use of org.apache.nifi.action.Action in project nifi by apache.
the class UserGroupAuditor method updateUserAdvice.
/**
* Audits the configuration of a single user.
*
* @param proceedingJoinPoint join point
* @param userGroupDTO dto
* @param userGroupDAO dao
* @return node
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.UserGroupDAO+) && " + "execution(org.apache.nifi.authorization.Group updateUserGroup(org.apache.nifi.web.api.dto.UserGroupDTO)) && " + "args(userGroupDTO) && " + "target(userGroupDAO)")
public Group updateUserAdvice(ProceedingJoinPoint proceedingJoinPoint, UserGroupDTO userGroupDTO, UserGroupDAO userGroupDAO) throws Throwable {
// determine the initial values for each property/setting that's changing
Group user = userGroupDAO.getUserGroup(userGroupDTO.getId());
final Map<String, String> values = extractConfiguredPropertyValues(user, userGroupDTO);
// update the user state
final Group updatedUserGroup = (Group) proceedingJoinPoint.proceed();
// if no exceptions were thrown, add the user group action...
user = userGroupDAO.getUserGroup(updatedUserGroup.getIdentifier());
// get the current user
NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (niFiUser != null) {
// determine the updated values
Map<String, String> updatedValues = extractConfiguredPropertyValues(user, userGroupDTO);
// create a user action
Date actionTimestamp = new Date();
Collection<Action> actions = new ArrayList<>();
// go through each updated value
for (String property : updatedValues.keySet()) {
String newValue = updatedValues.get(property);
String oldValue = values.get(property);
Operation operation = null;
// determine the type of operation
if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
operation = Operation.Configure;
}
// create a configuration action accordingly
if (operation != null) {
final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
actionDetails.setName(property);
actionDetails.setValue(newValue);
actionDetails.setPreviousValue(oldValue);
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(niFiUser.getIdentity());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
configurationAction.setSourceId(user.getIdentifier());
configurationAction.setSourceName(user.getName());
configurationAction.setSourceType(Component.UserGroup);
configurationAction.setActionDetails(actionDetails);
actions.add(configurationAction);
}
}
// ensure there are actions to record
if (!actions.isEmpty()) {
// save the actions
saveActions(actions, logger);
}
}
return updatedUserGroup;
}
use of org.apache.nifi.action.Action in project nifi by apache.
the class StandardAuditService method getAction.
@Override
public Action getAction(Integer actionId) {
Transaction transaction = null;
Action action = null;
readLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// seed the accounts
GetActionAction getAction = new GetActionAction(actionId);
action = transaction.execute(getAction);
// commit the transaction
transaction.commit();
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
readLock.unlock();
}
return action;
}
use of org.apache.nifi.action.Action in project nifi by apache.
the class StandardNiFiWebConfigurationContext method saveActions.
@Override
public void saveActions(final NiFiWebRequestContext requestContext, final Collection<ConfigurationAction> configurationActions) {
Objects.requireNonNull(configurationActions, "Actions cannot be null.");
// ensure the path could be
if (requestContext.getExtensionType() == null) {
throw new IllegalArgumentException("The UI extension type must be specified.");
}
Component componentType = null;
switch(requestContext.getExtensionType()) {
case ProcessorConfiguration:
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable authorizable = lookup.getProcessor(requestContext.getId()).getAuthorizable();
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
});
componentType = Component.Processor;
break;
case ControllerServiceConfiguration:
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable authorizable = lookup.getControllerService(requestContext.getId()).getAuthorizable();
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
});
componentType = Component.ControllerService;
break;
case ReportingTaskConfiguration:
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable authorizable = lookup.getReportingTask(requestContext.getId()).getAuthorizable();
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
});
componentType = Component.ReportingTask;
break;
}
if (componentType == null) {
throw new IllegalArgumentException("UI extension type must support Processor, ControllerService, or ReportingTask configuration.");
}
// - when running standalone or cluster ncm - actions from custom UIs are stored locally
// - clustered nodes do not serve custom UIs directly to users so they should never be invoking this method
final Date now = new Date();
final Collection<Action> actions = new HashSet<>(configurationActions.size());
for (final ConfigurationAction configurationAction : configurationActions) {
final FlowChangeExtensionDetails extensionDetails = new FlowChangeExtensionDetails();
extensionDetails.setType(configurationAction.getType());
final FlowChangeConfigureDetails configureDetails = new FlowChangeConfigureDetails();
configureDetails.setName(configurationAction.getName());
configureDetails.setPreviousValue(configurationAction.getPreviousValue());
configureDetails.setValue(configurationAction.getValue());
final FlowChangeAction action = new FlowChangeAction();
action.setTimestamp(now);
action.setSourceId(configurationAction.getId());
action.setSourceName(configurationAction.getName());
action.setSourceType(componentType);
action.setOperation(Operation.Configure);
action.setUserIdentity(getCurrentUserIdentity());
action.setComponentDetails(extensionDetails);
action.setActionDetails(configureDetails);
actions.add(action);
}
if (!actions.isEmpty()) {
try {
// record the operations
auditService.addActions(actions);
} catch (final Throwable t) {
logger.warn("Unable to record actions: " + t.getMessage());
if (logger.isDebugEnabled()) {
logger.warn(StringUtils.EMPTY, t);
}
}
}
}
use of org.apache.nifi.action.Action in project nifi by apache.
the class TestRemoteProcessGroupAuditor method testConfigureProxyHost.
@Test
public void testConfigureProxyHost() throws Throwable {
final RemoteProcessGroup existingRPG = defaultRemoteProcessGroup();
final RemoteProcessGroupDTO inputRPGDTO = defaultInput();
inputRPGDTO.setProxyHost("proxy.example.com");
final Collection<Action> actions = updateProcessGroupConfiguration(inputRPGDTO, existingRPG);
assertEquals(1, actions.size());
final Action action = actions.iterator().next();
assertEquals(Operation.Configure, action.getOperation());
assertConfigureDetails(action.getActionDetails(), "Proxy Host", existingRPG.getProxyHost(), inputRPGDTO.getProxyHost());
}
use of org.apache.nifi.action.Action in project nifi by apache.
the class TestRemoteProcessGroupAuditor method testConfigureProxyPassword.
@Test
public void testConfigureProxyPassword() throws Throwable {
final RemoteProcessGroup existingRPG = defaultRemoteProcessGroup();
final RemoteProcessGroupDTO inputRPGDTO = defaultInput();
inputRPGDTO.setProxyPassword("proxy-password");
final Collection<Action> actions = updateProcessGroupConfiguration(inputRPGDTO, existingRPG);
assertEquals(1, actions.size());
final Action action = actions.iterator().next();
assertEquals(Operation.Configure, action.getOperation());
assertConfigureDetails(action.getActionDetails(), "Proxy Password", "", SENSITIVE_VALUE_MASK);
}
Aggregations