Skip to content
Permalink
Browse files

RANGER-2395 : Add Presto plugin, This implements a plugin for Presto,…

… a distributed SQL engine.

Signed-off-by: Mehul Parikh <mehul@apache.org>
  • Loading branch information...
bolkedebruin authored and mehulbparikh committed May 6, 2019
1 parent 0adbd66 commit 43757e798751ffab99dbe15ab3f9ae0773ae69f7
Showing with 3,209 additions and 1 deletion.
  1. +31 −0 agents-common/scripts/enable-agent.sh
  2. +7 −1 agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
  3. +197 −0 agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json
  4. +21 −0 plugin-presto/conf/ranger-policymgr-ssl-changes.cfg
  5. +49 −0 plugin-presto/conf/ranger-policymgr-ssl.xml
  6. +58 −0 plugin-presto/conf/ranger-presto-audit-changes.cfg
  7. +271 −0 plugin-presto/conf/ranger-presto-audit.xml
  8. +28 −0 plugin-presto/conf/ranger-presto-security-changes.cfg
  9. +74 −0 plugin-presto/conf/ranger-presto-security.xml
  10. +56 −0 plugin-presto/pom.xml
  11. +140 −0 plugin-presto/scripts/install.properties
  12. +459 −0 ...to/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
  13. +86 −0 plugin-presto/src/main/java/org/apache/ranger/services/presto/RangerServicePresto.java
  14. +556 −0 plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoClient.java
  15. +93 −0 plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoConnectionManager.java
  16. +178 −0 plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoResourceManager.java
  17. +40 −0 pom.xml
  18. +105 −0 ranger-presto-plugin-shim/pom.xml
  19. +32 −0 ...ugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/PrestoRangerPlugin.java
  20. +47 −0 ...sto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerConfig.java
  21. +382 −0 ...im/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
  22. +61 −0 ...main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControlFactory.java
  23. +15 −0 ranger-presto-plugin-shim/src/main/resources/META-INF/services/io.prestosql.spi.Plugin
  24. +21 −0 src/main/assembly/admin-web.xml
  25. +202 −0 src/main/assembly/plugin-presto.xml
@@ -212,6 +212,12 @@ elif [ "${HCOMPONENT_NAME}" = "kylin" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/tomcat/webapps/kylin/WEB-INF/lib
elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugins
elif [ "${HCOMPONENT_NAME}" = "presto" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugins/ranger
if [ ! -d "${HCOMPONENT_LIB_DIR}" ]; then
echo "INFO: Creating ${HCOMPONENT_LIB_DIR}"
mkdir -p ${HCOMPONENT_LIB_DIR}
fi
fi

HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
@@ -240,6 +246,8 @@ elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then
echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $CFG_OWNER_INF"
chown $CFG_OWNER_INF $HCOMPONENT_CONF_DIR
fi
elif [ "${HCOMPONENT_NAME}" = "presto" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc
fi

HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive
@@ -773,6 +781,29 @@ then
fi
fi

if [ "${HCOMPONENT_NAME}" = "presto" ]
then
if [ "${action}" = "enable" ]
then
controlName="ranger"
else
controlName=""
fi
dt=`date '+%Y%m%d%H%M%S'`
fn=`ls ${HCOMPONENT_CONF_DIR}/access-control.properties 2> /dev/null`
if [ -f "${fn}" ]
then
dn=`dirname ${fn}`
bn=`basename ${fn}`
bf=${dn}/.${bn}.${dt}
echo "backup of ${fn} to ${bf} ..."
cp ${fn} ${bf}
echo "Add or Update properties file: [${fn}] ... "
addOrUpdatePropertyToFile access-control.name $controlName ${fn}
fi
fi


#
# Set notice to restart the ${HCOMPONENT_NAME}
#
@@ -48,7 +48,7 @@


// following servicedef list should be reviewed/updated whenever a new embedded service-def is added
public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch";
public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch,presto";
private static final String PROPERTY_SUPPORTED_SERVICE_DEFS = "ranger.supportedcomponents";
private Set<String> supportedServiceDefs;
public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "tag";
@@ -69,6 +69,7 @@
public static final String EMBEDDED_SERVICEDEF_KYLIN_NAME = "kylin";
public static final String EMBEDDED_SERVICEDEF_ABFS_NAME = "abfs";
public static final String EMBEDDED_SERVICEDEF_ELASTICSEARCH_NAME = "elasticsearch";
public static final String EMBEDDED_SERVICEDEF_PRESTO_NAME = "presto";

public static final String PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS = "ranger.service.store.create.embedded.service-defs";

