From 493b50888b0f3d292a531d9770e003982b209cd2 Mon Sep 17 00:00:00 2001
From: Krzysztof Zmij <kr7ysztof@gmail.com>
Date: Thu, 2 Nov 2023 14:12:48 +0100
Subject: [PATCH 1/3] fix plugin params

---
 build.sbt                           | 2 +-
 src/main/resources/application.conf | 6 +-----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/build.sbt b/build.sbt
index 9671a8cd..6ca81e44 100644
--- a/build.sbt
+++ b/build.sbt
@@ -88,7 +88,7 @@ scalariformPreferences := scalariformPreferences.value
     .setPreference(SingleCasePatternOnNewline, false)
 
 // hack for ranger conf dir - should contain files like ranger-s3-security.xml etc.
-bashScriptDefines / scriptClasspath ~= (cp => cp :+ ":/etc/rokku")
+bashScriptDefines / scriptClasspath ~= (cp => cp :+ ":/etc/rokku"+ ":/opt/docker/libs")
 
 //Coverage settings
 Compile / coverageMinimum := 70
diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf
index 47c1ca41..4714e981 100644
--- a/src/main/resources/application.conf
+++ b/src/main/resources/application.conf
@@ -9,11 +9,7 @@ rokku {
         allow-create-delete-buckets = ${?ROKKU_ALLOW_CREATE_DELETE_BUCKETS}
         enabled-audit = ${?ROKKU_ENABLED_AUDIT}
         class-name = ${?ROKKU_ACCESS_CONTROL_CLASS_NAME}
-        plugin-params {
-                    appId = ${?ROKKU_RANGER_API_ID}
-                    userDomainPostfix = ${?ROKKU_RANGER_USER_DOMAIN_POSTFIX}
-                    rolePrefix = ${?ROKKU_RANGER_ROLE_PREFIX}
-                }
+        plugin-params = ${?ROKKU_ACCESS_CONTROL_PLUGIN_PARAMS}
     }
     storage.s3 {
         # Settings for reaching backing storage.

From 9c1f88eb81059e393e00e77413eae7649e61759c Mon Sep 17 00:00:00 2001
From: Krzysztof Zmij <kr7ysztof@gmail.com>
Date: Thu, 2 Nov 2023 14:27:59 +0100
Subject: [PATCH 2/3] add additional dir for libs in docker

---
 build.sbt | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/build.sbt b/build.sbt
index 6ca81e44..b64f2925 100644
--- a/build.sbt
+++ b/build.sbt
@@ -1,6 +1,7 @@
+import com.typesafe.sbt.packager.MappingsHelper.contentOf
 import com.typesafe.sbt.packager.docker
-import com.typesafe.sbt.packager.docker.ExecCmd
-import scalariform.formatter.preferences._
+import com.typesafe.sbt.packager.docker.{Cmd, DockerChmodType, ExecCmd}
+import scalariform.formatter.preferences.*
 
 val rokkuVersion = scala.sys.env.getOrElse("ROKKU_VERSION", "SNAPSHOT")
 
@@ -87,8 +88,11 @@ scalariformPreferences := scalariformPreferences.value
     .setPreference(NewlineAtEndOfFile, true)
     .setPreference(SingleCasePatternOnNewline, false)
 
+dockerChmodType := DockerChmodType.UserGroupWriteExecute
+dockerCommands     += ExecCmd("RUN", "mkdir", "-p", "/opt/docker/lib/plugins")  //additional libs e.g. for authorization plugin
+
 // hack for ranger conf dir - should contain files like ranger-s3-security.xml etc.
-bashScriptDefines / scriptClasspath ~= (cp => cp :+ ":/etc/rokku"+ ":/opt/docker/libs")
+bashScriptDefines / scriptClasspath ~= (cp => cp :+ ":/etc/rokku"+ ":/opt/docker/lib/plugins/*")
 
 //Coverage settings
 Compile / coverageMinimum := 70

From 918746f7aa3812368a60a98f537e32471980f3c4 Mon Sep 17 00:00:00 2001
From: Krzysztof Zmij <kr7ysztof@gmail.com>
Date: Tue, 7 Nov 2023 09:25:28 +0100
Subject: [PATCH 3/3] fix plugin params configuration

