Example 1 with ComponentAuthorizable
use of org.apache.nifi.authorization.ComponentAuthorizable in project nifi by apache.
the class ControllerResource method createReportingTask.
// ---------------
// reporting tasks
// ---------------
/**
* Creates a new Reporting Task.
*
* @param httpServletRequest request
* @param requestReportingTaskEntity A reportingTaskEntity.
* @return A reportingTaskEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("reporting-tasks")
@ApiOperation(value = "Creates a new reporting task", response = ReportingTaskEntity.class, authorizations = { @Authorization(value = "Write - /controller"), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}"), @Authorization(value = "Write - if the Reporting Task is restricted - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createReportingTask(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The reporting task configuration details.", required = true) final ReportingTaskEntity requestReportingTaskEntity) {
if (requestReportingTaskEntity == null || requestReportingTaskEntity.getComponent() == null) {
throw new IllegalArgumentException("Reporting task details must be specified.");
}
if (requestReportingTaskEntity.getRevision() == null || (requestReportingTaskEntity.getRevision().getVersion() == null || requestReportingTaskEntity.getRevision().getVersion() != 0)) {
throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Reporting task.");
}
final ReportingTaskDTO requestReportingTask = requestReportingTaskEntity.getComponent();
if (requestReportingTask.getId() != null) {
throw new IllegalArgumentException("Reporting task ID cannot be specified.");
}
if (StringUtils.isBlank(requestReportingTask.getType())) {
throw new IllegalArgumentException("The type of reporting task to create must be specified.");
}
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestReportingTaskEntity);
}
return withWriteLock(serviceFacade, requestReportingTaskEntity, lookup -> {
authorizeController(RequestAction.WRITE);
ComponentAuthorizable authorizable = null;
try {
authorizable = lookup.getConfigurableComponent(requestReportingTask.getType(), requestReportingTask.getBundle());
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
if (requestReportingTask.getProperties() != null) {
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(requestReportingTask.getProperties(), authorizable, authorizer, lookup);
}
} finally {
if (authorizable != null) {
authorizable.cleanUpResources();
}
}
}, () -> serviceFacade.verifyCreateReportingTask(requestReportingTask), (reportingTaskEntity) -> {
final ReportingTaskDTO reportingTask = reportingTaskEntity.getComponent();
// set the processor id as appropriate
reportingTask.setId(generateUuid());
// create the reporting task and generate the json
final Revision revision = getRevision(reportingTaskEntity, reportingTask.getId());
final ReportingTaskEntity entity = serviceFacade.createReportingTask(revision, reportingTask);
reportingTaskResource.populateRemainingReportingTaskEntityContent(entity);
// build the response
return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Revision(org.apache.nifi.web.Revision)
ReportingTaskDTO(org.apache.nifi.web.api.dto.ReportingTaskDTO)
ReportingTaskEntity(org.apache.nifi.web.api.entity.ReportingTaskEntity)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with ComponentAuthorizable
use of org.apache.nifi.authorization.ComponentAuthorizable in project nifi by apache.
the class ControllerResource method createControllerService.
// -------------------
// controller services
// -------------------
/**
* Creates a new Controller Service.
*
* @param httpServletRequest request
* @param requestControllerServiceEntity A controllerServiceEntity.
* @return A controllerServiceEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("controller-services")
@ApiOperation(value = "Creates a new controller service", response = ControllerServiceEntity.class, authorizations = { @Authorization(value = "Write - /controller"), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}"), @Authorization(value = "Write - if the Controller Service is restricted - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createControllerService(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The controller service configuration details.", required = true) final ControllerServiceEntity requestControllerServiceEntity) {
if (requestControllerServiceEntity == null || requestControllerServiceEntity.getComponent() == null) {
throw new IllegalArgumentException("Controller service details must be specified.");
}
if (requestControllerServiceEntity.getRevision() == null || (requestControllerServiceEntity.getRevision().getVersion() == null || requestControllerServiceEntity.getRevision().getVersion() != 0)) {
throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Controller service.");
}
final ControllerServiceDTO requestControllerService = requestControllerServiceEntity.getComponent();
if (requestControllerService.getId() != null) {
throw new IllegalArgumentException("Controller service ID cannot be specified.");
}
if (requestControllerService.getParentGroupId() != null) {
throw new IllegalArgumentException("Parent process group ID cannot be specified.");
}
if (StringUtils.isBlank(requestControllerService.getType())) {
throw new IllegalArgumentException("The type of controller service to create must be specified.");
}
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestControllerServiceEntity);
}
return withWriteLock(serviceFacade, requestControllerServiceEntity, lookup -> {
authorizeController(RequestAction.WRITE);
ComponentAuthorizable authorizable = null;
try {
authorizable = lookup.getConfigurableComponent(requestControllerService.getType(), requestControllerService.getBundle());
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
if (requestControllerService.getProperties() != null) {
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(requestControllerService.getProperties(), authorizable, authorizer, lookup);
}
} finally {
if (authorizable != null) {
authorizable.cleanUpResources();
}
}
}, () -> serviceFacade.verifyCreateControllerService(requestControllerService), (controllerServiceEntity) -> {
final ControllerServiceDTO controllerService = controllerServiceEntity.getComponent();
// set the processor id as appropriate
controllerService.setId(generateUuid());
// create the controller service and generate the json
final Revision revision = getRevision(controllerServiceEntity, controllerService.getId());
final ControllerServiceEntity entity = serviceFacade.createControllerService(revision, null, controllerService);
controllerServiceResource.populateRemainingControllerServiceEntityContent(entity);
// build the response
return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO)
ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity)
Revision(org.apache.nifi.web.Revision)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 3 with ComponentAuthorizable
use of org.apache.nifi.authorization.ComponentAuthorizable in project nifi by apache.
