From dev-return-25966-apmail-ranger-dev-archive=ranger.apache.org@ranger.apache.org Thu Jul 9 15:21:51 2020 Return-Path: X-Original-To: apmail-ranger-dev-archive@www.apache.org Delivered-To: apmail-ranger-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by minotaur.apache.org (Postfix) with SMTP id 90BA319566 for ; Thu, 9 Jul 2020 15:21:51 +0000 (UTC) Received: (qmail 58879 invoked by uid 500); 9 Jul 2020 15:21:51 -0000 Delivered-To: apmail-ranger-dev-archive@ranger.apache.org Received: (qmail 58845 invoked by uid 500); 9 Jul 2020 15:21:51 -0000 Mailing-List: contact dev-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list dev@ranger.apache.org Received: (qmail 58819 invoked by uid 99); 9 Jul 2020 15:21:50 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Jul 2020 15:21:50 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id E575A181437 for ; Thu, 9 Jul 2020 15:21:49 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 4.638 X-Spam-Level: **** X-Spam-Status: No, score=4.638 tagged_above=-999 required=6.31 tests=[DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.2, KAM_DMARC_NONE=0.25, KAM_DMARC_STATUS=0.01, KAM_LAZY_DOMAIN_SECURITY=1, KAM_MANYTO=0.2, KHOP_HELO_FCRDNS=0.275, NML_ADSP_CUSTOM_MED=1.2, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id Xw9evZlWsDSq for ; Thu, 9 Jul 2020 15:21:48 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=95.217.165.199; helo=reviews-vm-he-fi.apache.org; envelope-from=noreply@reviews.apache.org; receiver= Received: from reviews-vm-he-fi.apache.org (static.199.165.217.95.clients.your-server.de [95.217.165.199]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTP id 3096CBE2FB for ; Thu, 9 Jul 2020 15:21:48 +0000 (UTC) Received: from reviews-vm-he-fi.apache.org (reviews-vm-he-fi.apache.org [127.0.0.1]) by reviews-vm-he-fi.apache.org (Postfix) with ESMTP id 67A33160EFD; Thu, 9 Jul 2020 15:21:47 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============6267583206469931692==" MIME-Version: 1.0 Subject: Re: Review Request 72591: RANGER-2861 : Support username and keytab to authenticate ES service to use as an Ranger Audit Store From: Pradeep Agrawal To: bhavik patel , Nitin Galave , Mehul Parikh , Gautam Borad , Abhay Kulkarni , Ramesh Mani , Velmurugan Periasamy , Sailaja Polavarapu , Pradeep Agrawal , Attila Bukor , pengjianhua , Colm O hEigeartaigh , Selvamohan Neethiraj , Ankita Sinha , Madhan Neethiraj , Don Bosco Durai , Bolke de Bruin Cc: ranger Date: Thu, 09 Jul 2020 15:21:47 -0000 Message-ID: <20200709152147.20915.45412@reviews-vm-he-fi.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated In-Reply-To: <20200706054258.20915.27311@reviews-vm-he-fi.apache.org> X-ReviewGroup: ranger X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/72591/ X-Sender: Pradeep Agrawal X-ReviewBoard-ShipIt: 1 References: <20200706054258.20915.27311@reviews-vm-he-fi.apache.org> X-ReviewBoard-Diff-For: agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java X-ReviewBoard-Diff-For: agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java X-ReviewBoard-Diff-For: agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java X-ReviewBoard-Diff-For: agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java X-ReviewBoard-ShipIt-Only: 1 Reply-To: Pradeep Agrawal X-ReviewRequest-Repository: ranger Sender: Pradeep Agrawal --===============6267583206469931692== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72591/#review221167 ----------------------------------------------------------- Ship it! Ship It! - Pradeep Agrawal On July 6, 2020, 5:42 a.m., bhavik patel wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72591/ > ----------------------------------------------------------- > > (Updated July 6, 2020, 5:42 a.m.) > > > Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2861 > https://issues.apache.org/jira/browse/RANGER-2861 > > > Repository: ranger > > > Description > ------- > > Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also required to support username and keytab. > > > Diffs > ----- > > agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java bda582a > agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java PRE-CREATION > agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java PRE-CREATION > agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java PRE-CREATION > agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java PRE-CREATION > distro/src/main/assembly/admin-web.xml a632011 > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java 886091e > security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java a060877 > > > Diff: https://reviews.apache.org/r/72591/diff/2/ > > > Testing > ------- > > After setting the ES username and passowrd(keytab) in install.properties ranger admin is able to read audit logs from ES also ranger plugins able to write the logs to ES. > > > Thanks, > > bhavik patel > > --===============6267583206469931692==--