NIFI-1733 Initial commit for nifi-ranger-bundle - Adding Authorizer implementation for Ranger - Adding build profile and assembly that controls the inclusion of Ranger in the final assembly - Add properties to specify ranger admin identity and a flag to indicate if ranger is using kerberos, plugin is updated to perform a UGI login if ranger is using kerberos - Adding LICENSE and NOTICE for Ranger NAR, and some other licensing clean up - Adding tests for kerberos properties, adding test for RangerBasePluginWithPolicies, cleaning up code to use Java 8 features
This closes #574 Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/c27763a1 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/c27763a1 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/c27763a1 Branch: refs/heads/master Commit: c27763a12fd93a94f8067188108b857de313ee61 Parents: 2ec4307 Author: Bryan Bende <[email protected]> Authored: Tue Jul 26 10:13:42 2016 -0400 Committer: Bryan Bende <[email protected]> Committed: Tue Jul 26 10:15:22 2016 -0400 ---------------------------------------------------------------------- nifi-assembly/NOTICE | 23 + nifi-assembly/pom.xml | 56 +- nifi-assembly/src/main/assembly/common.xml | 117 ++++ .../src/main/assembly/dependencies.xml | 106 +--- nifi-assembly/src/main/assembly/ranger.xml | 81 +++ .../nifi-geo-bundle/nifi-geo-processors/pom.xml | 13 +- .../nifi-hdfs-processors/pom.xml | 6 + .../nifi-hadoop-libraries-nar/pom.xml | 11 + .../nifi-hive-processors/pom.xml | 9 + .../nifi-ranger-bundle/nifi-ranger-nar/pom.xml | 41 ++ .../src/main/resources/META-INF/LICENSE | 389 +++++++++++++ .../src/main/resources/META-INF/NOTICE | 378 +++++++++++++ .../nifi-ranger-plugin/pom.xml | 93 +++ .../RangerBasePluginWithPolicies.java | 76 +++ .../authorization/RangerNiFiAuthorizer.java | 248 ++++++++ .../org.apache.nifi.authorization.Authorizer | 15 + .../TestRangerBasePluginWithPolicies.java | 69 +++ .../authorization/TestRangerNiFiAuthorizer.java | 561 +++++++++++++++++++ .../src/test/resources/authorizers.xml | 27 + .../src/test/resources/krb5.conf | 25 + .../src/test/resources/log4j.xml | 42 ++ .../src/test/resources/ranger/core-site.xml | 22 + .../test/resources/ranger/ranger-nifi-audit.xml | 101 ++++ .../resources/ranger/ranger-nifi-security.xml | 83 +++ .../resources/ranger/ranger-policymgr-ssl.xml | 63 +++ .../nifi-ranger-resources/pom.xml | 28 + .../scripts/ranger_credential_helper.py | 75 +++ nifi-nar-bundles/nifi-ranger-bundle/pom.xml | 61 ++ .../nifi-twitter-processors/pom.xml | 11 + .../nifi-hbase_1_1_2-client-service/pom.xml | 15 + nifi-nar-bundles/pom.xml | 11 +- pom.xml | 36 +- 32 files changed, 2780 insertions(+), 112 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-assembly/NOTICE ---------------------------------------------------------------------- diff --git a/nifi-assembly/NOTICE b/nifi-assembly/NOTICE index e6c9f15..ad3a6d7 100644 --- a/nifi-assembly/NOTICE +++ b/nifi-assembly/NOTICE @@ -44,6 +44,21 @@ The following binary components are provided under the Apache Software License v The following NOTICE information applies: Copyright 2006 Envoi Solutions LLC + (ASLv2) Jets3t + The following NOTICE information applies: + + This product includes software developed by: + + The Apache Software Foundation (http://www.apache.org/). + + The ExoLab Project (http://www.exolab.org/) + + Sun Microsystems (http://www.sun.com/) + + Codehaus (http://castor.codehaus.org) + + Tatu Saloranta (http://wiki.fasterxml.com/TatuSaloranta) + (ASLv2) Jasypt The following NOTICE information applies: Copyright (c) 2007-2010, The JASYPT team (http://www.jasypt.org) @@ -585,6 +600,11 @@ The following binary components are provided under the Apache Software License v from and not be held liable to the user for any such damages as noted above as far as the program is concerned. + (ASLv2) Apache Solr + The following NOTICE information applies: + Apache Solrj + Copyright 2006-2014 The Apache Software Foundation + (ASLv2) Joda Time The following NOTICE information applies: This product includes software developed by @@ -920,6 +940,9 @@ The following binary components are provided under the Eclipse Public License 1. The following NOTICE information applies: Copyright (c) 2007-2015 The JRuby project (EPL 1.0) Eclipse Paho MQTT Client (org.eclipse.paho:org.eclipse.paho.client.mqttv3:1.0.2 - https://github.com/eclipse/paho.mqtt.java) + (EPL 1.0) Eclipse Link (org.eclipse.persistence:eclipselink:2.5.2 - http://www.eclipse.org/eclipselink/) + (EPL 1.0) Common Service Data Objects (org.eclipse.persistence:commonj.sdo:2.1.1 - http://www.eclipse.org/eclipselink/) + (EPL 1.0) Java Persistence API (org.eclipse.persistence:javax.persistence:2.1.0 - http://www.eclipse.org/eclipselink/) ***************** Mozilla Public License v2.0 http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-assembly/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml index fb6bf87..4dca67b 100644 --- a/nifi-assembly/pom.xml +++ b/nifi-assembly/pom.xml @@ -344,8 +344,8 @@ language governing permissions and limitations under the License. --> <dependency> <groupId>org.apache.nifi</groupId> <artifactId>nifi-mqtt-nar</artifactId> - <type>nar</type> - </dependency> + <type>nar</type> + </dependency> <dependency> <groupId>org.apache.nifi</groupId> <artifactId>nifi-snmp-nar</artifactId> @@ -689,5 +689,57 @@ language governing permissions and limitations under the License. --> </plugins> </build> </profile> + <profile> + <id>include-ranger</id> + <activation> + <activeByDefault>false</activeByDefault> + </activation> + <build> + <plugins> + <plugin> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <finalName>nifi-${project.version}</finalName> + <attach>false</attach> + </configuration> + <executions> + <execution> + <id>make shared resource</id> + <goals> + <goal>single</goal> + </goals> + <phase>package</phase> + <configuration> + <archiverConfig> + <defaultDirectoryMode>0775</defaultDirectoryMode> + <directoryMode>0775</directoryMode> + <fileMode>0664</fileMode> + </archiverConfig> + <descriptors> + <descriptor>src/main/assembly/ranger.xml</descriptor> + </descriptors> + <tarLongFileMode>posix</tarLongFileMode> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + <dependencies> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-ranger-nar</artifactId> + <type>nar</type> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-ranger-resources</artifactId> + </dependency> + </dependencies> + </profile> </profiles> </project> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-assembly/src/main/assembly/common.xml ---------------------------------------------------------------------- diff --git a/nifi-assembly/src/main/assembly/common.xml b/nifi-assembly/src/main/assembly/common.xml new file mode 100644 index 0000000..ec26548 --- /dev/null +++ b/nifi-assembly/src/main/assembly/common.xml @@ -0,0 +1,117 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<component> + <dependencySets> + <!