Example 51 with StandardPropertyValue
use of org.apache.nifi.attribute.expression.language.StandardPropertyValue in project nifi by apache.
the class FileAccessPolicyProviderTest method testOnConfiguredWhenLegacyUsersFileProvided.
@Test
public void testOnConfiguredWhenLegacyUsersFileProvided() throws Exception {
when(configurationContext.getProperty(eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))).thenReturn(new StandardPropertyValue("src/test/resources/authorized-users.xml", null));
writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
userGroupProvider.onConfigured(configurationContext);
accessPolicyProvider.onConfigured(configurationContext);
final User user1 = userGroupProvider.getUserByIdentity("user1");
final User user2 = userGroupProvider.getUserByIdentity("user2");
final User user3 = userGroupProvider.getUserByIdentity("user3");
final User user4 = userGroupProvider.getUserByIdentity("user4");
final User user5 = userGroupProvider.getUserByIdentity("user5");
final User user6 = userGroupProvider.getUserByIdentity("user6");
// verify one group got created
final Set<Group> groups = userGroupProvider.getGroups();
final Group group1 = groups.iterator().next();
// verify more than one policy got created
final Set<AccessPolicy> policies = accessPolicyProvider.getAccessPolicies();
assertTrue(policies.size() > 0);
// verify user1's policies
final Map<String, Set<RequestAction>> user1Policies = getResourceActions(policies, user1);
assertEquals(4, user1Policies.size());
assertTrue(user1Policies.containsKey(ResourceType.Flow.getValue()));
assertEquals(1, user1Policies.get(ResourceType.Flow.getValue()).size());
assertTrue(user1Policies.get(ResourceType.Flow.getValue()).contains(RequestAction.READ));
assertTrue(user1Policies.containsKey(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID));
assertEquals(1, user1Policies.get(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID).size());
assertTrue(user1Policies.get(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID).contains(RequestAction.READ));
// verify user2's policies
final Map<String, Set<RequestAction>> user2Policies = getResourceActions(policies, user2);
assertEquals(2, user2Policies.size());
assertTrue(user2Policies.containsKey(ResourceType.Provenance.getValue()));
assertEquals(1, user2Policies.get(ResourceType.Provenance.getValue()).size());
assertTrue(user2Policies.get(ResourceType.Provenance.getValue()).contains(RequestAction.READ));
// verify user3's policies
final Map<String, Set<RequestAction>> user3Policies = getResourceActions(policies, user3);
assertEquals(6, user3Policies.size());
assertTrue(user3Policies.containsKey(ResourceType.Flow.getValue()));
assertEquals(1, user3Policies.get(ResourceType.Flow.getValue()).size());
assertTrue(user3Policies.get(ResourceType.Flow.getValue()).contains(RequestAction.READ));
assertTrue(user3Policies.containsKey(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID));
assertEquals(2, user3Policies.get(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID).size());
assertTrue(user3Policies.get(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID).contains(RequestAction.WRITE));
// verify user4's policies
final Map<String, Set<RequestAction>> user4Policies = getResourceActions(policies, user4);
assertEquals(6, user4Policies.size());
assertTrue(user4Policies.containsKey(ResourceType.Flow.getValue()));
assertEquals(1, user4Policies.get(ResourceType.Flow.getValue()).size());
assertTrue(user4Policies.get(ResourceType.Flow.getValue()).contains(RequestAction.READ));
assertTrue(user4Policies.containsKey(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID));
