Search in sources :

Example 76 with PropertyDescriptor

use of org.apache.nifi.components.PropertyDescriptor in project nifi by apache.

the class HiveConnectionPool method init.

@Override
protected void init(final ControllerServiceInitializationContext context) {
    List<PropertyDescriptor> props = new ArrayList<>();
    props.add(DATABASE_URL);
    props.add(HIVE_CONFIGURATION_RESOURCES);
    props.add(DB_USER);
    props.add(DB_PASSWORD);
    props.add(MAX_WAIT_TIME);
    props.add(MAX_TOTAL_CONNECTIONS);
    props.add(VALIDATION_QUERY);
    props.add(KERBEROS_CREDENTIALS_SERVICE);
    kerberosConfigFile = context.getKerberosConfigurationFile();
    kerberosProperties = new KerberosProperties(kerberosConfigFile);
    props.add(kerberosProperties.getKerberosPrincipal());
    props.add(kerberosProperties.getKerberosKeytab());
    properties = props;
}
Also used : PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ArrayList(java.util.ArrayList) KerberosProperties(org.apache.nifi.hadoop.KerberosProperties)

Example 77 with PropertyDescriptor

use of org.apache.nifi.components.PropertyDescriptor in project nifi by apache.

the class HiveConnectionPool method onConfigured.

/**
 * Configures connection pool by creating an instance of the
 * {@link BasicDataSource} based on configuration provided with
 * {@link ConfigurationContext}.
 * <p>
 * This operation makes no guarantees that the actual connection could be
 * made since the underlying system may still go off-line during normal
 * operation of the connection pool.
 * <p/>
 * As of Apache NiFi 1.5.0, due to changes made to
 * {@link SecurityUtil#loginKerberos(Configuration, String, String)}, which is used by this class invoking
 * {@link HiveConfigurator#authenticate(Configuration, String, String)}
 * to authenticate a principal with Kerberos, Hive controller services no longer
 * attempt relogins explicitly.  For more information, please read the documentation for
 * {@link SecurityUtil#loginKerberos(Configuration, String, String)}.
 * <p/>
 * In previous versions of NiFi, a {@link org.apache.nifi.hadoop.KerberosTicketRenewer} was started by
 * {@link HiveConfigurator#authenticate(Configuration, String, String, long)} when the Hive
 * controller service was enabled.  The use of a separate thread to explicitly relogin could cause race conditions
 * with the implicit relogin attempts made by hadoop/Hive code on a thread that references the same
 * {@link UserGroupInformation} instance.  One of these threads could leave the
 * {@link javax.security.auth.Subject} in {@link UserGroupInformation} to be cleared or in an unexpected state
 * while the other thread is attempting to use the {@link javax.security.auth.Subject}, resulting in failed
 * authentication attempts that would leave the Hive controller service in an unrecoverable state.
 *
 * @see SecurityUtil#loginKerberos(Configuration, String, String)
 * @see HiveConfigurator#authenticate(Configuration, String, String)
 * @see HiveConfigurator#authenticate(Configuration, String, String, long)
 * @param context the configuration context
 * @throws InitializationException if unable to create a database connection
 */
@OnEnabled
public void onConfigured(final ConfigurationContext context) throws InitializationException {
    ComponentLog log = getLogger();
    final String configFiles = context.getProperty(HIVE_CONFIGURATION_RESOURCES).evaluateAttributeExpressions().getValue();
    final Configuration hiveConfig = hiveConfigurator.getConfigurationFromFiles(configFiles);
    final String validationQuery = context.getProperty(VALIDATION_QUERY).evaluateAttributeExpressions().getValue();
    // add any dynamic properties to the Hive configuration
    for (final Map.Entry<PropertyDescriptor, String> entry : context.getProperties().entrySet()) {
        final PropertyDescriptor descriptor = entry.getKey();
        if (descriptor.isDynamic()) {
            hiveConfig.set(descriptor.getName(), context.getProperty(descriptor).evaluateAttributeExpressions().getValue());
        }
    }
    final String drv = HiveDriver.class.getName();
    if (SecurityUtil.isSecurityEnabled(hiveConfig)) {
        final String explicitPrincipal = context.getProperty(kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
        final String explicitKeytab = context.getProperty(kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
        final KerberosCredentialsService credentialsService = context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
        final String resolvedPrincipal;
        final String resolvedKeytab;
        if (credentialsService == null) {
            resolvedPrincipal = explicitPrincipal;
            resolvedKeytab = explicitKeytab;
        } else {
            resolvedPrincipal = credentialsService.getPrincipal();
            resolvedKeytab = credentialsService.getKeytab();
        }
        log.info("Hive Security Enabled, logging in as principal {} with keytab {}", new Object[] { resolvedPrincipal, resolvedKeytab });
        try {
            ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, resolvedKeytab);
        } catch (AuthenticationFailedException ae) {
            log.error(ae.getMessage(), ae);
        }
        getLogger().info("Successfully logged in as principal {} with keytab {}", new Object[] { resolvedPrincipal, resolvedKeytab });
    }
    final String user = context.getProperty(DB_USER).evaluateAttributeExpressions().getValue();
    final String passw = context.getProperty(DB_PASSWORD).evaluateAttributeExpressions().getValue();
    final Long maxWaitMillis = context.getProperty(MAX_WAIT_TIME).evaluateAttributeExpressions().asTimePeriod(TimeUnit.MILLISECONDS);
    final Integer maxTotal = context.getProperty(MAX_TOTAL_CONNECTIONS).evaluateAttributeExpressions().asInteger();
    dataSource = new BasicDataSource();
    dataSource.setDriverClassName(drv);
    connectionUrl = context.getProperty(DATABASE_URL).evaluateAttributeExpressions().getValue();
    dataSource.setMaxWait(maxWaitMillis);
    dataSource.setMaxActive(maxTotal);
    if (validationQuery != null && !validationQuery.isEmpty()) {
        dataSource.setValidationQuery(validationQuery);
        dataSource.setTestOnBorrow(true);
    }
    dataSource.setUrl(connectionUrl);
    dataSource.setUsername(user);
    dataSource.setPassword(passw);
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) AuthenticationFailedException(org.apache.nifi.util.hive.AuthenticationFailedException) KerberosCredentialsService(org.apache.nifi.kerberos.KerberosCredentialsService) ComponentLog(org.apache.nifi.logging.ComponentLog) Map(java.util.Map) BasicDataSource(org.apache.commons.dbcp.BasicDataSource) OnEnabled(org.apache.nifi.annotation.lifecycle.OnEnabled)

