knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kris...@apache.org
Subject knox git commit: KNOX-1098 - Livy proxyUser should be added when not present
Date Thu, 15 Nov 2018 13:50:26 GMT
Repository: knox
Updated Branches:
  refs/heads/master 1c887df8e -> b34c0eb81


KNOX-1098 - Livy proxyUser should be added when not present

Signed-off-by: Kevin Risden <krisden@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/b34c0eb8
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/b34c0eb8
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/b34c0eb8

Branch: refs/heads/master
Commit: b34c0eb811ef7cbad565fecc644049d1cf42e898
Parents: 1c887df
Author: Kevin Risden <krisden@apache.org>
Authored: Wed Nov 14 14:40:52 2018 -0500
Committer: Kevin Risden <krisden@apache.org>
Committed: Thu Nov 15 08:50:00 2018 -0500

----------------------------------------------------------------------
 gateway-release/pom.xml                         |   4 +
 .../resources/services/livy/0.4.0/rewrite.xml   |   8 --
 .../resources/services/livy/0.4.0/service.xml   |   5 +-
 gateway-service-livy/pom.xml                    |  67 +++++++++++++
 .../apache/knox/gateway/livy/LivyDispatch.java  | 100 +++++++++++++++++++
 pom.xml                                         |   6 ++
 6 files changed, 178 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/b34c0eb8/gateway-release/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml
index ebbfcd4..659a8ed 100644
--- a/gateway-release/pom.xml
+++ b/gateway-release/pom.xml
@@ -186,6 +186,10 @@
         </dependency>
         <dependency>
             <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-service-livy</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
             <artifactId>gateway-service-tgs</artifactId>
         </dependency>
         <dependency>

http://git-wip-us.apache.org/repos/asf/knox/blob/b34c0eb8/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml
b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml
index 013fa99..befa1e4 100644
--- a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml
+++ b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/rewrite.xml
@@ -16,18 +16,10 @@
    limitations under the License.
 -->
 <rules>
-  <rule name="LIVYSERVER/livy/user-name">
-    <rewrite template="{$username}"/>
-  </rule>
   <rule dir="IN" name="LIVYSERVER/livy/root/inbound" pattern="*://*:*/**/livy/v1">
     <rewrite template="{$serviceUrl[LIVYSERVER]}"/>
   </rule>
   <rule dir="IN" name="LIVYSERVER/livy/path/inbound" pattern="*://*:*/**/livy/v1/{path=**}?{**}">
     <rewrite template="{$serviceUrl[LIVYSERVER]}/{path=**}?{**}"/>
   </rule>
-  <filter name="LIVYSERVER/livy/addusername/inbound">
-    <content type="*/json">
-      <apply path="$.proxyUser" rule="LIVYSERVER/livy/user-name"/>
-    </content>
-  </filter>
 </rules>

http://git-wip-us.apache.org/repos/asf/knox/blob/b34c0eb8/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml
----------------------------------------------------------------------
diff --git a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml
b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml
index ef71d1e..642ec2e 100644
--- a/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/livy/0.4.0/service.xml
@@ -15,14 +15,11 @@
    See the License for the specific language governing permissions and
    limitations under the License.
 -->
-
 <service role="LIVYSERVER" name="livy" version="0.4.0">
   <routes>
-    <route path="/livy/v1/sessions">
-        <rewrite apply="LIVYSERVER/livy/addusername/inbound" to="request.body"/>
-    </route>
     <route path="/livy/v1/**?**"/>
     <route path="/livy/v1"/>
     <route path="/livy/v1/"/>
   </routes>
+  <dispatch classname="org.apache.knox.gateway.livy.LivyDispatch"/>
 </service>

