Skip to content

feat(nifi): Add NiFi OPA Authorizer #1058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

feat(nifi): Add NiFi OPA Authorizer #1058

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
3da276d
build nifi-opa-plugin from source with workaround
labrenbe Apr 15, 2025
f494190
Merge remote-tracking branch 'origin/main' into feat/nifi-opa-authorizer
labrenbe Apr 15, 2025
66ec5cc
add changelog entry
labrenbe Apr 15, 2025
625ed24
add patch
labrenbe Apr 22, 2025
fe883b9
build nifi-opa-plugin from branch feat/reworked-opa-response
labrenbe May 2, 2025
999b808
Update nifi/Dockerfile
labrenbe May 8, 2025
f044dac
chore(⏲): Use fast download mirrors (#1061)
NickLarsenNZ Apr 24, 2025
ecb9ab7
chore(⏲): Add missing tool update tasks to templates (#1062)
NickLarsenNZ Apr 24, 2025
0fe577d
feat: move patch apply logic to patchable (#1032)
dervoeti Apr 24, 2025
3b64334
fix: add missing patchable config for Kafka 3.8.0 (#1065)
dervoeti Apr 24, 2025
14fb8ba
fix(pr-template): Fix the rendering of the list (#1073)
NickLarsenNZ May 2, 2025
692f0ba
feat: make image namespace a workflow input (default sdp) (#1072)
razvan May 2, 2025
7bce697
ci(mirror): Include image name and version in run-name (#1089)
Techassi May 5, 2025
51c5f8c
fix: spark connect client Harbor credentials (#1088)
dervoeti May 5, 2025
d779cfc
fix: spark connect client Harbor credentials (#1092)
dervoeti May 5, 2025
e4f3866
feat: connect client image includes JupyterLab (#1071)
razvan May 5, 2025
5bed54d
chore: Bump tools ahead of 25.7.0 (#1090)
NickLarsenNZ May 5, 2025
24c4afa
chore(java): Add JDK 24 (#1097)
NickLarsenNZ May 5, 2025
27c527c
chore(vector): Bump to 0.46.1 (#1098)
NickLarsenNZ May 5, 2025
439d9fe
chore(zookeeper): Remove 3.9.2 (#1093)
NickLarsenNZ May 5, 2025
3b0674f
chore(ubi-rust-builders): Update container images ahead of Stackable …
NickLarsenNZ May 5, 2025
f456229
chore(opa): Update versions ahead of 25.7.0 (#1103)
NickLarsenNZ May 7, 2025
297d4eb
fix: Bump vector to 0.46.1 for java-base:24 (#1104)
NickLarsenNZ May 7, 2025
3203717
chore(superset): Add 4.1.2 (#1102)
NickLarsenNZ May 7, 2025
31490f8
feat(nifi): Add nifi-iceberg-bundle (#1060)
sbernauer May 7, 2025
c825aab
fix(nifi): Delete correct intermediate folder (#1106)
sbernauer May 7, 2025
d3d5067
Merge remote-tracking branch 'origin/main' into feat/nifi-opa-authorizer
labrenbe May 8, 2025
7d027da
fix Dockerfile
labrenbe May 8, 2025
f1d05ff
build nifi opa plugin from tag
labrenbe May 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ All notable changes to this project will be documented in this file.
`check-permissions-ownership.sh` provided in stackable-base image ([#1025]).
- zookeeper: check for correct permissions and ownerships in /stackable folder via
`check-permissions-ownership.sh` provided in stackable-base image ([#1043]).
- nifi: Add OPA authorizer plugin with workaround ([#1058]).
- nifi: Add [nifi-iceberg-bundle](https://github.com/stackabletech/nifi-iceberg-bundle) for NiFi `2.2.0` ([#1060], [#1106]).
- java: Add JDK 24 ([#1097]).
- ci: Add golang image to mirror workflow ([#1103]).
Expand Down Expand Up @@ -93,6 +94,7 @@ All notable changes to this project will be documented in this file.
[#1054]: https://github.com/stackabletech/docker-images/pull/1054
[#1055]: https://github.com/stackabletech/docker-images/pull/1055
[#1056]: https://github.com/stackabletech/docker-images/pull/1056
[#1058]: https://github.com/stackabletech/docker-images/pull/1058
[#1060]: https://github.com/stackabletech/docker-images/pull/1060
[#1090]: https://github.com/stackabletech/docker-images/pull/1090
[#1091]: https://github.com/stackabletech/docker-images/pull/1091
Expand Down
34 changes: 33 additions & 1 deletion nifi/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ mkdir -p /stackable