the class ControllerServiceResource method removeControllerService.
/**
* Removes the specified controller service.
*
* @param httpServletRequest request
* @param version The revision is used to verify the client is working with
* the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a
* new one will be generated. This value (whether specified or generated) is
* included in the response.
* @param id The id of the controller service to remove.
* @return A entity containing the client id and an updated revision.
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes a controller service", response = ControllerServiceEntity.class, authorizations = { @Authorization(value = "Write - /controller-services/{uuid}"), @Authorization(value = "Write - Parent Process Group if scoped by Process Group - /process-groups/{uuid}"), @Authorization(value = "Write - Controller if scoped by Controller - /controller"), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeControllerService(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The controller service id.", required = true) @PathParam("id") final String id) {
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
final ControllerServiceEntity requestControllerServiceEntity = new ControllerServiceEntity();
requestControllerServiceEntity.setId(id);
// handle expects request (usually from the cluster manager)
final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
return withWriteLock(serviceFacade, requestControllerServiceEntity, requestRevision, lookup -> {
final ComponentAuthorizable controllerService = lookup.getControllerService(id);
// ensure write permission to the controller service
controllerService.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
controllerService.getAuthorizable().getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// verify any referenced services
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(controllerService, authorizer, lookup, false);
}, () -> serviceFacade.verifyDeleteControllerService(id), (revision, controllerServiceEntity) -> {
// delete the specified controller service
final ControllerServiceEntity entity = serviceFacade.deleteControllerService(revision, controllerServiceEntity.getId());
return generateOkResponse(entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity)
Revision(org.apache.nifi.web.Revision)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 4 with ComponentAuthorizable
use of org.apache.nifi.authorization.ComponentAuthorizable in project nifi by apache.
the class ProcessGroupResource method instantiateTemplate.
/**
* Instantiates the specified template within this ProcessGroup. The template instance that is instantiated cannot be referenced at a later time, therefore there is no
* corresponding URI. Instead the request URI is returned.
* <p>
* Alternatively, we could have performed a PUT request. However, PUT requests are supposed to be idempotent and this endpoint is certainly not.
