tpalfy commented on a change in pull request #4973:
URL: https://github.com/apache/nifi/pull/4973#discussion_r621158879
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -50,52 +60,95 @@
*/
@RequiresInstanceClassLoading
@Tags({"accumulo", "client", "service"})
-@CapabilityDescription("A controller service for accessing an HBase client.")
+@CapabilityDescription("A controller service for accessing an Accumulo
Client.")
public class AccumuloService extends AbstractControllerService implements
BaseAccumuloService {
- private enum AuthenticationType{
+ private enum AuthenticationType {
PASSWORD,
+ KERBEROS,
NONE
}
protected static final PropertyDescriptor ZOOKEEPER_QUORUM = new
PropertyDescriptor.Builder()
.name("ZooKeeper Quorum")
+ .displayName("ZooKeeper Quorum")
.description("Comma-separated list of ZooKeeper hosts for
Accumulo.")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
protected static final PropertyDescriptor INSTANCE_NAME = new
PropertyDescriptor.Builder()
.name("Instance Name")
+ .displayName("Instance Name")
.description("Instance name of the Accumulo cluster")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
+ protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
+ .name("accumulo-authentication-type")
+ .displayName("Authentication Type")
+ .description("Authentication Type")
+ .allowableValues(AuthenticationType.values())
+ .defaultValue(AuthenticationType.PASSWORD.toString())
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .build();
protected static final PropertyDescriptor ACCUMULO_USER = new
PropertyDescriptor.Builder()
.name("Accumulo User")
+ .displayName("Accumulo User")
.description("Connecting user for Accumulo")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
protected static final PropertyDescriptor ACCUMULO_PASSWORD = new
PropertyDescriptor.Builder()
.name("Accumulo Password")
- .description("Connecting user's password when using the PASSWORD
Authentication type")
+ .displayName("Accumulo Password")
+ .description("Connecting user's password")
.sensitive(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
- protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
- .name("Authentication Type")
- .description("Authentication Type")
- .allowableValues(AuthenticationType.values())
- .defaultValue(AuthenticationType.PASSWORD.toString())
+ protected static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE =
new PropertyDescriptor.Builder()
+ .name("kerberos-credentials-service")
+ .displayName("Kerberos Credentials Service")
+ .description("Specifies the Kerberos Credentials Controller
Service that should be used for principal + keytab Kerberos authentication")
+ .identifiesControllerService(KerberosCredentialsService.class)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.KERBEROS.toString())
+ .build();
+
+ protected static final PropertyDescriptor KERBEROS_PRINCIPAL = new
PropertyDescriptor.Builder()
+ .name("accumulo-kerberos-principal")
Review comment:
```suggestion
.name("kerberos-principal")
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +204,108 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
+ }
+ break;
+ case KERBEROS:
+ if
(!validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
!validationContext.getProperty(KERBEROS_PASSWORD).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Either Kerberos Password or Kerberos
Credential Service must be set").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(KERBEROS_PASSWORD).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Kerberos Password and Kerberos
Credential Service should not be filled out at the same time").build());
+ } else if
(validationContext.getProperty(KERBEROS_PASSWORD).isSet() &&
!validationContext.getProperty(KERBEROS_PRINCIPAL).isSet()) {
+ problems.add(new
ValidationResult.Builder().valid(false).subject(KERBEROS_PRINCIPAL.getName())
+ .explanation("Kerberos Principal must be supplied
when principal + password Kerberos authentication is used").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(KERBEROS_PRINCIPAL).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(KERBEROS_PRINCIPAL.getName())
+ .explanation("Kerberos Principal (for password)
should not be filled out when principal + keytab Kerberos authentication is
used").build());
}
break;
default:
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName()).explanation("Non
supported Authentication type").build());
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Non
supported Authentication type").build());
}
return problems;
}
@OnEnabled
public void onEnabled(final ConfigurationContext context) throws
InitializationException, IOException, InterruptedException {
- if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet() ||
!context.getProperty(ACCUMULO_USER).isSet()){
+ if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet()) {
throw new InitializationException("Instance name and Zookeeper
Quorum must be specified");
}
-
-
+ final KerberosCredentialsService kerberosService =
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
final String instanceName =
context.getProperty(INSTANCE_NAME).evaluateAttributeExpressions().getValue();
final String zookeepers =
context.getProperty(ZOOKEEPER_QUORUM).evaluateAttributeExpressions().getValue();
- final String accumuloUser =
context.getProperty(ACCUMULO_USER).evaluateAttributeExpressions().getValue();
+ final AuthenticationType authType = AuthenticationType.valueOf(
context.getProperty(AUTHENTICATION_TYPE).getValue());
+
+ final Properties clientConf = new Properties();
+ clientConf.setProperty("instance.zookeepers", zookeepers);
+ clientConf.setProperty("instance.name", instanceName);
- final AuthenticationType type = AuthenticationType.valueOf(
context.getProperty(AUTHENTICATION_TYPE).getValue() );
+ switch(authType){
+ case PASSWORD:
+ final String accumuloUser =
context.getProperty(ACCUMULO_USER).evaluateAttributeExpressions().getValue();
+ final AuthenticationToken token = new
PasswordToken(context.getProperty(ACCUMULO_PASSWORD).getValue());
+ this.client =
Accumulo.newClient().from(clientConf).as(accumuloUser, token).build();
+ break;
+ case KERBEROS:
+ final String principal = kerberosService == null ?