assertEquals(1, user4Policies.get(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID).size());
assertTrue(user4Policies.get(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID).contains(RequestAction.READ));
assertTrue(user4Policies.containsKey(ResourceType.Tenant.getValue()));
assertEquals(2, user4Policies.get(ResourceType.Tenant.getValue()).size());
assertTrue(user4Policies.get(ResourceType.Tenant.getValue()).contains(RequestAction.WRITE));
assertTrue(user4Policies.containsKey(ResourceType.Policy.getValue()));
assertEquals(2, user4Policies.get(ResourceType.Policy.getValue()).size());
assertTrue(user4Policies.get(ResourceType.Policy.getValue()).contains(RequestAction.WRITE));
// verify user5's policies
final Map<String, Set<RequestAction>> user5Policies = getResourceActions(policies, user5);
assertEquals(2, user5Policies.size());
assertTrue(user5Policies.containsKey(ResourceType.Proxy.getValue()));
assertEquals(1, user5Policies.get(ResourceType.Proxy.getValue()).size());
assertTrue(user5Policies.get(ResourceType.Proxy.getValue()).contains(RequestAction.WRITE));
// verify user6's policies
final Map<String, Set<RequestAction>> user6Policies = getResourceActions(policies, user6);
assertEquals(3, user6Policies.size());
assertTrue(user6Policies.containsKey(ResourceType.SiteToSite.getValue()));
assertEquals(1, user6Policies.get(ResourceType.SiteToSite.getValue()).size());
assertTrue(user6Policies.get(ResourceType.SiteToSite.getValue()).contains(RequestAction.READ));
final Resource inputPortResource = ResourceFactory.getDataTransferResource(ResourceFactory.getComponentResource(ResourceType.InputPort, "2f7d1606-b090-4be7-a592-a5b70fb55531", "TCP Input"));
final AccessPolicy inputPortPolicy = accessPolicyProvider.getAccessPolicy(inputPortResource.getIdentifier(), RequestAction.WRITE);
assertNotNull(inputPortPolicy);
assertEquals(1, inputPortPolicy.getUsers().size());
assertTrue(inputPortPolicy.getUsers().contains(user6.getIdentifier()));
assertEquals(1, inputPortPolicy.getGroups().size());
assertTrue(inputPortPolicy.getGroups().contains(group1.getIdentifier()));
final Resource outputPortResource = ResourceFactory.getDataTransferResource(ResourceFactory.getComponentResource(ResourceType.OutputPort, "2f7d1606-b090-4be7-a592-a5b70fb55532", "TCP Output"));
final AccessPolicy outputPortPolicy = accessPolicyProvider.getAccessPolicy(outputPortResource.getIdentifier(), RequestAction.WRITE);
assertNotNull(outputPortPolicy);
assertEquals(1, outputPortPolicy.getUsers().size());
assertTrue(outputPortPolicy.getUsers().contains(user4.getIdentifier()));
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 52 with StandardPropertyValue
use of org.apache.nifi.attribute.expression.language.StandardPropertyValue in project nifi by apache.
the class FileAccessPolicyProviderTest method testOnConfiguredWhenBadLegacyUsersFileProvided.
@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenBadLegacyUsersFileProvided() throws Exception {
when(configurationContext.getProperty(eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))).thenReturn(new StandardPropertyValue("src/test/resources/does-not-exist.xml", null));
writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
accessPolicyProvider.onConfigured(configurationContext);
}
Also used :
StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue)
Test(org.junit.Test)
Example 53 with StandardPropertyValue
use of org.apache.nifi.attribute.expression.language.StandardPropertyValue in project nifi by apache.
the class FileAccessPolicyProviderTest method setup.
