Skip to content
This repository has been archived by the owner on Oct 20, 2022. It is now read-only.

[DRAFT] add ability to override default authorizers.xml template #170

Closed
wants to merge 2 commits into from
Closed

[DRAFT] add ability to override default authorizers.xml template #170

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1728dd9
add ability to override default template authorizers.xml
mh013370 Dec 6, 2021
edd3332
update helm CRDs
mh013370 Mar 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

### Added

- [PR #170](https://github.com/Orange-OpenSource/nifikop/pull/170) - **[Operator/NiFiClustser]** Add ability to override default authorizers.xml template.

### Changed

### Deprecated
Expand Down
10 changes: 10 additions & 0 deletions api/v1alpha1/nificluster_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,10 +172,20 @@ type ReadOnlyConfig struct {
BootstrapProperties BootstrapProperties `json:"bootstrapProperties,omitempty"`
// Logback configuration that will be applied to the node.
LogbackConfig LogbackConfig `json:"logbackConfig,omitempty"`
// Authorizer configuration that will be applied to the node.
AuthorizerConfig AuthorizerConfig `json:"authorizerConfig,omitempty"`
// BootstrapNotificationServices configuration that will be applied to the node.
BootstrapNotificationServicesReplaceConfig BootstrapNotificationServicesConfig `json:"bootstrapNotificationServicesConfig,omitempty"`
}

// Optional configuration for the default authorizers.xml template.
type AuthorizerConfig struct {
// A replacement authorizers.xml template configuration that will replace the default template. NOTE: this is a template as seen in authorizers.go.
ReplaceTemplateConfigMap *ConfigmapReference `json:"replaceTemplateConfigMap,omitempty"`
// a replacement authorizers.xml template configuration that will replace the default template and replaceConfigMap. NOTE: this is a template as seen in authorizers.go.
ReplaceTemplateSecretConfig *SecretConfigReference `json:"replaceTemplateSecretConfig,omitempty"`
}

// NifiProperties configuration that will be applied to the node.
type NifiProperties struct {
// Additionnals nifi.properties configuration that will override the one produced based on template and
Expand Down
26 changes: 26 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

93 changes: 93 additions & 0 deletions config/crd/bases/nifi.orange.com_nificlusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2567,6 +2567,54 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied
to the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template
configuration that will replace the default template.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template
configuration that will replace the default template
and replaceConfigMap. NOTE: this is a template as
seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration
that will be applied to the node.
Expand Down Expand Up @@ -2984,6 +3032,51 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied to
the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template configuration
that will replace the default template. NOTE: this is a
template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template configuration
that will replace the default template and replaceConfigMap.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration that
will be applied to the node.
Expand Down
93 changes: 93 additions & 0 deletions helm/nifikop/crds/nifi.orange.com_nificlusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2567,6 +2567,54 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied
to the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template
configuration that will replace the default template.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template
configuration that will replace the default template
and replaceConfigMap. NOTE: this is a template as
seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration
that will be applied to the node.
Expand Down Expand Up @@ -2984,6 +3032,51 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied to
the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template configuration
that will replace the default template. NOTE: this is a
template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template configuration
that will replace the default template and replaceConfigMap.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration that
will be applied to the node.
Expand Down
19 changes: 19 additions & 0 deletions pkg/resources/nifi/secretconfig.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,25 @@ func (r *Reconciler) getAuthorizersConfigString(nConfig *v1alpha1.NodeConfig, id
authorizersTemplate := config.EmptyAuthorizersTemplate
if r.NifiCluster.Status.NodesState[fmt.Sprint(id)].InitClusterNode {
authorizersTemplate = config.AuthorizersTemplate

// Check for secret/configmap overrides. If there aren't any, then use the default template.
if r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateConfigMap != nil {
conf, err := r.getConfigMap(context.TODO(), *r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateConfigMap)
if err == nil {
authorizersTemplate = conf
}
log.Error(err, "error occurred during getting authorizer readonly configmap")
}

// The secret takes precedence over the ConfigMap, if it exists.
if r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateSecretConfig != nil {
conf, err := r.getSecrectConfig(context.TODO(), *r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateSecretConfig)
if err == nil {
authorizersTemplate = conf
}
log.Error(err, "error occurred during getting authorizer readonly secret config")
}

for nId, nodeState := range r.NifiCluster.Status.NodesState {
if nodeState.InitClusterNode {
nodeList[nId] = utilpki.GetNodeUserName(r.NifiCluster, util.ConvertStringToInt32(nId))
Expand Down
26 changes: 26 additions & 0 deletions site/docs/5_references/1_nifi_cluster/2_read_only_config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,24 @@ readOnlyConfig:
name: raw
# Namespace where is located the secret that we want to refer.
namespace: nifikop
# Authorizer configuration that will be applied to the node
authorizerConfig:
# An authorizers.xml configuration template that will replace the default template seen in authorizers.go
replaceTemplateConfigMap:
# The key of the value, in data content, that we want use.
data: authorizers.xml
# Name of the configmap that we want to refer.
name: raw
# Namespace where is located the secret that we want to refer.
namespace: nifikop
# An authorizers.xml configuration template that will replace the default template seen in authorizers.go and the replaceTemplateConfigMap
replaceTemplateSecretConfig:
# The key of the value,in data content, that we want use.
data: authorizers.xml
# Name of the configmap that we want to refer.
name: raw
# Namespace where is located the secret that we want to refer.
namespace: nifikop
# NifiProperties configuration that will be applied to the node.
nifiProperties:
# Additionnals nifi.properties configuration that will override the one produced based on template and
Expand Down Expand Up @@ -129,6 +147,7 @@ readOnlyConfig:
|zookeeperProperties|[ZookeeperProperties](#zookeeperproperties)|zookeeper.properties configuration that will be applied to the node.|No|nil|
|bootstrapProperties|[BootstrapProperties](#bootstrapproperties)|bootstrap.conf configuration that will be applied to the node.|No|nil|
|logbackConfig|[LogbackConfig](#logbackconfig)|logback.xml configuration that will be applied to the node.|No|nil|
|authorizerConfig|[AuthorizerConfig](#authorizerconfig)|authorizers.xml configuration template that will be applied to the node.|No|nil|
|bootstrapNotificationServicesConfig|[BootstrapNotificationServices](#bootstrapnotificationservices)|bootstrap_notification_services.xml configuration that will be applied to the node.|No|nil|


Expand Down Expand Up @@ -169,6 +188,13 @@ readOnlyConfig:
|replaceConfigMap|[ConfigmapReference](#configmapreference)|logback.xml configuration that will replace the one produced based on template.|No|nil|
|replaceSecretConfig|[SecretConfigReference](#secretconfigreference)|logback.xml configuration that will replace the one produced based on template and overrideConfigMap.|No|nil|

## AuthorizerConfig

|Field|Type|Description|Required|Default|
|-----|----|-----------|--------|--------|
|replaceTemplateConfigMap|[ConfigmapReference](#configmapreference)|authorizers.xml configuration template that will replace the default template.|No|nil|
|replaceTemplateSecretConfig|[SecretConfigReference](#secretconfigreference)|authorizers.xml configuration that will replace the default template and the replaceTemplateConfigMap.|No|nil|

## BootstrapNotificationServicesConfig

|Field|Type|Description|Required|Default|
Expand Down