Example 1 with Revision
use of org.apache.nifi.web.Revision in project nifi by apache.
the class TenantsResource method removeUser.
/**
* Removes the specified user.
*
* @param httpServletRequest request
* @param version The revision is used to verify the client is working with
* the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a
* new one will be generated. This value (whether specified or generated) is
* included in the response.
* @param id The id of the user to remove.
* @return A entity containing the client id and an updated revision.
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("users/{id}")
@ApiOperation(value = "Deletes a user", notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeUser(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The user id.", required = true) @PathParam("id") final String id) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
final UserEntity requestUserEntity = new UserEntity();
requestUserEntity.setId(id);
// handle expects request (usually from the cluster manager)
final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
return withWriteLock(serviceFacade, requestUserEntity, requestRevision, lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, (revision, userEntity) -> {
// delete the specified user
final UserEntity entity = serviceFacade.deleteUser(revision, userEntity.getId());
return generateOkResponse(entity).build();
});
}
Also used :
Revision(org.apache.nifi.web.Revision)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
UserEntity(org.apache.nifi.web.api.entity.UserEntity)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with Revision
use of org.apache.nifi.web.Revision in project nifi by apache.
the class TenantsResource method createUser.
/**
* Creates a new user.
*
* @param httpServletRequest request
* @param requestUserEntity An userEntity.
* @return An userEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("users")
@ApiOperation(value = "Creates a user", notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createUser(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user configuration details.", required = true) final UserEntity requestUserEntity) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
}
if (requestUserEntity == null || requestUserEntity.getComponent() == null) {
throw new IllegalArgumentException("User details must be specified.");
}
if (requestUserEntity.getRevision() == null || (requestUserEntity.getRevision().getVersion() == null || requestUserEntity.getRevision().getVersion() != 0)) {
throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User.");
}
if (requestUserEntity.getComponent().getId() != null) {
throw new IllegalArgumentException("User ID cannot be specified.");
}
if (StringUtils.isBlank(requestUserEntity.getComponent().getIdentity())) {
throw new IllegalArgumentException("User identity must be specified.");
}
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestUserEntity);
}
return withWriteLock(serviceFacade, requestUserEntity, lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, userEntity -> {
// set the user id as appropriate
userEntity.getComponent().setId(generateUuid());
// get revision from the config
final RevisionDTO revisionDTO = userEntity.getRevision();
Revision revision = new Revision(revisionDTO.getVersion(), revisionDTO.getClientId(), userEntity.getComponent().getId());
// create the user and generate the json
final UserEntity entity = serviceFacade.createUser(revision, userEntity.getComponent());
populateRemainingUserEntityContent(entity);
// build the response
return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
});
}
Also used :
Revision(org.apache.nifi.web.Revision)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)
UserEntity(org.apache.nifi.web.api.entity.UserEntity)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 3 with Revision
use of org.apache.nifi.web.Revision in project nifi by apache.
the class TenantsResource method updateUserGroup.
/**
* Updates a user group.
*
* @param httpServletRequest request
* @param id The id of the user group to update.
* @param requestUserGroupEntity An userGroupEntity.
* @return An userGroupEntity.
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Updates a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The user group configuration details.", required = true) final UserGroupEntity requestUserGroupEntity) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
}
if (requestUserGroupEntity == null || requestUserGroupEntity.getComponent() == null) {
throw new IllegalArgumentException("User group details must be specified.");
}
if (requestUserGroupEntity.getRevision() == null) {
throw new IllegalArgumentException("Revision must be specified.");
}
// ensure the ids are the same
final UserGroupDTO requestUserGroupDTO = requestUserGroupEntity.getComponent();
if (!id.equals(requestUserGroupDTO.getId())) {
throw new IllegalArgumentException(String.format("The user group id (%s) in the request body does not equal the " + "user group id of the requested resource (%s).", requestUserGroupDTO.getId(), id));
}
if (isReplicateRequest()) {
return replicate(HttpMethod.PUT, requestUserGroupEntity);
}
// Extract the revision
final Revision requestRevision = getRevision(requestUserGroupEntity, id);
return withWriteLock(serviceFacade, requestUserGroupEntity, requestRevision, lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, (revision, userGroupEntity) -> {
// update the user group
final UserGroupEntity entity = serviceFacade.updateUserGroup(revision, userGroupEntity.getComponent());
populateRemainingUserGroupEntityContent(entity);
return generateOkResponse(entity).build();
});
}
Also used :
Revision(org.apache.nifi.web.Revision)
UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
PUT(javax.ws.rs.PUT)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 4 with Revision
use of org.apache.nifi.web.Revision in project nifi by apache.
the class TenantsResource method removeUserGroup.
/**
* Removes the specified user group.
*
* @param httpServletRequest request
* @param version The revision is used to verify the client is working with
* the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a
* new one will be generated. This value (whether specified or generated) is
* included in the response.
* @param id The id of the user group to remove.
* @return A entity containing the client id and an updated revision.
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Deletes a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String id) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
final UserGroupEntity requestUserGroupEntity = new UserGroupEntity();
requestUserGroupEntity.setId(id);
// handle expects request (usually from the cluster manager)
final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
return withWriteLock(serviceFacade, requestUserGroupEntity, requestRevision, lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, (revision, userGroupEntity) -> {
// delete the specified user group
final UserGroupEntity entity = serviceFacade.deleteUserGroup(revision, userGroupEntity.getId());
return generateOkResponse(entity).build();
});
}
Also used :
Revision(org.apache.nifi.web.Revision)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 5 with Revision
use of org.apache.nifi.web.Revision in project nifi by apache.
the class VersionsResource method stopVersionControl.
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("process-groups/{id}")
@ApiOperation(value = "Stops version controlling the Process Group with the given ID", response = VersionControlInformationEntity.class, notes = "Stops version controlling the Process Group with the given ID. The Process Group will no longer track to any Versioned Flow. " + NON_GUARANTEED_ENDPOINT, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}"), @Authorization(value = "Write - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response stopVersionControl(@ApiParam(value = "The version is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam("The process group id.") @PathParam("id") final String groupId) {
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), groupId);
return withWriteLock(serviceFacade, null, requestRevision, lookup -> {
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, () -> {
final VersionControlInformationEntity currentVersionControlInfo = serviceFacade.getVersionControlInformation(groupId);
if (currentVersionControlInfo == null) {
throw new IllegalStateException("Process Group with ID " + groupId + " is not currently under Version Control");
}
}, (revision, groupEntity) -> {
// disconnect from version control
final VersionControlInformationEntity entity = serviceFacade.deleteVersionControl(revision, groupId);
// generate the response
return generateOkResponse(entity).build();
});
}
Also used :
VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity)
Revision(org.apache.nifi.web.Revision)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
Revision (org.apache.nifi.web.Revision)73
ApiOperation (io.swagger.annotations.ApiOperation)61
ApiResponses (io.swagger.annotations.ApiResponses)61
Consumes (javax.ws.rs.Consumes)61
Produces (javax.ws.rs.Produces)61
Path (javax.ws.rs.Path)60
Authorizable (org.apache.nifi.authorization.resource.Authorizable)51
PUT (javax.ws.rs.PUT)30
ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)30
POST (javax.ws.rs.POST)25
DELETE (javax.ws.rs.DELETE)24
ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)21
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)21
PositionDTO (org.apache.nifi.web.api.dto.PositionDTO)19
SnippetAuthorizable (org.apache.nifi.authorization.SnippetAuthorizable)17
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)17
HashMap (java.util.HashMap)15
Map (java.util.Map)15
Set (java.util.Set)15
Collectors (java.util.stream.Collectors)15