-- Write out the bootstrap lib component to its own dir --> + <dependencySet> + <scope>runtime</scope> + <useProjectArtifact>false</useProjectArtifact> + <outputDirectory>lib/bootstrap</outputDirectory> + <directoryMode>0770</directoryMode> + <fileMode>0660</fileMode> + <useTransitiveFiltering>true</useTransitiveFiltering> + <includes> + <include>nifi-bootstrap</include> + <include>slf4j-api</include> + <include>logback-classic</include> + <include>nifi-api</include> + </includes> + </dependencySet> + + <!-- Write out the conf directory contents --> + <dependencySet> + <scope>runtime</scope> + <useProjectArtifact>false</useProjectArtifact> + <outputDirectory>./</outputDirectory> + <directoryMode>0770</directoryMode> + <fileMode>0664</fileMode> + <useTransitiveFiltering>true</useTransitiveFiltering> + <includes> + <include>nifi-resources</include> + </includes> + <unpack>true</unpack> + <unpackOptions> + <filtered>true</filtered> + <includes> + <include>conf/*</include> + </includes> + </unpackOptions> + </dependencySet> + + <!-- Write out the bin directory contents --> + <dependencySet> + <scope>runtime</scope> + <useProjectArtifact>false</useProjectArtifact> + <outputDirectory>./</outputDirectory> + <directoryMode>0770</directoryMode> + <fileMode>0770</fileMode> + <useTransitiveFiltering>true</useTransitiveFiltering> + <includes> + <include>nifi-resources</include> + </includes> + <unpack>true</unpack> + <unpackOptions> + <filtered>true</filtered> + <includes> + <include>bin/*</include> + </includes> + </unpackOptions> + </dependencySet> + + <!-- Writes out the docs directory contents --> + <dependencySet> + <scope>runtime</scope> + <useProjectArtifact>false</useProjectArtifact> + <outputDirectory>docs/</outputDirectory> + <useTransitiveFiltering>true</useTransitiveFiltering> + <includes> + <include>nifi-docs</include> + </includes> + <unpack>true</unpack> + <unpackOptions> + <filtered>false</filtered> + <excludes> + <!-- LICENSE and NOTICE both covered by top-level --> + <exclude>LICENSE</exclude> + <exclude>NOTICE</exclude> + </excludes> + </unpackOptions> + </dependencySet> + </dependencySets> + <files> + <file> + <source>./README.md</source> + <outputDirectory>./</outputDirectory> + <destName>README</destName> + <fileMode>0644</fileMode> + <filtered>true</filtered> + </file> + <file> + <source>./LICENSE</source> + <outputDirectory>./</outputDirectory> + <destName>LICENSE</destName> + <fileMode>0644</fileMode> + <filtered>true</filtered> + </file> + <file> + <source>./NOTICE</source> + <outputDirectory>./</outputDirectory> + <destName>NOTICE</destName> + <fileMode>0644</fileMode> + <filtered>true</filtered> + </file> + </files> +</component> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-assembly/src/main/assembly/dependencies.xml ---------------------------------------------------------------------- diff --git a/nifi-assembly/src/main/assembly/dependencies.xml b/nifi-assembly/src/main/assembly/dependencies.xml index 6c22c03..792353d 100644 --- a/nifi-assembly/src/main/assembly/dependencies.xml +++ b/nifi-assembly/src/main/assembly/dependencies.xml @@ -23,6 +23,10 @@ <includeBaseDirectory>true</includeBaseDirectory> <baseDirectory>nifi-${project.version}</baseDirectory> + <componentDescriptors> + <componentDescriptor>src/main/assembly/common.xml</componentDescriptor> + </componentDescriptors> + <dependencySets> <!-- Write out all dependency artifacts to lib directory --> <dependencySet> @@ -33,109 +37,11 @@ <fileMode>0660</fileMode> <useTransitiveFiltering>true</useTransitiveFiltering> <excludes> - <exclude>nifi-bootstrap</exclude> + <exclude>nifi-bootstrap</exclude> <exclude>nifi-resources</exclude> <exclude>nifi-docs</exclude> </excludes> </dependencySet> - - <!-- Write out the bootstrap lib component to its own dir --> - <dependencySet> - <scope>runtime</scope> - <useProjectArtifact>false</useProjectArtifact> - <outputDirectory>lib/bootstrap</outputDirectory> - <directoryMode>0770</directoryMode> - <fileMode>0660</fileMode> - <useTransitiveFiltering>true</useTransitiveFiltering> - <includes> - <include>nifi-bootstrap</include> - <include>slf4j-api</include> - <include>logback-classic</include> - <include>nifi-api</include> - </includes> - </dependencySet> - - <!-- Write out the conf directory contents --> - <dependencySet> - <scope>runtime</scope> - <useProjectArtifact>false</useProjectArtifact> - <outputDirectory>./</outputDirectory> - <directoryMode>0770</directoryMode> - <fileMode>0664</fileMode> - <useTransitiveFiltering>true</useTransitiveFiltering> - <includes> - <include>nifi-resources</include> - </includes> - <unpack>true</unpack> - <unpackOptions> - <filtered>true</filtered> - <includes> - <include>conf/*</include> - </includes> - </unpackOptions> - </dependencySet> - - <!-- Write out the bin directory contents --> - <dependencySet> - <scope>runtime</scope> - <useProjectArtifact>false</useProjectArtifact> - <outputDirectory>./</outputDirectory> - <directoryMode>0770</directoryMode> - <fileMode>0770</fileMode> - <useTransitiveFiltering>true</useTransitiveFiltering> - <includes> - <include>nifi-resources</include> - </includes> - <unpack>true</unpack> - <unpackOptions> - <filtered>true</filtered> - <includes> - <include>bin/*</include> - </includes> - </unpackOptions> - </dependencySet> - - <!-- Writes out the docs directory contents --> - <dependencySet> - <scope>runtime</scope> - <useProjectArtifact>false</useProjectArtifact> - <outputDirectory>docs/</outputDirectory> - <useTransitiveFiltering>true</useTransitiveFiltering> - <includes> - <include>nifi-docs</include> - </includes> - <unpack>true</unpack> - <unpackOptions> - <filtered>false</filtered> - <excludes> - <!