You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2020/09/17 22:08:58 UTC
[nifi] 03/15: NIFI-7798 Upgrade to apache ranger 2.1.0 client
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit ae416da388220dc49330beb034cbc85b322511f1
Author: Bryan Bende <bb...@apache.org>
AuthorDate: Thu Sep 10 10:59:16 2020 -0400
NIFI-7798 Upgrade to apache ranger 2.1.0 client
Signed-off-by: Pierre Villard <pi...@gmail.com>
This closes #4518.
---
nifi-assembly/pom.xml | 5 ----
nifi-assembly/src/main/assembly/ranger.xml | 3 +--
.../ranger/authorization/RangerNiFiAuthorizer.java | 21 +++++++++-------
.../authorization/ManagedRangerAuthorizerTest.java | 28 +++++++++++++++++++++-
.../authorization/TestRangerNiFiAuthorizer.java | 9 +++++++
.../nifi-ranger-resources/pom.xml | 18 ++++++++++++++
pom.xml | 2 +-
7 files changed, 69 insertions(+), 17 deletions(-)
diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml
index bc50d5a..7c66181 100644
--- a/nifi-assembly/pom.xml
+++ b/nifi-assembly/pom.xml
@@ -1298,11 +1298,6 @@ language governing permissions and limitations under the License. -->
<type>nar</type>
</dependency>
<dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>credentialbuilder</artifactId>
- <version>${ranger.version}</version>
- </dependency>
- <dependency>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-ranger-resources</artifactId>
<version>1.12.1-SNAPSHOT</version>
diff --git a/nifi-assembly/src/main/assembly/ranger.xml b/nifi-assembly/src/main/assembly/ranger.xml
index 111d4d33..8b28191 100644
--- a/nifi-assembly/src/main/assembly/ranger.xml
+++ b/nifi-assembly/src/main/assembly/ranger.xml
@@ -40,7 +40,6 @@
<exclude>nifi-bootstrap</exclude>
<exclude>nifi-resources</exclude>
<exclude>nifi-docs</exclude>
- <exclude>org.apache.ranger:credentialbuilder:jar</exclude>
<exclude>org.apache.nifi:nifi-ranger-resources:jar</exclude>
<!-- exclude jaxb/activation/annotation libs from lib, they'll be included in the java11 subdir -->
@@ -61,7 +60,7 @@
<fileMode>0660</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering>
<includes>
- <include>org.apache.ranger:credentialbuilder:jar</include>
+ <include>org.apache.nifi:nifi-ranger-resources:jar</include>
<include>org.slf4j:slf4j-api</include>
</includes>
</dependencySet>
diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java
index a49887b..4428f38 100644
--- a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java
+++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java
@@ -36,6 +36,7 @@ import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.util.NiFiProperties;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -90,11 +91,18 @@ public class RangerNiFiAuthorizer implements Authorizer, AuthorizationAuditor {
if (nifiPlugin == null) {
logger.info("RangerNiFiAuthorizer(): initializing base plugin");
+ final String serviceType = getConfigValue(configurationContext, RANGER_SERVICE_TYPE_PROP, DEFAULT_SERVICE_TYPE);
+ final String appId = getConfigValue(configurationContext, RANGER_APP_ID_PROP, DEFAULT_APP_ID);
+
+ nifiPlugin = createRangerBasePlugin(serviceType, appId);
+
+ final RangerPluginConfig pluginConfig = nifiPlugin.getConfig();
+
final PropertyValue securityConfigValue = configurationContext.getProperty(RANGER_SECURITY_PATH_PROP);
- addRequiredResource(RANGER_SECURITY_PATH_PROP, securityConfigValue);
+ addRequiredResource(RANGER_SECURITY_PATH_PROP, securityConfigValue, pluginConfig);
final PropertyValue auditConfigValue = configurationContext.getProperty(RANGER_AUDIT_PATH_PROP);
- addRequiredResource(RANGER_AUDIT_PATH_PROP, auditConfigValue);
+ addRequiredResource(RANGER_AUDIT_PATH_PROP, auditConfigValue, pluginConfig);
final String rangerKerberosEnabledValue = getConfigValue(configurationContext, RANGER_KERBEROS_ENABLED_PROP, Boolean.FALSE.toString());
rangerKerberosEnabled = rangerKerberosEnabledValue.equals(Boolean.TRUE.toString()) ? true : false;
@@ -117,10 +125,6 @@ public class RangerNiFiAuthorizer implements Authorizer, AuthorizationAuditor {
UserGroupInformation.loginUserFromKeytab(nifiPrincipal.trim(), nifiKeytab.trim());
}
- final String serviceType = getConfigValue(configurationContext, RANGER_SERVICE_TYPE_PROP, DEFAULT_SERVICE_TYPE);
- final String appId = getConfigValue(configurationContext, RANGER_APP_ID_PROP, DEFAULT_APP_ID);
-
- nifiPlugin = createRangerBasePlugin(serviceType, appId);
nifiPlugin.init();
defaultAuditHandler = new RangerDefaultAuditHandler();
@@ -246,8 +250,9 @@ public class RangerNiFiAuthorizer implements Authorizer, AuthorizationAuditor {
*
* @param name the name of the given PropertyValue from the AuthorizationConfigurationContext
* @param resourceValue the value for the given name, should be a full path to a file
+ * @param configuration the RangerConfiguration instance to add the resource to
*/
- private void addRequiredResource(final String name, final PropertyValue resourceValue) {
+ private void addRequiredResource(final String name, final PropertyValue resourceValue, final RangerConfiguration configuration) {
if (resourceValue == null || StringUtils.isBlank(resourceValue.getValue())) {
throw new AuthorizerCreationException(name + " must be specified.");
}
@@ -258,7 +263,7 @@ public class RangerNiFiAuthorizer implements Authorizer, AuthorizationAuditor {
}
try {
- RangerConfiguration.getInstance().addResource(resourceFile.toURI().toURL());
