use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class StandardNiFiServiceFacade method deleteUser.
@Override
public UserEntity deleteUser(final Revision revision, final String userId) {
final User user = userDAO.getUser(userId);
final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
final Set<TenantEntity> userGroups = user != null ? userGroupDAO.getUserGroupsForUser(userId).stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null;
final Set<AccessPolicySummaryEntity> policyEntities = user != null ? userGroupDAO.getAccessPoliciesForUser(userId).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()) : null;
final String resourceIdentifier = ResourceFactory.getTenantResource().getIdentifier() + "/" + userId;
final UserDTO snapshot = deleteComponent(revision, new Resource() {
@Override
public String getIdentifier() {
return resourceIdentifier;
}
@Override
public String getName() {
return resourceIdentifier;
}
@Override
public String getSafeDescription() {
return "User " + userId;
}
}, () -> userDAO.deleteUser(userId), // no user specific policies to remove
false, dtoFactory.createUserDto(user, userGroups, policyEntities));
return entityFactory.createUserEntity(snapshot, null, permissions);
}
use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class StandardNiFiServiceFacade method deleteProcessGroup.
@Override
public ProcessGroupEntity deleteProcessGroup(final Revision revision, final String groupId) {
final ProcessGroup processGroup = processGroupDAO.getProcessGroup(groupId);
final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroup);
// grab the resources in the snippet so we can delete the policies afterwards
final Set<Resource> groupResources = new HashSet<>();
processGroup.findAllProcessors().forEach(processor -> groupResources.add(processor.getResource()));
processGroup.findAllInputPorts().forEach(inputPort -> groupResources.add(inputPort.getResource()));
processGroup.findAllOutputPorts().forEach(outputPort -> groupResources.add(outputPort.getResource()));
processGroup.findAllFunnels().forEach(funnel -> groupResources.add(funnel.getResource()));
processGroup.findAllLabels().forEach(label -> groupResources.add(label.getResource()));
processGroup.findAllProcessGroups().forEach(childGroup -> groupResources.add(childGroup.getResource()));
processGroup.findAllRemoteProcessGroups().forEach(remoteProcessGroup -> groupResources.add(remoteProcessGroup.getResource()));
processGroup.findAllTemplates().forEach(template -> groupResources.add(template.getResource()));
processGroup.findAllControllerServices().forEach(controllerService -> groupResources.add(controllerService.getResource()));
final ProcessGroupDTO snapshot = deleteComponent(revision, processGroup.getResource(), () -> processGroupDAO.deleteProcessGroup(groupId), true, dtoFactory.createProcessGroupDto(processGroup));
// delete all applicable component policies
groupResources.forEach(groupResource -> cleanUpPolicies(groupResource));
return entityFactory.createProcessGroupEntity(snapshot, null, permissions, null, null);
}
use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class StandardNiFiServiceFacade method deleteSnippet.
@Override
public SnippetEntity deleteSnippet(final Set<Revision> revisions, final String snippetId) {
final Snippet snippet = snippetDAO.getSnippet(snippetId);
// grab the resources in the snippet so we can delete the policies afterwards
final Set<Resource> snippetResources = new HashSet<>();
snippet.getProcessors().keySet().forEach(id -> snippetResources.add(processorDAO.getProcessor(id).getResource()));
snippet.getInputPorts().keySet().forEach(id -> snippetResources.add(inputPortDAO.getPort(id).getResource()));
snippet.getOutputPorts().keySet().forEach(id -> snippetResources.add(outputPortDAO.getPort(id).getResource()));
snippet.getFunnels().keySet().forEach(id -> snippetResources.add(funnelDAO.getFunnel(id).getResource()));
snippet.getLabels().keySet().forEach(id -> snippetResources.add(labelDAO.getLabel(id).getResource()));
snippet.getRemoteProcessGroups().keySet().forEach(id -> snippetResources.add(remoteProcessGroupDAO.getRemoteProcessGroup(id).getResource()));
snippet.getProcessGroups().keySet().forEach(id -> {
final ProcessGroup processGroup = processGroupDAO.getProcessGroup(id);
// add the process group
snippetResources.add(processGroup.getResource());
// add each encapsulated component
processGroup.findAllProcessors().forEach(processor -> snippetResources.add(processor.getResource()));
processGroup.findAllInputPorts().forEach(inputPort -> snippetResources.add(inputPort.getResource()));
processGroup.findAllOutputPorts().forEach(outputPort -> snippetResources.add(outputPort.getResource()));
processGroup.findAllFunnels().forEach(funnel -> snippetResources.add(funnel.getResource()));
processGroup.findAllLabels().forEach(label -> snippetResources.add(label.getResource()));
processGroup.findAllProcessGroups().forEach(childGroup -> snippetResources.add(childGroup.getResource()));
processGroup.findAllRemoteProcessGroups().forEach(remoteProcessGroup -> snippetResources.add(remoteProcessGroup.getResource()));
processGroup.findAllTemplates().forEach(template -> snippetResources.add(template.getResource()));
processGroup.findAllControllerServices().forEach(controllerService -> snippetResources.add(controllerService.getResource()));
});
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final RevisionClaim claim = new StandardRevisionClaim(revisions);
final SnippetDTO dto = revisionManager.deleteRevision(claim, user, new DeleteRevisionTask<SnippetDTO>() {
@Override
public SnippetDTO performTask() {
// delete the components in the snippet
snippetDAO.deleteSnippetComponents(snippetId);
// drop the snippet
snippetDAO.dropSnippet(snippetId);
// save
controllerFacade.save();
// create the dto for the snippet that was just removed
return dtoFactory.createSnippetDto(snippet);
}
});
// clean up component policies
snippetResources.forEach(resource -> cleanUpPolicies(resource));
return entityFactory.createSnippetEntity(dto);
}
use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class StandardNiFiServiceFacade method getAccessPolicy.
