Examples with AuthorizerConfigurationContext org.apache.nifi.authorization.AuthorizerConfigurationContext used on opensource projects

Search in sources :

Example 16 with AuthorizerConfigurationContext

use of org.apache.nifi.authorization.AuthorizerConfigurationContext in project nifi by apache.

the class LdapUserGroupProviderTest method testUserIdentityMapping.

@Test
public void testUserIdentityMapping() throws Exception {
    final Properties props = new Properties();
    props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),o=(.*?)$");
    props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");
    final NiFiProperties properties = getNiFiProperties(props);
    ldapUserGroupProvider.setNiFiProperties(properties);
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
    when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(uid=user1)", null));
    ldapUserGroupProvider.onConfigured(configurationContext);
    assertEquals(1, ldapUserGroupProvider.getUsers().size());
    assertNotNull(ldapUserGroupProvider.getUserByIdentity("User 1,ou=users"));
}
Also used : NiFiProperties(org.apache.nifi.util.NiFiProperties) StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue) Properties(java.util.Properties) NiFiProperties(org.apache.nifi.util.NiFiProperties) AuthorizerConfigurationContext(org.apache.nifi.authorization.AuthorizerConfigurationContext) Test(org.junit.Test)

Example 17 with AuthorizerConfigurationContext

use of org.apache.nifi.authorization.AuthorizerConfigurationContext in project nifi by apache.

the class LdapUserGroupProviderTest method testUserSearchBaseSpecifiedButNoGroupSearchScope.

@Test(expected = AuthorizerCreationException.class)
public void testUserSearchBaseSpecifiedButNoGroupSearchScope() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null));
    when(configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(null, null));
    ldapUserGroupProvider.onConfigured(configurationContext);
}
Also used : StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue) AuthorizerConfigurationContext(org.apache.nifi.authorization.AuthorizerConfigurationContext) Test(org.junit.Test)

Example 18 with AuthorizerConfigurationContext

use of org.apache.nifi.authorization.AuthorizerConfigurationContext in project nifi by apache.

the class LdapUserGroupProviderTest method testSearchGroupsWithPaging.

@Test
public void testSearchGroupsWithPaging() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null));
    when(configurationContext.getProperty(PROP_PAGE_SIZE)).thenReturn(new StandardPropertyValue("1", null));
    ldapUserGroupProvider.onConfigured(configurationContext);
    assertEquals(4, ldapUserGroupProvider.getGroups().size());
}
Also used : StandardPropertyValue(org.apache.nifi.attribute.expression.language.StandardPropertyValue) AuthorizerConfigurationContext(org.apache.nifi.authorization.AuthorizerConfigurationContext) Test(org.junit.Test)

Example 19 with AuthorizerConfigurationContext

use of org.apache.nifi.authorization.AuthorizerConfigurationContext in project nifi by apache.

the class TestRangerBasePluginWithPolicies method testPoliciesWithUserGroupProvider.

@Test
public void testPoliciesWithUserGroupProvider() {
    // unknown according to user group provider
    final String user1 = "user-1";
    // known according to user group provider
    final String user2 = "user-2";
    // unknown according to user group provider
    final String group1 = "group-1";
    // known according to user group provider
    final String group2 = "group-2";
    final UserGroupProvider userGroupProvider = new UserGroupProvider() {

        @Override
        public Set<User> getUsers() throws AuthorizationAccessException {
            return Stream.of(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build()).collect(Collectors.toSet());
        }

        @Override
        public User getUser(String identifier) throws AuthorizationAccessException {
            final User u2 = new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
            if (u2.getIdentifier().equals(identifier)) {
                return u2;
            } else {
                return null;
            }
        }

        @Override
        public User getUserByIdentity(String identity) throws AuthorizationAccessException {
            if (user2.equals(identity)) {
                return new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
            } else {
                return null;
            }
        }

        @Override
        public Set<Group> getGroups() throws AuthorizationAccessException {
            return Stream.of(new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build()).collect(Collectors.toSet());
        }

        @Override
        public Group getGroup(String identifier) throws AuthorizationAccessException {
            final Group g2 = new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build();
            if (g2.getIdentifier().equals(identifier)) {
                return g2;
            } else {
                return null;
            }
        }

        @Override
        public UserAndGroups getUserAndGroups(String identity) throws AuthorizationAccessException {
            if (user2.equals(identity)) {
                return new UserAndGroups() {

                    @Override
                    public User getUser() {
                        return new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
                    }

                    @Override
                    public Set<Group> getGroups() {
                        return Collections.EMPTY_SET;
                    }
                };
            } else {
                return null;
            }
        }

        @Override
        public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException {
        }

        @Override
        public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
        }

