GitHub user bbende opened a pull request: https://github.com/apache/nifi/pull/574
NIFI-1733 [REVIEW ONLY] Adding a Ranger implementation of NiFi's Authorizer API This PR is not meant to be merged yet, as it currently is based on a SNAPSHOT dependency of Ranger, but wanted to get it out there for review/discussion. Once Ranger releases 0.6.0 I will update this PR with appropriate version. This PR adds an Authorizer implementation that uses Apache Ranger and also modifies the build so that Ranger related artifacts are only included when using -Pinclude-ranger, this way the normal build does not need to include anything related to Ranger, and those that want it can also easily build it themselves. When using NiFi with Ranger you would declare an Authorizer like the following in authorizers.xml: ``` <authorizer> <identifier>ranger-provider</identifier> <class>org.apache.nifi.ranger.authorization.RangerNiFiAuthorizer</class> <property name="Ranger Audit Config Path">/some/path/ranger-nifi-audit.xml</property> <property name="Ranger Security Config Path">/some/path/ranger-nifi-security.xml</property> <property name="Ranger Service Type">nifi</property> <property name="Ranger Application Id">nifi</property> <property name="Allow Anonymous">true</property> </authorizer> ``` For anyone interested in playing around with this, I created a Vagrant VM that can run a build of Ranger: https://github.com/bbende/apache-ranger-vagrant You can merge this pull request into a Git repository by running: $ git pull https://github.com/bbende/nifi NIFI-1733 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/574.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #574 ---- commit 0e59a603e0098eec6ce01cbdff9b1a06ddecfc18 Author: Bryan Bende <bbe...@apache.org> Date: 2016-06-15T14:17:01Z NIFI-1733 Initial commit for nifi-ranger-bundle - Pulling serviceType and appId from config context - Extending RangerBasePlugin to get access to the policies - Adding config to get auditing to Solr working - Only audit when isAccessAttempt() is true - Added Unit tests for RangerNiFiAuthorizer - Adding service loader file for ranger authorizer - Adding anonymous access support to RangerNiFiAuthorizer - Adding identity transform capability to RangerNiFiAuthorizer commit 376feafea8ae049802f9995e9510d9ae4c9065dd Author: Bryan Bende <bbe...@apache.org> Date: 2016-06-23T22:37:29Z NIFI-1733 Adding build profile and assembly that controls the inclusion of Ranger in the final assembly ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---