*
* @param httpServletRequest request
* @param groupId The group id
* @param requestInstantiateTemplateRequestEntity The instantiate template request
* @return A flowEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/template-instance")
@ApiOperation(value = "Instantiates a template", response = FlowEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - /templates/{uuid}"), @Authorization(value = "Write - if the template contains any restricted components - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response instantiateTemplate(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") String groupId, @ApiParam(value = "The instantiate template request.", required = true) InstantiateTemplateRequestEntity requestInstantiateTemplateRequestEntity) {
// ensure the position has been specified
if (requestInstantiateTemplateRequestEntity == null || requestInstantiateTemplateRequestEntity.getOriginX() == null || requestInstantiateTemplateRequestEntity.getOriginY() == null) {
throw new IllegalArgumentException("The origin position (x, y) must be specified.");
}
// ensure the template id was provided
if (requestInstantiateTemplateRequestEntity.getTemplateId() == null) {
throw new IllegalArgumentException("The template id must be specified.");
}
// ensure the template encoding version is valid
if (requestInstantiateTemplateRequestEntity.getEncodingVersion() != null) {
try {
FlowEncodingVersion.parse(requestInstantiateTemplateRequestEntity.getEncodingVersion());
} catch (final IllegalArgumentException e) {
throw new IllegalArgumentException("The template encoding version is not valid. The expected format is <number>.<number>");
}
}
// populate the encoding version if necessary
if (requestInstantiateTemplateRequestEntity.getEncodingVersion() == null) {
// if the encoding version is not specified, use the latest encoding version as these options were
// not available pre 1.x, will be overridden if populating from the underlying template below
requestInstantiateTemplateRequestEntity.setEncodingVersion(TemplateDTO.MAX_ENCODING_VERSION);
}
// populate the component bundles if necessary
if (requestInstantiateTemplateRequestEntity.getSnippet() == null) {
// get the desired template in order to determine the supported bundles
final TemplateDTO requestedTemplate = serviceFacade.exportTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
final FlowSnippetDTO requestTemplateContents = requestedTemplate.getSnippet();
// determine the compatible bundles to use for each component in this template, this ensures the nodes in the cluster
// instantiate the components from the same bundles
discoverCompatibleBundles(requestTemplateContents);
// update the requested template as necessary - use the encoding version from the underlying template
requestInstantiateTemplateRequestEntity.setEncodingVersion(requestedTemplate.getEncodingVersion());
requestInstantiateTemplateRequestEntity.setSnippet(requestTemplateContents);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestInstantiateTemplateRequestEntity);
}
return withWriteLock(serviceFacade, requestInstantiateTemplateRequestEntity, lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure write on the group
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.WRITE, user);
final Authorizable template = lookup.getTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
template.authorize(authorizer, RequestAction.READ, user);
// ensure read on the template
final TemplateContentsAuthorizable templateContents = lookup.getTemplateContents(requestInstantiateTemplateRequestEntity.getSnippet());
final Consumer<ComponentAuthorizable> authorizeRestricted = authorizable -> {
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
};
// ensure restricted access if necessary
templateContents.getEncapsulatedProcessors().forEach(authorizeRestricted);
templateContents.getEncapsulatedControllerServices().forEach(authorizeRestricted);
}, () -> serviceFacade.verifyComponentTypes(requestInstantiateTemplateRequestEntity.getSnippet()), instantiateTemplateRequestEntity -> {
// create the template and generate the json
final FlowEntity entity = serviceFacade.createTemplateInstance(groupId, instantiateTemplateRequestEntity.getOriginX(), instantiateTemplateRequestEntity.getOriginY(), instantiateTemplateRequestEntity.getEncodingVersion(), instantiateTemplateRequestEntity.getSnippet(), getIdGenerationSeed().orElse(null));
final FlowDTO flowSnippet = entity.getFlow();
// prune response as necessary
for (ProcessGroupEntity childGroupEntity : flowSnippet.getProcessGroups()) {
childGroupEntity.getComponent().setContents(null);
}
// create the response entity
populateRemainingSnippetContent(flowSnippet);
// generate the response
return generateCreatedResponse(getAbsolutePath(), entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
FunnelsEntity(org.apache.nifi.web.api.entity.FunnelsEntity)
Produces(javax.ws.rs.Produces)
InstantiateTemplateRequestEntity(org.apache.nifi.web.api.entity.InstantiateTemplateRequestEntity)
ApiParam(io.swagger.annotations.ApiParam)
SiteToSiteRestApiClient(org.apache.nifi.remote.util.SiteToSiteRestApiClient)
ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
StringUtils(org.apache.commons.lang3.StringUtils)
ClientIdParameter(org.apache.nifi.web.api.request.ClientIdParameter)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess)
VariableRegistryUpdateStep(org.apache.nifi.registry.variable.VariableRegistryUpdateStep)
PositionDTO(org.apache.nifi.web.api.dto.PositionDTO)
MediaType(javax.ws.rs.core.MediaType)
ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO)
NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException)
Map(java.util.Map)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
UriBuilder(javax.ws.rs.core.UriBuilder)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
ConnectionsEntity(org.apache.nifi.web.api.entity.ConnectionsEntity)
FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity)
VariableRegistryUpdateRequest(org.apache.nifi.registry.variable.VariableRegistryUpdateRequest)
ControllerServicesEntity(org.apache.nifi.web.api.entity.ControllerServicesEntity)
