RANGER-5434:Add test users keytabs to the ranger and dependency service docker containers

dev-support/ranger-docker/Dockerfile.ranger

@@ -27,14 +27,16 @@ COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz     /home/ranger/dist/
 COPY ./scripts/admin/ranger.sh                        ${RANGER_SCRIPTS}/
 COPY ./scripts/admin/create-ranger-services.py        ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                     ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh           ${RANGER_SCRIPTS}/
 
 RUN    tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \
     && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \
     && rm -f /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz \
     && rm -f /opt/ranger/admin/install.properties \
     && mkdir -p /var/run/ranger /var/log/ranger /usr/share/java/ \
     && chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ \
-    && chmod 755 ${RANGER_SCRIPTS}/ranger.sh ${RANGER_SCRIPTS}/wait_for_keytab.sh
+    && chmod 755 ${RANGER_SCRIPTS}/ranger.sh ${RANGER_SCRIPTS}/wait_for_keytab.sh \
+    && chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 
 FROM ranger AS ranger_postgres
 COPY ./downloads/postgresql-42.2.16.jre7.jar         /home/ranger/dist/

dev-support/ranger-docker/Dockerfile.ranger-hadoop

@@ -41,6 +41,7 @@ COPY ./scripts/hadoop/core-site.xml                         ${RANGER_SCRIPTS}/
 COPY ./scripts/hadoop/hdfs-site.xml                         ${RANGER_SCRIPTS}/
 COPY ./scripts/hadoop/yarn-site.xml                         ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                           ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh                 ${RANGER_SCRIPTS}/
 COPY ./scripts/kdc/krb5.conf                                /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/hadoop-${HADOOP_VERSION}.tar.gz --directory=/opt/ && \
@@ -61,6 +62,7 @@ RUN tar xvfz /home/ranger/dist/hadoop-${HADOOP_VERSION}.tar.gz --directory=/opt/
     useradd -g hadoop -ms /bin/bash healthcheck && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-hadoop-healthcheck.sh && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chown healthcheck:hadoop ${RANGER_SCRIPTS}/ranger-hadoop-healthcheck.sh && \
     chown hdfs:hadoop ${RANGER_SCRIPTS}/ranger-hadoop-mkdir.sh
 

dev-support/ranger-docker/Dockerfile.ranger-hbase

@@ -33,6 +33,7 @@ COPY ./scripts/hbase/ranger-hbase-plugin-install.properties ${RANGER_SCRIPTS}/
 COPY ./scripts/hbase/hbase-site.xml                         ${RANGER_SCRIPTS}/
 COPY ./scripts/hadoop/core-site.xml                         ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                           ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh                 ${RANGER_SCRIPTS}/
 COPY ./scripts/kdc/krb5.conf                                /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/hbase-${HBASE_VERSION}-bin.tar.gz --directory=/opt/ && \
@@ -43,6 +44,7 @@ RUN tar xvfz /home/ranger/dist/hbase-${HBASE_VERSION}-bin.tar.gz --directory=/op
     rm -f /home/ranger/dist/ranger-${HBASE_PLUGIN_VERSION}-hbase-plugin.tar.gz && \
     cp -f ${RANGER_SCRIPTS}/ranger-hbase-plugin-install.properties /opt/ranger/ranger-hbase-plugin/install.properties && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-hbase-setup.sh ${RANGER_SCRIPTS}/ranger-hbase.sh
 
 RUN apt-get update && \

dev-support/ranger-docker/Dockerfile.ranger-hive

@@ -44,6 +44,7 @@ COPY ./scripts/hive/hive-log4j2.properties                ${RANGER_SCRIPTS}/
 COPY ./scripts/hive/hive-metastore-log4j2.properties      ${RANGER_SCRIPTS}/
 COPY ./scripts/hadoop/core-site.xml                       ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                         ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh               ${RANGER_SCRIPTS}/
 COPY ./scripts/kdc/krb5.conf                              /etc/krb5.conf
 
 RUN cd /opt && tar xzf /home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz && \
@@ -63,6 +64,7 @@ RUN cd /opt && tar xzf /home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz
     rm -f /home/ranger/dist/ranger-${HIVE_PLUGIN_VERSION}-hive-plugin.tar.gz && \
     cp -f ${RANGER_SCRIPTS}/ranger-hive-plugin-install.properties /opt/ranger/ranger-hive-plugin/install.properties && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-hive-setup.sh ${RANGER_SCRIPTS}/ranger-hive.sh
 
