NIFIREG-417 Upgrade to apache ranger 2.1.0 client
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes #300.
diff --git a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml
index f66ee6d..7c20426 100644
--- a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml
+++ b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/pom.xml
@@ -25,7 +25,7 @@
<packaging>jar</packaging>
<properties>
- <ranger.version>2.0.0</ranger.version>
+ <ranger.version>2.1.0</ranger.version>
<ranger.hadoop.version>3.1.1</ranger.hadoop.version>
</properties>
diff --git a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java
index 05582b6..6fa6fe2 100644
--- a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java
+++ b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/main/java/org/apache/nifi/registry/ranger/RangerAuthorizer.java
@@ -41,6 +41,7 @@
import org.apache.nifi.registry.util.PropertyValue;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -132,11 +133,18 @@
if (rangerPlugin == null) {
logger.info("initializing base plugin");
+ final String serviceType = getConfigValue(configurationContext, RANGER_SERVICE_TYPE_PROP, DEFAULT_SERVICE_TYPE);
+ final String appId = getConfigValue(configurationContext, RANGER_APP_ID_PROP, DEFAULT_APP_ID);
+
+ rangerPlugin = createRangerBasePlugin(serviceType, appId);
+
+ final RangerPluginConfig pluginConfig = rangerPlugin.getConfig();
+
final PropertyValue securityConfigValue = configurationContext.getProperty(RANGER_SECURITY_PATH_PROP);
- addRequiredResource(RANGER_SECURITY_PATH_PROP, securityConfigValue);
+ addRequiredResource(RANGER_SECURITY_PATH_PROP, securityConfigValue, pluginConfig);
final PropertyValue auditConfigValue = configurationContext.getProperty(RANGER_AUDIT_PATH_PROP);
- addRequiredResource(RANGER_AUDIT_PATH_PROP, auditConfigValue);
+ addRequiredResource(RANGER_AUDIT_PATH_PROP, auditConfigValue, pluginConfig);
boolean rangerKerberosEnabled = Boolean.valueOf(getConfigValue(configurationContext, RANGER_KERBEROS_ENABLED_PROP, Boolean.FALSE.toString()));
@@ -158,10 +166,6 @@
UserGroupInformation.loginUserFromKeytab(registryPrincipal.trim(), registryKeytab.trim());
}
- final String serviceType = getConfigValue(configurationContext, RANGER_SERVICE_TYPE_PROP, DEFAULT_SERVICE_TYPE);
- final String appId = getConfigValue(configurationContext, RANGER_APP_ID_PROP, DEFAULT_APP_ID);
-
- rangerPlugin = createRangerBasePlugin(serviceType, appId);
rangerPlugin.init();
defaultAuditHandler = new RangerDefaultAuditHandler();
@@ -287,8 +291,9 @@
*
* @param name the name of the given PropertyValue from the AuthorizationConfigurationContext
* @param resourceValue the value for the given name, should be a full path to a file
+ * @param configuration the RangerConfiguration to add the resource to
*/
- private void addRequiredResource(final String name, final PropertyValue resourceValue) {
+ private void addRequiredResource(final String name, final PropertyValue resourceValue, final RangerConfiguration configuration) {
if (resourceValue == null || StringUtils.isBlank(resourceValue.getValue())) {
throw new SecurityProviderCreationException(name + " must be specified.");
}
@@ -299,7 +304,7 @@
}
try {
- RangerConfiguration.getInstance().addResource(resourceFile.toURI().toURL());
+ configuration.addResource(resourceFile.toURI().toURL());
} catch (MalformedURLException e) {
throw new SecurityProviderCreationException("Error creating URI for " + resourceValue, e);
}
diff --git a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java
index c97d27a..20ecd43 100644
--- a/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java
+++ b/nifi-registry-extensions/nifi-registry-ranger/nifi-registry-ranger-plugin/src/test/java/org/apache/nifi/registry/ranger/TestRangerAuthorizer.java
@@ -36,6 +36,7 @@
import org.apache.nifi.registry.security.authorization.exception.UninheritableAuthorizationsException;
import org.apache.nifi.registry.security.exception.SecurityProviderCreationException;
import org.apache.nifi.registry.util.StandardPropertyValue;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -113,6 +114,10 @@
UserGroupInformation.setConfiguration(securityConf);
rangerBasePlugin = mock(RangerBasePluginWithPolicies.class);
+
+ final RangerPluginConfig pluginConfig = new RangerPluginConfig(serviceType, null, appId, null, null, null);
+ when(rangerBasePlugin.getConfig()).thenReturn(pluginConfig);
+
authorizer = new MockRangerAuthorizer(rangerBasePlugin);
final UserGroupProviderLookup userGroupProviderLookup = mock(UserGroupProviderLookup.class);