Example 1 with RangerConfiguration
use of org.apache.ranger.authorization.hadoop.config.RangerConfiguration in project ranger by apache.
the class ServiceDBStore method getAuditMode.
private String getAuditMode(String serviceTypeName, String serviceName) {
RangerConfiguration config = RangerConfiguration.getInstance();
String ret = config.get("ranger.audit.global.mode");
if (StringUtils.isNotBlank(ret)) {
return ret;
}
ret = config.get("ranger.audit.servicedef." + serviceTypeName + ".mode");
if (StringUtils.isNotBlank(ret)) {
return ret;
}
ret = config.get("ranger.audit.service." + serviceName + ".mode");
if (StringUtils.isNotBlank(ret)) {
return ret;
}
return RangerPolicyEngine.AUDIT_DEFAULT;
}
Also used :
VXString(org.apache.ranger.view.VXString)
RangerConfiguration(org.apache.ranger.authorization.hadoop.config.RangerConfiguration)
Example 2 with RangerConfiguration
use of org.apache.ranger.authorization.hadoop.config.RangerConfiguration in project ranger by apache.
the class RangerBasePlugin method init.
public void init() {
cleanup();
RangerConfiguration configuration = RangerConfiguration.getInstance();
configuration.addResourcesForServiceType(serviceType);
configuration.initAudit(appId);
String propertyPrefix = "ranger.plugin." + serviceType;
long pollingIntervalMs = configuration.getLong(propertyPrefix + ".policy.pollIntervalMs", 30 * 1000);
String cacheDir = configuration.get(propertyPrefix + ".policy.cache.dir");
serviceName = configuration.get(propertyPrefix + ".service.name");
clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".ambari.cluster.name", "");
useForwardedIPAddress = configuration.getBoolean(propertyPrefix + ".use.x-forwarded-for.ipaddress", false);
String trustedProxyAddressString = configuration.get(propertyPrefix + ".trusted.proxy.ipaddresses");
trustedProxyAddresses = StringUtils.split(trustedProxyAddressString, RANGER_TRUSTED_PROXY_IPADDRESSES_SEPARATOR_CHAR);
if (trustedProxyAddresses != null) {
for (int i = 0; i < trustedProxyAddresses.length; i++) {
trustedProxyAddresses[i] = trustedProxyAddresses[i].trim();
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(propertyPrefix + ".use.x-forwarded-for.ipaddress:" + useForwardedIPAddress);
LOG.debug(propertyPrefix + ".trusted.proxy.ipaddresses:[" + StringUtils.join(trustedProxyAddresses, ", ") + "]");
}
if (useForwardedIPAddress && StringUtils.isBlank(trustedProxyAddressString)) {
LOG.warn("Property " + propertyPrefix + ".use.x-forwarded-for.ipaddress" + " is set to true, and Property " + propertyPrefix + ".trusted.proxy.ipaddresses" + " is not set");
LOG.warn("Ranger plugin will trust RemoteIPAddress and treat first X-Forwarded-Address in the access-request as the clientIPAddress");
}
policyEngineOptions.configureForPlugin(configuration, propertyPrefix);
LOG.info(policyEngineOptions);
RangerAdminClient admin = createAdminClient(serviceName, appId, propertyPrefix);
refresher = new PolicyRefresher(this, serviceType, appId, serviceName, admin, pollingIntervalMs, cacheDir);
refresher.setDaemon(true);
refresher.startRefresher();
long policyReorderIntervalMs = configuration.getLong(propertyPrefix + ".policy.policyReorderInterval", 60 * 1000);
if (policyReorderIntervalMs >= 0 && policyReorderIntervalMs < 15 * 1000) {
policyReorderIntervalMs = 15 * 1000;
}
if (LOG.isDebugEnabled()) {
LOG.debug(propertyPrefix + ".policy.policyReorderInterval:" + policyReorderIntervalMs);
}
if (policyEngineOptions.disableTrieLookupPrefilter && policyReorderIntervalMs > 0) {
policyEngineRefreshTimer = new Timer("PolicyEngineRefreshTimer", true);
try {
policyEngineRefreshTimer.schedule(new PolicyEngineRefresher(this), policyReorderIntervalMs, policyReorderIntervalMs);
if (LOG.isDebugEnabled()) {
LOG.debug("Scheduled PolicyEngineRefresher to reorder policies based on number of evaluations in and every " + policyReorderIntervalMs + " milliseconds");
}
} catch (IllegalStateException exception) {
LOG.error("Error scheduling policyEngineRefresher:", exception);
LOG.error("*** PolicyEngine will NOT be reorderd based on number of evaluations every " + policyReorderIntervalMs + " milliseconds ***");
policyEngineRefreshTimer = null;
}
} else {
LOG.info("Policies will NOT be reordered based on number of evaluations");
}
}
Also used :
RangerAdminClient(org.apache.ranger.admin.client.RangerAdminClient)
PolicyRefresher(org.apache.ranger.plugin.util.PolicyRefresher)
Timer(java.util.Timer)
RangerConfiguration(org.apache.ranger.authorization.hadoop.config.RangerConfiguration)
Example 3 with RangerConfiguration
use of org.apache.ranger.authorization.hadoop.config.RangerConfiguration in project ranger by apache.
