This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 3a8da7b NIFI-8979 Add KerberosUserService to PutKudu
3a8da7b is described below
commit 3a8da7b33e2973e0bee58b4d47a814dc92b14a99
Author: Bryan Bende <[email protected]>
AuthorDate: Mon Sep 20 14:12:08 2021 -0400
NIFI-8979 Add KerberosUserService to PutKudu
Signed-off-by: Pierre Villard <[email protected]>
This closes #5400.
---
.../nifi-kudu-bundle/nifi-kudu-processors/pom.xml | 5 ++
.../processors/kudu/AbstractKuduProcessor.java | 58 +++++++++++++++++-----
.../org/apache/nifi/processors/kudu/PutKudu.java | 1 +
.../apache/nifi/processors/kudu/TestPutKudu.java | 20 ++++++++
4 files changed, 71 insertions(+), 13 deletions(-)
diff --git a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/pom.xml
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/pom.xml
index 4b21c14..51a97aa 100644
--- a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/pom.xml
@@ -63,6 +63,11 @@
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-kerberos-user-service-api</artifactId>
+ <version>1.15.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
<artifactId>nifi-record-serialization-service-api</artifactId>
</dependency>
<dependency>
diff --git
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/AbstractKuduProcessor.java
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/AbstractKuduProcessor.java
index 4131d2f..e188323 100644
---
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/AbstractKuduProcessor.java
+++
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/AbstractKuduProcessor.java
@@ -39,6 +39,7 @@ import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.expression.AttributeExpression;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.kerberos.KerberosCredentialsService;
+import org.apache.nifi.kerberos.KerberosUserService;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.util.StandardValidators;
@@ -53,7 +54,6 @@ import
org.apache.nifi.serialization.record.type.DecimalDataType;
import org.apache.nifi.serialization.record.util.DataTypeUtils;
import org.apache.nifi.util.StringUtils;
-import javax.security.auth.login.LoginException;
import java.math.BigDecimal;
import java.sql.Date;
import java.sql.Timestamp;
@@ -94,6 +94,14 @@ public abstract class AbstractKuduProcessor extends
AbstractProcessor {
.identifiesControllerService(KerberosCredentialsService.class)
.build();
+ static final PropertyDescriptor KERBEROS_USER_SERVICE = new
PropertyDescriptor.Builder()
+ .name("kerberos-user-service")
+ .displayName("Kerberos User Service")
+ .description("Specifies the Kerberos User Controller Service that
should be used for authenticating with Kerberos")
+ .identifiesControllerService(KerberosUserService.class)
+ .required(false)
+ .build();
+
static final PropertyDescriptor KERBEROS_PRINCIPAL = new
PropertyDescriptor.Builder()
.name("kerberos-principal")
.displayName("Kerberos Principal")
@@ -172,19 +180,26 @@ public abstract class AbstractKuduProcessor extends
AbstractProcessor {
}
}
- protected void createKerberosUserAndOrKuduClient(ProcessContext context)
throws LoginException {
- final KerberosCredentialsService credentialsService =
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
- final String kerberosPrincipal =
context.getProperty(KERBEROS_PRINCIPAL).evaluateAttributeExpressions().getValue();
- final String kerberosPassword =
context.getProperty(KERBEROS_PASSWORD).getValue();
-
- if (credentialsService != null) {
- kerberosUser =
createKerberosKeytabUser(credentialsService.getPrincipal(),
credentialsService.getKeytab(), context);
- kerberosUser.login(); // login creates the kudu client as well
- } else if (!StringUtils.isBlank(kerberosPrincipal) &&
!StringUtils.isBlank(kerberosPassword)) {
- kerberosUser = createKerberosPasswordUser(kerberosPrincipal,
kerberosPassword, context);
- kerberosUser.login(); // login creates the kudu client as well
- } else {
+ protected void createKerberosUserAndOrKuduClient(ProcessContext context) {
+ final KerberosUserService kerberosUserService =
context.getProperty(KERBEROS_USER_SERVICE).asControllerService(KerberosUserService.class);
+ if (kerberosUserService != null) {
+ kerberosUser = kerberosUserService.createKerberosUser();
+ kerberosUser.login();
createKuduClient(context);
+ } else {
+ final KerberosCredentialsService credentialsService =
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
+ final String kerberosPrincipal =
