POST user

Author: adwk67

Dockerfile

@@ -1,3 +1,3 @@
 FROM docker.stackable.tech/stackable/hadoop:3.3.6-stackable0.0.0-dev
 
-COPY --chown=stackable:stackable ./group-mapper-0.1.0-SNAPSHOT.jar /stackable/hadoop/share/hadoop/tools/lib/
+COPY --chown=stackable:stackable ./hdfs-group-mapper-0.1.0-SNAPSHOT.jar /stackable/hadoop/share/hadoop/tools/lib/

Tiltfile

@@ -1,6 +1,5 @@
 k8s_yaml('test/stack/05-opa.yaml')
 k8s_yaml('test/stack/10-hdfs.yaml')
-k8s_yaml('test/stack/15-rolebinding.yaml')
 
 local_resource(
   'compile authorizer',

pom.xml

@@ -3,11 +3,11 @@
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>tech.stackable</groupId>
-    <artifactId>group-mapper</artifactId>
+    <artifactId>hdfs-group-mapper</artifactId>
     <version>0.1.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
-    <name>group-mapper</name>
+    <name>hdfs-group-mapper</name>
     <url>http://maven.apache.org</url>
 
     <properties>
@@ -27,6 +27,12 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.36</version>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

src/main/java/tech/stackable/hadoop/StackableGroupMapper.java

@@ -1,7 +1,5 @@
 package tech.stackable.hadoop;
 
-import io.fabric8.kubernetes.client.DefaultKubernetesClient;
-import io.fabric8.kubernetes.client.KubernetesClient;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.GroupMappingServiceProvider;
 import org.apache.hadoop.util.Lists;
@@ -18,12 +16,10 @@
 public class StackableGroupMapper implements GroupMappingServiceProvider {
     private static final String OPA_MAPPING_URL_PROP = "hadoop.security.group.mapping.opa.url";
     private final Logger LOG = LoggerFactory.getLogger(StackableGroupMapper.class);
-    private final KubernetesClient client;
     private final Configuration configuration;
     private final HttpClient httpClient = HttpClient.newHttpClient();
 
     public StackableGroupMapper() {
-        this.client = new DefaultKubernetesClient();
         this.configuration = new Configuration();
     }
 
@@ -35,7 +31,7 @@ public StackableGroupMapper() {
      */
     @Override
     public List<String> getGroups(String user) throws IOException {
-        LOG.info("Calling StackableGroupMapper.getGroups...");
+        LOG.info("Calling StackableGroupMapper.getGroups for user [{}]", user);
 
         String opaMappingUrl = configuration.get(OPA_MAPPING_URL_PROP);
 
@@ -45,12 +41,15 @@ public List<String> getGroups(String user) throws IOException {
 
         URI opaUri = URI.create(opaMappingUrl);
         HttpResponse<String> response = null;
+
+        String body = String.format("{\"input\":{\"username\": \"%s\"}}", user);
+        LOG.info("Request body [{}]", body);
         try {
             response = httpClient.send(
-                    HttpRequest.newBuilder(opaUri).header("Content-Type", "application/json").GET().build(),
-                    //.POST(HttpRequest.BodyPublishers.ofByteArray(user.getBytes())).build(),
+                    HttpRequest.newBuilder(opaUri).header("Content-Type", "application/json")
+                            .POST(HttpRequest.BodyPublishers.ofString(body)).build(),
                     HttpResponse.BodyHandlers.ofString());
-            LOG.info("Opa response [{}]", response);
+            LOG.info("Opa response [{}]", response.body());
         } catch (InterruptedException e) {
             LOG.error(e.getMessage());
         }
@@ -73,7 +72,7 @@ public List<String> getGroups(String user) throws IOException {
     @Override
     public void cacheGroupsRefresh() {
         // does nothing in this provider of user to groups mapping
-        LOG.info("cacheGroupsRefresh: caching should be provided by the policy provider");
+        LOG.info("ignoring cacheGroupsRefresh: caching should be provided by the policy provider");
     }
 
     /**
@@ -84,6 +83,6 @@ public void cacheGroupsRefresh() {
     @Override
     public void cacheGroupsAdd(List<String> groups) {
         // does nothing in this provider of user to groups mapping
-        LOG.info("cacheGroupsAdd: caching should be provided by the policy provider");
+        LOG.info("ignoring cacheGroupsAdd: caching should be provided by the policy provider");
     }
 }

test/stack/05-opa.yaml

@@ -9,7 +9,30 @@ data:
   test.rego: |
     package hdfs
 
-    users := "me,myself,I"
+    groups := json.filter(users_by_name[input.username], ["groups"])
+
+    # returning data in the form presented by the UIF
+    users_by_name := {
+        "alice": {
+            "id": "af07f12c-1234-40a7-93e0-874537bdf3f5",
+            "username": "alice",
+            "groups": ["/superset-admin"],
+            "customAttributes": {},
+        },
+        "bob": {
+            "id": "af07f12c-2345-40a7-93e0-874537bdf3f5",
+            "username": "bob",
+            "groups": ["/admin"],
+            "customAttributes": {},
+        },
+        "stackable": {
+            "id": "af07f12c-3456-40a7-93e0-874537bdf3f5",
+            "username": "stackable",
+            "groups": ["/admin", "/superuser"],
+            "customAttributes": {},
+        },
+    }
+
 ---
 apiVersion: opa.stackable.tech/v1alpha1
 kind: OpaCluster