Configure static JWT in OLAC_FGAC

To configure a static JWT key for OLAC_FGAC in Apache Spark, perform the following additional steps as part of the setup:

JWT Configuration¶

1. Copy the JWT public key file to the config folder

   cd ~/privacera-oss-plugin/config
   cp ~/privacera/privacera-manager/output/spark-standalone/spark_custom_conf/OLAC_FGAC/<JWT_TOKEN_PUBLIC_KEY> ~/privacera-oss-plugin/config/
   

2. Update the static JWT public key, path in privacera_spark.properties

   cd ~/privacera-oss-plugin/config
   vi privacera_spark.properties
   
   privacera.jwt.<JWT_TOKEN_INDEX>.token.publickey=/opt/privacera/<JWT_TOKEN_PUBLIC_KEY>
   

   • Once done with above steps follow the step to generate deployment file Generate Privacera Deployment File

3. Update the Dockerfile to include JWT public key file inside the OLAC_FGAC block

   cd ~/privacera-oss-plugin/
   vi Dockerfile
   
   ln -sf /privacera-secret/<JWT_TOKEN_PUBLIC_KEY> /opt/privacera/<JWT_TOKEN_PUBLIC_KEY> && \
   

   • The updated Dockerfile code block for creating symlink will look like

     RUN if [ "$PRIVACERA_SPARK_PLUGIN_TYPE" = "OLAC_FGAC" ]; then \
           ln -sf /privacera-secret/auditserver-secrets-keystore.jks /opt/privacera/auditserver-secrets-keystore.jks && \
           ln -sf /privacera-secret/ranger-plugin-keystore.p12 /opt/privacera/ranger-plugin-keystore.p12 && \
           ln -sf /privacera-secret/<JWT_TOKEN_PUBLIC_KEY> /opt/privacera/<JWT_TOKEN_PUBLIC_KEY> && \
           ln -sf /privacera-secret/ranger.jceks /opt/privacera/ranger.jceks ; \
      fi
     

   • Build the Dockerfile Building Dockerfile

4. Update the kubectl secret creation command in the apply.sh script to include the JWT public key file inside the OLAC_FGAC block

   cd ~/privacera-oss-plugin/k8s  
   vi apply.sh
   
   --from-file=${SCRIPT_DIR}/../config/<JWT_TOKEN_PUBLIC_KEY> \
   

   • The updated kubectl create secret block should look like

     elif [[ "${PRIVACERA_SPARK_PLUGIN_TYPE}" == "OLAC_FGAC" ]]; then
        kubectl create secret generic "${PRIVACERA_SECRET_NAME}" \
          --from-file="${SCRIPT_DIR}/../config/privacera_spark.properties" \
          --from-file="${SCRIPT_DIR}/../config/global-truststore.p12" \
          --from-file="${SCRIPT_DIR}/../config/auditserver-secrets-keystore.jks" \
          --from-file="${SCRIPT_DIR}/../config/ranger-plugin-keystore.p12" \
          --from-file="${SCRIPT_DIR}/../config/ranger.jceks" \
          -n "${SPARK_NAME_SPACE}"
     fi
     

   • Apply the Kubernetes Deployment files Applying Deployment Files