Set(java.util.Set)
InputPortsEntity(org.apache.nifi.web.api.entity.InputPortsEntity)
Executors(java.util.concurrent.Executors)
ArrayBlockingQueue(java.util.concurrent.ArrayBlockingQueue)
FormDataParam(org.glassfish.jersey.media.multipart.FormDataParam)
ProcessGroupsEntity(org.apache.nifi.web.api.entity.ProcessGroupsEntity)
FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity)
ScheduledState(org.apache.nifi.controller.ScheduledState)
LabelsEntity(org.apache.nifi.web.api.entity.LabelsEntity)
UriInfo(javax.ws.rs.core.UriInfo)
ApiImplicitParams(io.swagger.annotations.ApiImplicitParams)
DtoFactory(org.apache.nifi.web.api.dto.DtoFactory)
Entity(org.apache.nifi.web.api.entity.Entity)
GET(javax.ws.rs.GET)
ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity)
ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent)
TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity)
RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)
HttpMethod(javax.ws.rs.HttpMethod)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails)
Api(io.swagger.annotations.Api)
VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO)
FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO)
VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState)
NiFiServiceFacade(org.apache.nifi.web.NiFiServiceFacade)
AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup)
RequestAction(org.apache.nifi.authorization.RequestAction)
FlowEncodingVersion(org.apache.nifi.controller.serialization.FlowEncodingVersion)
JAXBElement(javax.xml.bind.JAXBElement)
RemoteProcessGroupsEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupsEntity)
IOException(java.io.IOException)
VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot)
Authorizer(org.apache.nifi.authorization.Authorizer)
ApiResponse(io.swagger.annotations.ApiResponse)
FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)
AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity)
OutputPortsEntity(org.apache.nifi.web.api.entity.OutputPortsEntity)
ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity)
XmlUtils(org.apache.nifi.security.xml.XmlUtils)
BundleCoordinate(org.apache.nifi.bundle.BundleCoordinate)
ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO)
Date(java.util.Date)
ConnectableType(org.apache.nifi.connectable.ConnectableType)
ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO)
URISyntaxException(java.net.URISyntaxException)
LoggerFactory(org.slf4j.LoggerFactory)
Path(javax.ws.rs.Path)
BundleDTO(org.apache.nifi.web.api.dto.BundleDTO)
ApiOperation(io.swagger.annotations.ApiOperation)
AuthorizeControllerServiceReference(org.apache.nifi.authorization.AuthorizeControllerServiceReference)
QueryParam(javax.ws.rs.QueryParam)
Consumes(javax.ws.rs.Consumes)
TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO)
ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
DefaultValue(javax.ws.rs.DefaultValue)
URI(java.net.URI)
ThreadFactory(java.util.concurrent.ThreadFactory)
NodeResponse(org.apache.nifi.cluster.manager.NodeResponse)
DELETE(javax.ws.rs.DELETE)
Context(javax.ws.rs.core.Context)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO)
ApiImplicitParam(io.swagger.annotations.ApiImplicitParam)
Collection(java.util.Collection)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
UUID(java.util.UUID)
BundleUtils(org.apache.nifi.util.BundleUtils)
PortEntity(org.apache.nifi.web.api.entity.PortEntity)
LongParameter(org.apache.nifi.web.api.request.LongParameter)
JAXBException(javax.xml.bind.JAXBException)
Collectors(java.util.stream.Collectors)
List(java.util.List)
Response(javax.ws.rs.core.Response)
ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity)
ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO)
ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState)
CopySnippetRequestEntity(org.apache.nifi.web.api.entity.CopySnippetRequestEntity)
Authentication(org.springframework.security.core.Authentication)
Pause(org.apache.nifi.web.util.Pause)
FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO)
RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO)
PathParam(javax.ws.rs.PathParam)
Bucket(org.apache.nifi.registry.bucket.Bucket)
Revision(org.apache.nifi.web.Revision)
ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor)
HashMap(java.util.HashMap)
ApiResponses(io.swagger.annotations.ApiResponses)
Function(java.util.function.Function)
AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO)
ConcurrentMap(java.util.concurrent.ConcurrentMap)
FlowRegistryUtils(org.apache.nifi.registry.flow.FlowRegistryUtils)
CreateTemplateRequestEntity(org.apache.nifi.web.api.entity.CreateTemplateRequestEntity)
VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO)
VariableRegistryUpdateRequestEntity(org.apache.nifi.web.api.entity.VariableRegistryUpdateRequestEntity)
NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)
Status(javax.ws.rs.core.Response.Status)
JAXBContext(javax.xml.bind.JAXBContext)
ExecutorService(java.util.concurrent.ExecutorService)
Unmarshaller(javax.xml.bind.Unmarshaller)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
Logger(org.slf4j.Logger)
POST(javax.ws.rs.POST)
ProcessorsEntity(org.apache.nifi.web.api.entity.ProcessorsEntity)
VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity)
VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
TimeUnit(java.util.concurrent.TimeUnit)
Consumer(java.util.function.Consumer)
LabelEntity(org.apache.nifi.web.api.entity.LabelEntity)
ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity)
NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils)
PUT(javax.ws.rs.PUT)
Authorization(io.swagger.annotations.Authorization)
Collections(java.util.Collections)
InputStream(java.io.InputStream)
ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity)
RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity)
FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO)
FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 5 with ComponentAuthorizable
use of org.apache.nifi.authorization.ComponentAuthorizable in project nifi by apache.
the class ProcessGroupResource method createProcessor.