-- LICENSE and NOTICE both covered by top-level --> - <exclude>LICENSE</exclude> - <exclude>NOTICE</exclude> - </excludes> - </unpackOptions> - </dependencySet> </dependencySets> - <files> - <file> - <source>./README.md</source> - <outputDirectory>./</outputDirectory> - <destName>README</destName> - <fileMode>0644</fileMode> - <filtered>true</filtered> - </file> - <file> - <source>./LICENSE</source> - <outputDirectory>./</outputDirectory> - <destName>LICENSE</destName> - <fileMode>0644</fileMode> - <filtered>true</filtered> - </file> - <file> - <source>./NOTICE</source> - <outputDirectory>./</outputDirectory> - <destName>NOTICE</destName> - <fileMode>0644</fileMode> - <filtered>true</filtered> - </file> - </files> + </assembly> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-assembly/src/main/assembly/ranger.xml ---------------------------------------------------------------------- diff --git a/nifi-assembly/src/main/assembly/ranger.xml b/nifi-assembly/src/main/assembly/ranger.xml new file mode 100644 index 0000000..04b8016 --- /dev/null +++ b/nifi-assembly/src/main/assembly/ranger.xml @@ -0,0 +1,81 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<assembly> + <id>bin</id> + <formats> + <format>dir</format> + <format>zip</format> + <format>tar.gz</format> + </formats> + <includeBaseDirectory>true</includeBaseDirectory> + <baseDirectory>nifi-${project.version}</baseDirectory> + + <componentDescriptors> + <componentDescriptor>src/main/assembly/common.xml</componentDescriptor> + </componentDescriptors> + + <dependencySets> + <!-- Write out all dependency artifacts to lib directory, exclude Ranger dependencies --> + <dependencySet> + <scope>runtime</scope> + <useProjectArtifact>false</useProjectArtifact> + <outputDirectory>lib</outputDirectory> + <directoryMode>0770</directoryMode> + <fileMode>0660</fileMode> + <useTransitiveFiltering>true</useTransitiveFiltering> + <excludes> + <exclude>nifi-bootstrap</exclude> + <exclude>nifi-resources</exclude> + <exclude>nifi-docs</exclude> + <exclude>org.apache.ranger:credentialbuilder:jar</exclude> + <exclude>org.apache.nifi:nifi-ranger-resources:jar</exclude> + </excludes> + </dependencySet> + <!-- Write out dependencies for Ranger's credentialbuilder to ext/ranger/install/lib --> + <dependencySet> + <scope>runtime</scope> + <useProjectArtifact>false</useProjectArtifact> + <outputDirectory>ext/ranger/install/lib/</outputDirectory> + <directoryMode>0770</directoryMode> + <fileMode>0660</fileMode> + <useTransitiveFiltering>true</useTransitiveFiltering> + <includes> + <include>org.apache.ranger:credentialbuilder:jar</include> + <include>org.slf4j:slf4j-api</include> + </includes> + </dependencySet> + <!-- Write out scripts from nifi-ranger-resources to ext/ranger/scripts --> + <dependencySet> + <scope>runtime</scope> + <useProjectArtifact>false</useProjectArtifact> + <outputDirectory>ext/ranger/</outputDirectory> + <directoryMode>0770</directoryMode> + <fileMode>0770</fileMode> + <useTransitiveFiltering>false</useTransitiveFiltering> + <includes> + <include>org.apache.nifi:nifi-ranger-resources:jar</include> + </includes> + <unpack>true</unpack> + <unpackOptions> + <filtered>true</filtered> + <includes> + <include>scripts/</include> + </includes> + </unpackOptions> + </dependencySet> + </dependencySets> + +</assembly> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-geo-bundle/nifi-geo-processors/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-geo-bundle/nifi-geo-processors/pom.xml b/nifi-nar-bundles/nifi-geo-bundle/nifi-geo-processors/pom.xml index ae397a8..9ca429a 100644 --- a/nifi-nar-bundles/nifi-geo-bundle/nifi-geo-processors/pom.xml +++ b/nifi-nar-bundles/nifi-geo-bundle/nifi-geo-processors/pom.xml @@ -38,6 +38,17 @@ <groupId>com.maxmind.geoip2</groupId> <artifactId>geoip2</artifactId> <version>2.1.0</version> - </dependency> + <exclusions> + <exclusion> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>com.github.stephenc.findbugs</groupId> + <artifactId>findbugs-annotations</artifactId> + <version>1.3.9-1</version> + </dependency> </dependencies> </project> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-hadoop-bundle/nifi-hdfs-processors/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-hadoop-bundle/nifi-hdfs-processors/pom.xml b/nifi-nar-bundles/nifi-hadoop-bundle/nifi-hdfs-processors/pom.xml index 77d2be2..be8dfbf 100644 --- a/nifi-nar-bundles/nifi-hadoop-bundle/nifi-hdfs-processors/pom.xml +++ b/nifi-nar-bundles/nifi-hadoop-bundle/nifi-hdfs-processors/pom.xml @@ -37,6 +37,12 @@ <dependency> <groupId>org.apache.nifi</groupId> <artifactId>nifi-hadoop-utils</artifactId> + <exclusions> + <exclusion> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-common</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.nifi</groupId> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml b/nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml index ec724b8..9cfa8b3 100644 --- a/nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml +++ b/nifi-nar-bundles/nifi-hadoop-libraries-bundle/nifi-hadoop-libraries-nar/pom.xml @@ -30,10 +30,21 @@ <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-client</artifactId> + <exclusions> + <exclusion> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.avro</groupId> <artifactId>avro</artifactId> </dependency> + <dependency> + <groupId>com.github.stephenc.findbugs</groupId> + <artifactId>findbugs-annotations</artifactId> + <version>1.3.9-1</version> + </dependency> </dependencies> </project> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml index e00cbd0..f2e834f 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml @@ -133,6 +133,10 @@ <groupId>com.google.protobuf</groupId> <artifactId>protobuf-java</artifactId> </exclusion> + <exclusion> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -156,6 +160,11 @@ </exclusions> </dependency> <dependency> + <groupId>com.github.stephenc.findbugs</groupId> + <artifactId>findbugs-annotations</artifactId> + <version>1.3.9-1</version> + </dependency> + <dependency> <groupId>org.apache.nifi</groupId> <artifactId>nifi-mock</artifactId> <scope>test</scope> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/pom.xml b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/pom.xml new file mode 100644 index 0000000..dac9c4b --- /dev/null +++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/pom.