Example 1 with ConnectionAuthorizable
use of org.apache.nifi.authorization.ConnectionAuthorizable in project nifi by apache.
the class ConnectionResource method updateConnection.
/**
* Updates the specified connection.
*
* @param httpServletRequest request
* @param id The id of the connection.
* @param requestConnectionEntity A connectionEntity.
* @return A connectionEntity.
* @throws InterruptedException if interrupted
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
@ApiOperation(value = "Updates a connection", response = ConnectionEntity.class, authorizations = { @Authorization(value = "Write Source - /{component-type}/{uuid}"), @Authorization(value = "Write Destination - /{component-type}/{uuid}"), @Authorization(value = "Write New Destination - /{component-type}/{uuid} - if updating Destination"), @Authorization(value = "Write Process Group - /process-groups/{uuid} - if updating Destination") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateConnection(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The connection id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The connection configuration details.", required = true) final ConnectionEntity requestConnectionEntity) throws InterruptedException {
if (requestConnectionEntity == null || requestConnectionEntity.getComponent() == null) {
throw new IllegalArgumentException("Connection details must be specified.");
}
if (requestConnectionEntity.getRevision() == null) {
throw new IllegalArgumentException("Revision must be specified.");
}
// ensure the ids are the same
final ConnectionDTO requestConnection = requestConnectionEntity.getComponent();
if (!id.equals(requestConnection.getId())) {
throw new IllegalArgumentException(String.format("The connection id " + "(%s) in the request body does not equal the connection id of the " + "requested resource (%s).", requestConnection.getId(), id));
}
if (requestConnection.getDestination() != null) {
if (requestConnection.getDestination().getId() == null) {
throw new IllegalArgumentException("When specifying a destination component, the destination id is required.");
}
if (requestConnection.getDestination().getType() == null) {
throw new IllegalArgumentException("When specifying a destination component, the type of the destination is required.");
}
}
final List<PositionDTO> proposedBends = requestConnection.getBends();
if (proposedBends != null) {
for (final PositionDTO proposedBend : proposedBends) {
if (proposedBend.getX() == null || proposedBend.getY() == null) {
throw new IllegalArgumentException("The x and y coordinate of the each bend must be specified.");
}
}
}
if (isReplicateRequest()) {
return replicate(HttpMethod.PUT, requestConnectionEntity);
}
final Revision requestRevision = getRevision(requestConnectionEntity, id);
return withWriteLock(serviceFacade, requestConnectionEntity, requestRevision, lookup -> {
// verifies write access to this connection (this checks the current source and destination)
ConnectionAuthorizable connAuth = lookup.getConnection(id);
connAuth.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// if a destination has been specified and is different
final Connectable currentDestination = connAuth.getDestination();
if (requestConnection.getDestination() != null && !currentDestination.getIdentifier().equals(requestConnection.getDestination().getId())) {
try {
final ConnectableType destinationConnectableType = ConnectableType.valueOf(requestConnection.getDestination().getType());
// explicitly handle RPGs differently as the connectable id can be ambiguous if self referencing
final Authorizable newDestinationAuthorizable;
if (ConnectableType.REMOTE_INPUT_PORT.equals(destinationConnectableType)) {
newDestinationAuthorizable = lookup.getRemoteProcessGroup(requestConnection.getDestination().getGroupId());
} else {
newDestinationAuthorizable = lookup.getLocalConnectable(requestConnection.getDestination().getId());
}
// verify access of the new destination (current destination was already authorized as part of the connection check)
newDestinationAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
} catch (final IllegalArgumentException e) {
throw new IllegalArgumentException(String.format("Unrecognized destination type %s. Excepted values are [%s]", requestConnection.getDestination().getType(), StringUtils.join(ConnectableType.values(), ", ")));
}
// verify access of the parent group (this is the same check that is performed when creating the connection)
connAuth.getParentGroup().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}
}, () -> serviceFacade.verifyUpdateConnection(requestConnection), (revision, connectionEntity) -> {
final ConnectionDTO connection = connectionEntity.getComponent();
final ConnectionEntity entity = serviceFacade.updateConnection(revision, connection);
populateRemainingConnectionEntityContent(entity);
// generate the response
return generateOkResponse(entity).build();
});
}
Also used :
Revision(org.apache.nifi.web.Revision)
Connectable(org.apache.nifi.connectable.Connectable)
ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectableType(org.apache.nifi.connectable.ConnectableType)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity)
PositionDTO(org.apache.nifi.web.api.dto.PositionDTO)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
PUT(javax.ws.rs.PUT)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with ConnectionAuthorizable
use of org.apache.nifi.authorization.ConnectionAuthorizable in project nifi by apache.
the class FlowFileQueueResource method deleteListingRequest.