# NiFI 1.x natively supports Iceberg, no need to build an iceberg-bundle for it
if [[ "${PRODUCT}" != 1.* ]] ; then
curl "https://github.com/stackabletech/nifi-iceberg-bundle/archive/refs/tags/${NIFI_ICEBERG_BUNDLE}.tar.gz" | tar -xzC .
curl -L "https://github.com/stackabletech/nifi-iceberg-bundle/archive/refs/tags/${NIFI_ICEBERG_BUNDLE}.tar.gz" | tar -xzC .
cd nifi-iceberg-bundle-${NIFI_ICEBERG_BUNDLE} || exit

mvn \
Expand All @@ -104,6 +104,36 @@ chmod g=u /stackable/*.sbom.json
fi
EOF

FROM stackable/image/java-devel AS opa-authorizer-builder

ARG NIFI_OPA_AUTHORIZER_PLUGIN
ARG STACKABLE_USER_UID
ARG PRODUCT

USER ${STACKABLE_USER_UID}
WORKDIR /build

RUN <<EOF
mkdir -p /stackable

curl -L "https://github.com/DavidGitter/nifi-opa-plugin/archive/refs/tags/v${NIFI_OPA_AUTHORIZER_PLUGIN}.tar.gz" | tar -xzC .
cd nifi-opa-plugin-${NIFI_OPA_AUTHORIZER_PLUGIN}/authorizer

mvn \
--batch-mode \
--no-transfer-progress \
clean package \
-DskipTests \
-Pnifi-${PRODUCT}

cd ..
cp ./authorizer/target/opa-authorizer.nar /stackable/opa-authorizer.nar
cp ./LICENSE /stackable/LICENSE

# Set correct permissions
chmod g=u /stackable/opa-authorizer.nar
EOF

FROM stackable/image/java-base AS final

ARG PRODUCT
Expand All @@ -123,6 +153,8 @@ COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-builder /stackable/stackable-bc
COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-iceberg-bundle-builder /stackable/*.nar /stackable/nifi-${PRODUCT}/lib/
COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-iceberg-bundle-builder /stackable/*.sbom.json /stackable/nifi-${PRODUCT}/lib/

COPY --chown=${STACKABLE_USER_UID}:0 --from=opa-authorizer-builder /stackable/opa-authorizer.nar /stackable/nifi-${PRODUCT}/extensions/opa-authorizer.nar
COPY --chown=${STACKABLE_USER_UID}:0 --from=opa-authorizer-builder /stackable//LICENSE /licenses/NIFI_OPA_PLUGIN_LICENSE
COPY --chown=${STACKABLE_USER_UID}:0 nifi/stackable/bin /stackable/bin
COPY --chown=${STACKABLE_USER_UID}:0 nifi/licenses /licenses
COPY --chown=${STACKABLE_USER_UID}:0 nifi/python /stackable/python
Expand Down
3 changes: 3 additions & 0 deletions nifi/versions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,19 @@
"product": "1.27.0",
"java-base": "11",
"java-devel": "11", # There is an error when trying to use the jdk 21 (since nifi 1.26.0)
"nifi_opa_authorizer_plugin": "0.1.0",
},
{
"product": "1.28.1",
"java-base": "11",
"java-devel": "11",
"nifi_opa_authorizer_plugin": "0.1.0",
},
{
"product": "2.2.0",
"java-base": "21",
"java-devel": "21",
"nifi_iceberg_bundle": "0.0.3",
"nifi_opa_authorizer_plugin": "0.1.0",
},
]
Loading