[GitHub] [knox] smolnar82 opened a new pull request, #590: KNOX-2757 - HadoopGroupProvider parameters should be added to the filter even there is a gateway level property with CENTRAL_GROUP_CONFIG_PREFIX

[GitBox]

smolnar82 opened a new pull request, #590:
URL: https://github.com/apache/knox/pull/590

   ## What changes were proposed in this pull request?
   
   From now on, in Knox's HadoopGroupProvider, the gateway-level 
`CENTRAL_GROUP_CONFIG_PREFIX` prefixed parameters are added together with any 
custom provider-level parameters into the final `HadoopGroupProvider` identity 
assertion filter of the generated web application.
   
   I also needed to re-factor some code out from the `gateway-server` project 
that implements certain descriptor-related interfaces from `gateway-spi` as a 
simple POJO. The new Maven module's name is `gateway-spi-common` and I already 
see the benefit of having this new project serving the same functionality for 
other developments in the future.
   With this new project we now do not need to create/mock already existing 
classes that we can re-use in our test classes where mocking isn't a really 
good option.
   
   ## How was this patch tested?
   
   Added new unit tests to check if filter properties are generated as 
expected. Apart from this, I also tested the fix manually with my local Knox 
instance using the `Steps to reproduce` information from the corresponding JIRA:
   ```
           <filter>
               <role>identity-assertion</role>
               <name>HadoopGroupProvider</name>
               
<class>org.apache.knox.gateway.identityasserter.hadoop.groups.filter.HadoopGroupProviderFilter</class>
               <param>
                   
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
                   <value>member</value>
               </param>
               <param>
                   
<name>hadoop.security.group.mapping.ldap.search.filter.user</name>
                   
<value>(&amp;(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))</value>
               </param>
               <param>
                   
<name>hadoop.security.group.mapping.ldap.search.attr.group.name</name>
                   <value>cn</value>
               </param>
               <param>
                   <name>hadoop.security.group.mapping.ldap.url</name>
                   <value>ldap://localhost:33389</value>
               </param>
               <param>
                   <name>hadoop.security.group.mapping</name>
                   <value>org.apache.hadoop.security.LdapGroupsMapping</value>
               </param>
               <param>
                   
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
                   <value>(objectclass=groupOfNames)</value>
               </param>
               <param>
                   <name>hadoop.security.group.mapping.ldap.bind.user</name>
                   <value>uid=guest,ou=people,dc=hadoop,dc=apache,dc=org</value>
               </param>
               <param>
                   <name>hadoop.security.group.mapping.ldap.bind.password</name>
                   <value>guest-password</value>
               </param>
               <param>
                   <name>group.mapping.c_env_assignees_1234</name>
                   <value>(!= 0 (size groups))</value>
               </param>
           </filter>
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org