This is an automated email from the ASF dual-hosted git repository.
bbende pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new ab16581 NIFI-7024: Added Kerberos Password support to
HBase_1_1_2_ClientService and HBase_2_ClientService
ab16581 is described below
commit ab1658130d4fa9041c1cceaffeab2836ef9cbe15
Author: jstorck <[email protected]>
AuthorDate: Sun Mar 1 20:03:10 2020 -0500
NIFI-7024: Added Kerberos Password support to HBase_1_1_2_ClientService and
HBase_2_ClientService
This closes #4103.
---
.../nifi/hbase/HBase_1_1_2_ClientService.java | 66 ++++++++++++++++++----
.../apache/nifi/hbase/MockHBaseClientService.java | 10 ++++
.../nifi/hbase/TestHBase_1_1_2_ClientService.java | 2 +-
.../apache/nifi/hbase/HBase_2_ClientService.java | 64 +++++++++++++++++----
.../apache/nifi/hbase/MockHBaseClientService.java | 10 ++++
.../nifi/hbase/TestHBase_2_ClientService.java | 2 +-
6 files changed, 131 insertions(+), 23 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_1_1_2_ClientService.java
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_1_1_2_ClientService.java
index fe2af63..b71b132 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_1_1_2_ClientService.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_1_1_2_ClientService.java
@@ -62,11 +62,16 @@ import org.apache.nifi.hbase.scan.ResultCell;
import org.apache.nifi.hbase.scan.ResultHandler;
import org.apache.nifi.hbase.validate.ConfigFilesValidator;
import org.apache.nifi.kerberos.KerberosCredentialsService;
+import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.security.krb.KerberosKeytabUser;
+import org.apache.nifi.security.krb.KerberosPasswordUser;
+import org.apache.nifi.security.krb.KerberosUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.security.auth.login.LoginException;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@@ -155,6 +160,7 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
private volatile Connection connection;
private volatile UserGroupInformation ugi;
+ private final AtomicReference<KerberosUser> kerberosUserReference = new
AtomicReference<>();
private volatile String masterAddress;
private List<PropertyDescriptor> properties;
@@ -182,6 +188,7 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
props.add(KERBEROS_CREDENTIALS_SERVICE);
props.add(kerberosProperties.getKerberosPrincipal());
props.add(kerberosProperties.getKerberosKeytab());
+ props.add(kerberosProperties.getKerberosPassword());
props.add(ZOOKEEPER_QUORUM);
props.add(ZOOKEEPER_CLIENT_PORT);
props.add(ZOOKEEPER_ZNODE_PARENT);
@@ -224,6 +231,7 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
final String explicitPrincipal =
validationContext.getProperty(kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
final String explicitKeytab =
validationContext.getProperty(kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
+ final String explicitPassword =
validationContext.getProperty(kerberosProperties.getKerberosPassword()).getValue();
final KerberosCredentialsService credentialsService =
validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
final String resolvedPrincipal;
@@ -261,23 +269,23 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
final Configuration hbaseConfig = resources.getConfiguration();
-
problems.addAll(KerberosProperties.validatePrincipalWithKeytabOrPassword(getClass().getSimpleName(),
hbaseConfig, resolvedPrincipal, resolvedKeytab, null, getLogger()));
+
problems.addAll(KerberosProperties.validatePrincipalWithKeytabOrPassword(getClass().getSimpleName(),
hbaseConfig,
+ resolvedPrincipal, resolvedKeytab, explicitPassword,
getLogger()));
}
- if (credentialsService != null && (explicitPrincipal != null ||
explicitKeytab != null)) {
+ if (credentialsService != null && (explicitPrincipal != null ||
explicitKeytab != null || explicitPassword != null)) {
problems.add(new ValidationResult.Builder()
.subject("Kerberos Credentials")
.valid(false)
- .explanation("Cannot specify both a Kerberos Credentials
Service and a principal/keytab")
+ .explanation("Cannot specify a Kerberos Credentials Service
while also specifying a Kerberos Principal, Kerberos Keytab, or Kerberos
Password")
.build());
}
- final String allowExplicitKeytabVariable =
System.getenv(ALLOW_EXPLICIT_KEYTAB);
- if ("false".equalsIgnoreCase(allowExplicitKeytabVariable) &&
(explicitPrincipal != null || explicitKeytab != null)) {
+ if (!isAllowExplicitKeytab() && explicitKeytab != null) {
problems.add(new ValidationResult.Builder()
.subject("Kerberos Credentials")
.valid(false)
- .explanation("The '" + ALLOW_EXPLICIT_KEYTAB + "' system
environment variable is configured to forbid explicitly configuring
principal/keytab in processors. "
+ .explanation("The '" + ALLOW_EXPLICIT_KEYTAB + "' system
environment variable is configured to forbid explicitly configuring Kerberos
Keytab in processors. "
+ "The Kerberos Credentials Service should be used instead
of setting the Kerberos Keytab or Kerberos Principal property.")
