Skip to content

Commit

Permalink
RANGER-5116: updated Ranger plugin to support configurations to initi…
Browse files Browse the repository at this point in the history 
…alize UserGroupInfomation (#518)
  • Loading branch information
@mneethiraj
mneethiraj authored Jan 28, 2025
1 parent 86b1bcd commit cbf4152
Showing 1 changed file with 55 additions and 0 deletions.
55 changes: 55 additions & 0 deletions agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,12 @@
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.admin.client.RangerAdminClient;
import org.apache.ranger.admin.client.RangerAdminRESTClient;
import org.apache.ranger.audit.provider.AuditHandler;
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.audit.provider.StandAloneAuditProviderFactory;
import org.apache.ranger.authorization.hadoop.config.RangerAuditConfig;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
Expand Down Expand Up @@ -70,6 +72,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
Expand Down Expand Up @@ -135,6 +138,58 @@ public RangerBasePlugin(RangerPluginConfig pluginConfig) {
setIsFallbackSupported(pluginConfig.getBoolean(pluginConfig.getPropertyPrefix() + ".is.fallback.supported", false));
setServiceAdmins(serviceAdmins);

String ugiPrefix = pluginConfig.getPropertyPrefix() + ".ugi";
boolean initUgi = pluginConfig.getBoolean(ugiPrefix + ".initialize", false);

if (initUgi) {
String ugiLoginType = pluginConfig.get(ugiPrefix + ".login.type");

if (StringUtils.equalsIgnoreCase(ugiLoginType, "keytab")) {
String principal = pluginConfig.get(ugiPrefix + ".keytab.principal");
String keytab = pluginConfig.get(ugiPrefix + ".keytab.file");

if (StringUtils.isNotBlank(principal) && StringUtils.isNotBlank(keytab)) {
LOG.info("UGI login: principal={}, keytab={}", principal, keytab);

try {
UserGroupInformation.loginUserFromKeytab(principal, keytab);
} catch (IOException excp) {
LOG.error("UGI login: failed", excp);

throw new RuntimeException(excp);
}
} else {
String msg = String.format("UGI login: invalid configuration: %s=%s, %s=%s", ugiPrefix + ".keytab.principal", principal, ugiPrefix + ".keytab.file", keytab);

LOG.error(msg);

throw new RuntimeException(msg);
}
} else if (StringUtils.equalsIgnoreCase(ugiLoginType, "jaas")) {
String jaasAppConfig = pluginConfig.get(ugiPrefix + ".jaas.appconfig");

if (StringUtils.isNotBlank(jaasAppConfig)) {
LOG.info("UGI login: jaasAppConfig={}", jaasAppConfig);

try {
MiscUtil.setUGIFromJAASConfig(jaasAppConfig);
} catch (Exception excp) {
LOG.error("UGI login: jaasAppConfig={} failed", jaasAppConfig, excp);

throw new RuntimeException(excp);
}
} else {
String msg = String.format("UGI login: invalid configuration: %s=%s", ugiPrefix + ".jaas.appconfig", jaasAppConfig);

LOG.error(msg);

throw new RuntimeException(msg);
}
} else {
LOG.warn("UGI login: invalid configuration {}={}", ugiPrefix + ".login.type", ugiLoginType);
}
}

RangerRequestScriptEvaluator.init(pluginConfig);

this.dedupStrings = pluginConfig.getBoolean(pluginConfig.getPropertyPrefix() + ".dedup.strings", true);
Expand Down

0 comments on commit cbf4152

Please sign in to comment.