From 3da276dbbc4b9b79261bc77379c52df1c82b184c Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 15 Apr 2025 10:00:45 +0200 Subject: [PATCH 1/3] build nifi-opa-plugin from source with workaround --- nifi/Dockerfile | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 93daaa019..ff30691fa 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -80,6 +80,28 @@ rm -rf /stackable/nifi-${PRODUCT}/docs chmod -R g=u /stackable EOF +FROM stackable/image/java-devel AS opa-authorizer-builder + +ARG STACKABLE_USER_UID +ARG PRODUCT + +USER ${STACKABLE_USER_UID} +WORKDIR /stackable + +COPY --chown=${STACKABLE_USER_UID}:0 nifi/stackable/opa-authorizer/nifi-framework-api-version.patch /stackable/nifi-framework-api-version.patch + +# TODO: Set to tag after new release of nifi-opa-plugin +RUN git clone --depth 1 https://github.com/DavidGitter/nifi-opa-plugin.git && \ + cd nifi-opa-plugin && \ + git reset --hard cdf8c36 && \ + git apply /stackable/nifi-framework-api-version.patch && \ + cd authorizer && \ + mvn \ + --batch-mode \ + --no-transfer-progress \ + install \ + -DskipTests + FROM stackable/image/java-base AS final ARG PRODUCT @@ -97,6 +119,8 @@ LABEL name="Apache NiFi" \ COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-builder /stackable/nifi-${PRODUCT} /stackable/nifi-${PRODUCT}/ COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-builder /stackable/stackable-bcrypt.jar /stackable/stackable-bcrypt.jar +COPY --chown=${STACKABLE_USER_UID}:0 --from=opa-authorizer-builder /stackable/nifi-opa-plugin/authorizer/target/opa-authorizer.nar /stackable/nifi-${PRODUCT}/extensions/opa-authorizer.nar + COPY --chown=${STACKABLE_USER_UID}:0 nifi/stackable/bin /stackable/bin COPY --chown=${STACKABLE_USER_UID}:0 nifi/licenses /licenses COPY --chown=${STACKABLE_USER_UID}:0 nifi/python /stackable/python @@ -127,7 +151,7 @@ ln -s /stackable/nifi-${PRODUCT} /stackable/nifi chown --no-dereference ${STACKABLE_USER_UID}:0 /stackable/nifi chmod --recursive g=u /stackable/python chmod --recursive g=u /stackable/bin -chmod g=u /stackable/nifi-${PRODUCT} +chmod --recursive g=u /stackable/nifi-${PRODUCT} EOF # ---------------------------------------- From 66ec5ccaa00f47b7c7cb3a2c2abe63757f23ae68 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 15 Apr 2025 10:13:15 +0200 Subject: [PATCH 2/3] add changelog entry --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a15846112..a6a6f611a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ All notable changes to this project will be documented in this file. `check-permissions-ownership.sh` provided in stackable-base image ([#1025]). - zookeeper: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1043]). +- nifi: Add OPA authorizer plugin with workaround ([#1058]). ### Changed @@ -75,6 +76,7 @@ All notable changes to this project will be documented in this file. [#1054]: https://github.com/stackabletech/docker-images/pull/1054 [#1055]: https://github.com/stackabletech/docker-images/pull/1055 [#1056]: https://github.com/stackabletech/docker-images/pull/1056 +[#1058]: https://github.com/stackabletech/docker-images/pull/1058 ## [25.3.0] - 2025-03-21 From 625ed2407c1153859901841800ebb354613faf51 Mon Sep 17 00:00:00 2001 From: Benedikt Labrenz Date: Tue, 22 Apr 2025 16:54:02 +0200 Subject: [PATCH 3/3] add patch --- .../opa-authorizer/nifi-framework-api-version.patch | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 nifi/stackable/opa-authorizer/nifi-framework-api-version.patch diff --git a/nifi/stackable/opa-authorizer/nifi-framework-api-version.patch b/nifi/stackable/opa-authorizer/nifi-framework-api-version.patch new file mode 100644 index 000000000..0147ccb87 --- /dev/null +++ b/nifi/stackable/opa-authorizer/nifi-framework-api-version.patch @@ -0,0 +1,13 @@ +diff --git a/authorizer/pom.xml b/authorizer/pom.xml +index da074d7..55e76c3 100644 +--- a/authorizer/pom.xml ++++ b/authorizer/pom.xml +@@ -19,7 +19,7 @@ + UTF-8 + 11 + 11 +- 2.3.0 ++ 1.28.1 + + +