knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kris...@apache.org
Subject [knox] branch master updated: KNOX-1835 - Jupyter Enterprise Gateway - KERNEL_USERNAME should be added when not present (#79)
Date Fri, 29 Mar 2019 18:53:42 GMT
This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 6d05bb8  KNOX-1835 - Jupyter Enterprise Gateway - KERNEL_USERNAME should be added
when not present (#79)
6d05bb8 is described below

commit 6d05bb882a78403470d161a7f7116a147b69fb0a
Author: Bhanu Teja Allaparthi <bhanuteja.allaparthi@gmail.com>
AuthorDate: Fri Mar 29 11:53:37 2019 -0700

    KNOX-1835 - Jupyter Enterprise Gateway - KERNEL_USERNAME should be added when not present
(#79)
---
 gateway-release/pom.xml                            |   6 +-
 .../main/resources/services/jkg/1.1.2/service.xml  |  13 +--
 gateway-service-jkg/pom.xml                        |  63 +++++++++++++
 .../org/apache/knox/gateway/jkg/JkgDispatch.java   | 105 +++++++++++++++++++++
 pom.xml                                            |  16 +++-
 5 files changed, 185 insertions(+), 18 deletions(-)

diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml
index c55da16..b500844 100644
--- a/gateway-release/pom.xml
+++ b/gateway-release/pom.xml
@@ -28,7 +28,7 @@
     <artifactId>gateway-release</artifactId>
     <name>gateway-release</name>
     <description>The gateway binary release packaging.</description>
-    
+
     <profiles>
         <profile>
             <id>package</id>
@@ -214,6 +214,10 @@
         </dependency>
         <dependency>
             <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-service-jkg</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
             <artifactId>gateway-service-tgs</artifactId>
         </dependency>
         <dependency>
diff --git a/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
b/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
index fff3f63..5d7e4eb 100644
--- a/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/jkg/1.1.2/service.xml
@@ -28,24 +28,13 @@
             <rewrite apply="JKG/jkg/inbound/api/kernelspecs/query" to="request.url"/>
         </route>
         <route path="/jkg/api/kernels">
-            <policies>
-                <policy role="webappsec"/>
-                <policy role="authentication"/>
-                <policy role="rewrite"/>
-                <policy role="authorization"/>
-            </policies>
             <rewrite apply="JKG/jkg/inbound/api/kernelsurl" to="request.url"/>
             <rewrite apply="JKG/jkg/outbound/api/kernels" to="response.body"/>
             <rewrite apply="JKG/jkg/inbound/api/kernels" to="request.body"/>
         </route>
         <route path="/jkg/api/kernels/*">
-            <policies>
-                <policy role="webappsec"/>
-                <policy role="authentication"/>
-                <policy role="rewrite"/>
-                <policy role="authorization"/>
-            </policies>
             <rewrite apply="JKG/jkg/inbound/api/kernel/query" to="request.url"/>
         </route>
     </routes>
+    <dispatch classname="org.apache.knox.gateway.jkg.JkgDispatch"/>
 </service>
diff --git a/gateway-service-jkg/pom.xml b/gateway-service-jkg/pom.xml
new file mode 100644
index 0000000..799bed5
--- /dev/null
+++ b/gateway-service-jkg/pom.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.knox</groupId>
+        <artifactId>gateway</artifactId>
+        <version>1.3.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>gateway-service-jkg</artifactId>
+    <name>gateway-service-jkg</name>
+    <description>The extension to the gateway for supporting jkg.</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-spi</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-provider-rewrite</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+        </dependency>
+        
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.knox</groupId>
+            <artifactId>gateway-test-utils</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/gateway-service-jkg/src/main/java/org/apache/knox/gateway/jkg/JkgDispatch.java
b/gateway-service-jkg/src/main/java/org/apache/knox/gateway/jkg/JkgDispatch.java
new file mode 100644
index 0000000..6b6839f
--- /dev/null
+++ b/gateway-service-jkg/src/main/java/org/apache/knox/gateway/jkg/JkgDispatch.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.jkg;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.knox.gateway.dispatch.DefaultDispatch;
+import org.apache.knox.gateway.filter.rewrite.impl.UrlRewriteRequestStream;
+import org.apache.knox.gateway.security.SubjectUtils;
+
+
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+
