ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status
Date Wed, 16 Sep 2020 18:45:00 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/#review221877
-----------------------------------------------------------




kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
Lines 131 (patched)
<https://reviews.apache.org/r/72847/#comment310947>

    As Ramesh suggested, consider narrowing down unauthenticated URL to only specific methods
- like /kms/api/status.
    
    Also, instead of handling this in Java code, consider updating security-applicationContext.xml
to list URLs that can be accessed without authentication - like:
      <security:http pattern="/kms/api/status" security="none" />


- Madhan Neethiraj


On Sept. 16, 2020, 6:38 p.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72847/
> -----------------------------------------------------------
> 
> (Updated Sept. 16, 2020, 6:38 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, Kishor Gollapalliwar,
Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2998
>     https://issues.apache.org/jira/browse/RANGER-2998
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Need to construct the API which can be accessible without user credentials for Ranger
KMS service status. So when service Ranger KMS is successfully started there should be status
saying "Ranger KMS is up and running" when we hit particular API.
> 
> 
> Diffs
> -----
> 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
944b3d483 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java da8f71599

>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java PRE-CREATION

> 
> 
> Diff: https://reviews.apache.org/r/72847/diff/2/
> 
> 
> Testing
> -------
> 
> Successfully tested the status API.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message