/**
* Deletes the specified listing request.
*
* @param httpServletRequest request
* @param connectionId The connection id
* @param listingRequestId The drop request id
* @return A dropRequestEntity
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/listing-requests/{listing-request-id}")
@ApiOperation(value = "Cancels and/or removes a request to list the contents of this connection.", response = ListingRequestEntity.class, authorizations = { @Authorization(value = "Read Source Data - /data/{component-type}/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response deleteListingRequest(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The connection id.", required = true) @PathParam("id") final String connectionId, @ApiParam(value = "The listing request id.", required = true) @PathParam("listing-request-id") final String listingRequestId) {
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
return withWriteLock(serviceFacade, new ListingEntity(connectionId, listingRequestId), lookup -> {
final ConnectionAuthorizable connAuth = lookup.getConnection(connectionId);
final Authorizable dataAuthorizable = connAuth.getSourceData();
dataAuthorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
}, null, (listingEntity) -> {
// delete the listing request
final ListingRequestDTO listingRequest = serviceFacade.deleteFlowFileListingRequest(listingEntity.getConnectionId(), listingEntity.getListingRequestId());
// prune the results as they were already received when the listing completed
listingRequest.setFlowFileSummaries(null);
// populate remaining content
populateRemainingFlowFileListingContent(listingEntity.getConnectionId(), listingRequest);
// create the response entity
final ListingRequestEntity entity = new ListingRequestEntity();
entity.setListingRequest(listingRequest);
return generateOkResponse(entity).build();
});
}
Also used :
ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ListingRequestEntity(org.apache.nifi.web.api.entity.ListingRequestEntity)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 3 with ConnectionAuthorizable
use of org.apache.nifi.authorization.ConnectionAuthorizable in project nifi by apache.
the class FlowFileQueueResource method removeDropRequest.
/**
* Deletes the specified drop request.
*
* @param httpServletRequest request
* @param connectionId The connection id
* @param dropRequestId The drop request id
* @return A dropRequestEntity
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/drop-requests/{drop-request-id}")
@ApiOperation(value = "Cancels and/or removes a request to drop the contents of this connection.", response = DropRequestEntity.class, authorizations = { @Authorization(value = "Write Source Data - /data/{component-type}/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeDropRequest(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The connection id.", required = true) @PathParam("id") final String connectionId, @ApiParam(value = "The drop request id.", required = true) @PathParam("drop-request-id") final String dropRequestId) {
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
return withWriteLock(serviceFacade, new DropEntity(connectionId, dropRequestId), lookup -> {
final ConnectionAuthorizable connAuth = lookup.getConnection(connectionId);
final Authorizable dataAuthorizable = connAuth.getSourceData();
dataAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, (dropEntity) -> {
// delete the drop request
final DropRequestDTO dropRequest = serviceFacade.deleteFlowFileDropRequest(dropEntity.getConnectionId(), dropEntity.getDropRequestId());
dropRequest.setUri(generateResourceUri("flowfile-queues", dropEntity.getConnectionId(), "drop-requests", dropEntity.getDropRequestId()));
// create the response entity
final DropRequestEntity entity = new DropRequestEntity();
entity.setDropRequest(dropRequest);
return generateOkResponse(entity).build();
});
}
Also used :
DropRequestDTO(org.apache.nifi.web.api.dto.DropRequestDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
DropRequestEntity(org.apache.nifi.web.api.entity.DropRequestEntity)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 4 with ConnectionAuthorizable
use of org.apache.nifi.authorization.ConnectionAuthorizable in project nifi by apache.
the class FlowFileQueueResource method createFlowFileListing.
/**
* Creates a request to list the flowfiles in the queue of the specified connection.