.build());
}
@@ -354,6 +362,7 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
if (SecurityUtil.isSecurityEnabled(hbaseConfig)) {
String principal =
context.getProperty(kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
String keyTab =
context.getProperty(kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
+ String password =
context.getProperty(kerberosProperties.getKerberosPassword()).getValue();
// If the Kerberos Credentials Service is specified, we need to
use its configuration, not the explicit properties for principal/keytab.
// The customValidate method ensures that only one can be set, so
we know that the principal & keytab above are null.
@@ -363,11 +372,20 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
keyTab = credentialsService.getKeytab();
}
- getLogger().info("HBase Security Enabled, logging in as principal
{} with keytab {}", new Object[] {principal, keyTab});
- ugi = SecurityUtil.loginKerberos(hbaseConfig, principal, keyTab);
- getLogger().info("Successfully logged in as principal {} with
keytab {}", new Object[] {principal, keyTab});
+ if (keyTab != null) {
+ kerberosUserReference.set(new KerberosKeytabUser(principal,
keyTab));
+ getLogger().info("HBase Security Enabled, logging in as
principal {} with keytab {}", new Object[] {principal, keyTab});
+ } else if (password != null) {
+ kerberosUserReference.set(new KerberosPasswordUser(principal,
password));
+ getLogger().info("HBase Security Enabled, logging in as
principal {} with password", new Object[] {principal});
+ } else {
+ throw new IOException("Unable to authenticate with Kerberos,
no keytab or password was provided");
+ }
+
+ ugi = SecurityUtil.getUgiForKerberosUser(hbaseConfig,
kerberosUserReference.get());
+ getLogger().info("Successfully logged in as principal " +
principal);
- return ugi.doAs(new PrivilegedExceptionAction<Connection>() {
+ return getUgi().doAs(new PrivilegedExceptionAction<Connection>() {
@Override
public Connection run() throws Exception {
return ConnectionFactory.createConnection(hbaseConfig);
@@ -649,7 +667,7 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
//
protected ResultScanner getResults(final Table table, final String
startRow, final String endRow, final String filterExpression, final Long
timerangeMin, final Long timerangeMax,
- final Integer limitRows, final Boolean isReversed, final Boolean
blockCache, final Collection<Column> columns, List<String> authorizations)
throws IOException {
+ final Integer limitRows, final Boolean isReversed, final Boolean
blockCache, final Collection<Column> columns, List<String> authorizations)
throws IOException {
final Scan scan = new Scan();
if (!StringUtils.isBlank(startRow)){
scan.setStartRow(startRow.getBytes(StandardCharsets.UTF_8));
@@ -841,4 +859,30 @@ public class HBase_1_1_2_ClientService extends
AbstractControllerService impleme
final String transitUriMasterAddress =
StringUtils.isEmpty(masterAddress) ? "unknown" : masterAddress;
return "hbase://" + transitUriMasterAddress + "/" + tableName +
(StringUtils.isEmpty(rowKey) ? "" : "/" + rowKey);
}
+
+ /*
+ * Overridable by subclasses in the same package, mainly intended for
testing purposes to allow verification without having to set environment
variables.