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-ranger-bundle</artifactId> + <version>1.0.0-SNAPSHOT</version> + </parent> + + <artifactId>nifi-ranger-nar</artifactId> + <version>1.0.0-SNAPSHOT</version> + <packaging>nar</packaging> + <properties> + <maven.javadoc.skip>true</maven.javadoc.skip> + <source.skip>true</source.skip> + </properties> + + <dependencies> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-ranger-plugin</artifactId> + <version>1.0.0-SNAPSHOT</version> + </dependency> + </dependencies> + +</project> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/LICENSE ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/LICENSE b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/LICENSE new file mode 100644 index 0000000..7425294 --- /dev/null +++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/LICENSE @@ -0,0 +1,389 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +APACHE NIFI SUBCOMPONENTS: + +The Apache NiFi project contains subcomponents with separate copyright +notices and license terms. Your use of the source code for the these +subcomponents is subject to the terms and conditions of the following +licenses. + + The binary distribution of this product bundles 'Scala Library' under a BSD + style license. + + Copyright (c) 2002-2015 EPFL + Copyright (c) 2011-2015 Typesafe, Inc. + + All rights reserved. + + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + + Redistributions of source code must retain the above copyright notice, this list of + conditions and the following disclaimer. + + Redistributions in binary form must reproduce the above copyright notice, this list of + conditions and the following disclaimer in the documentation and/or other materials + provided with the distribution. + + Neither the name of the EPFL nor the names of its contributors may be used to endorse + or promote products derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS âAS ISâ AND ANY EXPRESS + OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + The binary distribution of this product bundles 'JOpt Simple' under an MIT + style license. + + Copyright (c) 2009 Paul R. Holser, Jr. + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + The binary distribution of this product bundles 'JCraft Jsch' which is available + under a BSD style license. + + Copyright (c) 2002-2015 Atsuhiko Yamanaka, JCraft,Inc. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the distribution. + + 3. The names of the authors may not be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT, + INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, + OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + The binary distribution of this product bundles 'ParaNamer' and 'Paranamer Core' + which is available under a BSD style license. + + Copyright (c) 2006 Paul Hammant & ThoughtWorks Inc + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the copyright holders nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + + The binary distribution of this product bundles 'Protocol Buffers - Google's data interchange format' + which is available under a BSD style license. + + Copyright 2008 Google Inc. All rights reserved. + http://code.google.com/p/protobuf/ + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + The binary distribution of this product bundles 'Woodstox StAX 2 API' which is + "licensed under standard BSD license" + + The binary distribution of this product bundles 'XMLENC' which is available + under a BSD license. More details found here: http://xmlenc.sourceforge.net. + + Copyright 2003-2005, Ernst de Haan <[email protected]> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/NOTICE ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/NOTICE b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/NOTICE new file mode 100644 index 0000000..279e057 --- /dev/null +++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-nar/src/main/resources/META-INF/NOTICE @@ -0,0 +1,378 @@ +nifi-ranger-nar +Copyright 2014-2016 The Apache Software Foundation + +This product includes software developed at +The Apache Software Foundation (http://www.apache.org/). + +****************** +Apache Software License v2 +****************** + + (ASLv2) Apache Avro + The following NOTICE information applies: + Apache Avro + Copyright 2009-2013 The Apache Software Foundation + + (ASLv2) Apache Commons Collections + The following NOTICE information applies: + Apache Commons Collections + Copyright 2001-2013 The Apache Software Foundation + + (ASLv2) Apache Commons Compress + The following NOTICE information applies: + Apache Commons Compress + Copyright 2002-2014 The Apache Software Foundation + + The files in the package org.apache.commons.compress.archivers.sevenz + were derived from the LZMA SDK, version 9.20 (C/ and CPP/7zip/), + which has been placed in the public domain: + + "LZMA SDK is placed in the public domain." (http://www.7-zip.org/sdk.html) + + (ASLv2) Apache Commons Codec + The following NOTICE information applies: + Apache Commons Codec + Copyright 2002-2014 The Apache Software Foundation + + src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java + contains test data from http://aspell.net/test/orig/batch0.tab. + Copyright (C) 2002 Kevin Atkinson ([email protected]) + + =============================================================================== + + The content of package org.apache.commons.codec.language.bm has been translated + from the original php source code available at http://stevemorse.org/phoneticinfo.htm + with permission from the original authors. + Original source copyright: + Copyright (c) 2008 Alexander Beider & Stephen P. Morse. + + (ASLv2) Apache Commons CLI + The following NOTICE information applies: + Apache Commons CLI + Copyright 2001-2009 The Apache Software Foundation + + (ASLv2) Apache Commons Configuration + The following NOTICE information applies: + Apache Commons Configuration + Copyright 2001-2008 The Apache Software Foundation + + (ASLv2) Apache Commons EL + The following NOTICE information applies: + Apache Commons EL + Copyright 1999-2007 The Apache Software Foundation + + EL-8 patch - Copyright 2004-2007 Jamie Taylor + http://issues.apache.org/jira/browse/EL-8 + + (ASLv2) Apache Directory Server + The following NOTICE information applies: + ApacheDS Protocol Kerberos Codec + Copyright 2003-2013 The Apache Software Foundation + + ApacheDS I18n + Copyright 2003-2013 The Apache Software Foundation + + Apache Directory API