+/**
+ * This specialized dispatch provides Jupyter Kernel Gateway specific features to the
+ * default dispatch.
+ */
+public class JkgDispatch extends DefaultDispatch {
+
+  @Override
+  public void doPost(URI url, HttpServletRequest request, HttpServletResponse response)
+      throws IOException, URISyntaxException {
+    super.doPost(url, new JkgHttpServletRequest(request), response);
+  }
+
+  /**
+   * HttpServletRequest that adds or sets the KERNEL_USERNAME parameter on the json body
+   */
+  private class JkgHttpServletRequest extends HttpServletRequestWrapper {
+    private final List<String> kernelEndpoints = Arrays.asList("/kernels");
+
+    JkgHttpServletRequest(HttpServletRequest request) {
+      super(request);
+    }
+
+    @Override
+    public ServletInputStream getInputStream() throws IOException {
+      ServletInputStream inputStream = super.getInputStream();
+
+      HttpServletRequest request = (HttpServletRequest)getRequest();
+      String requestURI = request.getRequestURI();
+      if(matchkernelEndpoints(requestURI)) {
+        // Parse the json object from the request
+        ObjectMapper objectMapper = new ObjectMapper();
+
+        Map<String, Object> jsonMap = objectMapper.readValue(inputStream, new TypeReference<Map<String,Object>>(){});
+
+        Map<String, Object> envMap = objectMapper.convertValue(jsonMap.get("env"),
Map.class);
+        // Force the KERNEL_USERNAME to be set to the remote user
+        envMap.put("KERNEL_USERNAME", SubjectUtils.getCurrentEffectivePrincipalName());
+
+        jsonMap.put("env", envMap);
+
+        // Create the new ServletInputStream with modified json map.
+        String s = objectMapper.writeValueAsString(jsonMap);
+        return new UrlRewriteRequestStream(new ByteArrayInputStream(s.getBytes(StandardCharsets.UTF_8)));
+      }
+
+      return inputStream;
+    }
+
+    private boolean matchkernelEndpoints(String requestURI) {
+      for(String endpoint : kernelEndpoints) {
+        if(requestURI.endsWith(endpoint) || requestURI.endsWith(endpoint + '/')) {
+          return true;
+        }
+      }
+      return false;
+    }
+
+    @Override
+    public BufferedReader getReader() throws IOException {
+      return new BufferedReader(new InputStreamReader(getInputStream(), StandardCharsets.UTF_8));
+    }
+  }
+}
diff --git a/pom.xml b/pom.xml
index dfe00a0..6952341 100644
--- a/pom.xml
+++ b/pom.xml
@@ -105,6 +105,7 @@
         <module>gateway-service-knoxssout</module>
         <module>gateway-service-knoxtoken</module>
         <module>gateway-service-livy</module>
+        <module>gateway-service-jkg</module>
         <module>gateway-service-health</module>
         <module>gateway-service-webhdfs</module>
         <module>gateway-service-tgs</module>
@@ -989,6 +990,11 @@
             </dependency>
             <dependency>
                 <groupId>org.apache.knox</groupId>
+                <artifactId>gateway-service-jkg</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.knox</groupId>
                 <artifactId>gateway-service-definitions</artifactId>
                 <version>${project.version}</version>
             </dependency>
@@ -1234,19 +1240,19 @@
                 <artifactId>groovy-json</artifactId>
                 <version>${groovy.version}</version>
             </dependency>
-            
+
             <dependency>
                 <groupId>org.fusesource.jansi</groupId>
                 <artifactId>jansi</artifactId>
                 <version>${jansi.version}</version>
             </dependency>
-            
+
             <dependency>
                 <groupId>jline</groupId>
                 <artifactId>jline</artifactId>
                 <version>${jline.version}</version>
             </dependency>
-            
+
             <dependency>
                 <groupId>org.apache.httpcomponents</groupId>
                 <artifactId>httpclient</artifactId>
@@ -1257,7 +1263,7 @@
                 <artifactId>httpcore</artifactId>
                 <version>${httpcore.version}</version>
             </dependency>
-            
+
             <dependency>
                 <groupId>joda-time</groupId>
                 <artifactId>joda-time</artifactId>
@@ -1779,7 +1785,7 @@
                 <artifactId>javax.websocket-client-api</artifactId>
                 <version>${javax.websocket-api.version}</version>
             </dependency>
-            
+
             <dependency>
                 <groupId>org.eclipse.jetty.websocket</groupId>
                 <artifactId>websocket-api</artifactId>


Mime
View raw message