+ */
+ boolean isAllowExplicitKeytab() {
+ return Boolean.parseBoolean(System.getenv(ALLOW_EXPLICIT_KEYTAB));
+ }
+
+ UserGroupInformation getUgi() {
+ getLogger().trace("getting UGI instance");
+ if (kerberosUserReference.get() != null) {
+ // if there's a KerberosUser associated with this UGI, check the
TGT and relogin if it is close to expiring
+ KerberosUser kerberosUser = kerberosUserReference.get();
+ getLogger().debug("kerberosUser is " + kerberosUser);
+ try {
+ getLogger().debug("checking TGT on kerberosUser [{}]", new
Object[] {kerberosUser});
+ kerberosUser.checkTGTAndRelogin();
+ } catch (LoginException e) {
+ throw new ProcessException("Unable to relogin with kerberos
credentials for " + kerberosUser.getPrincipal(), e);
+ }
+ } else {
+ getLogger().debug("kerberosUser was null, will not refresh TGT
with KerberosUser");
+ }
+ return ugi;
+ }
+
}
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
index ea805d1..c2cf265 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
@@ -50,11 +50,17 @@ public class MockHBaseClientService extends
HBase_1_1_2_ClientService {
private String family;
private Map<String, Result> results = new HashMap<>();
private KerberosProperties kerberosProperties;
+ private boolean allowExplicitKeytab;
public MockHBaseClientService(final Table table, final String family,
final KerberosProperties kerberosProperties) {
+ this(table, family, kerberosProperties, false);
+ }
+
+ public MockHBaseClientService(final Table table, final String family,
final KerberosProperties kerberosProperties, boolean allowExplicitKeytab) {
this.table = table;
this.family = family;
this.kerberosProperties = kerberosProperties;
+ this.allowExplicitKeytab = allowExplicitKeytab;
}
@Override
@@ -169,4 +175,8 @@ public class MockHBaseClientService extends
HBase_1_1_2_ClientService {
return connection;
}
+ @Override
+ boolean isAllowExplicitKeytab() {
+ return allowExplicitKeytab;
+ }
}
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_1_1_2_ClientService.java
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_1_1_2_ClientService.java
index 75e9c17..56b259c 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_1_1_2_ClientService.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/nifi-hbase_1_1_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_1_1_2_ClientService.java
@@ -141,7 +141,7 @@ public class TestHBase_1_1_2_ClientService {
runner.removeControllerService(service);
// Kerberos - principal with non-set keytab and only
hbase-site-security - valid because we need core-site-security to turn on
security
- service = new MockHBaseClientService(table, COL_FAM,
kerberosPropsWithFile);
+ service = new MockHBaseClientService(table, COL_FAM,
kerberosPropsWithFile, true);
runner.addControllerService("hbaseClientService", service);
runner.setProperty(service,
HBase_1_1_2_ClientService.HADOOP_CONF_FILES,
"src/test/resources/hbase-site-security.xml");
runner.setProperty(service,
kerberosPropsWithFile.getKerberosPrincipal(), "test@REALM");
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_2_ClientService.java
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_2_ClientService.java
index 59f7312..59e92aa 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_2_ClientService.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/main/java/org/apache/nifi/hbase/HBase_2_ClientService.java
@@ -62,11 +62,16 @@ import org.apache.nifi.hbase.scan.ResultCell;
import org.apache.nifi.hbase.scan.ResultHandler;
import org.apache.nifi.hbase.validate.ConfigFilesValidator;
import org.apache.nifi.kerberos.KerberosCredentialsService;
+import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.security.krb.KerberosKeytabUser;
+import org.apache.nifi.security.krb.KerberosPasswordUser;
+import org.apache.nifi.security.krb.KerberosUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.security.auth.login.LoginException;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@@ -154,6 +159,7 @@ public class HBase_2_ClientService extends