ASN.1 API + Copyright 2003-2013 The Apache Software Foundation + + Apache Directory LDAP API Utilities + Copyright 2003-2013 The Apache Software Foundation + + (ASLv2) Apache Jakarta HttpClient + The following NOTICE information applies: + Apache Jakarta HttpClient + Copyright 1999-2007 The Apache Software Foundation + + (ASLv2) Apache Commons IO + The following NOTICE information applies: + Apache Commons IO + Copyright 2002-2012 The Apache Software Foundation + + (ASLv2) Apache Commons Lang + The following NOTICE information applies: + Apache Commons Lang + Copyright 2001-2015 The Apache Software Foundation + + This product includes software from the Spring Framework, + under the Apache License 2.0 (see: StringUtils.containsWhitespace()) + + (ASLv2) Apache Commons Logging + The following NOTICE information applies: + Apache Commons Logging + Copyright 2003-2014 The Apache Software Foundation + + (ASLv2) Apache Commons Math + The following NOTICE information applies: + Apache Commons Math + Copyright 2001-2012 The Apache Software Foundation + + This product includes software developed by + The Apache Software Foundation (http://www.apache.org/). + + =============================================================================== + + The BracketFinder (package org.apache.commons.math3.optimization.univariate) + and PowellOptimizer (package org.apache.commons.math3.optimization.general) + classes are based on the Python code in module "optimize.py" (version 0.5) + developed by Travis E. Oliphant for the SciPy library (http://www.scipy.org/) + Copyright © 2003-2009 SciPy Developers. + =============================================================================== + + The LinearConstraint, LinearObjectiveFunction, LinearOptimizer, + RelationShip, SimplexSolver and SimplexTableau classes in package + org.apache.commons.math3.optimization.linear include software developed by + Benjamin McCann (http://www.benmccann.com) and distributed with + the following copyright: Copyright 2009 Google Inc. + =============================================================================== + + This product includes software developed by the + University of Chicago, as Operator of Argonne National + Laboratory. + The LevenbergMarquardtOptimizer class in package + org.apache.commons.math3.optimization.general includes software + translated from the lmder, lmpar and qrsolv Fortran routines + from the Minpack package + Minpack Copyright Notice (1999) University of Chicago. All rights reserved + =============================================================================== + + The GraggBulirschStoerIntegrator class in package + org.apache.commons.math3.ode.nonstiff includes software translated + from the odex Fortran routine developed by E. Hairer and G. Wanner. + Original source copyright: + Copyright (c) 2004, Ernst Hairer + =============================================================================== + + The EigenDecompositionImpl class in package + org.apache.commons.math3.linear includes software translated + from some LAPACK Fortran routines. Original source copyright: + Copyright (c) 1992-2008 The University of Tennessee. All rights reserved. + =============================================================================== + + The MersenneTwister class in package org.apache.commons.math3.random + includes software translated from the 2002-01-26 version of + the Mersenne-Twister generator written in C by Makoto Matsumoto and Takuji + Nishimura. Original source copyright: + Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura, + All rights reserved + =============================================================================== + + The LocalizedFormatsTest class in the unit tests is an adapted version of + the OrekitMessagesTest class from the orekit library distributed under the + terms of the Apache 2 licence. Original source copyright: + Copyright 2010 CS Systèmes d'Information + =============================================================================== + + The HermiteInterpolator class and its corresponding test have been imported from + the orekit library distributed under the terms of the Apache 2 licence. Original + source copyright: + Copyright 2010-2012 CS Systèmes d'Information + =============================================================================== + + The creation of the package "o.a.c.m.analysis.integration.gauss" was inspired + by an original code donated by Sébastien Brisard. + =============================================================================== + + (ASLv2) Apache Commons Net + The following NOTICE information applies: + Apache Commons Net + Copyright 2001-2013 The Apache Software Foundation + + (ASLv2) Apache Curator + The following NOTICE information applies: + Curator Framework + Copyright 2011-2014 The Apache Software Foundation + + Curator Client + Copyright 2011-2014 The Apache Software Foundation + + Curator Recipes + Copyright 2011-2014 The Apache Software Foundation + + (ASLv2) Apache HttpComponents + The following NOTICE information applies: + Apache HttpClient + Copyright 1999-2015 The Apache Software Foundation + + Apache HttpCore + Copyright 2005-2015 The Apache Software Foundation + + Apache HttpMime + Copyright 1999-2013 The Apache Software Foundation + + This project contains annotations derived from JCIP-ANNOTATIONS + Copyright (c) 2005 Brian Goetz and Tim Peierls. See http://www.jcip.net + + (ASLv2) Apache Ranger + The following NOTICE information applies: + Apache Ranger Credential Builder + Copyright 2014-2016 The Apache Software Foundation + + Apache Ranger Plugins Audit + Copyright 2014-2016 The Apache Software Foundation + + Apache Ranger Plugins Common + Copyright 2014-2016 The Apache Software Foundation + + Apache Ranger Plugins Cred + Copyright 2014-2016 The Apache Software Foundation + + (ASLv2) Google GSON + The following NOTICE information applies: + Copyright 2008 Google Inc. + + (ASLv2) HTrace Core + The following NOTICE information applies: + In addition, this product includes software dependencies. See + the accompanying LICENSE.txt for a listing of dependencies + that are NOT Apache licensed (with pointers to their licensing) + + Apache HTrace includes an Apache Thrift connector to Zipkin. Zipkin + is a distributed tracing system that is Apache 2.0 Licensed. + Copyright 2012 Twitter, Inc. + + (ASLv2) Jackson