http://git-wip-us.apache.org/repos/asf/knox/blob/b34c0eb8/gateway-service-livy/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-service-livy/pom.xml b/gateway-service-livy/pom.xml
new file mode 100644
index 0000000..d1a5041
--- /dev/null
+++ b/gateway-service-livy/pom.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.knox</groupId>
+        <artifactId>gateway</artifactId>
+        <version>1.3.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>gateway-service-livy</artifactId>
+    <name>gateway-service-livy</name>
+    <description>The extension to the gateway for supporting Livy.</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-spi</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-provider-rewrite</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-test-utils</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/knox/blob/b34c0eb8/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java
----------------------------------------------------------------------
diff --git a/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java
b/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java
new file mode 100644
index 0000000..a46af29
--- /dev/null
+++ b/gateway-service-livy/src/main/java/org/apache/knox/gateway/livy/LivyDispatch.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.livy;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.knox.gateway.dispatch.DefaultDispatch;
+import org.apache.knox.gateway.filter.rewrite.impl.UrlRewriteRequestStream;
+import org.apache.knox.gateway.security.SubjectUtils;
+
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This specialized dispatch provides Livy specific features to the
+ * default dispatch.
+ */
+public class LivyDispatch extends DefaultDispatch {
+
+  @Override
+  public void doPost(URI url, HttpServletRequest request, HttpServletResponse response)
+      throws IOException, URISyntaxException {
+    super.doPost(url, new LivyHttpServletRequest(request), response);
+  }
+
+  /**
+   * HttpServletRequest that adds or sets the proxyUser parameter on the json body
+   */
+  private class LivyHttpServletRequest extends HttpServletRequestWrapper {
+    private final List<String> proxyUserEndpoints = Arrays.asList("/batches", "/sessions");
+
+    LivyHttpServletRequest(HttpServletRequest request) {
+      super(request);
+    }
+
+    @Override
+    public ServletInputStream getInputStream() throws IOException {
+      ServletInputStream inputStream = super.getInputStream();
+
+      HttpServletRequest request = (HttpServletRequest)getRequest();
+      String requestURI = request.getRequestURI();
+      if(matchProxyUserEndpoints(requestURI)) {
+        // Parse the json object from the request
+        ObjectMapper objectMapper = new ObjectMapper();
+        Map<String, Object> jsonMap = objectMapper.readValue(inputStream, new TypeReference<Map<String,Object>>(){});
+
+        // Force the proxyUser to be set to the remote user
+        jsonMap.put("proxyUser", SubjectUtils.getCurrentEffectivePrincipalName());
+
+        // Create the new ServletInputStream with modified json map.
+        String s = objectMapper.writeValueAsString(jsonMap);
+        return new UrlRewriteRequestStream(new ByteArrayInputStream(s.getBytes(StandardCharsets.UTF_8)));
+      }
+
+      return inputStream;
+    }
+
+    private boolean matchProxyUserEndpoints(String requestURI) {
+      for(String endpoint : proxyUserEndpoints) {
+        if(requestURI.endsWith(endpoint) || requestURI.endsWith(endpoint + '/')) {
+          return true;
+        }
+      }
+      return false;
+    }
+
+    @Override
+    public BufferedReader getReader() throws IOException {
+      return new BufferedReader(new InputStreamReader(getInputStream(), StandardCharsets.UTF_8));
+    }
+  }
+}
+

http://git-wip-us.apache.org/repos/asf/knox/blob/b34c0eb8/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index d900d85..342d834 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,6 +104,7 @@
         <module>gateway-service-knoxsso</module>
         <module>gateway-service-knoxssout</module>
         <module>gateway-service-knoxtoken</module>
+        <module>gateway-service-livy</module>
         <module>gateway-service-health</module>
         <module>gateway-service-webhdfs</module>
         <module>gateway-service-tgs</module>
@@ -828,6 +829,11 @@
             </dependency>
             <dependency>
                 <groupId>org.apache.knox</groupId>
+                <artifactId>gateway-service-livy</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.knox</groupId>
                 <artifactId>gateway-service-definitions</artifactId>
                 <version>${project.version}</version>
             </dependency>


Mime
View raw message