-
Notifications
You must be signed in to change notification settings - Fork 5
Zeppelin: Documentation of Portal Zeppelin Interaction
Link:
The following is copied from a discussion in the Cloudera forums, describing a solution to authenticating a user with the Zeppelin REST API.
The first step is to authentic through the API with a POST to /api/login
curl -i --data 'userName=admin&password=password1' -X POST http://127.0.0.1:9995/api/login
This should return a response like the following:
HTTP/1.1 200 OK
Date: Wed, 17 Aug 2016 10:07:22 GMT
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
Date: Wednesday, August 17, 2016 10:07:22 AM UTC
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 16-Aug-2016 10:07:22 GMT
Set-Cookie: JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 16-Aug-2016 10:07:22 GMT
Content-Type: application/json
Date: Wed, 17 Aug 2016 10:07:22 GMT
Content-Length: 118
Server: Jetty(9.2.15.v20160210)
Response:
{"status":"OK","message":"","body":{"principal":"admin","ticket":"47a1fe3a-593d-47ce-85bb-f6e7238c6dcb","roles":"[]"}}
The important thing to see here is the Set-Cookie in the response headers.
Look for the following:
Set-Cookie: JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly
Using this cookie we can make authorized request to the API by simply setting this as a cookie in the cURL request.
curl -i -b 'JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly' http://sandbox.hortonworks.com:9995/api/notebook
This request should now return a 200 OK response after adding the JSESSIONID cookie.
HTTP/1.1 200 OK
Date: Wed, 17 Aug 2016 10:10:44 GMT
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
Date: Wednesday, August 17, 2016 10:10:44 AM UTC
Content-Type: application/json
Date: Wed, 17 Aug 2016 10:10:44 GMT
Content-Length: 1012
Server: Jetty(9.2.15.v20160210)
{"status":"OK","message":"","body":[{"id":"2BSVACJ42","name":"/demo/note1"},{"id":"2BVBPU1VY","name":"/demo/note2"},
{"id":"2APFTN3NY","name":"AON Demo"},{"id":"2ANT56EHN","name":"Australian Dataset (Hive example)"},{"id":"2ANTDG878","name":"Australian Dataset (SparkSQL example)"},
{"id":"2B48PF7SN","name":"Hello World Tutorial"},{"id":"2AS5TY6AQ","name":"IoT Data Analysis (Keynote Demo)"},
{"id":"2BFGYS3YT","name":"Lab 101: Intro to Spark with Python"},{"id":"2BJVW65WS","name":"Lab 102: Intro to Spark with Scala"},{"id":"2BNDT63TY","name":"Lab 201: Intro to Machine Learning with Spark"},{"id":"2B21B3AYC","name":"Phoenix demo"},
{"id":"2BB5CUPUW","name":"Predicting airline delays"},{"id":"2BAVUZ7NA","name":"Sensors \u0026 Machines Predictive Analysis"},
{"id":"2BBBW75VS","name":"Single view demo"},{"id":"2BEQE47HR","name":"Tutorial - Hands-on Tour of Apache Spark in 5 Minutes"},
{"id":"2A94M5J1Z","name":"Zeppelin Tutorial"},{"id":"2B4TWGC8M","name":"magellan-blog"},{"id":"2B522V3X8","name":"twitter"}]}`
Authenticate with user/pass
curl -i --data 'userName=${user:?}&password=${user:?}' -X POST http://128.232.224.69:8080/api/login
HTTP/1.1 200 OK
Date: Wednesday, July 29, 2020 11:39:26 AM UTC
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 28-Jul-2020 11:39:26 GMT
Set-Cookie: JSESSIONID=cc6.......7b; Path=/; HttpOnly
Set-Cookie: JSESSIONID=deleteMe; Path=/; Max-Age=0; Expires=Tue, 28-Jul-2020 11:39:26 GMT
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 28-Jul-2020 11:39:26 GMT
Set-Cookie: JSESSIONID=3381.......f96; Path=/; HttpOnly
set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 28-Jul-2020 11:39:26 GMT
Content-Type: application/json
Content-Length: 130
Server: Jetty(9.4.14.v20181114)
{"status":"OK","message":"","body":{"principal":"user","ticket":"b495d8........c9fc1","roles":"[\"role1\"]"}}
Authenticate and Store cookie in file
curl -c cookies.txt -i --data 'userName=${user:?}&password=${user:?}' -X POST http://128.232.224.69:8080/api/login
Let's check what is in the cookie:
cat cookies.txt
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
128.232.224.69 FALSE / FALSE 15...07 rememberMe deleteMe
#HttpOnly_128.232.224.69 FALSE / FALSE 0 JSESSIONID 7d94....45f
We can use this cookie to:
curl -i --cookie cookies.txt -X POST -H "Content-Type: application/json" http://128.232.224.69:8080/api/notebook/job/2F8ZEBZDJ
HTTP/1.1 200 OK
Date: Wednesday, July 29, 2020 12:17:45 PM UTC
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1
Content-Type: application/json
Content-Length: 15
Server: Jetty(9.4.14.v20181114)
{"status":"OK"}
curl -i --cookie cookies.txt -X GET -H "Content-Type: application/json" http://128.232.224.69:8080/api/notebook/job/2F8ZEBZDJ/20200528-145729_998925121
HTTP/1.1 200 OK
Date: Wednesday, July 29, 2020 12:26:09 PM UTC
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1
Content-Type: application/json
Content-Length: 177
Server: Jetty(9.4.14.v20181114)
{"status":"OK","body":{"progress":"100","started":"Wed Jul 29 12:20:27 UTC 2020","finished":"Wed Jul 29 12:21:23 UTC 2020","id":"20200528-145729_998925121","status":"FINISHED"}}
For full examples of using the REST API see here:
https://zeppelin.apache.org/docs/0.8.0/usage/rest_api/notebook.html
https://zeppelin.apache.org/docs/0.8.1/setup/operation/configuration.html
In order to avoid having to re-enter credentials every time you restart/redeploy Zeppelin, you can store the user credentials. Zeppelin supports this via the ZEPPELINCREDENTIALSPERSIST configuration.
Please notice that passwords will be stored in plain text by default. To encrypt the passwords, use the ZEPPELINCREDENTIALSENCRYPT_KEY config variable. This will encrypt passwords using the AES-128 algorithm.
You can generate an appropriate encryption key any way you'd like - for instance, by using the openssl tool:
openssl enc -aes-128-cbc -k secret -P -md sha1
Important: storing your encryption key in a configuration file is not advised. Depending on your environment security needs, you may want to consider utilizing a credentials server, storing the ZEPPELINCREDENTIALSENCRYPT_KEY as an OS env variable, or any other approach that would not colocate the encryption key and the encrypted content (the credentials.json file).
List of environment variables that are defined in conf/zeppelin-env.sh can be found here: https://zeppelin.apache.org/docs/0.8.1/setup/operation/configuration.html#zeppelin-properties
Can we override those values, if we pass in custom env variables?
From this link: https://stackoverflow.com/questions/40298155/is-it-possible-to-set-global-variables-in-a-zeppelin-notebook
Using z.put and z.get can share variable over different notebooks.
z.put("name", "zeppelin")
z.get("name")
Apache Zeppelin provides a cron scheduler for each notebook. You can run a notebook on a given schedule automatically by setting up a cron scheduler on the notebook. We can also setup cron jobs using the REST API
https://zeppelin.apache.org/docs/0.8.0/usage/other_features/cron_scheduler.html
https://zeppelin.apache.org/docs/0.6.2/security/authentication.html