// ----------
// processors
// ----------
/**
* Creates a new processor.
*
* @param httpServletRequest request
* @param groupId The group id
* @param requestProcessorEntity A processorEntity.
* @return A processorEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/processors")
@ApiOperation(value = "Creates a new processor", response = ProcessorEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}"), @Authorization(value = "Write - if the Processor is restricted - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createProcessor(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") final String groupId, @ApiParam(value = "The processor configuration details.", required = true) final ProcessorEntity requestProcessorEntity) {
if (requestProcessorEntity == null || requestProcessorEntity.getComponent() == null) {
throw new IllegalArgumentException("Processor details must be specified.");
}
if (requestProcessorEntity.getRevision() == null || (requestProcessorEntity.getRevision().getVersion() == null || requestProcessorEntity.getRevision().getVersion() != 0)) {
throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
}
final ProcessorDTO requestProcessor = requestProcessorEntity.getComponent();
if (requestProcessor.getId() != null) {
throw new IllegalArgumentException("Processor ID cannot be specified.");
}
if (StringUtils.isBlank(requestProcessor.getType())) {
throw new IllegalArgumentException("The type of processor to create must be specified.");
}
final PositionDTO proposedPosition = requestProcessor.getPosition();
if (proposedPosition != null) {
if (proposedPosition.getX() == null || proposedPosition.getY() == null) {
throw new IllegalArgumentException("The x and y coordinate of the proposed position must be specified.");
}
}
if (requestProcessor.getParentGroupId() != null && !groupId.equals(requestProcessor.getParentGroupId())) {
throw new IllegalArgumentException(String.format("If specified, the parent process group id %s must be the same as specified in the URI %s", requestProcessor.getParentGroupId(), groupId));
}
requestProcessor.setParentGroupId(groupId);
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestProcessorEntity);
}
return withWriteLock(serviceFacade, requestProcessorEntity, lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.WRITE, user);
ComponentAuthorizable authorizable = null;
try {
authorizable = lookup.getConfigurableComponent(requestProcessor.getType(), requestProcessor.getBundle());
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
final ProcessorConfigDTO config = requestProcessor.getConfig();
if (config != null && config.getProperties() != null) {
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(config.getProperties(), authorizable, authorizer, lookup);
}
} finally {
if (authorizable != null) {
authorizable.cleanUpResources();
}
}
}, () -> serviceFacade.verifyCreateProcessor(requestProcessor), processorEntity -> {
final ProcessorDTO processor = processorEntity.getComponent();
// set the processor id as appropriate
processor.setId(generateUuid());
// create the new processor
final Revision revision = getRevision(processorEntity, processor.getId());
final ProcessorEntity entity = serviceFacade.createProcessor(revision, groupId, processor);
processorResource.populateRemainingProcessorEntityContent(entity);
// generate a 201 created response
String uri = entity.getUri();
return generateCreatedResponse(URI.create(uri), entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Revision(org.apache.nifi.web.Revision)
ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
PositionDTO(org.apache.nifi.web.api.dto.PositionDTO)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)16
ApiOperation (io.swagger.annotations.ApiOperation)15
ApiResponses (io.swagger.annotations.ApiResponses)15
Consumes (javax.ws.rs.Consumes)15
Path (javax.ws.rs.Path)15
Produces (javax.ws.rs.Produces)15
Revision (org.apache.nifi.web.Revision)15
POST (javax.ws.rs.POST)9
Authorizable (org.apache.nifi.authorization.resource.Authorizable)8
DELETE (javax.ws.rs.DELETE)7
PUT (javax.ws.rs.PUT)7
ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)7
Api (io.swagger.annotations.Api)4
ApiParam (io.swagger.annotations.ApiParam)4
ApiResponse (io.swagger.annotations.ApiResponse)4
Authorization (io.swagger.annotations.Authorization)4
IOException (java.io.IOException)4
Authorizer (org.apache.nifi.authorization.Authorizer)4
SnippetAuthorizable (org.apache.nifi.authorization.SnippetAuthorizable)4
TemplateContentsAuthorizable (org.apache.nifi.authorization.TemplateContentsAuthorizable)4