 ENV HIVE_HOME=/opt/hive

dev-support/ranger-docker/Dockerfile.ranger-kafka

@@ -33,6 +33,7 @@ COPY ./scripts/kafka/ranger-kafka-plugin-install.properties ${RANGER_SCRIPTS}/
 COPY ./scripts/kafka/kafka-server-jaas.conf                 ${RANGER_SCRIPTS}/
 COPY ./scripts/hadoop/core-site.xml                         ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                           ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh                 ${RANGER_SCRIPTS}/
 COPY ./scripts/kdc/krb5.conf                                /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/kafka_2.12-${KAFKA_VERSION}.tgz --directory=/opt/ && \
@@ -43,6 +44,7 @@ RUN tar xvfz /home/ranger/dist/kafka_2.12-${KAFKA_VERSION}.tgz --directory=/opt/
     rm -f /home/ranger/dist/ranger-${KAFKA_PLUGIN_VERSION}-kafka-plugin.tar.gz && \
     cp -f ${RANGER_SCRIPTS}/ranger-kafka-plugin-install.properties /opt/ranger/ranger-kafka-plugin/install.properties && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-kafka-setup.sh ${RANGER_SCRIPTS}/ranger-kafka.sh
 
 ENV KAFKA_HOME=/opt/kafka

dev-support/ranger-docker/Dockerfile.ranger-kms

@@ -25,6 +25,7 @@ ARG RANGER_DB_TYPE
 COPY ./dist/ranger-${KMS_VERSION}-kms.tar.gz                       /home/ranger/dist/
 COPY ./scripts/kms/ranger-kms.sh                                   ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                                  ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh                        ${RANGER_SCRIPTS}/
 
 RUN tar xvfz /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz --directory=${RANGER_HOME} && \
     ln -s ${RANGER_HOME}/ranger-${KMS_VERSION}-kms ${RANGER_HOME}/kms && \
@@ -39,6 +40,7 @@ RUN tar xvfz /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz --directory=${RA
     ln -s ${RANGER_HOME}/kms/ranger-kms-services.sh /usr/bin/ranger-kms-services.sh && \
     chown -R rangerkms:ranger ${RANGER_HOME}/kms/ ${RANGER_SCRIPTS}/ /var/run/ranger_kms/ /var/log/ranger/ /etc/ranger && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-kms.sh
 
 FROM ranger-kms AS ranger_postgres

dev-support/ranger-docker/Dockerfile.ranger-knox

@@ -33,6 +33,7 @@ COPY ./scripts/knox/ranger-knox-plugin-install.properties ${RANGER_SCRIPTS}/
 COPY ./scripts/knox/ranger-knox-expect.py                 ${RANGER_SCRIPTS}/
 COPY ./scripts/knox/ranger-knox-sandbox.xml               ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                         ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh               ${RANGER_SCRIPTS}/
 COPY ./scripts/kdc/krb5.conf                              /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz --directory=/opt/ && \
@@ -44,6 +45,7 @@ RUN tar xvfz /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz --directory=/opt/ &&
     cp -f ${RANGER_SCRIPTS}/ranger-knox-plugin-install.properties /opt/ranger/ranger-knox-plugin/install.properties && \
     cp -f ${RANGER_SCRIPTS}/ranger-knox-sandbox.xml /opt/knox/conf/topologies/sandbox.xml && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-knox-setup.sh ${RANGER_SCRIPTS}/ranger-knox.sh ${RANGER_SCRIPTS}/ranger-knox-expect.py
 
 ENV KNOX_HOME=/opt/knox

dev-support/ranger-docker/Dockerfile.ranger-solr

@@ -31,10 +31,11 @@ COPY ./scripts/solr/solr-jaas.conf       /opt/solr/server/etc/jaas.conf
 COPY ./scripts/solr/solr-security.json   /var/solr/data/security.json
 COPY ./scripts/solr/ranger-solr.sh       /home/ranger/scripts/
 COPY ./scripts/wait_for_keytab.sh        /home/ranger/scripts/
+COPY ./scripts/wait_for_testusers_keytab.sh   /home/ranger/scripts/
 COPY ./scripts/kdc/krb5.conf             /etc/krb5.conf
 