JSON processor + The following NOTICE information applies: + # Jackson JSON processor + + Jackson is a high-performance, Free/Open Source JSON processing library. + It was originally written by Tatu Saloranta ([email protected]), and has + been in development since 2007. + It is currently developed by a community of developers, as well as supported + commercially by FasterXML.com. + + ## Licensing + + Jackson core and extension components may licensed under different licenses. + To find the details that apply to this artifact see the accompanying LICENSE file. + For more information, including possible other licensing options, contact + FasterXML.com (http://fasterxml.com). + + ## Credits + + A list of contributors may be found from CREDITS file, which is included + in some artifacts (usually source distributions); but is always available + from the source code management (SCM) system project uses. + + (ASLv2) Jettison + The following NOTICE information applies: + Copyright 2006 Envoi Solutions LLC + + (ASLv2) Jets3t + The following NOTICE information applies: + + This product includes software developed by: + + The Apache Software Foundation (http://www.apache.org/). + + The ExoLab Project (http://www.exolab.org/) + + Sun Microsystems (http://www.sun.com/) + + Codehaus (http://castor.codehaus.org) + + Tatu Saloranta (http://wiki.fasterxml.com/TatuSaloranta) + + (ASLv2) Jetty + The following NOTICE information applies: + Jetty Web Container + Copyright 1995-2015 Mort Bay Consulting Pty Ltd. + + (ASLv2) Apache Kafka + The following NOTICE information applies: + Apache Kafka + Copyright 2012 The Apache Software Foundation. + + (ASLv2) Apache log4j + The following NOTICE information applies: + Apache log4j + Copyright 2007 The Apache Software Foundation + + (ASLv2) Apache Solr + The following NOTICE information applies: + Apache Solrj + Copyright 2006-2014 The Apache Software Foundation + + (ASLv2) Apache ZooKeeper + The following NOTICE information applies: + Apache ZooKeeper + Copyright 2009-2012 The Apache Software Foundation + + (ASLv2) The Netty Project + The following NOTICE information applies: + The Netty Project + Copyright 2011 The Netty Project + + (ASLv2) Snappy Java + The following NOTICE information applies: + This product includes software developed by Google + Snappy: http://code.google.com/p/snappy/ (New BSD License) + + This product includes software developed by Apache + PureJavaCrc32C from apache-hadoop-common http://hadoop.apache.org/ + (Apache 2.0 license) + + This library containd statically linked libstdc++. This inclusion is allowed by + "GCC RUntime Library Exception" + http://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html + + (ASLv2) Woodstox Core ASL + The following NOTICE information applies: + This product currently only contains code developed by authors + of specific components, as identified by the source code files. + + Since product implements StAX API, it has dependencies to StAX API + classes. + + (ASLv2) Yammer Metrics + The following NOTICE information applies: + Metrics + Copyright 2010-2012 Coda Hale and Yammer, Inc. + + This product includes software developed by Coda Hale and Yammer, Inc. + + This product includes code derived from the JSR-166 project (ThreadLocalRandom), which was released + with the following comments: + + Written by Doug Lea with assistance from members of JCP JSR-166 + Expert Group and released to the public domain, as explained at + http://creativecommons.org/publicdomain/zero/1.0/ + + (ASLv2) ZkClient + The following NOTICE information applies: + ZkClient + Copyright 2009 Stefan Groschupf + +************************ +Common Development and Distribution License 1.0 +************************ + +The following binary components are provided under the Common Development and Distribution License 1.0. See project link for details. + + (CDDL 1.0) JavaBeans Activation Framework (JAF) (javax.activation:activation:jar:1.1 - http://java.sun.com/products/javabeans/jaf/index.jsp) + (CDDL 1.0) JSR311 API (javax.ws.rs:jsr311-api:jar:1.1.1 - https://jsr311.dev.java.net) + (CDDL 1.0) (GPL3) Streaming API For XML (javax.xml.stream:stax-api:jar:1.0-2 - no url provided) + +************************ +Common Development and Distribution License 1.1 +************************ + +The following binary components are provided under the Common Development and Distribution License 1.1. See project link for details. + + (CDDL 1.1) (GPL2 w/ CPE) Old JAXB Runtime (com.sun.xml.bind:jaxb-impl:jar:2.2.3-1 - http://jaxb.java.net/) + (CDDL 1.1) (GPL2 w/ CPE) Java Architecture For XML Binding (javax.xml.bind:jaxb-api:jar:2.2.2 - https://jaxb.dev.java.net/) + (CDDL 1.1) (GPL2 w/ CPE) jersey-bundle (com.sun.jersey:jersey-bundle:jar:1.17 - https://jersey.java.net/jersey-bundle/) + (CDDL 1.1) (GPL2 w/ CPE) jersey-core (com.sun.jersey:jersey-core:jar:1.19 - https://jersey.java.net/jersey-core/) + (CDDL 1.1) (GPL2 w/ CPE) jersey-server (com.sun.jersey:jersey-server:jar:1.19 - https://jersey.java.net/jersey-server/) + (CDDL 1.1) (GPL2 w/ CPE) jersey-json (com.sun.jersey:jersey-json:jar:1.19 - https://jersey.java.net/jersey-json/) + (CDDL 1.1) (GPL2 w/ CPE) JavaServer Pages(TM) API (javax.servlet.jsp:javax.servlet.jsp-api:jar:2.1 - http://jsp.java.net) + (CDDL 1.1) (GPL2 w/ CPE) Java Servlet API (javax.servlet:javax.servlet-api:jar:2.5 - http://servlet-spec.java.net) + +************************ +Eclipse Public License 1.0 +************************ + +The following binary components are provided under the Eclipse Public License 1.0. See project link for details. + + (EPL 1.0) Eclipse Link (org.eclipse.persistence:eclipselink:2.5.2 - http://www.eclipse.org/eclipselink/) + (EPL 1.0) Common Service Data Objects (org.eclipse.persistence:commonj.sdo:2.1.1 - http://www.eclipse.org/eclipselink/) + (EPL 1.0) Java Persistence API (org.eclipse.persistence:javax.persistence:2.1.0 - http://www.eclipse.org/eclipselink/) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/pom.xml b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/pom.xml new file mode 100644 index 0000000..4f5d693 --- /dev/null +++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/pom.