        @Override
        public void preDestruction() throws AuthorizerDestructionException {
        }
    };
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);
    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
    policy1Item.setGroups(Stream.of(group2).collect(Collectors.toList()));
    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
    final String resourceIdentifier2 = "/resource-2";
    RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);
    final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
    policy2Resources.put(resourceIdentifier2, resource2);
    final RangerPolicyItem policy2Item = new RangerPolicyItem();
    policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy2Item.setUsers(Stream.of(user2).collect(Collectors.toList()));
    policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));
    final RangerPolicy policy2 = new RangerPolicy();
    policy2.setResources(policy2Resources);
    policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));
    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    policies.add(policy2);
    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");
    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);
    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi", userGroupProvider);
    pluginWithPolicies.setPolicies(servicePolicies);
    // ensure the two ranger policies converted into 3 nifi access policies
    final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
    assertEquals(3, accessPolicies.size());
    // resource 1 -> read but no write
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
    // read
    final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
    assertNotNull(readResource1);
    assertTrue(accessPolicies.contains(readResource1));
    assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
    assertTrue(readResource1.getUsers().isEmpty());
    assertEquals(1, readResource1.getGroups().size());
    assertTrue(readResource1.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build().getIdentifier()));
    // but no write
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
    // resource 2 -> read and write
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));
    // read
    final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(readResource2);
    assertTrue(accessPolicies.contains(readResource2));
    assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
    assertEquals(1, readResource2.getUsers().size());
    assertTrue(readResource2.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build().getIdentifier()));
    assertTrue(readResource2.getGroups().isEmpty());
    // and write
    final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(writeResource2);
    assertTrue(accessPolicies.contains(writeResource2));
    assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
    assertEquals(1, writeResource2.getUsers().size());
    assertTrue(writeResource2.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build().getIdentifier()));
    assertTrue(writeResource2.getGroups().isEmpty());
}
Also used : Group(org.apache.nifi.authorization.Group) User(org.apache.nifi.authorization.User) UserGroupProviderInitializationContext(org.apache.nifi.authorization.UserGroupProviderInitializationContext) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) UserAndGroups(org.apache.nifi.authorization.UserAndGroups) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) UserGroupProvider(org.apache.nifi.authorization.UserGroupProvider) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) AuthorizerConfigurationContext(org.apache.nifi.authorization.AuthorizerConfigurationContext) Test(org.junit.Test)

Example 20 with AuthorizerConfigurationContext

use of org.apache.nifi.authorization.AuthorizerConfigurationContext in project nifi by apache.

the class TestRangerNiFiAuthorizer method testIntegration.

@Test
@Ignore
public void testIntegration() {
    final AuthorizerInitializationContext initializationContext = Mockito.mock(AuthorizerInitializationContext.class);
    final AuthorizerConfigurationContext configurationContext = Mockito.mock(AuthorizerConfigurationContext.class);
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SECURITY_PATH_PROP))).thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-security.xml"));
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_AUDIT_PATH_PROP))).thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-audit.xml"));
    Authorizer authorizer = new RangerNiFiAuthorizer();
    try {
        authorizer.initialize(initializationContext);
        authorizer.onConfigured(configurationContext);
        final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(new Resource() {

            @Override
            public String getIdentifier() {
                return "/system";
            }

            @Override
            public String getName() {
                return "/system";
            }

            @Override
            public String getSafeDescription() {
                return "system";
            }
        }).action(RequestAction.WRITE).identity("admin").resourceContext(new HashMap<>()).accessAttempt(true).anonymous(false).build();
        final AuthorizationResult result = authorizer.authorize(request);
        Assert.assertEquals(AuthorizationResult.denied().getResult(), result.getResult());
    } finally {
        authorizer.preDestruction();
    }
}
Also used : AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) HashMap(java.util.HashMap) Authorizer(org.apache.nifi.authorization.Authorizer) Resource(org.apache.nifi.authorization.Resource) MockPropertyValue(org.apache.nifi.util.MockPropertyValue) AuthorizerInitializationContext(org.apache.nifi.authorization.AuthorizerInitializationContext) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) AuthorizerConfigurationContext(org.apache.nifi.authorization.AuthorizerConfigurationContext) Ignore(org.junit.Ignore) Test(org.junit.Test)

Aggregations

AuthorizerConfigurationContext (org.apache.nifi.authorization.AuthorizerConfigurationContext)42 Test (org.junit.Test)38 StandardPropertyValue (org.apache.nifi.attribute.expression.language.StandardPropertyValue)33 Group (org.apache.nifi.authorization.Group)14 UserAndGroups (org.apache.nifi.authorization.UserAndGroups)11 Properties (java.util.Properties)9 UserGroupProviderInitializationContext (org.apache.nifi.authorization.UserGroupProviderInitializationContext)9 AuthorizerCreationException (org.apache.nifi.authorization.exception.AuthorizerCreationException)9 Set (java.util.Set)8 CreateLdapServer (org.apache.directory.server.annotations.CreateLdapServer)8 CreateTransport (org.apache.directory.server.annotations.CreateTransport)8 ApplyLdifFiles (org.apache.directory.server.core.annotations.ApplyLdifFiles)8 CreateDS (org.apache.directory.server.core.annotations.CreateDS)8 CreatePartition (org.apache.directory.server.core.annotations.CreatePartition)8 AbstractLdapTestUnit (org.apache.directory.server.core.integ.AbstractLdapTestUnit)8 FrameworkRunner (org.apache.directory.server.core.integ.FrameworkRunner)8 LdapAuthenticationStrategy (org.apache.nifi.ldap.LdapAuthenticationStrategy)8 ReferralStrategy (org.apache.nifi.ldap.ReferralStrategy)8 PROP_AUTHENTICATION_STRATEGY (org.apache.nifi.ldap.tenants.LdapUserGroupProvider.PROP_AUTHENTICATION_STRATEGY)8 PROP_CONNECT_TIMEOUT (org.apache.nifi.ldap.tenants.LdapUserGroupProvider.PROP_CONNECT_TIMEOUT)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial