Skip to content

Commit

Permalink
Merge pull request #188 from ing-bank/fix/config
Browse files Browse the repository at this point in the history
configuration for authorization plugin
  • Loading branch information
kr7ysztof authored Nov 7, 2023
2 parents aff701a + 918746f commit 47b992c
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 19 deletions.
9 changes: 6 additions & 3 deletions build.sbt
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import com.typesafe.sbt.packager.docker
import com.typesafe.sbt.packager.docker.ExecCmd
import scalariform.formatter.preferences._
import com.typesafe.sbt.packager.docker.{DockerChmodType, ExecCmd}
import scalariform.formatter.preferences.*

val rokkuVersion = scala.sys.env.getOrElse("ROKKU_VERSION", "SNAPSHOT")

Expand Down Expand Up @@ -87,8 +87,11 @@ scalariformPreferences := scalariformPreferences.value
.setPreference(NewlineAtEndOfFile, true)
.setPreference(SingleCasePatternOnNewline, false)

dockerChmodType := DockerChmodType.UserGroupWriteExecute
dockerCommands += ExecCmd("RUN", "mkdir", "-p", "/opt/docker/lib/plugins") //additional libs e.g. for authorization plugin

// hack for ranger conf dir - should contain files like ranger-s3-security.xml etc.
bashScriptDefines / scriptClasspath ~= (cp => cp :+ ":/etc/rokku")
bashScriptDefines / scriptClasspath ~= (cp => cp :+ ":/etc/rokku"+ ":/opt/docker/lib/plugins/*")

//Coverage settings
Compile / coverageMinimum := 70
Expand Down
6 changes: 1 addition & 5 deletions src/main/resources/application.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,7 @@ rokku {
allow-create-delete-buckets = ${?ROKKU_ALLOW_CREATE_DELETE_BUCKETS}
enabled-audit = ${?ROKKU_ENABLED_AUDIT}
class-name = ${?ROKKU_ACCESS_CONTROL_CLASS_NAME}
plugin-params {
appId = ${?ROKKU_RANGER_API_ID}
userDomainPostfix = ${?ROKKU_RANGER_USER_DOMAIN_POSTFIX}
rolePrefix = ${?ROKKU_RANGER_ROLE_PREFIX}
}
plugin-params = ${?ROKKU_ACCESS_CONTROL_PLUGIN_PARAMS}
}
storage.s3 {
# Settings for reaching backing storage.
Expand Down
9 changes: 1 addition & 8 deletions src/main/resources/reference.conf
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,7 @@ rokku {
allow-create-delete-buckets = true
enabled-audit = false
class-name = "com.ing.wbaa.rokku.proxy.provider.AccessControlProviderRanger"
plugin-params {
appId = "testservice"
# make sure the service_type is equal to what is specified in
# ranger-s3-security.xml
serviceType = "s3"
userDomainPostfix = ""
rolePrefix = "role_"
}
plugin-params = "{appId:testservice, serviceType:s3, rolePrefix:role_}"
}

storage.s3 {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package com.ing.wbaa.rokku.proxy.config

import akka.actor.{ ExtendedActorSystem, Extension, ExtensionId, ExtensionIdProvider }
import com.typesafe.config.Config
import com.typesafe.config.{ Config, ConfigFactory }

import scala.jdk.CollectionConverters._

Expand All @@ -10,7 +10,7 @@ class AccessControlProviderSettings(config: Config) extends Extension {
val createDeleteBucketsEnabled: Boolean = config.getBoolean("rokku.access-control.allow-create-delete-buckets")
val auditEnabled: Boolean = config.getBoolean("rokku.access-control.enabled-audit")
val className: String = config.getString("rokku.access-control.class-name")
val pluginParams: Map[String, String] = config.getConfig("rokku.access-control.plugin-params")
val pluginParams: Map[String, String] = ConfigFactory.parseString(config.getString("rokku.access-control.plugin-params"))
.entrySet().asScala.map(e => e.getKey -> e.getValue.unwrapped().toString).toMap
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ class AccessControlProviderRanger(config: java.util.Map[String, String]) extends
prepareAccessRequest(rangerResource, request.accessType, null, Set(UserGroup(s"${config.get(ROLE_PREFIX_PARAM)}${roleValue}")).map(_.value.toLowerCase))
case _ =>
prepareAccessRequest(
rangerResource, request.accessType, request.user + config.get(USER_DOMAIN_POSTFIX_PARAM), request.userGroups.asScala.map(_.toLowerCase).toSet)
rangerResource, request.accessType, request.user + config.getOrDefault(USER_DOMAIN_POSTFIX_PARAM, ""), request.userGroups.asScala.map(_.toLowerCase).toSet)
}

rangerRequest.setAction(request.action)
Expand Down

0 comments on commit 47b992c

Please sign in to comment.