search

prestodb / presto

The official home of the Presto distributed SQL query engine for big data
http://prestodb.io
Apache License 2.0
15.92k stars 5.33k forks source link

Feature Request: Ranger authorization integration #8980

Open HariSekhon opened 7 years ago

HariSekhon commented 7 years ago

Feature Request to add Apache Ranger integration support for Presto.

This will solve authorization very nicely for most people who are running the widely used standard open source Hortonworks Hadoop platform and provide granular access controls down to the column level, as well as integrating to the single-pane-of-glass for security configuration and auditing across all data access components on a Hadoop cluster.

Also, is there any chance this project could go in to the Apache Foundation? I think this combined with Ranger integration would massively increase Presto's market, especially if Hortonworks were to adopt it (they usually require their integrated components to be in the Apache Foundation).

Great work so far on this distributed SQL engine btw! :)

shekarrreddy568-zz commented 4 years ago

Hey I have implemented prestodb integration with Ranger successfully in my environment

brucemen711 commented 4 years ago

Hi all, Is this thread still active ?

bolkedebruin commented 4 years ago

No?

KentonParton commented 4 years ago

@shekarrreddy568 would you mind sharing the environment you used to test the ranger integration?

shekarrreddy568-zz commented 4 years ago

hey ,

Currently i am on vacation, can be able to help after 10 days.

On Fri, Mar 20, 2020, 7:28 AM Kenton Parton notifications@github.com wrote:

@shekarrreddy568 https://github.com/shekarrreddy568 would you mind sharing the environment you used to test the ranger integration?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/prestodb/presto/issues/8980#issuecomment-601494433, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALI7QXELTZQ2OD6O5A62SLLRILETPANCNFSM4D3CREYA .

KentonParton commented 4 years ago

@shekarrreddy568 That would be great, thank you!

KentonParton commented 4 years ago

Is this documentation still up to date? https://cwiki.apache.org/confluence/display/RANGER/Presto+Plugin

If not, would someone mind providing a link please. Thank you!

serkef commented 4 years ago

@shekarrreddy568 We would appreciate a summary of your environment

aweisberg commented 3 years ago

@shekarrreddy568-zz @shekarreddy568 taking a gamble here on whether you are reachable? Still wondering if you can share your experience with using Ranger.

ashishtadose commented 3 years ago

@aweisberg I'm working on the connector access control implementation for ranger authorization. Here is the proposed design.

exolab commented 3 years ago

Is anyone still actively working on this?

ashishtadose commented 3 years ago

Yes, I have WIP implementation, will share the PR by sometime next week.

sridhartw commented 3 years ago

@rohanpednekar Is active development going on for this? When can we expect it to be released tentatively

rohanpednekar commented 3 years ago

@sridhartw, yes we are actively working on this. Subscribe to https://github.com/prestodb/presto/pull/15519 for the live updates. Thanks!

rohanpednekar commented 3 years ago

For help with PrestoDB, please join the Presto Community Slack channel at https://prestodb.slack.com.

datainteg commented 2 months ago

ERROR main io.trino.server.Server Unable to create injector, see the following errors:

1) [Guice/ErrorInjectingConstructor]: RuntimeException: InvocationTargetException at RangerSystemAccessControl.(RangerSystemAccessControl.java:38) at RangerSystemAccessControlFactory.lambda$create$0(RangerSystemAccessControlFactory.java:45) while locating RangerSystemAccessControl

Learn more: https://github.com/google/guice/wiki/ERROR_INJECTING_CONSTRUCTOR

1 error

====================== Full classname legend:

InvocationTargetException: "java.lang.reflect.InvocationTargetException" RangerSystemAccessControl: "org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl" RangerSystemAccessControlFactory: "org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControlFactory"

End of classname legend:

com.google.inject.CreationException: Unable to create injector, see the following errors:

1) [Guice/ErrorInjectingConstructor]: RuntimeException: InvocationTargetException at RangerSystemAccessControl.(RangerSystemAccessControl.java:38) at RangerSystemAccessControlFactory.lambda$create$0(RangerSystemAccessControlFactory.java:45) while locating RangerSystemAccessControl

Learn more: https://github.com/google/guice/wiki/ERROR_INJECTING_CONSTRUCTOR

1 error

====================== Full classname legend:

InvocationTargetException: "java.lang.reflect.InvocationTargetException" RangerSystemAccessControl: "org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl" RangerSystemAccessControlFactory: "org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControlFactory"

End of classname legend:

    at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:576)
    at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:190)
    at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:113)
    at com.google.inject.Guice.createInjector(Guice.java:87)
    at io.airlift.bootstrap.Bootstrap.initialize(Bootstrap.java:262)
    at org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControlFactory.create(RangerSystemAccessControlFactory.java:53)
    at io.trino.security.AccessControlManager.createSystemAccessControl(AccessControlManager.java:182)
    at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
    at java.base/java.util.Collections$2.tryAdvance(Collections.java:4853)
    at java.base/java.util.Collections$2.forEachRemaining(Collections.java:4861)
    at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
    at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
    at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
    at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
    at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
    at io.trino.security.AccessControlManager.loadSystemAccessControl(AccessControlManager.java:151)
    at io.trino.server.Server.doStart(Server.java:157)
    at io.trino.server.Server.lambda$start$0(Server.java:88)
    at io.trino.$gen.Trino_403_amzn_0____20240626_061636_1.run(Unknown Source)
    at io.trino.server.Server.start(Server.java:88)
    at io.trino.server.TrinoServer.main(TrinoServer.java:38)

Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException at org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl.(RangerSystemAccessControl.java:61) at org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl$$FastClassByGuice$$1462595.GUICE$TRAMPOLINE() at org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl$$FastClassByGuice$$1462595.apply() at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:82) at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114) at com.google.inject.internal.ConstructorInjector.access$000(ConstructorInjector.java:33) at com.google.inject.internal.ConstructorInjector$1.call(ConstructorInjector.java:98) at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:109) at io.airlift.bootstrap.LifeCycleModule.provision(LifeCycleModule.java:54) at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:117) at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:66) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:93) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45) at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213) at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:186) ... 19 more Caused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) at org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl.(RangerSystemAccessControl.java:59) ... 36 more Caused by: java.lang.IllegalArgumentException: bound must be positive at java.base/java.util.Random.nextInt(Random.java:322) at org.apache.ranger.plugin.util.RangerRESTClient.(RangerRESTClient.java:122) at org.apache.ranger.admin.client.RangerAdminRESTClient.init(RangerAdminRESTClient.java:666) at org.apache.ranger.admin.client.RangerAdminRESTClient.init(RangerAdminRESTClient.java:125) at org.apache.ranger.plugin.policyengine.RangerPluginContext.createAdminClient(RangerPluginContext.java:108) at org.apache.ranger.plugin.util.PolicyRefresher.(PolicyRefresher.java:95) at org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:242) at org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl.(RangerSystemAccessControl.java:107) ... 42 more

2024-06-26T06:16:53.690Z INFO Thread-100 io.airlift.bootstrap.LifeCycleManager JVM is shutting down, cleaning up 2024-06-26T06:16:53.691Z INFO Thread-102 io.airlift.bootstrap.LifeCycleManager JVM is shutting down, cleaning up 2024-06-26T06:16:53.691Z INFO Thread-98 io.airlift.bootstrap.LifeCycleManager JVM is shutting down, cleaning up 2024-06-26T06:16:53.691Z INFO Thread-102 io.airlift.bootstrap.LifeCycleManager Life cycle stopping... 2024-06-26T06:16:53.691Z INFO Thread-100 io.airlift.bootstrap.LifeCycleManager Life cycle stopping...