AbstractControllerService implements
private volatile Connection connection;
private volatile UserGroupInformation ugi;
+ private final AtomicReference<KerberosUser> kerberosUserReference = new
AtomicReference<>();
private volatile String masterAddress;
private List<PropertyDescriptor> properties;
@@ -181,6 +187,7 @@ public class HBase_2_ClientService extends
AbstractControllerService implements
props.add(KERBEROS_CREDENTIALS_SERVICE);
props.add(kerberosProperties.getKerberosPrincipal());
props.add(kerberosProperties.getKerberosKeytab());
+ props.add(kerberosProperties.getKerberosPassword());
props.add(ZOOKEEPER_QUORUM);
props.add(ZOOKEEPER_CLIENT_PORT);
props.add(ZOOKEEPER_ZNODE_PARENT);
@@ -223,6 +230,7 @@ public class HBase_2_ClientService extends
AbstractControllerService implements
final String explicitPrincipal =
validationContext.getProperty(kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
final String explicitKeytab =
validationContext.getProperty(kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
+ final String explicitPassword =
validationContext.getProperty(kerberosProperties.getKerberosPassword()).getValue();
final KerberosCredentialsService credentialsService =
validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
final String resolvedPrincipal;
@@ -260,23 +268,23 @@ public class HBase_2_ClientService extends
AbstractControllerService implements
final Configuration hbaseConfig = resources.getConfiguration();
-
problems.addAll(KerberosProperties.validatePrincipalWithKeytabOrPassword(getClass().getSimpleName(),
hbaseConfig, resolvedPrincipal, resolvedKeytab, null, getLogger()));
+
problems.addAll(KerberosProperties.validatePrincipalWithKeytabOrPassword(getClass().getSimpleName(),
hbaseConfig,
+ resolvedPrincipal, resolvedKeytab, explicitPassword,
getLogger()));
}
- if (credentialsService != null && (explicitPrincipal != null ||
explicitKeytab != null)) {
+ if (credentialsService != null && (explicitPrincipal != null ||
explicitKeytab != null || explicitPassword != null)) {
problems.add(new ValidationResult.Builder()
.subject("Kerberos Credentials")
.valid(false)
- .explanation("Cannot specify both a Kerberos Credentials
Service and a principal/keytab")
+ .explanation("Cannot specify a Kerberos Credentials Service
while also specifying a Kerberos Principal, Kerberos Keytab, or Kerberos
Password")
.build());
}
- final String allowExplicitKeytabVariable =
System.getenv(ALLOW_EXPLICIT_KEYTAB);
- if ("false".equalsIgnoreCase(allowExplicitKeytabVariable) &&
(explicitPrincipal != null || explicitKeytab != null)) {
+ if (!isAllowExplicitKeytab() && explicitKeytab != null) {
problems.add(new ValidationResult.Builder()
.subject("Kerberos Credentials")
.valid(false)
- .explanation("The '" + ALLOW_EXPLICIT_KEYTAB + "' system
environment variable is configured to forbid explicitly configuring
principal/keytab in processors. "
+ .explanation("The '" + ALLOW_EXPLICIT_KEYTAB + "' system
environment variable is configured to forbid explicitly configuring Kerberos
Keytab in processors. "
+ "The Kerberos Credentials Service should be used instead
of setting the Kerberos Keytab or Kerberos Principal property.")
.build());
}
@@ -353,6 +361,7 @@ public class HBase_2_ClientService extends
AbstractControllerService implements
if (SecurityUtil.isSecurityEnabled(hbaseConfig)) {
String principal =
context.getProperty(kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
String keyTab =
context.getProperty(kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
+ String password =
context.getProperty(kerberosProperties.getKerberosPassword()).getValue();
// If the Kerberos Credentials Service is specified, we need to
use its configuration, not the explicit properties for principal/keytab.
// The customValidate method ensures that only one can be set, so
we know that the principal & keytab above are null.
