[nifi-registry] branch main updated: NIFIREG-417 Upgrade to apache ranger 2.1.0 client

Fri, 11 Sep 2020 07:56:20 -0700 

This is an automated email from the ASF dual-hosted git repository.

pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-registry.git


The following commit(s) were added to refs/heads/main by this push:
     new c88f227  NIFIREG-417 Upgrade to apache ranger 2.1.0 client
c88f227 is described below

commit c88f2278f2390afb99b2284db7bba0f4e4a9a9b8
Author: Bryan Bende <[email protected]>
AuthorDate: Thu Sep 10 11:13:12 2020 -0400

    NIFIREG-417 Upgrade to apache ranger 2.1.0 client
    
    Signed-off-by: Pierre Villard <[email protected]>
    
    This closes #300.
---
 .../nifi-registry-ranger-plugin/pom.xml             |  2 +-
 .../nifi/registry/ranger/RangerAuthorizer.java      | 21 +++++++++++++--------
 .../nifi/registry/ranger/TestRangerAuthorizer.java  |  5 +++++
 3 files changed, 19 insertions(+), 9 deletions(-)

diff --git 
a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml
 
b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml
index f66ee6d..7c20426 100644
--- 
a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml
+++ 
b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml
@@ -25,7 +25,7 @@
     <packaging>jar</packaging>
 
     <properties>
-        <ranger.version>2.0.0</ranger.version>
+        <ranger.version>2.1.0</ranger.version>
         <ranger.hadoop.version>3.1.1</ranger.hadoop.version>
     </properties>
 
diff --git 
a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java
 
b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java
index 05582b6..6fa6fe2 100644
--- 
a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java
+++ 
b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java
@@ -41,6 +41,7 @@ import 
org.apache.nifi.registry.security.exception.SecurityProviderCreationExcep
 import org.apache.nifi.registry.util.PropertyValue;
 import org.apache.ranger.audit.model.AuthzAuditEvent;
 import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -132,11 +133,18 @@ public class RangerAuthorizer implements 
ManagedAuthorizer, AuthorizationAuditor
             if (rangerPlugin == null) {
                 logger.info("initializing base plugin");
 
+                final String serviceType = 
getConfigValue(configurationContext, RANGER_SERVICE_TYPE_PROP, 
DEFAULT_SERVICE_TYPE);
+                final String appId = getConfigValue(configurationContext, 
RANGER_APP_ID_PROP, DEFAULT_APP_ID);
+
+                rangerPlugin = createRangerBasePlugin(serviceType, appId);
+
+                final RangerPluginConfig pluginConfig = 
rangerPlugin.getConfig();
+
                 final PropertyValue securityConfigValue = 
configurationContext.getProperty(RANGER_SECURITY_PATH_PROP);
-                addRequiredResource(RANGER_SECURITY_PATH_PROP, 
securityConfigValue);
+                addRequiredResource(RANGER_SECURITY_PATH_PROP, 
securityConfigValue, pluginConfig);
 
                 final PropertyValue auditConfigValue = 
configurationContext.getProperty(RANGER_AUDIT_PATH_PROP);
-                addRequiredResource(RANGER_AUDIT_PATH_PROP, auditConfigValue);
+                addRequiredResource(RANGER_AUDIT_PATH_PROP, auditConfigValue, 
pluginConfig);
 
                 boolean rangerKerberosEnabled = 
Boolean.valueOf(getConfigValue(configurationContext, 
RANGER_KERBEROS_ENABLED_PROP, Boolean.FALSE.toString()));
 
@@ -158,10 +166,6 @@ public class RangerAuthorizer implements 
ManagedAuthorizer, AuthorizationAuditor
                     
UserGroupInformation.loginUserFromKeytab(registryPrincipal.trim(), 
registryKeytab.trim());
                 }
 
-                final String serviceType = 
getConfigValue(configurationContext, RANGER_SERVICE_TYPE_PROP, 
DEFAULT_SERVICE_TYPE);
-                final String appId = getConfigValue(configurationContext, 
RANGER_APP_ID_PROP, DEFAULT_APP_ID);
-
-                rangerPlugin = createRangerBasePlugin(serviceType, appId);
                 rangerPlugin.init();
 
                 defaultAuditHandler = new RangerDefaultAuditHandler();
@@ -287,8 +291,9 @@ public class RangerAuthorizer implements ManagedAuthorizer, 
AuthorizationAuditor
      *
      * @param name          the name of the given PropertyValue from the 
AuthorizationConfigurationContext
      * @param resourceValue the value for the given name, should be a full 
path to a file
+     * @param configuration the RangerConfiguration to add the resource to
      */
-    private void addRequiredResource(final String name, final PropertyValue 
resourceValue) {
+    private void addRequiredResource(final String name, final PropertyValue 
resourceValue, final RangerConfiguration configuration) {
         if (resourceValue == null || 
StringUtils.isBlank(resourceValue.getValue())) {
             throw new SecurityProviderCreationException(name + " must be 
specified.");
         }
@@ -299,7 +304,7 @@ public class RangerAuthorizer implements ManagedAuthorizer, 
AuthorizationAuditor
         }
 
         try {
-            
RangerConfiguration.getInstance().addResource(resourceFile.toURI().toURL());
+            configuration.addResource(resourceFile.toURI().toURL());
         } catch (MalformedURLException e) {
             throw new SecurityProviderCreationException("Error creating URI 
for " + resourceValue, e);
         }
diff --git 
a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java
 
b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java
index c97d27a..20ecd43 100644
--- 
a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java
+++ 
b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java
@@ -36,6 +36,7 @@ import 
org.apache.nifi.registry.security.authorization.exception.AuthorizationAc
 import 
org.apache.nifi.registry.security.authorization.exception.UninheritableAuthorizationsException;
 import 
org.apache.nifi.registry.security.exception.SecurityProviderCreationException;
 import org.apache.nifi.registry.util.StandardPropertyValue;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -113,6 +114,10 @@ public class TestRangerAuthorizer {
         UserGroupInformation.setConfiguration(securityConf);
 
         rangerBasePlugin = mock(RangerBasePluginWithPolicies.class);
+
+        final RangerPluginConfig pluginConfig = new 
RangerPluginConfig(serviceType, null, appId, null, null, null);
+        when(rangerBasePlugin.getConfig()).thenReturn(pluginConfig);
+
         authorizer = new MockRangerAuthorizer(rangerBasePlugin);
 
         final UserGroupProviderLookup userGroupProviderLookup = 
mock(UserGroupProviderLookup.class);

Reply via email to