@Before
public void setup() throws IOException {
// primary authorizations
primaryAuthorizations = new File("target/authorizations/authorizations.xml");
FileUtils.ensureDirectoryExistAndCanAccess(primaryAuthorizations.getParentFile());
// primary tenants
primaryTenants = new File("target/authorizations/users.xml");
FileUtils.ensureDirectoryExistAndCanAccess(primaryTenants.getParentFile());
// restore authorizations
restoreAuthorizations = new File("target/restore/authorizations.xml");
FileUtils.ensureDirectoryExistAndCanAccess(restoreAuthorizations.getParentFile());
// restore authorizations
restoreTenants = new File("target/restore/users.xml");
FileUtils.ensureDirectoryExistAndCanAccess(restoreTenants.getParentFile());
flow = new File("src/test/resources/flow.xml.gz");
FileUtils.ensureDirectoryExistAndCanAccess(flow.getParentFile());
flowNoPorts = new File("src/test/resources/flow-no-ports.xml.gz");
FileUtils.ensureDirectoryExistAndCanAccess(flowNoPorts.getParentFile());
flowWithDns = new File("src/test/resources/flow-with-dns.xml.gz");
FileUtils.ensureDirectoryExistAndCanAccess(flowWithDns.getParentFile());
properties = mock(NiFiProperties.class);
when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile());
when(properties.getFlowConfigurationFile()).thenReturn(flow);
userGroupProvider = new FileUserGroupProvider();
userGroupProvider.setNiFiProperties(properties);
userGroupProvider.initialize(null);
// this same configuration is being used for both the user group provider and the access policy provider
configurationContext = mock(AuthorizerConfigurationContext.class);
when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_AUTHORIZATIONS_FILE))).thenReturn(new StandardPropertyValue(primaryAuthorizations.getPath(), null));
when(configurationContext.getProperty(eq(FileUserGroupProvider.PROP_TENANTS_FILE))).thenReturn(new StandardPropertyValue(primaryTenants.getPath(), null));
when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY))).thenReturn(new StandardPropertyValue(null, null));
when(configurationContext.getProperty(eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))).thenReturn(new StandardPropertyValue(null, null));
when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_USER_GROUP_PROVIDER))).thenReturn(new StandardPropertyValue("user-group-provider", null));
when(configurationContext.getProperties()).then((invocation) -> {
final Map<String, String> properties = new HashMap<>();
final PropertyValue authFile = configurationContext.getProperty(FileAccessPolicyProvider.PROP_AUTHORIZATIONS_FILE);
if (authFile != null) {
properties.put(FileAccessPolicyProvider.PROP_AUTHORIZATIONS_FILE, authFile.getValue());
}
final PropertyValue tenantFile = configurationContext.getProperty(FileUserGroupProvider.PROP_TENANTS_FILE);
if (tenantFile != null) {
properties.put(FileUserGroupProvider.PROP_TENANTS_FILE, tenantFile.getValue());
}
final PropertyValue legacyAuthFile = configurationContext.getProperty(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE);
if (legacyAuthFile != null) {
properties.put(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE, legacyAuthFile.getValue());
}
final PropertyValue initialAdmin = configurationContext.getProperty(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY);
if (initialAdmin != null) {
properties.put(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY, initialAdmin.getValue());
}
int i = 1;
while (true) {
final String key = FileAccessPolicyProvider.PROP_NODE_IDENTITY_PREFIX + i++;
final PropertyValue value = configurationContext.getProperty(key);
if (value == null) {
break;
} else {
properties.put(key, value.getValue());
}
}
i = 1;
while (true) {
final String key = FileUserGroupProvider.PROP_INITIAL_USER_IDENTITY_PREFIX + i++;
final PropertyValue value = configurationContext.getProperty(key);
if (value == null) {
break;
} else {
properties.put(key, value.getValue());
}
}
// ensure the initial admin is seeded into the user provider if appropriate
if (properties.containsKey(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY)) {
i = 0;
while (true) {
final String key = FileUserGroupProvider.PROP_INITIAL_USER_IDENTITY_PREFIX + i++;
if (!properties.containsKey(key)) {
properties.put(key, properties.get(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY));
break;
}
}
}
return properties;
});
final AccessPolicyProviderInitializationContext initializationContext = mock(AccessPolicyProviderInitializationContext.class);
when(initializationContext.getUserGroupProviderLookup()).thenReturn(new UserGroupProviderLookup() {
@Override
public UserGroupProvider getUserGroupProvider(String identifier) {
return userGroupProvider;
}
});
accessPolicyProvider = new FileAccessPolicyProvider();
accessPolicyProvider.setNiFiProperties(properties);
accessPolicyProvider.initialize(initializationContext);
}
Also used :
NiFiProperties(org.apache.nifi.util.NiFiProperties)
HashMap(java.util.HashMap)
StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue)
PropertyValue(org.apache.nifi.components.PropertyValue)
StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue)
Matchers.anyString(org.mockito.Matchers.anyString)
File(java.io.File)
Before(org.junit.Before)
Example 54 with StandardPropertyValue
use of org.apache.nifi.attribute.expression.language.StandardPropertyValue in project nifi by apache.
the class FileAccessPolicyProviderTest method testOnConfiguredWhenLegacyUsersFileProvidedWithOverlappingRoles.