@Override
public AccessPolicyEntity getAccessPolicy(final RequestAction requestAction, final String resource) {
Authorizable authorizable;
try {
authorizable = authorizableLookup.getAuthorizableFromResource(resource);
} catch (final ResourceNotFoundException e) {
// unable to find the underlying authorizable... user authorized based on top level /policies... create
// an anonymous authorizable to attempt to locate an existing policy for this resource
authorizable = new Authorizable() {
@Override
public Authorizable getParentAuthorizable() {
return null;
}
@Override
public Resource getResource() {
return new Resource() {
@Override
public String getIdentifier() {
return resource;
}
@Override
public String getName() {
return resource;
}
@Override
public String getSafeDescription() {
return "Policy " + resource;
}
};
}
};
}
final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(requestAction, authorizable);
return createAccessPolicyEntity(accessPolicy);
}
use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class ControllerFacade method getResources.
public List<Resource> getResources() {
final List<Resource> resources = new ArrayList<>();
resources.add(ResourceFactory.getFlowResource());
resources.add(ResourceFactory.getSystemResource());
resources.add(ResourceFactory.getControllerResource());
resources.add(ResourceFactory.getCountersResource());
resources.add(ResourceFactory.getProvenanceResource());
resources.add(ResourceFactory.getPoliciesResource());
resources.add(ResourceFactory.getTenantResource());
resources.add(ResourceFactory.getProxyResource());
resources.add(ResourceFactory.getResourceResource());
resources.add(ResourceFactory.getSiteToSiteResource());
// restricted components
resources.add(ResourceFactory.getRestrictedComponentsResource());
Arrays.stream(RequiredPermission.values()).forEach(requiredPermission -> resources.add(ResourceFactory.getRestrictedComponentsResource(requiredPermission)));
final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
// include the root group
final Resource rootResource = root.getResource();
resources.add(rootResource);
resources.add(ResourceFactory.getDataResource(rootResource));
resources.add(ResourceFactory.getPolicyResource(rootResource));
// add each processor
for (final ProcessorNode processor : root.findAllProcessors()) {
final Resource processorResource = processor.getResource();
resources.add(processorResource);
resources.add(ResourceFactory.getDataResource(processorResource));
resources.add(ResourceFactory.getPolicyResource(processorResource));
}
// add each label
for (final Label label : root.findAllLabels()) {
final Resource labelResource = label.getResource();
resources.add(labelResource);
resources.add(ResourceFactory.getPolicyResource(labelResource));
}
// add each process group
for (final ProcessGroup processGroup : root.findAllProcessGroups()) {
final Resource processGroupResource = processGroup.getResource();
resources.add(processGroupResource);
resources.add(ResourceFactory.getDataResource(processGroupResource));
resources.add(ResourceFactory.getPolicyResource(processGroupResource));
}
// add each remote process group
for (final RemoteProcessGroup remoteProcessGroup : root.findAllRemoteProcessGroups()) {
final Resource remoteProcessGroupResource = remoteProcessGroup.getResource();
resources.add(remoteProcessGroupResource);
resources.add(ResourceFactory.getDataResource(remoteProcessGroupResource));
resources.add(ResourceFactory.getPolicyResource(remoteProcessGroupResource));
}
// add each input port
for (final Port inputPort : root.findAllInputPorts()) {
final Resource inputPortResource = inputPort.getResource();
resources.add(inputPortResource);
resources.add(ResourceFactory.getDataResource(inputPortResource));
resources.add(ResourceFactory.getPolicyResource(inputPortResource));
if (inputPort instanceof RootGroupPort) {
resources.add(ResourceFactory.getDataTransferResource(inputPortResource));
}
}
// add each output port
for (final Port outputPort : root.findAllOutputPorts()) {
final Resource outputPortResource = outputPort.getResource();
resources.add(outputPortResource);
resources.add(ResourceFactory.getDataResource(outputPortResource));
resources.add(ResourceFactory.getPolicyResource(outputPortResource));
if (outputPort instanceof RootGroupPort) {
resources.add(ResourceFactory.getDataTransferResource(outputPortResource));
}
}
// add each controller service
final Consumer<ControllerServiceNode> csConsumer = controllerService -> {
final Resource controllerServiceResource = controllerService.getResource();
resources.add(controllerServiceResource);
resources.add(ResourceFactory.getPolicyResource(controllerServiceResource));
};
flowController.getAllControllerServices().forEach(csConsumer);
root.findAllControllerServices().forEach(csConsumer);
// add each reporting task
for (final ReportingTaskNode reportingTask : flowController.getAllReportingTasks()) {
final Resource reportingTaskResource = reportingTask.getResource();
resources.add(reportingTaskResource);
resources.add(ResourceFactory.getPolicyResource(reportingTaskResource));
}
// add each template
for (final Template template : root.findAllTemplates()) {
final Resource templateResource = template.getResource();
resources.add(templateResource);
resources.add(ResourceFactory.getPolicyResource(templateResource));
}
return resources;
}
Aggregations