From 918746f7aa3812368a60a98f537e32471980f3c4 Mon Sep 17 00:00:00 2001 From: Krzysztof Zmij Date: Tue, 7 Nov 2023 09:25:28 +0100 Subject: [PATCH] fix plugin params configuration --- build.sbt | 3 +-- src/main/resources/reference.conf | 9 +-------- .../proxy/config/AccessControlProviderSettings.scala | 4 ++-- .../proxy/provider/AccessControlProviderRanger.scala | 2 +- 4 files changed, 5 insertions(+), 13 deletions(-) diff --git a/build.sbt b/build.sbt index b64f2925..01f99d6e 100644 --- a/build.sbt +++ b/build.sbt @@ -1,6 +1,5 @@ -import com.typesafe.sbt.packager.MappingsHelper.contentOf import com.typesafe.sbt.packager.docker -import com.typesafe.sbt.packager.docker.{Cmd, DockerChmodType, ExecCmd} +import com.typesafe.sbt.packager.docker.{DockerChmodType, ExecCmd} import scalariform.formatter.preferences.* val rokkuVersion = scala.sys.env.getOrElse("ROKKU_VERSION", "SNAPSHOT") diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf index 9c355214..a2d4d775 100644 --- a/src/main/resources/reference.conf +++ b/src/main/resources/reference.conf @@ -10,14 +10,7 @@ rokku { allow-create-delete-buckets = true enabled-audit = false class-name = "com.ing.wbaa.rokku.proxy.provider.AccessControlProviderRanger" - plugin-params { - appId = "testservice" - # make sure the service_type is equal to what is specified in - # ranger-s3-security.xml - serviceType = "s3" - userDomainPostfix = "" - rolePrefix = "role_" - } + plugin-params = "{appId:testservice, serviceType:s3, rolePrefix:role_}" } storage.s3 { diff --git a/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala b/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala index 0bc278d1..427aa905 100644 --- a/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala +++ b/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala @@ -1,7 +1,7 @@ package com.ing.wbaa.rokku.proxy.config import akka.actor.{ ExtendedActorSystem, Extension, ExtensionId, ExtensionIdProvider } -import com.typesafe.config.Config +import com.typesafe.config.{ Config, ConfigFactory } import scala.jdk.CollectionConverters._ @@ -10,7 +10,7 @@ class AccessControlProviderSettings(config: Config) extends Extension { val createDeleteBucketsEnabled: Boolean = config.getBoolean("rokku.access-control.allow-create-delete-buckets") val auditEnabled: Boolean = config.getBoolean("rokku.access-control.enabled-audit") val className: String = config.getString("rokku.access-control.class-name") - val pluginParams: Map[String, String] = config.getConfig("rokku.access-control.plugin-params") + val pluginParams: Map[String, String] = ConfigFactory.parseString(config.getString("rokku.access-control.plugin-params")) .entrySet().asScala.map(e => e.getKey -> e.getValue.unwrapped().toString).toMap } diff --git a/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala b/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala index f390075b..b6a9b654 100644 --- a/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala +++ b/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala @@ -64,7 +64,7 @@ class AccessControlProviderRanger(config: java.util.Map[String, String]) extends prepareAccessRequest(rangerResource, request.accessType, null, Set(UserGroup(s"${config.get(ROLE_PREFIX_PARAM)}${roleValue}")).map(_.value.toLowerCase)) case _ => prepareAccessRequest( - rangerResource, request.accessType, request.user + config.get(USER_DOMAIN_POSTFIX_PARAM), request.userGroups.asScala.map(_.toLowerCase).toSet) + rangerResource, request.accessType, request.user + config.getOrDefault(USER_DOMAIN_POSTFIX_PARAM, ""), request.userGroups.asScala.map(_.toLowerCase).toSet) } rangerRequest.setAction(request.action)