the class RangerPluginPerfTester method main.
public static void main(String[] args) {
if (!parseArguments(args)) {
System.err.println("Exiting.. ");
System.exit(-1);
}
System.out.println("Arguments:");
System.out.println("\t\tservice-type:\t\t\t" + serviceType);
System.out.println("\t\tservice-name:\t\t\t" + serviceName);
System.out.println("\t\tapp-id:\t\t\t\t" + appId);
System.out.println("\t\tranger-host:\t\t\t" + rangerHostName);
System.out.println("\t\tsocket-read-timeout:\t\t" + socketReadTimeout);
System.out.println("\t\tpolling-interval:\t\t" + pollingInterval);
System.out.println("\t\tpolicy-cache-dir:\t\t" + policyCacheDir);
System.out.println("\t\tuse-cached-policy-evaluator:\t" + useCachedPolicyEvaluator);
System.out.println("\n\n");
Path filePath = buildConfigurationFile();
if (filePath != null) {
RangerConfiguration rangerConfig = RangerConfiguration.getInstance();
rangerConfig.addResource(filePath);
plugin = new RangerBasePlugin(serviceType, appId);
Runtime runtime = Runtime.getRuntime();
runtime.gc();
long totalMemory = runtime.totalMemory();
long freeMemory = runtime.freeMemory();
System.out.println("Initial Memory Statistics:");
System.out.println("\t\tMaximum Memory available for the process:\t" + runtime.maxMemory());
System.out.println("\t\tInitial In-Use memory:\t\t\t\t" + (totalMemory - freeMemory));
System.out.println("\t\tInitial Free memory:\t\t\t\t" + freeMemory);
System.out.println("\n\n");
plugin.init();
while (true) {
runtime.gc();
freeMemory = runtime.freeMemory();
totalMemory = runtime.totalMemory();
System.out.println("Memory Statistics:");
System.out.println("\t\tCurrently In-Use memory:\t" + (totalMemory - freeMemory));
System.out.println("\t\tCurrently Free memory:\t\t" + freeMemory);
System.out.println("\n\n");
try {
Thread.sleep(60 * 1000);
} catch (InterruptedException e) {
System.err.println("Main thread interrupted..., exiting...");
break;
}
}
} else {
System.err.println("Failed to build configuration file");
}
}
Also used :
Path(org.apache.hadoop.fs.Path)
RangerBasePlugin(org.apache.ranger.plugin.service.RangerBasePlugin)
RangerConfiguration(org.apache.ranger.authorization.hadoop.config.RangerConfiguration)
Example 4 with RangerConfiguration
use of org.apache.ranger.authorization.hadoop.config.RangerConfiguration in project ranger by apache.
the class RangerHdfsAuthorizerTest method setup.
@BeforeClass
public static void setup() {
try {
File file = File.createTempFile("hdfs-version-site", ".xml");
file.deleteOnExit();
try (final FileOutputStream outStream = new FileOutputStream(file);
final OutputStreamWriter writer = new OutputStreamWriter(outStream, StandardCharsets.UTF_8)) {
writer.write("<configuration>\n" + " <property>\n" + " <name>hdfs.version</name>\n" + " <value>hdfs_version_3.0</value>\n" + " </property>\n" + "</configuration>\n");
}
RangerConfiguration config = RangerConfiguration.getInstance();
config.addResource(new org.apache.hadoop.fs.Path(file.toURI()));
} catch (Exception exception) {
Assert.fail("Cannot create hdfs-version-site file:[" + exception.getMessage() + "]");
}
authorizer = new RangerHdfsAuthorizer();
authorizer.start();
AccessControlEnforcer accessControlEnforcer = Mockito.mock(AccessControlEnforcer.class);
rangerControlEnforcer = authorizer.getExternalAccessControlEnforcer(accessControlEnforcer);
}
Also used :
RangerHdfsAuthorizer(org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer)
FileOutputStream(java.io.FileOutputStream)
OutputStreamWriter(java.io.OutputStreamWriter)
AccessControlEnforcer(org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider.AccessControlEnforcer)
File(java.io.File)
RangerConfiguration(org.apache.ranger.authorization.hadoop.config.RangerConfiguration)
AccessControlException(org.apache.hadoop.security.AccessControlException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
BeforeClass(org.junit.BeforeClass)
Example 5 with RangerConfiguration
use of org.apache.ranger.authorization.hadoop.config.RangerConfiguration in project ranger by apache.
the class TestPolicyEngine method setUpBeforeClass.
