Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add ability to override default template authorizers.xml #76

Merged
merged 5 commits into from
Apr 20, 2022
Merged

add ability to override default template authorizers.xml #76

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d07487c
add ability to override default template authorizers.xml
mh013370 Mar 25, 2022
1cb22ed
Merge branch 'master' into provide-custom-authorizers
erdrix Mar 25, 2022
e75e10a
Added task doc explaining how to override authorizers.xml configuration
mh013370 Mar 28, 2022
3ecc3bc
Merge branch 'provide-custom-authorizers' of github.com:michael81877/…
mh013370 Mar 28, 2022
87d961b
updated custom authorizer task doc
mh013370 Mar 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

### Added

- [PR #76](https://github.com/konpyutaika/nifikop/pull/76) - **[Operator/NiFiCluster]** Add ability to override default authorizers.xml template.

### Changed

- [PR #75](https://github.com/konpyutaika/nifikop/pull/75) - **[Operator]** Update PodDisruptionBudget version to policy/v1 instead of policy/v1beta1.
Expand Down
10 changes: 10 additions & 0 deletions api/v1alpha1/nificluster_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,10 +177,20 @@ type ReadOnlyConfig struct {
BootstrapProperties BootstrapProperties `json:"bootstrapProperties,omitempty"`
// Logback configuration that will be applied to the node.
LogbackConfig LogbackConfig `json:"logbackConfig,omitempty"`
// Authorizer configuration that will be applied to the node.
AuthorizerConfig AuthorizerConfig `json:"authorizerConfig,omitempty"`
// BootstrapNotificationServices configuration that will be applied to the node.
BootstrapNotificationServicesReplaceConfig BootstrapNotificationServicesConfig `json:"bootstrapNotificationServicesConfig,omitempty"`
}

// Optional configuration for the default authorizers.xml template.
type AuthorizerConfig struct {
// A replacement authorizers.xml template configuration that will replace the default template. NOTE: this is a template as seen in authorizers.go.
ReplaceTemplateConfigMap *ConfigmapReference `json:"replaceTemplateConfigMap,omitempty"`
// a replacement authorizers.xml template configuration that will replace the default template and replaceConfigMap. NOTE: this is a template as seen in authorizers.go.
ReplaceTemplateSecretConfig *SecretConfigReference `json:"replaceTemplateSecretConfig,omitempty"`
}

// NifiProperties configuration that will be applied to the node.
type NifiProperties struct {
// Additionnals nifi.properties configuration that will override the one produced based on template and
Expand Down
26 changes: 26 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

93 changes: 93 additions & 0 deletions config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6093,6 +6093,54 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied
to the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template
configuration that will replace the default template.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template
configuration that will replace the default template
and replaceConfigMap. NOTE: this is a template as
seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration
that will be applied to the node.
Expand Down Expand Up @@ -6523,6 +6571,51 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied to
the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template configuration
that will replace the default template. NOTE: this is a
template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template configuration
that will replace the default template and replaceConfigMap.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration that
will be applied to the node.
Expand Down
93 changes: 93 additions & 0 deletions helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6093,6 +6093,54 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied
to the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template
configuration that will replace the default template.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template
configuration that will replace the default template
and replaceConfigMap. NOTE: this is a template as
seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content,
that we want use.
type: string
name:
description: Name of the configmap that we want
to refer.
type: string
namespace:
description: Namespace where is located the secret
that we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration
that will be applied to the node.
Expand Down Expand Up @@ -6523,6 +6571,51 @@ spec:
- name
type: object
type: array
authorizerConfig:
description: Authorizer configuration that will be applied to
the node.
properties:
replaceTemplateConfigMap:
description: 'A replacement authorizers.xml template configuration
that will replace the default template. NOTE: this is a
template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
replaceTemplateSecretConfig:
description: 'a replacement authorizers.xml template configuration
that will replace the default template and replaceConfigMap.
NOTE: this is a template as seen in authorizers.go.'
properties:
data:
description: The key of the value,in data content, that
we want use.
type: string
name:
description: Name of the configmap that we want to refer.
type: string
namespace:
description: Namespace where is located the secret that
we want to refer.
type: string
required:
- data
- name
type: object
type: object
bootstrapNotificationServicesConfig:
description: BootstrapNotificationServices configuration that
will be applied to the node.
Expand Down
19 changes: 19 additions & 0 deletions pkg/resources/nifi/secretconfig.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,25 @@ func (r *Reconciler) getAuthorizersConfigString(nConfig *v1alpha1.NodeConfig, id
authorizersTemplate := config.EmptyAuthorizersTemplate
if r.NifiCluster.Status.NodesState[fmt.Sprint(id)].InitClusterNode {
authorizersTemplate = config.AuthorizersTemplate

// Check for secret/configmap overrides. If there aren't any, then use the default template.
if r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateConfigMap != nil {
conf, err := r.getConfigMap(context.TODO(), *r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateConfigMap)
if err == nil {
authorizersTemplate = conf
}
log.Error(err, "error occurred during getting authorizer readonly configmap")
}

// The secret takes precedence over the ConfigMap, if it exists.
if r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateSecretConfig != nil {
conf, err := r.getSecrectConfig(context.TODO(), *r.NifiCluster.Spec.ReadOnlyConfig.AuthorizerConfig.ReplaceTemplateSecretConfig)
if err == nil {
authorizersTemplate = conf
}
log.Error(err, "error occurred during getting authorizer readonly secret config")
}

for nId, nodeState := range r.NifiCluster.Status.NodesState {
if nodeState.InitClusterNode {
nodeList[nId] = utilpki.GetNodeUserName(r.NifiCluster, util.ConvertStringToInt32(nId))
Expand Down
Loading