 RUN chown -R solr:solr /opt/solr/server/solr/configsets/ranger_audits/
-RUN chmod +x /home/ranger/scripts/ranger-solr.sh /home/ranger/scripts/wait_for_keytab.sh
+RUN chmod +x /home/ranger/scripts/ranger-solr.sh /home/ranger/scripts/wait_for_keytab.sh /home/ranger/scripts/wait_for_testusers_keytab.sh
 
 ENTRYPOINT [ "/home/ranger/scripts/ranger-solr.sh" ]
 CMD ["solr-foreground"]

dev-support/ranger-docker/Dockerfile.ranger-tagsync

@@ -23,6 +23,7 @@ ARG TAGSYNC_VERSION
 COPY ./dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz     /home/ranger/dist/
 COPY ./scripts/tagsync/ranger-tagsync.sh                 ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                        ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh              ${RANGER_SCRIPTS}/
 
 RUN tar xvfz /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz --directory=${RANGER_HOME} && \
     ln -s ${RANGER_HOME}/ranger-${TAGSYNC_VERSION}-tagsync ${RANGER_HOME}/tagsync && \
@@ -42,6 +43,7 @@ RUN tar xvfz /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz --direct
     ln -s ${RANGER_HOME}/tagsync/ranger-tagsync-services.sh /usr/bin/ranger-tagsync-services.sh && \
     chown -R ranger:ranger ${RANGER_HOME}/tagsync/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ /etc/ranger /etc/init.d/ranger-tagsync && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-tagsync.sh
 
 USER ranger

dev-support/ranger-docker/Dockerfile.ranger-usersync

@@ -23,6 +23,7 @@ ARG USERSYNC_VERSION
 COPY ./dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz     /home/ranger/dist/
 COPY ./scripts/usersync/ranger-usersync.sh                 ${RANGER_SCRIPTS}/
 COPY ./scripts/wait_for_keytab.sh                          ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_testusers_keytab.sh                ${RANGER_SCRIPTS}/
 
 RUN tar xvfz /home/ranger/dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz --directory=${RANGER_HOME} && \
     ln -s ${RANGER_HOME}/ranger-${USERSYNC_VERSION}-usersync ${RANGER_HOME}/usersync && \
@@ -37,6 +38,7 @@ RUN tar xvfz /home/ranger/dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz --dire
     ln -s ${RANGER_HOME}/usersync/ranger-usersync-services.sh /usr/bin/ranger-usersync && \
     chown -R ranger:ranger ${RANGER_HOME}/usersync/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ /etc/ranger /etc/init.d/ranger-usersync && \
     chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-usersync.sh
 
 USER ranger

dev-support/ranger-docker/scripts/admin/ranger.sh

@@ -30,6 +30,7 @@ then
     ${RANGER_SCRIPTS}/wait_for_keytab.sh rangeradmin.keytab
     ${RANGER_SCRIPTS}/wait_for_keytab.sh rangerlookup.keytab
     ${RANGER_SCRIPTS}/wait_for_keytab.sh HTTP.keytab
+    ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
   fi
 
   cd "${RANGER_HOME}"/admin || exit

dev-support/ranger-docker/scripts/hadoop/ranger-hadoop-setup.sh

@@ -34,6 +34,7 @@ then
   ${RANGER_SCRIPTS}/wait_for_keytab.sh rm.keytab
   ${RANGER_SCRIPTS}/wait_for_keytab.sh yarn.keytab
   ${RANGER_SCRIPTS}/wait_for_keytab.sh healthcheck.keytab
+  ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 fi
 
 cp ${RANGER_SCRIPTS}/core-site.xml ${HADOOP_HOME}/etc/hadoop/core-site.xml

dev-support/ranger-docker/scripts/hbase/ranger-hbase-setup.sh

@@ -27,6 +27,7 @@ EOF
 if [ "${KERBEROS_ENABLED}" == "true" ]
 then
   ${RANGER_SCRIPTS}/wait_for_keytab.sh hbase.keytab
+  ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 fi
 
