(ranger) branch master updated: RANGER-5116: updated Ranger plugin to support configurations to initialize UserGroupInfomation (#518)

madhan Mon, 27 Jan 2025 17:10:20 -0800

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new cbf41521a0 RANGER-5116: updated Ranger plugin to support 
configurations to initialize UserGroupInfomation (#518)
cbf41521a0 is described below

commit cbf41521a0d1b763cf44d84b1fbd1b485301830c
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Mon Jan 27 17:08:48 2025 -0800

    RANGER-5116: updated Ranger plugin to support configurations to initialize 
UserGroupInfomation (#518)
---
 .../ranger/plugin/service/RangerBasePlugin.java    | 55 ++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 066dba1aaa..495ce3b838 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -22,10 +22,12 @@
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.ranger.admin.client.RangerAdminClient;
 import org.apache.ranger.admin.client.RangerAdminRESTClient;
 import org.apache.ranger.audit.provider.AuditHandler;
 import org.apache.ranger.audit.provider.AuditProviderFactory;
+import org.apache.ranger.audit.provider.MiscUtil;
 import org.apache.ranger.audit.provider.StandAloneAuditProviderFactory;
 import org.apache.ranger.authorization.hadoop.config.RangerAuditConfig;
 import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
@@ -70,6 +72,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -135,6 +138,58 @@ public RangerBasePlugin(RangerPluginConfig pluginConfig) {
         
setIsFallbackSupported(pluginConfig.getBoolean(pluginConfig.getPropertyPrefix() 
+ ".is.fallback.supported", false));
         setServiceAdmins(serviceAdmins);
 
+        String  ugiPrefix = pluginConfig.getPropertyPrefix() + ".ugi";
+        boolean initUgi   = pluginConfig.getBoolean(ugiPrefix + ".initialize", 
false);
+
+        if (initUgi) {
+            String ugiLoginType = pluginConfig.get(ugiPrefix + ".login.type");
+
+            if (StringUtils.equalsIgnoreCase(ugiLoginType, "keytab")) {
+                String principal = pluginConfig.get(ugiPrefix + 
".keytab.principal");
+                String keytab    = pluginConfig.get(ugiPrefix + 
".keytab.file");
+
+                if (StringUtils.isNotBlank(principal) && 
StringUtils.isNotBlank(keytab)) {
+                    LOG.info("UGI login: principal={}, keytab={}", principal, 
keytab);
+
+                    try {
+                        UserGroupInformation.loginUserFromKeytab(principal, 
keytab);
+                    } catch (IOException excp) {
+                        LOG.error("UGI login: failed", excp);
+
+                        throw new RuntimeException(excp);
+                    }
+                } else {
+                    String msg = String.format("UGI login: invalid 
configuration: %s=%s, %s=%s", ugiPrefix + ".keytab.principal", principal, 
ugiPrefix + ".keytab.file", keytab);
+
+                    LOG.error(msg);
+
+                    throw new RuntimeException(msg);
+                }
+            } else if (StringUtils.equalsIgnoreCase(ugiLoginType, "jaas")) {
+                String jaasAppConfig = pluginConfig.get(ugiPrefix + 
".jaas.appconfig");
+
+                if (StringUtils.isNotBlank(jaasAppConfig)) {
+                    LOG.info("UGI login: jaasAppConfig={}", jaasAppConfig);
+
+                    try {
+                        MiscUtil.setUGIFromJAASConfig(jaasAppConfig);
+                    } catch (Exception excp) {
+                        LOG.error("UGI login: jaasAppConfig={} failed", 
jaasAppConfig, excp);
+
+                        throw new RuntimeException(excp);
+                    }
+                } else {
+                    String msg = String.format("UGI login: invalid 
configuration: %s=%s", ugiPrefix + ".jaas.appconfig", jaasAppConfig);
+
+                    LOG.error(msg);
+
+                    throw new RuntimeException(msg);
+                }
+            } else {
+                LOG.warn("UGI login: invalid configuration {}={}", ugiPrefix + 
".login.type", ugiLoginType);
+            }
+        }
+
         RangerRequestScriptEvaluator.init(pluginConfig);
 
         this.dedupStrings   = 
pluginConfig.getBoolean(pluginConfig.getPropertyPrefix() + ".dedup.strings", 
true);

(ranger) branch master updated: RANGER-5116: updated Ranger plugin to support configurations to initialize UserGroupInfomation (#518)

Reply via email to