Example 78 with PropertyDescriptor

use of org.apache.nifi.components.PropertyDescriptor in project nifi by apache.

the class AbstractCredentialsStrategy method validate.

@Override
public Collection<ValidationResult> validate(final ValidationContext validationContext, final CredentialsStrategy primaryStrategy) {
    boolean thisIsSelectedStrategy = this == primaryStrategy;
    String requiredMessageFormat = "property %1$s must be set with %2$s";
    String excludedMessageFormat = "property %1$s cannot be used with %2$s";
    String failureFormat = thisIsSelectedStrategy ? requiredMessageFormat : excludedMessageFormat;
    Collection<ValidationResult> validationFailureResults = null;
    for (PropertyDescriptor requiredProperty : requiredProperties) {
        boolean requiredPropertyIsSet = validationContext.getProperty(requiredProperty).isSet();
        if (requiredPropertyIsSet != thisIsSelectedStrategy) {
            String message = String.format(failureFormat, requiredProperty.getDisplayName(), primaryStrategy.getName());
            if (validationFailureResults == null) {
                validationFailureResults = new ArrayList<>();
            }
            validationFailureResults.add(new ValidationResult.Builder().subject(requiredProperty.getDisplayName()).valid(false).explanation(message).build());
        }
    }
    return validationFailureResults;
}
Also used : PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ValidationResult(org.apache.nifi.components.ValidationResult)

Example 79 with PropertyDescriptor

use of org.apache.nifi.components.PropertyDescriptor in project nifi by apache.

the class AbstractCredentialsStrategy method canCreatePrimaryCredential.

@Override
public boolean canCreatePrimaryCredential(Map<PropertyDescriptor, String> properties) {
    for (PropertyDescriptor requiredProperty : requiredProperties) {
        boolean containsRequiredProperty = properties.containsKey(requiredProperty);
        String propertyValue = properties.get(requiredProperty);
        boolean containsValue = propertyValue != null;
        if (!containsRequiredProperty || !containsValue) {
            return false;
        }
    }
    return true;
}
Also used : PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)

Example 80 with PropertyDescriptor

use of org.apache.nifi.components.PropertyDescriptor in project nifi by apache.

the class CredentialsFactoryTest method testComputeEngineCredentials.

@Test
public void testComputeEngineCredentials() throws Exception {
    final TestRunner runner = TestRunners.newTestRunner(MockCredentialsFactoryProcessor.class);
    runner.setProperty(CredentialPropertyDescriptors.USE_COMPUTE_ENGINE_CREDENTIALS, "true");
    runner.assertValid();
    Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
    final CredentialsFactory factory = new CredentialsFactory();
    final GoogleCredentials credentials = factory.getGoogleCredentials(properties);
    assertNotNull(credentials);
    assertEquals("credentials class should be equal", ComputeEngineCredentials.class, credentials.getClass());
}
Also used : PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) TestRunner(org.apache.nifi.util.TestRunner) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Test(org.junit.Test)

Aggregations

PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)206 HashMap (java.util.HashMap)97 Test (org.junit.Test)67 Map (java.util.Map)57 ArrayList (java.util.ArrayList)49 HashSet (java.util.HashSet)24 IOException (java.io.IOException)23 Relationship (org.apache.nifi.processor.Relationship)22 ComponentLog (org.apache.nifi.logging.ComponentLog)21 LinkedHashMap (java.util.LinkedHashMap)20 ControllerServiceNode (org.apache.nifi.controller.service.ControllerServiceNode)19 TestRunner (org.apache.nifi.util.TestRunner)19 ValidationResult (org.apache.nifi.components.ValidationResult)17 ProcessException (org.apache.nifi.processor.exception.ProcessException)17 FlowFile (org.apache.nifi.flowfile.FlowFile)16 LinkedHashSet (java.util.LinkedHashSet)15 BundleCoordinate (org.apache.nifi.bundle.BundleCoordinate)14 PropertyValue (org.apache.nifi.components.PropertyValue)14 URL (java.net.URL)13 OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)13