Skip to content

NIFI-8973 Implement KerberosUserService API with keytab, password, and ticket cache implementations#5277

Closed
bbende wants to merge 6 commits intoapache:mainfrom
bbende:NIFI-8973
Closed

NIFI-8973 Implement KerberosUserService API with keytab, password, and ticket cache implementations#5277
bbende wants to merge 6 commits intoapache:mainfrom
bbende:NIFI-8973

Conversation

@bbende
Copy link
Contributor

@bbende bbende commented Aug 3, 2021

Thank you for submitting a contribution to Apache NiFi.

Also includes - NIFI-8974 Integrate KerberosUserService with HDFS processors

Enables X functionality; fixes bug NIFI-YYYY.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

For all changes:

  • Is there a JIRA ticket associated with this PR? Is it referenced
    in the commit message?

  • Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.

  • Has your PR been rebased against the latest commit within the target branch (typically main)?

  • Is your initial contribution a single, squashed commit? Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not squash or use --force when pushing to allow for clean monitoring of changes.

For code changes:

  • Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
  • Have you written or updated unit tests to verify your changes?
  • Have you verified that the full build is successful on JDK 8?
  • Have you verified that the full build is successful on JDK 11?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
  • If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
  • If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?

For documentation related changes:

  • Have you ensured that format looks appropriate for the output in which it is rendered?

Note:

Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible.

gresockj
gresockj reviewed Aug 12, 2021
View reviewed changes
Copy link
Contributor

@gresockj gresockj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a nice improvement to streamline the Kerberos support, @bbende ! I just had some minor comments.

bbende added 4 commits August 17, 2021 14:15
@bbende
NIFI-8973 Implement KerberosUserService API and keytab, password, and…
0d09238 
… ticket cache implementations

NIFI-8974 Integrate KerberosUserService with HDFS processors
@bbende
NIFI-8980 Integrate KerberosUserService with Kafka 2.6 processors
11d20bc 
- Introduced SelfContainerKerberosUserService to restrict which impls can be used with Kafka
- Add variations of KerberosUser doAs that allow setting the context ClassLoader
- Add additional unit tests for configurations
@bbende
Address review feedback
c0d1982
@bbende
NIFI-8980 Add custom KerberosLogin implementation for Kafka 2.6 proce…
6ca6e15 
…ssors
exceptionfactory
exceptionfactory reviewed Aug 18, 2021
View reviewed changes
Copy link
Contributor

@exceptionfactory exceptionfactory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting this together @bbende, it looks like a great improvement to managing Kerberos authentication handling. The overall approach looks good, I noted a handful of small suggestions and questions.

@bbende
Copy link
Contributor Author

bbende commented Aug 18, 2021

@exceptionfactory thanks for the review, I think all comments should be addressed now, let me know if there is anything else

exceptionfactory
exceptionfactory approved these changes Aug 19, 2021
View reviewed changes
Copy link
Contributor

@exceptionfactory exceptionfactory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @bbende! Verified using GetHDFS with all three types of KerberosUserService implementations as well using existing properties. +1 Merging.

@asfgit asfgit closed this in 21c2fb9 Aug 19, 2021
krisztina-zsihovszki pushed a commit to krisztina-zsihovszki/nifi that referenced this pull request Jun 28, 2022
@bbende @krisztina-zsihovszki
NIFI-8973 Implement KerberosUserService API and keytab, password, and…
d96198a 
… ticket cache implementations

NIFI-8974 Integrate KerberosUserService with HDFS processors

NIFI-8980 Integrate KerberosUserService with Kafka 2.6 processors
- Introduced SelfContainerKerberosUserService to restrict which impls can be used with Kafka
- Add variations of KerberosUser doAs that allow setting the context ClassLoader
- Add additional unit tests for configurations

This closes apache#5277

Signed-off-by: David Handermann <exceptionfactory@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gresockj gresockj gresockj left review comments

@exceptionfactory exceptionfactory exceptionfactory approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bbende @gresockj @exceptionfactory