use of org.apache.nifi.authorization.Group in project nifi by apache.
the class TestFlowController method setup.
@Before
public void setup() {
flowFileEventRepo = Mockito.mock(FlowFileEventRepository.class);
auditService = Mockito.mock(AuditService.class);
final Map<String, String> otherProps = new HashMap<>();
otherProps.put(NiFiProperties.PROVENANCE_REPO_IMPLEMENTATION_CLASS, MockProvenanceRepository.class.getName());
otherProps.put("nifi.remote.input.socket.port", "");
otherProps.put("nifi.remote.input.secure", "");
nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
encryptor = StringEncryptor.createEncryptor(nifiProperties);
// use the system bundle
systemBundle = SystemBundle.create(nifiProperties);
ExtensionManager.discoverExtensions(systemBundle, Collections.emptySet());
User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build();
User user2 = new User.Builder().identifier("user-id-2").identity("user-2").build();
Group group1 = new Group.Builder().identifier("group-id-1").name("group-1").addUser(user1.getIdentifier()).build();
Group group2 = new Group.Builder().identifier("group-id-2").name("group-2").build();
AccessPolicy policy1 = new AccessPolicy.Builder().identifier("policy-id-1").resource("resource1").action(RequestAction.READ).addUser(user1.getIdentifier()).addUser(user2.getIdentifier()).build();
AccessPolicy policy2 = new AccessPolicy.Builder().identifier("policy-id-2").resource("resource2").action(RequestAction.READ).addGroup(group1.getIdentifier()).addGroup(group2.getIdentifier()).addUser(user1.getIdentifier()).addUser(user2.getIdentifier()).build();
Set<Group> groups1 = new LinkedHashSet<>();
groups1.add(group1);
groups1.add(group2);
Set<User> users1 = new LinkedHashSet<>();
users1.add(user1);
users1.add(user2);
Set<AccessPolicy> policies1 = new LinkedHashSet<>();
policies1.add(policy1);
policies1.add(policy2);
authorizer = new MockPolicyBasedAuthorizer(groups1, users1, policies1);
variableRegistry = new FileBasedVariableRegistry(nifiProperties.getVariableRegistryPropertiesPaths());
bulletinRepo = Mockito.mock(BulletinRepository.class);
controller = FlowController.createStandaloneInstance(flowFileEventRepo, nifiProperties, authorizer, auditService, encryptor, bulletinRepo, variableRegistry, Mockito.mock(FlowRegistryClient.class));
}
use of org.apache.nifi.authorization.Group in project nifi by apache.
the class TestFlowController method testSynchronizeFlowWithProcessorReferencingControllerService.
@Test
public void testSynchronizeFlowWithProcessorReferencingControllerService() throws IOException {
final FlowSynchronizer standardFlowSynchronizer = new StandardFlowSynchronizer(StringEncryptor.createEncryptor(nifiProperties), nifiProperties);
// create a mock proposed data flow with the same auth fingerprint as the current authorizer
final String authFingerprint = authorizer.getFingerprint();
final DataFlow proposedDataFlow = Mockito.mock(DataFlow.class);
when(proposedDataFlow.getAuthorizerFingerprint()).thenReturn(authFingerprint.getBytes(StandardCharsets.UTF_8));
final File flowFile = new File("src/test/resources/conf/processor-with-cs-flow-0.7.0.xml");
final String flow = IOUtils.toString(new FileInputStream(flowFile));
when(proposedDataFlow.getFlow()).thenReturn(flow.getBytes(StandardCharsets.UTF_8));
controller.synchronize(standardFlowSynchronizer, proposedDataFlow);
// should be two controller services
final Set<ControllerServiceNode> controllerServiceNodes = controller.getAllControllerServices();
assertNotNull(controllerServiceNodes);
assertEquals(1, controllerServiceNodes.size());
// find the controller service that was moved to the root group
final ControllerServiceNode rootGroupCs = controllerServiceNodes.stream().filter(c -> c.getProcessGroup() != null).findFirst().get();
assertNotNull(rootGroupCs);
// should be one processor
final Set<ProcessorNode> processorNodes = controller.getGroup(controller.getRootGroupId()).getProcessors();
assertNotNull(processorNodes);
assertEquals(1, processorNodes.size());
// verify the processor is still pointing at the controller service that got moved to the root group
final ProcessorNode processorNode = processorNodes.stream().findFirst().get();
final PropertyDescriptor procControllerServiceProp = processorNode.getProperties().entrySet().stream().filter(e -> e.getValue().equals(rootGroupCs.getIdentifier())).map(e -> e.getKey()).findFirst().get();
assertNotNull(procControllerServiceProp);
}
use of org.apache.nifi.authorization.Group in project nifi by apache.
the class LdapUserGroupProviderTest method testSearchGroupsWithFilter.
@Test
public void testSearchGroupsWithFilter() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null));
when(configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(cn=admins)", null));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(1, groups.size());
assertEquals(1, groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).count());
}
use of org.apache.nifi.authorization.Group in project nifi by apache.
the class LdapUserGroupProviderTest method testSearchGroupsWithNoNameAndUserIdentityUidAttribute.
@Test
public void testSearchGroupsWithNoNameAndUserIdentityUidAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null));
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(4, groups.size());
final Group admins = groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).findFirst().orElse(null);
assertNotNull(admins);
assertFalse(admins.getUsers().isEmpty());
assertEquals(1, admins.getUsers().stream().map(userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(user -> "user1".equals(user.getIdentity())).count());
}
use of org.apache.nifi.authorization.Group in project nifi by apache.
the class LdapUserGroupProviderTest method testSearchGroupsWithNoNameAttribute.
@Test
public void testSearchGroupsWithNoNameAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(4, groups.size());
assertEquals(1, groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).count());
}
Aggregations