+ configuration.addResource(resourceFile.toURI().toURL());
} catch (MalformedURLException e) {
throw new AuthorizerCreationException("Error creating URI for " + resourceValue, e);
}
diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/ManagedRangerAuthorizerTest.java b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/ManagedRangerAuthorizerTest.java
index 1acaec3..f2e347e 100644
--- a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/ManagedRangerAuthorizerTest.java
+++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/ManagedRangerAuthorizerTest.java
@@ -26,9 +26,11 @@ import org.apache.nifi.authorization.UserGroupProviderLookup;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.UninheritableAuthorizationsException;
import org.apache.nifi.util.MockPropertyValue;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
+import org.mockito.Mockito;
import java.io.File;
@@ -177,7 +179,12 @@ public class ManagedRangerAuthorizerTest {
}
private ManagedRangerAuthorizer getStandardManagedAuthorizer(final UserGroupProvider userGroupProvider) {
- final ManagedRangerAuthorizer managedAuthorizer = new ManagedRangerAuthorizer();
+ final RangerBasePluginWithPolicies rangerBasePlugin = Mockito.mock(RangerBasePluginWithPolicies.class);
+
+ final RangerPluginConfig pluginConfig = new RangerPluginConfig(serviceType, null, appId, null, null, null);
+ when(rangerBasePlugin.getConfig()).thenReturn(pluginConfig);
+
+ final ManagedRangerAuthorizer managedAuthorizer = new MockManagedRangerAuthorizer(rangerBasePlugin);
final AuthorizerConfigurationContext configurationContext = mock(AuthorizerConfigurationContext.class);
when(configurationContext.getProperty(eq("User Group Provider"))).thenReturn(new MockPropertyValue("user-group-provider", null));
@@ -197,4 +204,23 @@ public class ManagedRangerAuthorizerTest {
return managedAuthorizer;
}
+
+ /**
+ * Extend ManagedRangerAuthorizer to inject a mock base plugin for testing.
+ */
+ private static class MockManagedRangerAuthorizer extends ManagedRangerAuthorizer {
+
+ RangerBasePluginWithPolicies mockRangerBasePlugin;
+
+ public MockManagedRangerAuthorizer(RangerBasePluginWithPolicies mockRangerBasePlugin) {
+ this.mockRangerBasePlugin = mockRangerBasePlugin;
+ }
+
+ @Override
+ protected RangerBasePluginWithPolicies createRangerBasePlugin(String serviceType, String appId) {
+ when(mockRangerBasePlugin.getAppId()).thenReturn(appId);
+ when(mockRangerBasePlugin.getServiceType()).thenReturn(serviceType);
+ return mockRangerBasePlugin;
+ }
+ }
}
diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/TestRangerNiFiAuthorizer.java b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/TestRangerNiFiAuthorizer.java
index 0f26a47..9ce9a6d 100644
--- a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/TestRangerNiFiAuthorizer.java
+++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/test/java/org/apache/nifi/ranger/authorization/TestRangerNiFiAuthorizer.java
@@ -31,6 +31,7 @@ import org.apache.nifi.authorization.UserContextKeys;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.util.MockPropertyValue;
import org.apache.nifi.util.NiFiProperties;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -84,6 +85,10 @@ public class TestRangerNiFiAuthorizer {
configurationContext = createMockConfigContext();
rangerBasePlugin = Mockito.mock(RangerBasePluginWithPolicies.class);
+
+ final RangerPluginConfig pluginConfig = new RangerPluginConfig(serviceType, null, appId, null, null, null);
+ when(rangerBasePlugin.getConfig()).thenReturn(pluginConfig);
+
authorizer = new MockRangerNiFiAuthorizer(rangerBasePlugin);
authorizer.onConfigured(configurationContext);
@@ -397,6 +402,10 @@ public class TestRangerNiFiAuthorizer {
.thenReturn(new MockPropertyValue(rangerAdminIdentity));
rangerBasePlugin = Mockito.mock(RangerBasePluginWithPolicies.class);
+
+ final RangerPluginConfig pluginConfig = new RangerPluginConfig(serviceType, null, appId, null, null, null);
+ when(rangerBasePlugin.getConfig()).thenReturn(pluginConfig);
+
authorizer = new MockRangerNiFiAuthorizer(rangerBasePlugin);
authorizer.onConfigured(configurationContext);
diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-resources/pom.xml b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-resources/pom.xml
index 915af02..0f31a4a 100644
--- a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-resources/pom.xml
+++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-resources/pom.xml
@@ -25,4 +25,22 @@
<artifactId>nifi-ranger-resources</artifactId>
<packaging>jar</packaging>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>credentialbuilder</artifactId>
+ <version>${ranger.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-configuration</groupId>
+ <artifactId>commons-configuration</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-configuration2</artifactId>
+ <version>2.1.1</version>
+ </dependency>
+ </dependencies>
</project>
diff --git a/pom.xml b/pom.xml
index 74e83ae..8c6652d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -88,7 +88,7 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<inceptionYear>2014</inceptionYear>
<org.slf4j.version>1.7.30</org.slf4j.version>
- <ranger.version>2.0.0</ranger.version>
+ <ranger.version>2.1.0</ranger.version>
<jetty.version>9.4.26.v20200117</jetty.version>
<jackson.version>2.9.10</jackson.version>
<jackson-databind.version>2.9.10.5</jackson-databind.version>