context.getProperty(KERBEROS_PRINCIPAL).evaluateAttributeExpressions().getValue();
+ final String kerberosPassword =
context.getProperty(KERBEROS_PASSWORD).getValue();
+
+ if (credentialsService != null) {
+ kerberosUser =
createKerberosKeytabUser(credentialsService.getPrincipal(),
credentialsService.getKeytab(), context);
+ kerberosUser.login(); // login creates the kudu client as well
+ } else if (!StringUtils.isBlank(kerberosPrincipal) &&
!StringUtils.isBlank(kerberosPassword)) {
+ kerberosUser = createKerberosPasswordUser(kerberosPrincipal,
kerberosPassword, context);
+ kerberosUser.login(); // login creates the kudu client as well
+ } else {
+ createKuduClient(context);
+ }
}
}
@@ -310,6 +325,7 @@ public abstract class AbstractKuduProcessor extends
AbstractProcessor {
}
final KerberosCredentialsService kerberosCredentialsService =
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
+ final KerberosUserService kerberosUserService =
context.getProperty(KERBEROS_USER_SERVICE).asControllerService(KerberosUserService.class);
if (kerberosCredentialsService != null && (kerberosPrincipalProvided
|| kerberosPasswordProvided)) {
results.add(new ValidationResult.Builder()
@@ -319,6 +335,22 @@ public abstract class AbstractKuduProcessor extends
AbstractProcessor {
.build());
}
+ if (kerberosUserService != null && (kerberosPrincipalProvided ||
kerberosPasswordProvided)) {
+ results.add(new ValidationResult.Builder()
+ .subject(KERBEROS_USER_SERVICE.getDisplayName())
+ .valid(false)
+ .explanation("kerberos principal/password and kerberos
user service cannot be configured at the same time")
+ .build());
+ }
+
+ if (kerberosUserService != null && kerberosCredentialsService != null)
{
+ results.add(new ValidationResult.Builder()
+ .subject(KERBEROS_USER_SERVICE.getDisplayName())
+ .valid(false)
+ .explanation("kerberos user service and kerberos
credentials service cannot be configured at the same time")
+ .build());
+ }
+
return results;
}
diff --git
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
index ca273b6..37bf43a 100644
---
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
+++
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
@@ -283,6 +283,7 @@ public class PutKudu extends AbstractKuduProcessor {
properties.add(KUDU_MASTERS);
properties.add(TABLE_NAME);
properties.add(FAILURE_STRATEGY);
+ properties.add(KERBEROS_USER_SERVICE);
properties.add(KERBEROS_CREDENTIALS_SERVICE);
properties.add(KERBEROS_PRINCIPAL);
properties.add(KERBEROS_PASSWORD);
diff --git
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/test/java/org/apache/nifi/processors/kudu/TestPutKudu.java
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/test/java/org/apache/nifi/processors/kudu/TestPutKudu.java
index f02917f..73913cf 100644
---
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/test/java/org/apache/nifi/processors/kudu/TestPutKudu.java
+++
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/test/java/org/apache/nifi/processors/kudu/TestPutKudu.java
@@ -33,6 +33,7 @@ import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.flowfile.attributes.CoreAttributes;
import org.apache.nifi.kerberos.KerberosCredentialsService;
+import org.apache.nifi.kerberos.KerberosUserService;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceEventType;
@@ -167,6 +168,25 @@ public class TestPutKudu {
testRunner.removeProperty(PutKudu.KERBEROS_PRINCIPAL);
testRunner.removeProperty(PutKudu.KERBEROS_PASSWORD);
testRunner.assertValid();
+
+ final KerberosUserService kerberosUserService =
enableKerberosUserService(testRunner);
+ testRunner.setProperty(PutKudu.KERBEROS_USER_SERVICE,
kerberosUserService.getIdentifier());
+ testRunner.assertNotValid();
+
+ testRunner.removeProperty(PutKudu.KERBEROS_CREDENTIALS_SERVICE);
+ testRunner.assertValid();
+
+ testRunner.setProperty(PutKudu.KERBEROS_PRINCIPAL, "principal");
+ testRunner.setProperty(PutKudu.KERBEROS_PASSWORD, "password");
+ testRunner.assertNotValid();
+ }
+
+ private KerberosUserService enableKerberosUserService(final TestRunner
runner) throws InitializationException {
+ final KerberosUserService kerberosUserService =
mock(KerberosUserService.class);
+ when(kerberosUserService.getIdentifier()).thenReturn("userService1");
+ runner.addControllerService(kerberosUserService.getIdentifier(),
kerberosUserService);
+ runner.enableControllerService(kerberosUserService);
+ return kerberosUserService;
}
@Test
