diff --git a/CHANGELOG.md b/CHANGELOG.md index 525da155e..995340a4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ### Added +- [PR #170](https://github.com/Orange-OpenSource/nifikop/pull/170) - **[Operator/NiFiClustser]** Add ability to override default authorizers.xml template. + ### Changed ### Deprecated diff --git a/api/v1alpha1/nificluster_types.go b/api/v1alpha1/nificluster_types.go index afb711dd8..d3f739e7b 100644 --- a/api/v1alpha1/nificluster_types.go +++ b/api/v1alpha1/nificluster_types.go @@ -172,10 +172,20 @@ type ReadOnlyConfig struct { BootstrapProperties BootstrapProperties `json:"bootstrapProperties,omitempty"` // Logback configuration that will be applied to the node. LogbackConfig LogbackConfig `json:"logbackConfig,omitempty"` + // Authorizer configuration that will be applied to the node. + AuthorizerConfig AuthorizerConfig `json:"authorizerConfig,omitempty"` // BootstrapNotificationServices configuration that will be applied to the node. BootstrapNotificationServicesReplaceConfig BootstrapNotificationServicesConfig `json:"bootstrapNotificationServicesConfig,omitempty"` } +// Optional configuration for the default authorizers.xml template. +type AuthorizerConfig struct { + // A replacement authorizers.xml template configuration that will replace the default template. NOTE: this is a template as seen in authorizers.go. + ReplaceTemplateConfigMap *ConfigmapReference `json:"replaceTemplateConfigMap,omitempty"` + // a replacement authorizers.xml template configuration that will replace the default template and replaceConfigMap. NOTE: this is a template as seen in authorizers.go. + ReplaceTemplateSecretConfig *SecretConfigReference `json:"replaceTemplateSecretConfig,omitempty"` +} + // NifiProperties configuration that will be applied to the node. type NifiProperties struct { // Additionnals nifi.properties configuration that will override the one produced based on template and diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 184e448ac..46f6e8f7d 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -41,6 +41,31 @@ func (in *AccessPolicy) DeepCopy() *AccessPolicy { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizerConfig) DeepCopyInto(out *AuthorizerConfig) { + *out = *in + if in.ReplaceTemplateConfigMap != nil { + in, out := &in.ReplaceTemplateConfigMap, &out.ReplaceTemplateConfigMap + *out = new(ConfigmapReference) + **out = **in + } + if in.ReplaceTemplateSecretConfig != nil { + in, out := &in.ReplaceTemplateSecretConfig, &out.ReplaceTemplateSecretConfig + *out = new(SecretConfigReference) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizerConfig. +func (in *AuthorizerConfig) DeepCopy() *AuthorizerConfig { + if in == nil { + return nil + } + out := new(AuthorizerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootstrapNotificationServicesConfig) DeepCopyInto(out *BootstrapNotificationServicesConfig) { *out = *in @@ -1301,6 +1326,7 @@ func (in *ReadOnlyConfig) DeepCopyInto(out *ReadOnlyConfig) { in.ZookeeperProperties.DeepCopyInto(&out.ZookeeperProperties) in.BootstrapProperties.DeepCopyInto(&out.BootstrapProperties) in.LogbackConfig.DeepCopyInto(&out.LogbackConfig) + in.AuthorizerConfig.DeepCopyInto(&out.AuthorizerConfig) in.BootstrapNotificationServicesReplaceConfig.DeepCopyInto(&out.BootstrapNotificationServicesReplaceConfig) } diff --git a/config/crd/bases/nifi.orange.com_nificlusters.yaml b/config/crd/bases/nifi.orange.com_nificlusters.yaml index b46ff8a28..7bd24ce66 100644 --- a/config/crd/bases/nifi.orange.com_nificlusters.yaml +++ b/config/crd/bases/nifi.orange.com_nificlusters.yaml @@ -2567,6 +2567,54 @@ spec: - name type: object type: array + authorizerConfig: + description: Authorizer configuration that will be applied + to the node. + properties: + replaceTemplateConfigMap: + description: 'A replacement authorizers.xml template + configuration that will replace the default template. + NOTE: this is a template as seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, + that we want use. + type: string + name: + description: Name of the configmap that we want + to refer. + type: string + namespace: + description: Namespace where is located the secret + that we want to refer. + type: string + required: + - data + - name + type: object + replaceTemplateSecretConfig: + description: 'a replacement authorizers.xml template + configuration that will replace the default template + and replaceConfigMap. NOTE: this is a template as + seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, + that we want use. + type: string + name: + description: Name of the configmap that we want + to