ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhaval Shah <dhavalshah9...@gmail.com>
Subject Re: Review Request 72847: RANGER-2998 : API for Ranger KMS service status
Date Sun, 20 Sep 2020 13:19:34 GMT


> On Sept. 16, 2020, 6:45 p.m., Madhan Neethiraj wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
> > Lines 131 (patched)
> > <https://reviews.apache.org/r/72847/diff/1/?file=2239324#file2239324line131>
> >
> >     As Ramesh suggested, consider narrowing down unauthenticated URL to only specific
methods - like /kms/api/status.
> >     
> >     Also, instead of handling this in Java code, consider updating security-applicationContext.xml
to list URLs that can be accessed without authentication - like:
> >       <security:http pattern="/kms/api/status" security="none" />

I have changed the url pattern from /kms/api to /kms/api/status.
RangerKMS does not have security-applicationContext.xml of spring security. You are referring
to security admin module which is not applicable for RangerKMS. Futher the new api /kms/api/status
gets blocked by KMSAuthenticationFilter and KMSMDCFilter in web.xml ( https://github.com/apache/ranger/blob/master/kms/src/main/webapp/WEB-INF/web.xml#L63)
due to which I have kept the IF check in filter class.


- Dhaval


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72847/#review221877
-----------------------------------------------------------


On Sept. 20, 2020, 1:11 p.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72847/
> -----------------------------------------------------------
> 
> (Updated Sept. 20, 2020, 1:11 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dineshkumar Yadav, Jayendra Parab, Kishor Gollapalliwar,
Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2998
>     https://issues.apache.org/jira/browse/RANGER-2998
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Need to construct the API which can be accessible without user credentials for Ranger
KMS service status. So when service Ranger KMS is successfully started there should be status
saying "Ranger KMS is up and running" when we hit particular API.
> 
> 
> Diffs
> -----
> 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
944b3d483 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java da8f71599

>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/RangerKMSRestApi.java PRE-CREATION

> 
> 
> Diff: https://reviews.apache.org/r/72847/diff/3/
> 
> 
> Testing
> -------
> 
> Successfully tested the status API.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message