Skip to content

feat(nifi): Add NiFi OPA Authorizer #1058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 35 commits into from
May 19, 2025
Merged

feat(nifi): Add NiFi OPA Authorizer #1058

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
3da276d
build nifi-opa-plugin from source with workaround
labrenbe Apr 15, 2025
f494190
Merge remote-tracking branch 'origin/main' into feat/nifi-opa-authorizer
labrenbe Apr 15, 2025
66ec5cc
add changelog entry
labrenbe Apr 15, 2025
625ed24
add patch
labrenbe Apr 22, 2025
fe883b9
build nifi-opa-plugin from branch feat/reworked-opa-response
labrenbe May 2, 2025
999b808
Update nifi/Dockerfile
labrenbe May 8, 2025
f044dac
chore(⏲): Use fast download mirrors (#1061)
NickLarsenNZ Apr 24, 2025
ecb9ab7
chore(⏲): Add missing tool update tasks to templates (#1062)
NickLarsenNZ Apr 24, 2025
0fe577d
feat: move patch apply logic to patchable (#1032)
dervoeti Apr 24, 2025
3b64334
fix: add missing patchable config for Kafka 3.8.0 (#1065)
dervoeti Apr 24, 2025
14fb8ba
fix(pr-template): Fix the rendering of the list (#1073)
NickLarsenNZ May 2, 2025
692f0ba
feat: make image namespace a workflow input (default sdp) (#1072)
razvan May 2, 2025
7bce697
ci(mirror): Include image name and version in run-name (#1089)
Techassi May 5, 2025
51c5f8c
fix: spark connect client Harbor credentials (#1088)
dervoeti May 5, 2025
d779cfc
fix: spark connect client Harbor credentials (#1092)
dervoeti May 5, 2025
e4f3866
feat: connect client image includes JupyterLab (#1071)
razvan May 5, 2025
5bed54d
chore: Bump tools ahead of 25.7.0 (#1090)
NickLarsenNZ May 5, 2025
24c4afa
chore(java): Add JDK 24 (#1097)
NickLarsenNZ May 5, 2025
27c527c
chore(vector): Bump to 0.46.1 (#1098)
NickLarsenNZ May 5, 2025
439d9fe
chore(zookeeper): Remove 3.9.2 (#1093)
NickLarsenNZ May 5, 2025
3b0674f
chore(ubi-rust-builders): Update container images ahead of Stackable …
NickLarsenNZ May 5, 2025
f456229
chore(opa): Update versions ahead of 25.7.0 (#1103)
NickLarsenNZ May 7, 2025
297d4eb
fix: Bump vector to 0.46.1 for java-base:24 (#1104)
NickLarsenNZ May 7, 2025
3203717
chore(superset): Add 4.1.2 (#1102)
NickLarsenNZ May 7, 2025
31490f8
feat(nifi): Add nifi-iceberg-bundle (#1060)
sbernauer May 7, 2025
c825aab
fix(nifi): Delete correct intermediate folder (#1106)
sbernauer May 7, 2025
d3d5067
Merge remote-tracking branch 'origin/main' into feat/nifi-opa-authorizer
labrenbe May 8, 2025
7d027da
fix Dockerfile
labrenbe May 8, 2025
f1d05ff
build nifi opa plugin from tag
labrenbe May 9, 2025
ce891af
Merge remote-tracking branch 'origin/main' into feat/nifi-opa-authorizer
labrenbe May 12, 2025
d4762a4
Update CHANGELOG.md
labrenbe May 16, 2025
cd0948f
Merge remote-tracking branch 'origin/main' into feat/nifi-opa-authorizer
labrenbe May 16, 2025
7d1aece
fix hadolint
labrenbe May 16, 2025
07c853a
Update nifi/Dockerfile
labrenbe May 16, 2025
32011f5
Merge remote-tracking branch 'origin/main' into feat/nifi-opa-authorizer
labrenbe May 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ All notable changes to this project will be documented in this file.
`check-permissions-ownership.sh` provided in stackable-base image ([#1025]).
- zookeeper: check for correct permissions and ownerships in /stackable folder via
`check-permissions-ownership.sh` provided in stackable-base image ([#1043]).
- nifi: Add OPA authorizer plugin with workaround ([#1058]).

### Changed

Expand Down Expand Up @@ -75,6 +76,7 @@ All notable changes to this project will be documented in this file.
[#1054]: https://github.com/stackabletech/docker-images/pull/1054
[#1055]: https://github.com/stackabletech/docker-images/pull/1055
[#1056]: https://github.com/stackabletech/docker-images/pull/1056
[#1058]: https://github.com/stackabletech/docker-images/pull/1058

## [25.3.0] - 2025-03-21

Expand Down
23 changes: 23 additions & 0 deletions nifi/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,27 @@ rm -rf /stackable/nifi-${PRODUCT}/docs
chmod -R g=u /stackable
EOF

FROM stackable/image/java-devel AS opa-authorizer-builder

ARG STACKABLE_USER_UID
ARG PRODUCT

USER ${STACKABLE_USER_UID}
WORKDIR /stackable

# TODO: Set to tag after new release of nifi-opa-plugin
RUN git clone --depth 1 --branch feat/reworked-opa-response https://github.com/DavidGitter/nifi-opa-plugin.git && \
cd nifi-opa-plugin/authorizer && \
mvn \
--batch-mode \
--no-transfer-progress \
install \
-DskipTests \
-Pnifi-${PRODUCT}

# Set correct permissions
RUN chmod g=u /stackable/nifi-opa-plugin/authorizer/target/opa-authorizer.nar

FROM stackable/image/java-base AS final

ARG PRODUCT
Expand All @@ -97,6 +118,8 @@ LABEL name="Apache NiFi" \
COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-builder /stackable/nifi-${PRODUCT} /stackable/nifi-${PRODUCT}/
COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-builder /stackable/stackable-bcrypt.jar /stackable/stackable-bcrypt.jar

COPY --chown=${STACKABLE_USER_UID}:0 --from=opa-authorizer-builder /stackable/nifi-opa-plugin/authorizer/target/opa-authorizer.nar /stackable/nifi-${PRODUCT}/extensions/opa-authorizer.nar

COPY --chown=${STACKABLE_USER_UID}:0 nifi/stackable/bin /stackable/bin
COPY --chown=${STACKABLE_USER_UID}:0 nifi/licenses /licenses
COPY --chown=${STACKABLE_USER_UID}:0 nifi/python /stackable/python
Expand Down