@@ -362,11 +371,20 @@ public class HBase_2_ClientService extends
AbstractControllerService implements
keyTab = credentialsService.getKeytab();
}
- getLogger().info("HBase Security Enabled, logging in as principal
{} with keytab {}", new Object[] {principal, keyTab});
- ugi = SecurityUtil.loginKerberos(hbaseConfig, principal, keyTab);
- getLogger().info("Successfully logged in as principal {} with
keytab {}", new Object[] {principal, keyTab});
+ if (keyTab != null) {
+ kerberosUserReference.set(new KerberosKeytabUser(principal,
keyTab));
+ getLogger().info("HBase Security Enabled, logging in as
principal {} with keytab {}", new Object[] {principal, keyTab});
+ } else if (password != null) {
+ kerberosUserReference.set(new KerberosPasswordUser(principal,
password));
+ getLogger().info("HBase Security Enabled, logging in as
principal {} with password", new Object[] {principal});
+ } else {
+ throw new IOException("Unable to authenticate with Kerberos,
no keytab or password was provided");
+ }
+
+ ugi = SecurityUtil.getUgiForKerberosUser(hbaseConfig,
kerberosUserReference.get());
+ getLogger().info("Successfully logged in as principal " +
principal);
- return ugi.doAs(new PrivilegedExceptionAction<Connection>() {
+ return getUgi().doAs(new PrivilegedExceptionAction<Connection>() {
@Override
public Connection run() throws Exception {
return ConnectionFactory.createConnection(hbaseConfig);
@@ -840,4 +858,30 @@ public class HBase_2_ClientService extends
AbstractControllerService implements
final String transitUriMasterAddress =
StringUtils.isEmpty(masterAddress) ? "unknown" : masterAddress;
return "hbase://" + transitUriMasterAddress + "/" + tableName +
(StringUtils.isEmpty(rowKey) ? "" : "/" + rowKey);
}
+
+ /*
+ * Overridable by subclasses in the same package, mainly intended for
testing purposes to allow verification without having to set environment
variables.
+ */
+ boolean isAllowExplicitKeytab() {
+ return Boolean.parseBoolean(System.getenv(ALLOW_EXPLICIT_KEYTAB));
+ }
+
+ UserGroupInformation getUgi() {
+ getLogger().trace("getting UGI instance");
+ if (kerberosUserReference.get() != null) {
+ // if there's a KerberosUser associated with this UGI, check the
TGT and relogin if it is close to expiring
+ KerberosUser kerberosUser = kerberosUserReference.get();
+ getLogger().debug("kerberosUser is " + kerberosUser);
+ try {
+ getLogger().debug("checking TGT on kerberosUser [{}]", new
Object[] {kerberosUser});
+ kerberosUser.checkTGTAndRelogin();
+ } catch (LoginException e) {
+ throw new ProcessException("Unable to relogin with kerberos
credentials for " + kerberosUser.getPrincipal(), e);
+ }
+ } else {
+ getLogger().debug("kerberosUser was null, will not refresh TGT
with KerberosUser");
+ }
+ return ugi;
+ }
+
}
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
index 19b0577..8508818 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/MockHBaseClientService.java
@@ -50,11 +50,17 @@ public class MockHBaseClientService extends
HBase_2_ClientService {
private String family;
private Map<String, Result> results = new HashMap<>();
private KerberosProperties kerberosProperties;
+ private boolean allowExplicitKeytab;
public MockHBaseClientService(final Table table, final String family,
final KerberosProperties kerberosProperties) {
+ this(table, family, kerberosProperties, false);
+ }
+
+ public MockHBaseClientService(final Table table, final String family,
final KerberosProperties kerberosProperties, boolean allowExplicitKeytab) {
this.table = table;
this.family = family;
this.kerberosProperties = kerberosProperties;
+ this.allowExplicitKeytab = allowExplicitKeytab;
}
@Override
@@ -169,4 +175,8 @@ public class MockHBaseClientService extends
HBase_2_ClientService {
return connection;
}
+ @Override
+ boolean isAllowExplicitKeytab() {
+ return allowExplicitKeytab;
+ }
}
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_2_ClientService.java
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_2_ClientService.java
index 9f6e754..e27a90c 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_2_ClientService.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/src/test/java/org/apache/nifi/hbase/TestHBase_2_ClientService.java
@@ -141,7 +141,7 @@ public class TestHBase_2_ClientService {
runner.removeControllerService(service);
// Kerberos - principal with non-set keytab and only
hbase-site-security - valid because we need core-site-security to turn on
security
- service = new MockHBaseClientService(table, COL_FAM,
kerberosPropsWithFile);
+ service = new MockHBaseClientService(table, COL_FAM,
kerberosPropsWithFile, true);
runner.addControllerService("hbaseClientService", service);
runner.setProperty(service, HBase_2_ClientService.HADOOP_CONF_FILES,
"src/test/resources/hbase-site-security.xml");
runner.setProperty(service,
kerberosPropsWithFile.getKerberosPrincipal(), "test@REALM");