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-ranger-bundle</artifactId> + <version>1.0.0-SNAPSHOT</version> + </parent> + + <artifactId>nifi-ranger-plugin</artifactId> + <packaging>jar</packaging> + + <dependencies> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-api</artifactId> + </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-properties</artifactId> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger-plugins-common</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>com.github.stephenc.findbugs</groupId> + <artifactId>findbugs-annotations</artifactId> + <version>1.3.9-1</version> + </dependency> + + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-mock</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.11</version> + <scope>test</scope> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerBasePluginWithPolicies.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerBasePluginWithPolicies.java b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerBasePluginWithPolicies.java new file mode 100644 index 0000000..8b664de --- /dev/null +++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerBasePluginWithPolicies.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.nifi.ranger.authorization; + +import org.apache.ranger.plugin.service.RangerBasePlugin; +import org.apache.ranger.plugin.util.ServicePolicies; + +import java.util.HashSet; +import java.util.Set; +import java.util.concurrent.atomic.AtomicReference; +import java.util.stream.Collectors; + +/** + * Extends the base plugin to add ability to check if a policy exists for a given resource. + */ +public class RangerBasePluginWithPolicies extends RangerBasePlugin { + + private AtomicReference<Set<String>> resources = new AtomicReference<>(new HashSet<>()); + + public RangerBasePluginWithPolicies(String serviceType, String appId) { + super(serviceType, appId); + } + + @Override + public void setPolicies(ServicePolicies policies) { + super.setPolicies(policies); + + if (policies == null || policies.getPolicies() == null) { + this.resources.set(new HashSet<>()); + } else { + final Set<String> newResources = policies.getPolicies().stream() + .flatMap(p -> p.getResources().values().stream()) + .flatMap(r -> r.getValues().stream()) + .collect(Collectors.toSet()); + + this.resources.set(newResources); + } + } + + /** + * Determines if a policy exists for the given resource. + * + * @param resourceIdentifier the id of the resource + * + * @return true if a policy exists for the given resource, false otherwise + */ + public boolean doesPolicyExist(String resourceIdentifier) { + if (resourceIdentifier == null) { + return false; + } + + final Set<String> currResources = resources.get(); + if (currResources == null) { + return false; + } else { + return currResources.contains(resourceIdentifier); + } + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/c27763a1/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java new file mode 100644 index 0000000..ab31fa3 --- /dev/null +++ b/nifi-nar-bundles/nifi-ranger-bundle/nifi-ranger-plugin/src/main/java/org/apache/nifi/ranger/authorization/RangerNiFiAuthorizer.java @@ -0,0 +1,248 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.nifi.ranger.authorization; + +import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.nifi.authorization.AuthorizationRequest; +import org.apache.nifi.authorization.AuthorizationResult; +import org.apache.nifi.authorization.Authorizer; +import org.apache.nifi.authorization.AuthorizerConfigurationContext; +import org.apache.nifi.authorization.AuthorizerInitializationContext; +import org.apache.nifi.authorization.UserContextKeys; +import org.apache.nifi.authorization.annotation.AuthorizerContext; +import org.apache.nifi.authorization.exception.AuthorizationAccessException; +import org.apache.nifi.authorization.exception.AuthorizerCreationException; +import org.apache.nifi.authorization.exception.AuthorizerDestructionException; +import org.apache.nifi.components.PropertyValue; +import org.apache.nifi.util.NiFiProperties; +import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; +import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler; +import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl; +import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl; +import org.apache.ranger.plugin.policyengine.RangerAccessResult; +import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.net.MalformedURLException; +import java.util.Date; + +/** + * Authorizer implementation that uses Apache Ranger to make authorization decisions. + */ +public class RangerNiFiAuthorizer implements Authorizer { + + private static final Logger logger = LoggerFactory.getLogger(RangerNiFiAuthorizer.class); + + static final String RANGER_AUDIT_PATH_PROP = "Ranger Audit Config Path"; + static final String RANGER_SECURITY_PATH_PROP = "Ranger Security Config Path"; + static final String RANGER_KERBEROS_ENABLED_PROP = "Ranger Kerberos Enabled"; + static final String RANGER_ADMIN_IDENTITY_PROP = "Ranger Admin Identity"; + static final String RANGER_SERVICE_TYPE_PROP = "Ranger Service Type"; + static final String RANGER_APP_ID_PROP = "Ranger Application Id"; + + static final String RANGER_NIFI_RESOURCE_NAME = "nifi-resource"; + static final String DEFAULT_SERVICE_TYPE = "nifi"; + static final String DEFAULT_APP_ID = "nifi"; + static final String RESOURCES_RESOURCE = "/resources"; + static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication"; + static final String KERBEROS_AUTHENTICATION = "kerberos"; + + private volatile RangerBasePluginWithPolicies nifiPlugin = null; + private volatile RangerDefaultAuditHandler defaultAuditHandler = null; + private volatile String rangerAdminIdentity = null; + private volatile boolean rangerKerberosEnabled = false; + private volatile NiFiProperties nifiProperties; + + @Override + public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException { + + } + + @Override + public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { + try { + if (nifiPlugin == null) { + logger.info("RangerNiFiAuthorizer(): initializing base plugin"); + + final PropertyValue securityConfigValue = configurationContext.getProperty(RANGER_SECURITY_PATH_PROP); + addRequiredResource(RANGER_SECURITY_PATH_PROP, securityConfigValue); + + final PropertyValue auditConfigValue = configurationContext.getProperty(RANGER_AUDIT_PATH_PROP); + addRequiredResource(RANGER_AUDIT_PATH_PROP, auditConfigValue); + + final String rangerKerberosEnabledValue = getConfigValue(configurationContext, RANGER_KERBEROS_ENABLED_PROP, Boolean.FALSE.toString()); + rangerKerberosEnabled = rangerKerberosEnabledValue.equals(Boolean.TRUE.toString()) ? true : false; + + if (rangerKerberosEnabled) { + // configure UGI for when RangerAdminRESTClient calls UserGroupInformation.isSecurityEnabled() + final Configuration securityConf = new Configuration(); + securityConf.