ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ankita Sinha <ankita.si...@freestoneinfotech.com>
Subject Review Request 47064: Kerberos : Ranger Admin to perform Key operations using Principal / keytab of RangerAdmin from UI
Date Fri, 06 May 2016 10:25:42 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47064/
-----------------------------------------------------------

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj,
Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-973
    https://issues.apache.org/jira/browse/RANGER-973


Repository: ranger


Description
-------

**Problem Statement**
Currently even in kerberos environment Ranger admin sends request using repo config user.
As now Ranger Admin and Ranger KMS are working in kerberos environment, request for key operations
from UI needs to go using ranger admin credentials.

**Need to improve following features**

1. KMS to use rangeradmin credentials for test connection, resource lookup and for encrytpion
key operation from Ranger admin UI Encryption tab.

2. Download Policy Session Log was created in every policy refresher call, so in x_auth_session
it is getting bulk of downloadpolicy session log.

3. To add ambari service check user in default policy using service config custom property


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java 8991872

  agents-common/src/main/resources/resourcenamemap.properties 72d78d2 
  kms/config/kms-webapp/kms-site.xml b61d1b2 
  plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java 271392b 
  plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java c247a44

  plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java aa4c65a

  security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 2f77e2d 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ab0798b 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b837a68 
  security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 106d910 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml e3f9f03 
  security-admin/src/main/resources/resourcenamemap.properties e4a2edf 

Diff: https://reviews.apache.org/r/47064/diff/


Testing
-------

1. Tested KMS on simple environment with key operation and zone operation.
2. Tested KMS on kerberos environment with key operation and zone operation.
3. Checked download policy session log in table and audit on UI setting it enable and disable
in xml file.
4. Tested adding custom config in service for ambari service check user.


Thanks,

Ankita Sinha


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message