Example 6 with ConfigurableUserGroupProvider
use of org.apache.nifi.authorization.ConfigurableUserGroupProvider in project nifi by apache.
the class ManagedRangerAuthorizerTest method testCheckInheritInvalidFingerprint.
@Test(expected = AuthorizationAccessException.class)
public void testCheckInheritInvalidFingerprint() throws Exception {
final ConfigurableUserGroupProvider userGroupProvider = mock(ConfigurableUserGroupProvider.class);
final ManagedRangerAuthorizer managedRangerAuthorizer = getStandardManagedAuthorizer(userGroupProvider);
managedRangerAuthorizer.checkInheritability("not a valid fingerprint");
}
Also used :
ConfigurableUserGroupProvider(org.apache.nifi.authorization.ConfigurableUserGroupProvider)
Test(org.junit.Test)
Example 7 with ConfigurableUserGroupProvider
use of org.apache.nifi.authorization.ConfigurableUserGroupProvider in project nifi by apache.
the class ManagedRangerAuthorizerTest method testInheritInvalidFingerprint.
@Test(expected = AuthorizationAccessException.class)
public void testInheritInvalidFingerprint() throws Exception {
final ConfigurableUserGroupProvider userGroupProvider = mock(ConfigurableUserGroupProvider.class);
final ManagedRangerAuthorizer managedRangerAuthorizer = getStandardManagedAuthorizer(userGroupProvider);
managedRangerAuthorizer.inheritFingerprint("not a valid fingerprint");
}
Also used :
ConfigurableUserGroupProvider(org.apache.nifi.authorization.ConfigurableUserGroupProvider)
Test(org.junit.Test)
Example 8 with ConfigurableUserGroupProvider
use of org.apache.nifi.authorization.ConfigurableUserGroupProvider in project nifi by apache.
the class ManagedRangerAuthorizerTest method testInheritEmptyFingerprint.
@Test
public void testInheritEmptyFingerprint() throws Exception {
final ConfigurableUserGroupProvider userGroupProvider = mock(ConfigurableUserGroupProvider.class);
final ManagedRangerAuthorizer managedRangerAuthorizer = getStandardManagedAuthorizer(userGroupProvider);
managedRangerAuthorizer.inheritFingerprint(EMPTY_FINGERPRINT);
verify(userGroupProvider, times(0)).inheritFingerprint(anyString());
}
Also used :
ConfigurableUserGroupProvider(org.apache.nifi.authorization.ConfigurableUserGroupProvider)
Test(org.junit.Test)
Example 9 with ConfigurableUserGroupProvider
use of org.apache.nifi.authorization.ConfigurableUserGroupProvider in project nifi by apache.
the class ManagedRangerAuthorizerTest method testConfigurableFingerPrint.
@Test
public void testConfigurableFingerPrint() throws Exception {
final ConfigurableUserGroupProvider userGroupProvider = mock(ConfigurableUserGroupProvider.class);
when(userGroupProvider.getFingerprint()).thenReturn(TENANT_FINGERPRINT);
final ManagedRangerAuthorizer managedRangerAuthorizer = getStandardManagedAuthorizer(userGroupProvider);
Assert.assertEquals(NON_EMPTY_FINGERPRINT, managedRangerAuthorizer.getFingerprint());
}
Also used :
ConfigurableUserGroupProvider(org.apache.nifi.authorization.ConfigurableUserGroupProvider)
Test(org.junit.Test)
Example 10 with ConfigurableUserGroupProvider
use of org.apache.nifi.authorization.ConfigurableUserGroupProvider in project nifi by apache.
the class StandardPolicyBasedAuthorizerDAO method deleteUser.
@Override
public User deleteUser(final String userId) {
if (userGroupProvider instanceof ConfigurableUserGroupProvider) {
final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) userGroupProvider;
final User user = getUser(userId);
final User removedUser = configurableUserGroupProvider.deleteUser(user);
// ensure the user was removed
if (removedUser == null) {
throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", userId));
}
// remove any references to the user being deleted from policies if possible
if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) {
for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) {
final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider;
// ensure this policy contains a reference to the user and this policy is configurable (check proactively to prevent an exception)
if (policy.getUsers().contains(removedUser.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) {
final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeUser(removedUser.getIdentifier());
configurableAccessPolicyProvider.updateAccessPolicy(builder.build());
}
}
}
return removedUser;
} else {
throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS);
}
}
Also used :
User(org.apache.nifi.authorization.User)
ConfigurableUserGroupProvider(org.apache.nifi.authorization.ConfigurableUserGroupProvider)
ConfigurableAccessPolicyProvider(org.apache.nifi.authorization.ConfigurableAccessPolicyProvider)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
AccessPolicy(org.apache.nifi.authorization.AccessPolicy)
Aggregations
ConfigurableUserGroupProvider (org.apache.nifi.authorization.ConfigurableUserGroupProvider)11
Test (org.junit.Test)8
AccessPolicy (org.apache.nifi.authorization.AccessPolicy)2
ConfigurableAccessPolicyProvider (org.apache.nifi.authorization.ConfigurableAccessPolicyProvider)2
ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)2
StringWriter (java.io.StringWriter)1
DocumentBuilder (javax.xml.parsers.DocumentBuilder)1
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1
Transformer (javax.xml.transform.Transformer)1
TransformerException (javax.xml.transform.TransformerException)1
DOMSource (javax.xml.transform.dom.DOMSource)1
StreamResult (javax.xml.transform.stream.StreamResult)1
Group (org.apache.nifi.authorization.Group)1
User (org.apache.nifi.authorization.User)1
AuthorizationAccessException (org.apache.nifi.authorization.exception.AuthorizationAccessException)1
Document (org.w3c.dom.Document)1
Element (org.w3c.dom.Element)1