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS_AUTHENTICATION); + UserGroupInformation.setConfiguration(securityConf); + + // login with the nifi principal and keytab, RangerAdminRESTClient will use Ranger's MiscUtil which + // will grab UserGroupInformation.getLoginUser() and call ugi.checkTGTAndReloginFromKeytab(); + final String nifiPrincipal = nifiProperties.getKerberosServicePrincipal(); + final String nifiKeytab = nifiProperties.getKerberosKeytabLocation(); + + if (StringUtils.isBlank(nifiPrincipal) || StringUtils.isBlank(nifiKeytab)) { + throw new AuthorizerCreationException("Principal and Keytab must be provided when Kerberos is enabled"); + } + + UserGroupInformation.loginUserFromKeytab(nifiPrincipal.trim(), nifiKeytab.trim()); + } + + final String serviceType = getConfigValue(configurationContext, RANGER_SERVICE_TYPE_PROP, DEFAULT_SERVICE_TYPE); + final String appId = getConfigValue(configurationContext, RANGER_APP_ID_PROP, DEFAULT_APP_ID); + + nifiPlugin = createRangerBasePlugin(serviceType, appId); + nifiPlugin.init(); + + defaultAuditHandler = new RangerDefaultAuditHandler(); + rangerAdminIdentity = getConfigValue(configurationContext, RANGER_ADMIN_IDENTITY_PROP, null); + + } else { + logger.info("RangerNiFiAuthorizer(): base plugin already initialized"); + } + } catch (Throwable t) { + throw new AuthorizerCreationException("Error creating RangerBasePlugin", t); + } + } + + protected RangerBasePluginWithPolicies createRangerBasePlugin(final String serviceType, final String appId) { + return new RangerBasePluginWithPolicies(serviceType, appId); + } + + @Override + public AuthorizationResult authorize(final AuthorizationRequest request) throws AuthorizationAccessException { + final String identity = request.getIdentity(); + final String resourceIdentifier = request.getResource().getIdentifier(); + + // if a ranger admin identity was provided, and it equals the identity making the request, + // and the request is to retrieve the resources, then allow it through + if (StringUtils.isNotBlank(rangerAdminIdentity) && rangerAdminIdentity.equals(identity) + && resourceIdentifier.equals(RESOURCES_RESOURCE)) { + return AuthorizationResult.approved(); + } + + final String clientIp; + if (request.getUserContext() != null) { + clientIp = request.getUserContext().get(UserContextKeys.CLIENT_ADDRESS.name()); + } else { + clientIp = null; + } + + final RangerAccessResourceImpl resource = new RangerAccessResourceImpl(); + resource.setValue(RANGER_NIFI_RESOURCE_NAME, resourceIdentifier); + + final RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl(); + rangerRequest.setResource(resource); + rangerRequest.setAction(request.getAction().name()); + rangerRequest.setAccessType(request.getAction().name()); + rangerRequest.setUser(identity); + rangerRequest.setAccessTime(new Date()); + + if (!StringUtils.isBlank(clientIp)) { + rangerRequest.setClientIPAddress(clientIp); + } + + // for a direct access request use the default audit handler so we generate audit logs + // for non-direct access provide a null result processor so no audit logs get generated + final RangerAccessResultProcessor resultProcessor = request.isAccessAttempt() ? defaultAuditHandler : null; + + final RangerAccessResult result = nifiPlugin.isAccessAllowed(rangerRequest, resultProcessor); + + if (result != null && result.getIsAllowed()) { + return AuthorizationResult.approved(); + } else { + // if result.getIsAllowed() is false, then we need to determine if it was because no policy exists for the + // given resource, or if it was because a policy exists but not for the given user or action + final boolean doesPolicyExist = nifiPlugin.doesPolicyExist(request.getResource().getIdentifier()); + + if (doesPolicyExist) { + // a policy does exist for the resource so we were really denied access here + final String reason = result == null ? null : result.getReason(); + if (reason == null) { + return AuthorizationResult.denied(); + } else { + return AuthorizationResult.denied(result.getReason()); + } + } else { + // a policy doesn't exist so return resource not found so NiFi can work back up the resource hierarchy + return AuthorizationResult.resourceNotFound(); + } + } + } + + @Override + public void preDestruction() throws AuthorizerDestructionException { + if (nifiPlugin != null) { + try { + nifiPlugin.cleanup(); + nifiPlugin = null; + } catch (Throwable t) { + throw new AuthorizerDestructionException("Error cleaning up RangerBasePlugin", t); + } + } + } + + @AuthorizerContext + public void setNiFiProperties(final NiFiProperties properties) { + this.nifiProperties = properties; + } + + /** + * Adds a resource to the RangerConfiguration singleton so it is already there by the time RangerBasePlugin.init() + * is called. + * + * @param name the name of the given PropertyValue from the AuthorizationConfigurationContext + * @param resourceValue the value for the given name, should be a full path to a file + */ + private void addRequiredResource(final String name, final PropertyValue resourceValue) { + if (resourceValue == null || StringUtils.isBlank(resourceValue.getValue())) { + throw new AuthorizerCreationException(name + " must be specified."); + } + + final File resourceFile = new File(resourceValue.getValue()); + if (!resourceFile.exists() || !resourceFile.canRead()) { + throw new AuthorizerCreationException(resourceValue + " does not exist, or can not be read"); + } + + try { + RangerConfiguration.getInstance().addResource(resourceFile.toURI().toURL()); + } catch (MalformedURLException e) { + throw new AuthorizerCreationException("Error creating URI for " + resourceValue, e); + } + } + + private String getConfigValue(final AuthorizerConfigurationContext context, final String name, final String defaultValue) { + final PropertyValue configValue = context.getProperty(name); + + String retValue = defaultValue; + if (configValue != null && !StringUtils.isBlank(configValue.getValue())) { + retValue = configValue.getValue(); + } + + return retValue; + } + +}