@BeforeClass
public static void setUpBeforeClass() throws Exception {
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSSZ").setPrettyPrinting().registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer()).registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer()).create();
// For setting up auditProvider
Properties auditProperties = new Properties();
String AUDIT_PROPERTIES_FILE = "xasecure-audit.properties";
File propFile = new File(AUDIT_PROPERTIES_FILE);
if (propFile.exists()) {
System.out.println("Loading Audit properties file" + AUDIT_PROPERTIES_FILE);
auditProperties.load(new FileInputStream(propFile));
} else {
System.out.println("Audit properties file missing: " + AUDIT_PROPERTIES_FILE);
auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.url", "jdbc:mysql://node-1:3306/xasecure_audit");
auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.user", "xalogger");
auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.password", "xalogger");
auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.driver", "com.mysql.jdbc.Driver");
// Set this to true to enable audit logging
auditProperties.setProperty("xasecure.audit.is.enabled", "false");
auditProperties.setProperty("xasecure.audit.log4j.is.enabled", "false");
auditProperties.setProperty("xasecure.audit.log4j.is.async", "false");
auditProperties.setProperty("xasecure.audit.log4j.async.max.queue.size", "100000");
auditProperties.setProperty("xasecure.audit.log4j.async.max.flush.interval.ms", "30000");
auditProperties.setProperty("xasecure.audit.db.is.enabled", "false");
auditProperties.setProperty("xasecure.audit.db.is.async", "false");
auditProperties.setProperty("xasecure.audit.db.async.max.queue.size", "100000");
auditProperties.setProperty("xasecure.audit.db.async.max.flush.interval.ms", "30000");
auditProperties.setProperty("xasecure.audit.db.batch.size", "100");
}
// second parameter does not matter for v2
AuditProviderFactory.getInstance().init(auditProperties, "hdfs");
AuditHandler provider = AuditProviderFactory.getAuditProvider();
System.out.println("provider=" + provider.toString());
File file = File.createTempFile("ranger-admin-test-site", ".xml");
file.deleteOnExit();
FileOutputStream outStream = new FileOutputStream(file);
OutputStreamWriter writer = new OutputStreamWriter(outStream);
/*
// For setting up TestTagProvider
writer.write("<configuration>\n" +
" <property>\n" +
" <name>ranger.plugin.tag.policy.rest.url</name>\n" +
" <value>http://os-def:6080</value>\n" +
" </property>\n" +
" <property>\n" +
" <name>ranger.externalurl</name>\n" +
" <value>http://os-def:6080</value>\n" +
" </property>\n" +
"</configuration>\n");
*/
writer.write("<configuration>\n" + // For setting up x-forwarded-for for Hive
" <property>\n" + " <name>ranger.plugin.hive.use.x-forwarded-for.ipaddress</name>\n" + " <value>true</value>\n" + " </property>\n" + " <property>\n" + " <name>ranger.plugin.hive.trusted.proxy.ipaddresses</name>\n" + " <value>255.255.255.255; 128.101.101.101;128.101.101.99</value>\n" + " </property>\n" + " <property>\n" + " <name>ranger.plugin.tag.attr.additional.date.formats</name>\n" + " <value>abcd||xyz||yyyy/MM/dd'T'HH:mm:ss.SSS'Z'</value>\n" + " </property>\n" + "</configuration>\n");
writer.close();
RangerConfiguration config = RangerConfiguration.getInstance();
config.addResource(new org.apache.hadoop.fs.Path(file.toURI()));
}
Also used :
AuditHandler(org.apache.ranger.audit.provider.AuditHandler)
RangerDefaultAuditHandler(org.apache.ranger.plugin.audit.RangerDefaultAuditHandler)
GsonBuilder(com.google.gson.GsonBuilder)
Properties(java.util.Properties)
FileInputStream(java.io.FileInputStream)
RangerConfiguration(org.apache.ranger.authorization.hadoop.config.RangerConfiguration)
FileOutputStream(java.io.FileOutputStream)
OutputStreamWriter(java.io.OutputStreamWriter)
File(java.io.File)
BeforeClass(org.junit.BeforeClass)
Aggregations
RangerConfiguration (org.apache.ranger.authorization.hadoop.config.RangerConfiguration)5
File (java.io.File)2
FileOutputStream (java.io.FileOutputStream)2
OutputStreamWriter (java.io.OutputStreamWriter)2
BeforeClass (org.junit.BeforeClass)2
GsonBuilder (com.google.gson.GsonBuilder)1
FileInputStream (java.io.FileInputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Properties (java.util.Properties)1
Timer (java.util.Timer)1
Path (org.apache.hadoop.fs.Path)1
AccessControlEnforcer (org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider.AccessControlEnforcer)1
AccessControlException (org.apache.hadoop.security.AccessControlException)1
RangerAdminClient (org.apache.ranger.admin.client.RangerAdminClient)1
AuditHandler (org.apache.ranger.audit.provider.AuditHandler)1
RangerHdfsAuthorizer (org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer)1
RangerDefaultAuditHandler (org.apache.ranger.plugin.audit.RangerDefaultAuditHandler)1
RangerBasePlugin (org.apache.ranger.plugin.service.RangerBasePlugin)1
PolicyRefresher (org.apache.ranger.plugin.util.PolicyRefresher)1
VXString (org.apache.ranger.view.VXString)1