context.getProperty(KERBEROS_PRINCIPAL).getValue() :
kerberosService.getPrincipal();
- final AuthenticationToken token = getToken(type,context);
+ if (kerberosService != null) {
+ this.kerberosUser = new KerberosKeytabUser(principal,
kerberosService.getKeytab());
+ } else {
+ this.kerberosUser = new KerberosPasswordUser(principal,
context.getProperty(KERBEROS_PASSWORD).getValue());
+ }
Review comment:
Optional, although I think it's much cleaner this way.
```suggestion
if (kerberosService == null) {
principal =
context.getProperty(KERBEROS_PRINCIPAL).getValue();
this.kerberosUser = new KerberosPasswordUser(principal,
context.getProperty(KERBEROS_PASSWORD).getValue());
} else {
principal = kerberosService.getPrincipal();
this.kerberosUser = new KerberosKeytabUser(principal,
kerberosService.getKeytab());
}
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -50,52 +60,95 @@
*/
@RequiresInstanceClassLoading
@Tags({"accumulo", "client", "service"})
-@CapabilityDescription("A controller service for accessing an HBase client.")
+@CapabilityDescription("A controller service for accessing an Accumulo
Client.")
public class AccumuloService extends AbstractControllerService implements
BaseAccumuloService {
- private enum AuthenticationType{
+ private enum AuthenticationType {
PASSWORD,
+ KERBEROS,
NONE
}
protected static final PropertyDescriptor ZOOKEEPER_QUORUM = new
PropertyDescriptor.Builder()
.name("ZooKeeper Quorum")
+ .displayName("ZooKeeper Quorum")
.description("Comma-separated list of ZooKeeper hosts for
Accumulo.")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
protected static final PropertyDescriptor INSTANCE_NAME = new
PropertyDescriptor.Builder()
.name("Instance Name")
+ .displayName("Instance Name")
.description("Instance name of the Accumulo cluster")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
+ protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
+ .name("accumulo-authentication-type")
+ .displayName("Authentication Type")
+ .description("Authentication Type")
+ .allowableValues(AuthenticationType.values())
+ .defaultValue(AuthenticationType.PASSWORD.toString())
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .build();
protected static final PropertyDescriptor ACCUMULO_USER = new
PropertyDescriptor.Builder()
.name("Accumulo User")
+ .displayName("Accumulo User")
.description("Connecting user for Accumulo")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
protected static final PropertyDescriptor ACCUMULO_PASSWORD = new
PropertyDescriptor.Builder()
.name("Accumulo Password")
- .description("Connecting user's password when using the PASSWORD
Authentication type")
+ .displayName("Accumulo Password")
+ .description("Connecting user's password")
.sensitive(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
- protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
- .name("Authentication Type")
- .description("Authentication Type")
- .allowableValues(AuthenticationType.values())
- .defaultValue(AuthenticationType.PASSWORD.toString())
+ protected static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE =
new PropertyDescriptor.Builder()
+ .name("kerberos-credentials-service")
+ .displayName("Kerberos Credentials Service")
+ .description("Specifies the Kerberos Credentials Controller
Service that should be used for principal + keytab Kerberos authentication")
+ .identifiesControllerService(KerberosCredentialsService.class)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.KERBEROS.toString())
+ .build();
+
+ protected static final PropertyDescriptor KERBEROS_PRINCIPAL = new
PropertyDescriptor.Builder()
+ .name("accumulo-kerberos-principal")
+ .displayName("Kerberos Principal")
+ .description("Kerberos Principal")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.KERBEROS.toString())
.build();
+ protected static final PropertyDescriptor KERBEROS_PASSWORD = new
PropertyDescriptor.Builder()
+ .name("accumulo-kerberos-password")
Review comment:
```suggestion
.name("kerberos-password")
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +204,108 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
+ }
+ break;
+ case KERBEROS:
+ if
(!validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
!validationContext.getProperty(KERBEROS_PASSWORD).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Either Kerberos Password or Kerberos
Credential Service must be set").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(KERBEROS_PASSWORD).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Kerberos Password and Kerberos
Credential Service should not be filled out at the same time").build());
+ } else if
