GitHub user bbende opened a pull request:
https://github.com/apache/nifi/pull/574
NIFI-1733 [REVIEW ONLY] Adding a Ranger implementation of NiFi's Authorizer
API
This PR is not meant to be merged yet, as it currently is based on a
SNAPSHOT dependency of Ranger, but wanted to get it out there for
review/discussion. Once Ranger releases 0.6.0 I will update this PR with
appropriate version.
This PR adds an Authorizer implementation that uses Apache Ranger and also
modifies the build so that Ranger related artifacts are only included when
using -Pinclude-ranger, this way the normal build does not need to include
anything related to Ranger, and those that want it can also easily build it
themselves.
When using NiFi with Ranger you would declare an Authorizer like the
following in authorizers.xml:
```
<authorizer>
<identifier>ranger-provider</identifier>
<class>org.apache.nifi.ranger.authorization.RangerNiFiAuthorizer</class>
<property name="Ranger Audit Config
Path">/some/path/ranger-nifi-audit.xml</property>
<property name="Ranger Security Config
Path">/some/path/ranger-nifi-security.xml</property>
<property name="Ranger Service Type">nifi</property>
<property name="Ranger Application Id">nifi</property>
<property name="Allow Anonymous">true</property>
</authorizer>
```
For anyone interested in playing around with this, I created a Vagrant VM
that can run a build of Ranger:
https://github.com/bbende/apache-ranger-vagrant
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/bbende/nifi NIFI-1733
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/574.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #574
----
commit 0e59a603e0098eec6ce01cbdff9b1a06ddecfc18
Author: Bryan Bende <[email protected]>
Date: 2016-06-15T14:17:01Z
NIFI-1733 Initial commit for nifi-ranger-bundle
- Pulling serviceType and appId from config context
- Extending RangerBasePlugin to get access to the policies
- Adding config to get auditing to Solr working
- Only audit when isAccessAttempt() is true
- Added Unit tests for RangerNiFiAuthorizer
- Adding service loader file for ranger authorizer
- Adding anonymous access support to RangerNiFiAuthorizer
- Adding identity transform capability to RangerNiFiAuthorizer
commit 376feafea8ae049802f9995e9510d9ae4c9065dd
Author: Bryan Bende <[email protected]>
Date: 2016-06-23T22:37:29Z
NIFI-1733 Adding build profile and assembly that controls the inclusion of
Ranger in the final assembly
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