*
* @param httpServletRequest request
* @param id The id of the connection
* @return A listRequestEntity
*/
@POST
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/listing-requests")
@ApiOperation(value = "Lists the contents of the queue in this connection.", response = ListingRequestEntity.class, authorizations = { @Authorization(value = "Read Source Data - /data/{component-type}/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 202, message = "The request has been accepted. A HTTP response header will contain the URI where the response can be polled."), @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createFlowFileListing(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The connection id.", required = true) @PathParam("id") final String id) {
if (isReplicateRequest()) {
return replicate(HttpMethod.POST);
}
final ConnectionEntity requestConnectionEntity = new ConnectionEntity();
requestConnectionEntity.setId(id);
return withWriteLock(serviceFacade, requestConnectionEntity, lookup -> {
final ConnectionAuthorizable connAuth = lookup.getConnection(id);
final Authorizable dataAuthorizable = connAuth.getSourceData();
dataAuthorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
}, () -> serviceFacade.verifyListQueue(id), (connectionEntity) -> {
// ensure the id is the same across the cluster
final String listingRequestId = generateUuid();
// submit the listing request
final ListingRequestDTO listingRequest = serviceFacade.createFlowFileListingRequest(connectionEntity.getId(), listingRequestId);
populateRemainingFlowFileListingContent(connectionEntity.getId(), listingRequest);
// create the response entity
final ListingRequestEntity entity = new ListingRequestEntity();
entity.setListingRequest(listingRequest);
// generate the URI where the response will be
final URI location = URI.create(listingRequest.getUri());
return Response.status(Status.ACCEPTED).location(location).entity(entity).build();
});
}
Also used :
ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ListingRequestEntity(org.apache.nifi.web.api.entity.ListingRequestEntity)
ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity)
URI(java.net.URI)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 5 with ConnectionAuthorizable
use of org.apache.nifi.authorization.ConnectionAuthorizable in project nifi by apache.
the class FlowFileQueueResource method getListingRequest.
/**
* Checks the status of an outstanding listing request.
*
* @param connectionId The id of the connection
* @param listingRequestId The id of the drop request
* @return A dropRequestEntity
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/listing-requests/{listing-request-id}")
@ApiOperation(value = "Gets the current status of a listing request for the specified connection.", response = ListingRequestEntity.class, authorizations = { @Authorization(value = "Read Source Data - /data/{component-type}/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getListingRequest(@ApiParam(value = "The connection id.", required = true) @PathParam("id") final String connectionId, @ApiParam(value = "The listing request id.", required = true) @PathParam("listing-request-id") final String listingRequestId) {
if (isReplicateRequest()) {
return replicate(HttpMethod.GET);
}
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final ConnectionAuthorizable connAuth = lookup.getConnection(connectionId);
final Authorizable dataAuthorizable = connAuth.getSourceData();
dataAuthorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
});
// get the listing request
final ListingRequestDTO listingRequest = serviceFacade.getFlowFileListingRequest(connectionId, listingRequestId);
populateRemainingFlowFileListingContent(connectionId, listingRequest);
// create the response entity
final ListingRequestEntity entity = new ListingRequestEntity();
entity.setListingRequest(listingRequest);
return generateOkResponse(entity).build();
}
Also used :
ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ListingRequestEntity(org.apache.nifi.web.api.entity.ListingRequestEntity)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
ApiOperation (io.swagger.annotations.ApiOperation)7
ApiResponses (io.swagger.annotations.ApiResponses)7
Consumes (javax.ws.rs.Consumes)7
Path (javax.ws.rs.Path)7
Produces (javax.ws.rs.Produces)7
ConnectionAuthorizable (org.apache.nifi.authorization.ConnectionAuthorizable)7
Authorizable (org.apache.nifi.authorization.resource.Authorizable)7
DropRequestDTO (org.apache.nifi.web.api.dto.DropRequestDTO)3
ListingRequestDTO (org.apache.nifi.web.api.dto.ListingRequestDTO)3
ConnectionEntity (org.apache.nifi.web.api.entity.ConnectionEntity)3
DropRequestEntity (org.apache.nifi.web.api.entity.DropRequestEntity)3
ListingRequestEntity (org.apache.nifi.web.api.entity.ListingRequestEntity)3
URI (java.net.URI)2
DELETE (javax.ws.rs.DELETE)2
GET (javax.ws.rs.GET)2
POST (javax.ws.rs.POST)2
PUT (javax.ws.rs.PUT)1
Connectable (org.apache.nifi.connectable.Connectable)1
ConnectableType (org.apache.nifi.connectable.ConnectableType)1
Revision (org.apache.nifi.web.Revision)1