(validationContext.getProperty(KERBEROS_PASSWORD).isSet() &&
!validationContext.getProperty(KERBEROS_PRINCIPAL).isSet()) {
+ problems.add(new
ValidationResult.Builder().valid(false).subject(KERBEROS_PRINCIPAL.getName())
+ .explanation("Kerberos Principal must be supplied
when principal + password Kerberos authentication is used").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(KERBEROS_PRINCIPAL).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(KERBEROS_PRINCIPAL.getName())
+ .explanation("Kerberos Principal (for password)
should not be filled out when principal + keytab Kerberos authentication is
used").build());
}
break;
default:
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName()).explanation("Non
supported Authentication type").build());
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Non
supported Authentication type").build());
}
return problems;
}
@OnEnabled
public void onEnabled(final ConfigurationContext context) throws
InitializationException, IOException, InterruptedException {
- if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet() ||
!context.getProperty(ACCUMULO_USER).isSet()){
+ if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet()) {
throw new InitializationException("Instance name and Zookeeper
Quorum must be specified");
}
-
-
+ final KerberosCredentialsService kerberosService =
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
final String instanceName =
context.getProperty(INSTANCE_NAME).evaluateAttributeExpressions().getValue();
final String zookeepers =
context.getProperty(ZOOKEEPER_QUORUM).evaluateAttributeExpressions().getValue();
- final String accumuloUser =
context.getProperty(ACCUMULO_USER).evaluateAttributeExpressions().getValue();
+ final AuthenticationType authType = AuthenticationType.valueOf(
context.getProperty(AUTHENTICATION_TYPE).getValue());
+
+ final Properties clientConf = new Properties();
+ clientConf.setProperty("instance.zookeepers", zookeepers);
+ clientConf.setProperty("instance.name", instanceName);
- final AuthenticationType type = AuthenticationType.valueOf(
context.getProperty(AUTHENTICATION_TYPE).getValue() );
+ switch(authType){
+ case PASSWORD:
+ final String accumuloUser =
context.getProperty(ACCUMULO_USER).evaluateAttributeExpressions().getValue();
+ final AuthenticationToken token = new
PasswordToken(context.getProperty(ACCUMULO_PASSWORD).getValue());
+ this.client =
Accumulo.newClient().from(clientConf).as(accumuloUser, token).build();
+ break;
+ case KERBEROS:
+ final String principal = kerberosService == null ?
context.getProperty(KERBEROS_PRINCIPAL).getValue() :
kerberosService.getPrincipal();
Review comment:
```suggestion
final String principal;
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -107,34 +160,35 @@
*/
private List<PropertyDescriptor> properties;
+ private KerberosUser kerberosUser;
+
@Override
- protected void init(ControllerServiceInitializationContext config) throws
InitializationException {
+ protected void init(ControllerServiceInitializationContext config) {
List<PropertyDescriptor> props = new ArrayList<>();
props.add(ZOOKEEPER_QUORUM);
props.add(INSTANCE_NAME);
props.add(ACCUMULO_USER);
- props.add(AUTHENTICATION_TYPE);
props.add(ACCUMULO_PASSWORD);
+ props.add(AUTHENTICATION_TYPE);
+ props.add(KERBEROS_CREDENTIALS_SERVICE);
+ props.add(KERBEROS_PRINCIPAL);
+ props.add(KERBEROS_PASSWORD);
+ props.add(ACCUMULO_SASL_QOP);
properties = Collections.unmodifiableList(props);
}
- private AuthenticationToken getToken(final AuthenticationType type, final
ConfigurationContext context){
- switch(type){
- case PASSWORD:
- return new
PasswordToken(context.getProperty(ACCUMULO_PASSWORD).getValue());
- default:
- return null;
- }
- }
-
@Override
public final List<PropertyDescriptor> getSupportedPropertyDescriptors() {
Review comment:
```suggestion
@Override
public final List<PropertyDescriptor> getSupportedPropertyDescriptors() {
return properties;
}
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -107,34 +160,35 @@
*/
private List<PropertyDescriptor> properties;
+ private KerberosUser kerberosUser;
+
@Override
- protected void init(ControllerServiceInitializationContext config) throws
InitializationException {
+ protected void init(ControllerServiceInitializationContext config) {
List<PropertyDescriptor> props = new ArrayList<>();
props.add(ZOOKEEPER_QUORUM);
props.add(INSTANCE_NAME);
props.add(ACCUMULO_USER);
- props.add(AUTHENTICATION_TYPE);
props.add(ACCUMULO_PASSWORD);
+ props.add(AUTHENTICATION_TYPE);
Review comment:
I would move `props.add(AUTHENTICATION_TYPE);` above
`props.add(ACCUMULO_USER);`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