@@ -83,6 +84,7 @@
public static final String SOLR_IMPL_CLASS_NAME = "org.apache.ranger.services.solr.RangerServiceSolr";
public static final String NIFI_IMPL_CLASS_NAME = "org.apache.ranger.services.nifi.RangerServiceNiFi";
public static final String ATLAS_IMPL_CLASS_NAME = "org.apache.ranger.services.atlas.RangerServiceAtlas";
public static final String PRESTO_IMPL_CLASS_NAME = "org.apache.ranger.services.presto.RangerServicePresto";

private static EmbeddedServiceDefsUtil instance = new EmbeddedServiceDefsUtil();

@@ -104,6 +106,7 @@
private RangerServiceDef kylinServiceDef;
private RangerServiceDef abfsServiceDef;
private RangerServiceDef elasticsearchServiceDef;
private RangerServiceDef prestoServiceDef;

private RangerServiceDef tagServiceDef;

@@ -148,6 +151,7 @@ public void init(ServiceStore store) {
kylinServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_KYLIN_NAME);
abfsServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_ABFS_NAME);
elasticsearchServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_ELASTICSEARCH_NAME);
prestoServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_PRESTO_NAME);

// Ensure that tag service def is updated with access types of all service defs
store.updateTagServiceDefForAccessTypes();
@@ -223,6 +227,8 @@ public long getElasticsearchServiceDefId() {

public long getAbfsServiceDefId() { return getId(abfsServiceDef); }

public long getPrestoServiceDefId() { return getId(prestoServiceDef); }

public RangerServiceDef getEmbeddedServiceDef(String defType) throws Exception {
RangerServiceDef serviceDef=null;
if(StringUtils.isNotEmpty(defType)){
@@ -0,0 +1,197 @@
{
"id": 17,
"name": "presto",
"implClass": "org.apache.ranger.services.presto.RangerServicePresto",
"label": "Presto",
"description": "Presto",
"guid": "379a9fe5-1b6e-4091-a584-4890e245e6c1",
"resources": [
{
"itemId": 1,
"name": "catalog",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Presto Catalog",
"description": "Presto Catalog"
},
{
"itemId": 2,
"name": "schema",
"type": "string",
"level": 20,
"parent": "catalog",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Presto Schema",
"description": "Presto Schema"
},
{
"itemId": 3,
"name": "table",
"type": "string",
"level": 30,
"parent": "schema",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Presto Table",
"description": "Presto Table"
},
{
"itemId": 4,
"name": "column",
"type": "string",
"level": 40,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Presto Column",
"description": "Presto Column"
}
],
"accessTypes": [
{
"itemId": 1,
"name": "select",
"label": "Select"
},
{
"itemId": 2,
"name": "update",
"label": "Update"
},
{
"itemId": 3,
"name": "create",
"label": "Create"
},
{
"itemId": 4,
"name": "drop",
"label": "Drop"
},
{
"itemId": 5,
"name": "use",
"label": "Use"
},
{
"itemId": 6,
"name": "alter",
"label": "Alter"
},
{
"itemId": 7,
"name": "admin",
"label": "Admin"
},
{
"itemId": 8,
"name": "all",
"label": "All",
"impliedGrants": [
"select",
"update",
"create",
"drop",
"use",
"alter",
"admin"
]
}
],
"configs": [
{
"itemId": 1,
"name": "username",
"type": "string",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Username"
},
{
"itemId": 2,
"name": "password",
"type": "password",
"mandatory": false,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Password"
},
{
"itemId": 3,
"name": "jdbc.driverClassName",
"type": "string",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"defaultValue": "io.prestosql.jdbc.PrestoDriver"
},
{
"itemId": 4,
"name": "jdbc.url",
"type": "string",
"mandatory": true,
"defaultValue": "",
"validationRegEx": "",
"validationMessage": "",
"uiHint": ""
}
],
"enums": [
],
"contextEnrichers": [
],
"policyConditions":
[
]
}
@@ -0,0 +1,21 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SSL Params
#
xasecure.policymgr.clientssl.keystore %SSL_KEYSTORE_FILE_PATH% mod create-if-not-exists
xasecure.policymgr.clientssl.keystore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
xasecure.policymgr.clientssl.truststore %SSL_TRUSTSTORE_FILE_PATH% mod create-if-not-exists
xasecure.policymgr.clientssl.truststore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
@@ -0,0 +1,49 @@
<?xml version="1.0"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
<!-- The following properties are used for 2-way SSL client server validation -->
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
<value>prestoservice-clientcert.jks</value>
<description>
Java Keystore files
</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>cacerts-xasecure.jks</value>
<description>
java truststore file
</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file/tmp/keystore-prestoservice-ssl.jceks</value>
<description>
java keystore credential file
</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file/tmp/truststore-prestoservice-ssl.jceks</value>
<description>
java truststore credential file
</description>
</property>
</configuration>

0 comments on commit 43757e7

Please sign in to comment.
You can’t perform that action at this time.