 cp ${RANGER_SCRIPTS}/hbase-site.xml /opt/hbase/conf/hbase-site.xml

dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh

@@ -29,6 +29,7 @@ then
   ${RANGER_SCRIPTS}/wait_for_keytab.sh hive.keytab
   ${RANGER_SCRIPTS}/wait_for_keytab.sh hdfs.keytab
   ${RANGER_SCRIPTS}/wait_for_keytab.sh HTTP.keytab
+  ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 fi
 
 cp ${RANGER_SCRIPTS}/hive-site.xml ${HIVE_HOME}/conf/hive-site.xml

dev-support/ranger-docker/scripts/kafka/ranger-kafka-setup.sh

@@ -25,6 +25,7 @@ EOF
 if [ "${KERBEROS_ENABLED}" == "true" ]
 then
   ${RANGER_SCRIPTS}/wait_for_keytab.sh kafka.keytab
+  ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 fi
 
 cp ${RANGER_SCRIPTS}/core-site.xml          ${KAFKA_HOME}/config/

dev-support/ranger-docker/scripts/kdc/entrypoint.sh

@@ -102,6 +102,14 @@ function create_keytabs() {
   create_principal_and_keytab HTTP ranger-solr
 }
 
+function create_testusers() {
+  for container in "$@"; do
+    create_principal_and_keytab testuser1 "$container"
+    create_principal_and_keytab testuser2 "$container"
+    create_principal_and_keytab testuser3 "$container"
+  done
+}
+
 # ensure directories
 mkdir -p $DB_DIR
 chown -R root.root /etc/krb5kdc || true
@@ -118,6 +126,7 @@ if [ ! -f $DB_DIR/principal ]; then
   echo "Database initialized"
 
   create_keytabs
+  create_testusers ranger ranger-usersync ranger-tagsync ranger-audit ranger-hadoop ranger-hive ranger-hbase ranger-kafka ranger-solr ranger-knox ranger-kms ranger-ozone ranger-trino
 else
   echo "KDC DB already exists; skipping create"
 fi

dev-support/ranger-docker/scripts/kms/ranger-kms.sh

@@ -28,6 +28,7 @@ then
   if [ "${KERBEROS_ENABLED}" == "true" ]
   then
     ${RANGER_SCRIPTS}/wait_for_keytab.sh rangerkms.keytab
+    ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
   fi
 
   cd "${RANGER_HOME}"/kms || exit

dev-support/ranger-docker/scripts/knox/ranger-knox-setup.sh

@@ -25,6 +25,7 @@ EOF
 if [ "${KERBEROS_ENABLED}" == "true" ]
 then
   ${RANGER_SCRIPTS}/wait_for_keytab.sh knox.keytab
+  ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 fi
 
 chown -R knox:knox /opt/knox/

dev-support/ranger-docker/scripts/solr/ranger-solr.sh

@@ -22,7 +22,8 @@ if [ ! -e ${SOLR_INSTALL_DIR}/.setupDone ]
 then
   if [ "${KERBEROS_ENABLED}" == "true" ]
   then
-    /home/ranger/scripts/wait_for_keytab.sh HTTP.keytab
+    ${RANGER_SCRIPTS}/wait_for_keytab.sh HTTP.keytab
+    ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
   fi
 
   touch "${SOLR_INSTALL_DIR}"/.setupDone

dev-support/ranger-docker/scripts/tagsync/ranger-tagsync.sh

@@ -28,6 +28,7 @@ then
   if [ "${KERBEROS_ENABLED}" == "true" ]
   then
     ${RANGER_SCRIPTS}/wait_for_keytab.sh rangertagsync.keytab
+    ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
   fi
 
   cd "${RANGER_HOME}"/tagsync || exit

dev-support/ranger-docker/scripts/usersync/ranger-usersync.sh

@@ -28,6 +28,7 @@ then
   if [ "${KERBEROS_ENABLED}" == "true" ]
   then
     ${RANGER_SCRIPTS}/wait_for_keytab.sh rangerusersync.keytab
+    ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
   fi
 
   cd "${RANGER_HOME}"/usersync || exit

dev-support/ranger-docker/scripts/wait_for_testusers_keytab.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+${RANGER_SCRIPTS}/wait_for_keytab.sh testuser1.keytab
+${RANGER_SCRIPTS}/wait_for_keytab.sh testuser2.keytab
+${RANGER_SCRIPTS}/wait_for_keytab.sh testuser3.keytab