS config instead of Subject from Kafka LoginManager

[Gergo Wilder via Review Board]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73270/#review222783
-----------------------------------------------------------



Minor improvement proposal.


plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
Lines 65 (patched)
<https://reviews.apache.org/r/73270/#comment311948>

    This does not need to be hardcoded.



plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
Line 105 (original)
<https://reviews.apache.org/r/73270/#comment311949>

    You could keep some of this code to get access to Kafka's effective jaas 
config and initialize Ranger UGI from there. Something like this:
    
    JaasContext context = JaasContext.loadServerContext(new 
ListenerName(listenerName), saslMechanism, configs);
    
    MiscUtil.setUGIFromJAASConfig(context.name());


- Gergo Wilder


On April 6, 2021, 4:47 p.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73270/
> -----------------------------------------------------------
> 
> (Updated April 6, 2021, 4:47 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gergo Wilder, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3233
>     https://issues.apache.org/jira/browse/RANGER-3233
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-3233:Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS 
> config instead of Subject from Kafka LoginManager
> 
> 
> Diffs
> -----
> 
>   
> plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
>  8674521c1 
> 
> 
> Diff: https://reviews.apache.org/r/73270/diff/1/
> 
> 
> Testing
> -------
> 
> - Verified Kafka Plugin and auditing for it in Local VM and verified kerberos 
> ticket renewal for Kafka UGI used for policy download and auditing.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>