@Test
public void testOnConfiguredWhenLegacyUsersFileProvidedWithOverlappingRoles() throws Exception {
when(configurationContext.getProperty(eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))).thenReturn(new StandardPropertyValue("src/test/resources/authorized-users-multirole.xml", null));
writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
userGroupProvider.onConfigured(configurationContext);
accessPolicyProvider.onConfigured(configurationContext);
assertNotNull(accessPolicyProvider.getAccessPolicy(ResourceType.Flow.getValue(), RequestAction.READ));
assertNotNull(accessPolicyProvider.getAccessPolicy(ResourceType.Controller.getValue(), RequestAction.READ));
assertNotNull(accessPolicyProvider.getAccessPolicy(ResourceType.Controller.getValue(), RequestAction.WRITE));
assertNotNull(accessPolicyProvider.getAccessPolicy(ResourceType.System.getValue(), RequestAction.READ));
assertNotNull(accessPolicyProvider.getAccessPolicy(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID, RequestAction.READ));
assertNotNull(accessPolicyProvider.getAccessPolicy(ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID, RequestAction.WRITE));
}
Also used :
StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue)
Test(org.junit.Test)
Example 55 with StandardPropertyValue
use of org.apache.nifi.attribute.expression.language.StandardPropertyValue in project nifi by apache.
the class FileAccessPolicyProviderTest method testOnConfiguredWhenInitialAdminProvidedAndFlowIsNull.
@Test
public void testOnConfiguredWhenInitialAdminProvidedAndFlowIsNull() throws Exception {
// setup NiFi properties to return a file that does not exist
properties = mock(NiFiProperties.class);
when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile());
when(properties.getFlowConfigurationFile()).thenReturn(null);
userGroupProvider.setNiFiProperties(properties);
accessPolicyProvider.setNiFiProperties(properties);
final String adminIdentity = "admin-user";
when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY))).thenReturn(new StandardPropertyValue(adminIdentity, null));
writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
userGroupProvider.onConfigured(configurationContext);
accessPolicyProvider.onConfigured(configurationContext);
final Set<User> users = userGroupProvider.getUsers();
final User adminUser = users.iterator().next();
assertEquals(adminIdentity, adminUser.getIdentity());
final Set<AccessPolicy> policies = accessPolicyProvider.getAccessPolicies();
assertEquals(8, policies.size());
final String rootGroupResource = ResourceType.ProcessGroup.getValue() + "/" + ROOT_GROUP_ID;
boolean foundRootGroupPolicy = false;
for (AccessPolicy policy : policies) {
if (policy.getResource().equals(rootGroupResource)) {
foundRootGroupPolicy = true;
break;
}
}
assertFalse(foundRootGroupPolicy);
}
Also used :
NiFiProperties(org.apache.nifi.util.NiFiProperties)
StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Aggregations
StandardPropertyValue (org.apache.nifi.attribute.expression.language.StandardPropertyValue)91
Test (org.junit.Test)78
AuthorizerConfigurationContext (org.apache.nifi.authorization.AuthorizerConfigurationContext)33
Matchers.anyString (org.mockito.Matchers.anyString)30
NiFiProperties (org.apache.nifi.util.NiFiProperties)24
PropertyValue (org.apache.nifi.components.PropertyValue)17
HashMap (java.util.HashMap)16
Properties (java.util.Properties)15
Group (org.apache.nifi.authorization.Group)12
Before (org.junit.Before)12
Set (java.util.Set)10
UserAndGroups (org.apache.nifi.authorization.UserAndGroups)10
AuthorizerCreationException (org.apache.nifi.authorization.exception.AuthorizerCreationException)9
CreateLdapServer (org.apache.directory.server.annotations.CreateLdapServer)8
CreateTransport (org.apache.directory.server.annotations.CreateTransport)8
ApplyLdifFiles (org.apache.directory.server.core.annotations.ApplyLdifFiles)8
CreateDS (org.apache.directory.server.core.annotations.CreateDS)8
CreatePartition (org.apache.directory.server.core.annotations.CreatePartition)8
AbstractLdapTestUnit (org.apache.directory.server.core.integ.AbstractLdapTestUnit)8
FrameworkRunner (org.apache.directory.server.core.integ.FrameworkRunner)8