refer. + type: string + namespace: + description: Namespace where is located the secret + that we want to refer. + type: string + required: + - data + - name + type: object + type: object bootstrapNotificationServicesConfig: description: BootstrapNotificationServices configuration that will be applied to the node. @@ -2984,6 +3032,51 @@ spec: - name type: object type: array + authorizerConfig: + description: Authorizer configuration that will be applied to + the node. + properties: + replaceTemplateConfigMap: + description: 'A replacement authorizers.xml template configuration + that will replace the default template. NOTE: this is a + template as seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, that + we want use. + type: string + name: + description: Name of the configmap that we want to refer. + type: string + namespace: + description: Namespace where is located the secret that + we want to refer. + type: string + required: + - data + - name + type: object + replaceTemplateSecretConfig: + description: 'a replacement authorizers.xml template configuration + that will replace the default template and replaceConfigMap. + NOTE: this is a template as seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, that + we want use. + type: string + name: + description: Name of the configmap that we want to refer. + type: string + namespace: + description: Namespace where is located the secret that + we want to refer. + type: string + required: + - data + - name + type: object + type: object bootstrapNotificationServicesConfig: description: BootstrapNotificationServices configuration that will be applied to the node. diff --git a/helm/nifikop/crds/nifi.orange.com_nificlusters.yaml b/helm/nifikop/crds/nifi.orange.com_nificlusters.yaml index b46ff8a28..7bd24ce66 100644 --- a/helm/nifikop/crds/nifi.orange.com_nificlusters.yaml +++ b/helm/nifikop/crds/nifi.orange.com_nificlusters.yaml @@ -2567,6 +2567,54 @@ spec: - name type: object type: array + authorizerConfig: + description: Authorizer configuration that will be applied + to the node. + properties: + replaceTemplateConfigMap: + description: 'A replacement authorizers.xml template + configuration that will replace the default template. + NOTE: this is a template as seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, + that we want use. + type: string + name: + description: Name of the configmap that we want + to refer. + type: string + namespace: + description: Namespace where is located the secret + that we want to refer. + type: string + required: + - data + - name + type: object + replaceTemplateSecretConfig: + description: 'a replacement authorizers.xml template + configuration that will replace the default template + and replaceConfigMap. NOTE: this is a template as + seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, + that we want use. + type: string + name: + description: Name of the configmap that we want + to refer. + type: string + namespace: + description: Namespace where is located the secret + that we want to refer. + type: string + required: + - data + - name + type: object + type: object bootstrapNotificationServicesConfig: description: BootstrapNotificationServices configuration that will be applied to the node. @@ -2984,6 +3032,51 @@ spec: - name type: object type: array + authorizerConfig: + description: Authorizer configuration that will be applied to + the node. + properties: + replaceTemplateConfigMap: + description: 'A replacement authorizers.xml template configuration + that will replace the default template. NOTE: this is a + template as seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, that + we want use. + type: string + name: + description: Name of the configmap that we want to refer. + type: string + namespace: + description: Namespace where is located the secret that + we want to refer. + type: string + required: + - data + - name + type: object + replaceTemplateSecretConfig: + description: 'a replacement authorizers.xml template configuration + that will replace the default template and replaceConfigMap. + NOTE: this is a template as seen in authorizers.go.' + properties: + data: + description: The key of the value,in data content, that + we want use. + type: string + name: + description: Name of the configmap that we want to refer. + type: string + namespace: + description: Namespace where is located the secret that + we want to refer. + type: string + required: + - data + - name + type: object + type: object bootstrapNotificationServicesConfig: description: BootstrapNotificationServices configuration that will be applied to the node. diff --git a/pkg/resources/nifi/secretconfig.go b/pkg/resources/nifi/secretconfig.go index 5321e71f9..2057c7ee4 100644 --- a/pkg/resources/nifi/secretconfig.go +++ b/pkg/resources/nifi/secretconfig.go @@ -420,6 +420,25 @@ func (r *Reconciler) getAuthorizersConfigString(nConfig *v1alpha1.NodeConfig, id authorizersTemplate := config.EmptyAuthorizersTemplate if r.NifiCluster.Status.NodesState[fmt.Sprint(id)].InitClusterNode { authorizersTemplate = config.AuthorizersTemplate + + // Check for secret/configmap overrides. If there aren't any, then use the default template. + if r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateConfigMap != nil { + conf, err := r.getConfigMap(context.TODO(), *r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateConfigMap) + if err == nil { + authorizersTemplate = conf + } + log.Error(err, "error occurred during getting authorizer readonly configmap") + } + + // The secret takes precedence over the ConfigMap, if it exists. + if r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateSecretConfig != nil { + conf, err := r.getSecrectConfig(context.TODO(), *r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateSecretConfig) + if err == nil { + authorizersTemplate = conf + } + log.Error(err, "error occurred during getting authorizer readonly secret config") + } + for nId, nodeState := range r.NifiCluster.Status.NodesState { if nodeState.InitClusterNode { nodeList[nId] = utilpki.GetNodeUserName(r.NifiCluster, util.ConvertStringToInt32(nId)) diff --git a/site/docs/5_references/1_nifi_cluster/2_read_only_config.md b/site/docs/5_references/1_nifi_cluster/2_read_only_config.md index 820bc5b97..0442379eb 100644 --- a/site/docs/5_references/1_nifi_cluster/2_read_only_config.md +++ b/site/docs/5_references/1_nifi_cluster/2_read_only_config.md @@ -28,6 +28,24 @@ readOnlyConfig: name: raw # Namespace where is located the secret that we want to refer. namespace: nifikop + # Authorizer configuration that will be applied to the node + authorizerConfig: + # An authorizers.xml configuration template that will replace the default template seen in authorizers.go + replaceTemplateConfigMap: + # The key of the value, in data content, that we want use. + data: authorizers.xml + # Name of the configmap that we want to refer. + name: raw + # Namespace where is located the secret that we want to refer. + namespace: nifikop + # An authorizers.xml configuration template that will replace the default template seen in authorizers.go and the replaceTemplateConfigMap + replaceTemplateSecretConfig: + # The key of the value,in data content, that we want use. + data: authorizers.xml + # Name of the configmap that we want to refer. + name: raw + # Namespace where is located the secret that we want to refer. + namespace: nifikop # NifiProperties configuration that will be applied to the node. nifiProperties: # Additionnals nifi.properties configuration that will override the one produced based on template and @@ -129,6 +147,7 @@ readOnlyConfig: |zookeeperProperties|[ZookeeperProperties](#zookeeperproperties)|zookeeper.properties configuration that will be applied to the node.|No|nil| |bootstrapProperties|[BootstrapProperties](#bootstrapproperties)|bootstrap.conf configuration that will be applied to the node.|No|nil| |logbackConfig|[LogbackConfig](#logbackconfig)|logback.xml configuration that will be applied to the node.|No|nil| +|authorizerConfig|[AuthorizerConfig](#authorizerconfig)|authorizers.xml configuration template that will be applied to the node.|No|nil| |bootstrapNotificationServicesConfig|[BootstrapNotificationServices](#bootstrapnotificationservices)|bootstrap_notification_services.xml configuration that will be applied to the node.|No|nil| @@ -169,6 +188,13 @@ readOnlyConfig: |replaceConfigMap|[ConfigmapReference](#configmapreference)|logback.xml configuration that will replace the one produced based on template.|No|nil| |replaceSecretConfig|[SecretConfigReference](#secretconfigreference)|logback.xml configuration that will replace the one produced based on template and overrideConfigMap.|No|nil| +## AuthorizerConfig + +|Field|Type|Description|Required|Default| +|-----|----|-----------|--------|--------| +|replaceTemplateConfigMap|[ConfigmapReference](#configmapreference)|authorizers.xml configuration template that will replace the default template.|No|nil| +|replaceTemplateSecretConfig|[SecretConfigReference](#secretconfigreference)|authorizers.xml configuration that will replace the default template and the replaceTemplateConfigMap.|No|nil| + ## BootstrapNotificationServicesConfig |Field|Type|Description|Required|Default|