---
 build.sbt                                                | 3 +--
 src/main/resources/reference.conf                        | 9 +--------
 .../proxy/config/AccessControlProviderSettings.scala     | 4 ++--
 .../proxy/provider/AccessControlProviderRanger.scala     | 2 +-
 4 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/build.sbt b/build.sbt
index b64f2925..01f99d6e 100644
--- a/build.sbt
+++ b/build.sbt
@@ -1,6 +1,5 @@
-import com.typesafe.sbt.packager.MappingsHelper.contentOf
 import com.typesafe.sbt.packager.docker
-import com.typesafe.sbt.packager.docker.{Cmd, DockerChmodType, ExecCmd}
+import com.typesafe.sbt.packager.docker.{DockerChmodType, ExecCmd}
 import scalariform.formatter.preferences.*
 
 val rokkuVersion = scala.sys.env.getOrElse("ROKKU_VERSION", "SNAPSHOT")
diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf
index 9c355214..a2d4d775 100644
--- a/src/main/resources/reference.conf
+++ b/src/main/resources/reference.conf
@@ -10,14 +10,7 @@ rokku {
         allow-create-delete-buckets = true
         enabled-audit = false
         class-name = "com.ing.wbaa.rokku.proxy.provider.AccessControlProviderRanger"
-        plugin-params {
-            appId = "testservice"
-            # make sure the service_type is equal to what is specified in
-            # ranger-s3-security.xml
-            serviceType = "s3"
-            userDomainPostfix = ""
-            rolePrefix = "role_"
-        }
+        plugin-params = "{appId:testservice, serviceType:s3, rolePrefix:role_}"
     }
 
     storage.s3 {
diff --git a/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala b/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala
index 0bc278d1..427aa905 100644
--- a/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala
+++ b/src/main/scala/com/ing/wbaa/rokku/proxy/config/AccessControlProviderSettings.scala
@@ -1,7 +1,7 @@
 package com.ing.wbaa.rokku.proxy.config
 
 import akka.actor.{ ExtendedActorSystem, Extension, ExtensionId, ExtensionIdProvider }
-import com.typesafe.config.Config
+import com.typesafe.config.{ Config, ConfigFactory }
 
 import scala.jdk.CollectionConverters._
 
@@ -10,7 +10,7 @@ class AccessControlProviderSettings(config: Config) extends Extension {
   val createDeleteBucketsEnabled: Boolean = config.getBoolean("rokku.access-control.allow-create-delete-buckets")
   val auditEnabled: Boolean = config.getBoolean("rokku.access-control.enabled-audit")
   val className: String = config.getString("rokku.access-control.class-name")
-  val pluginParams: Map[String, String] = config.getConfig("rokku.access-control.plugin-params")
+  val pluginParams: Map[String, String] = ConfigFactory.parseString(config.getString("rokku.access-control.plugin-params"))
     .entrySet().asScala.map(e => e.getKey -> e.getValue.unwrapped().toString).toMap
 }
 
diff --git a/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala b/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala
index f390075b..b6a9b654 100644
--- a/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala
+++ b/src/main/scala/com/ing/wbaa/rokku/proxy/provider/AccessControlProviderRanger.scala
@@ -64,7 +64,7 @@ class AccessControlProviderRanger(config: java.util.Map[String, String]) extends
         prepareAccessRequest(rangerResource, request.accessType, null, Set(UserGroup(s"${config.get(ROLE_PREFIX_PARAM)}${roleValue}")).map(_.value.toLowerCase))
       case _ =>
         prepareAccessRequest(
-          rangerResource, request.accessType, request.user + config.get(USER_DOMAIN_POSTFIX_PARAM), request.userGroups.asScala.map(_.toLowerCase).toSet)
+          rangerResource, request.accessType, request.user + config.getOrDefault(USER_DOMAIN_POSTFIX_PARAM, ""), request.userGroups.asScala.map(_.toLowerCase).toSet)
     }
 
     rangerRequest.setAction(request.action)