use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class StandardNiFiServiceFacade method cleanUpPolicies.
/**
* Clean up the policies for the specified component resource.
*
* @param componentResource the resource for the component
*/
private void cleanUpPolicies(final Resource componentResource) {
// ensure the authorizer supports configuration
if (accessPolicyDAO.supportsConfigurableAuthorizer()) {
final List<Resource> resources = new ArrayList<>();
resources.add(componentResource);
resources.add(ResourceFactory.getDataResource(componentResource));
resources.add(ResourceFactory.getDataTransferResource(componentResource));
resources.add(ResourceFactory.getPolicyResource(componentResource));
for (final Resource resource : resources) {
for (final RequestAction action : RequestAction.values()) {
try {
// since the component is being deleted, also delete any relevant access policies
final AccessPolicy readPolicy = accessPolicyDAO.getAccessPolicy(action, resource.getIdentifier());
if (readPolicy != null) {
accessPolicyDAO.deleteAccessPolicy(readPolicy.getIdentifier());
}
} catch (final Exception e) {
logger.warn(String.format("Unable to remove access policy for %s %s after component removal.", action, resource.getIdentifier()), e);
}
}
}
}
}
use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class StandardNiFiServiceFacade method deleteUserGroup.
@Override
public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) {
final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
final Set<TenantEntity> users = userGroup != null ? userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null;
final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(userGroup.getIdentifier()).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
final String resourceIdentifier = ResourceFactory.getTenantResource().getIdentifier() + "/" + userGroupId;
final UserGroupDTO snapshot = deleteComponent(revision, new Resource() {
@Override
public String getIdentifier() {
return resourceIdentifier;
}
@Override
public String getName() {
return resourceIdentifier;
}
@Override
public String getSafeDescription() {
return "User Group " + userGroupId;
}
}, () -> userGroupDAO.deleteUserGroup(userGroupId), // no user group specific policies to remove
false, dtoFactory.createUserGroupDto(userGroup, users, policyEntities));
return entityFactory.createUserGroupEntity(snapshot, null, permissions);
}
use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class SnippetUtils method rollbackClonedPolicy.
/**
* Attempts to roll back all policies for the specified component. This includes the component resource, data resource
* for the component, data transfer resource for the component, and policy resource for the component.
*
* @param componentResource component resource
*/
private void rollbackClonedPolicy(final Resource componentResource) {
if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
return;
}
final List<Resource> resources = new ArrayList<>();
resources.add(componentResource);
resources.add(ResourceFactory.getDataResource(componentResource));
resources.add(ResourceFactory.getDataTransferResource(componentResource));
resources.add(ResourceFactory.getPolicyResource(componentResource));
for (final Resource resource : resources) {
for (final RequestAction action : RequestAction.values()) {
final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, resource.getIdentifier());
if (accessPolicy != null) {
try {
accessPolicyDAO.deleteAccessPolicy(accessPolicy.getIdentifier());
} catch (final Exception e) {
logger.warn(String.format("Unable to clean up cloned access policy for %s %s after failed copy/paste action.", action, componentResource.getIdentifier()), e);
}
}
}
}
}
use of org.apache.nifi.authorization.Resource in project nifi by apache.
the class SnippetUtils method cloneComponentSpecificPolicies.
/**
* Clones all the component specified policies for the specified original component. This will include the component resource, data resource
* for the component, data transfer resource for the component, and policy resource for the component.
*
* @param originalComponentResource original component resource
* @param clonedComponentResource cloned component resource
* @param idGenerationSeed id generation seed
*/
private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) {
if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
return;
}
final Map<Resource, Resource> resources = new HashMap<>();
resources.put(originalComponentResource, clonedComponentResource);
resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource));
resources.put(ResourceFactory.getDataTransferResource(originalComponentResource), ResourceFactory.getDataTransferResource(clonedComponentResource));
resources.put(ResourceFactory.getPolicyResource(originalComponentResource), ResourceFactory.getPolicyResource(clonedComponentResource));
for (final Entry<Resource, Resource> entry : resources.entrySet()) {
final Resource originalResource = entry.getKey();
final Resource cloneResource = entry.getValue();
for (final RequestAction action : RequestAction.values()) {
final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, originalResource.getIdentifier());
// if there is a component specific policy we want to clone it for the new component
if (accessPolicy != null) {
final AccessPolicyDTO cloneAccessPolicy = new AccessPolicyDTO();
cloneAccessPolicy.setId(generateId(accessPolicy.getIdentifier(), idGenerationSeed, true));
cloneAccessPolicy.setAction(accessPolicy.getAction().toString());
cloneAccessPolicy.setResource(cloneResource.getIdentifier());
final Set<TenantEntity> users = new HashSet<>();
accessPolicy.getUsers().forEach(userId -> {
final TenantEntity entity = new TenantEntity();
entity.setId(userId);
users.add(entity);
});
cloneAccessPolicy.setUsers(users);
final Set<TenantEntity> groups = new HashSet<>();
accessPolicy.getGroups().forEach(groupId -> {
final TenantEntity entity = new TenantEntity();
entity.setId(groupId);
groups.add(entity);
});
cloneAccessPolicy.setUserGroups(groups);
// create the access policy for the cloned policy
accessPolicyDAO.createAccessPolicy(cloneAccessPolicy);
}
}
}
}
Aggregations