Search in sources :

Example 11 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method cleanUpPolicies.

/**
 * Clean up the policies for the specified component resource.
 *
 * @param componentResource the resource for the component
 */
private void cleanUpPolicies(final Resource componentResource) {
    // ensure the authorizer supports configuration
    if (accessPolicyDAO.supportsConfigurableAuthorizer()) {
        final List<Resource> resources = new ArrayList<>();
        resources.add(componentResource);
        resources.add(ResourceFactory.getDataResource(componentResource));
        resources.add(ResourceFactory.getDataTransferResource(componentResource));
        resources.add(ResourceFactory.getPolicyResource(componentResource));
        for (final Resource resource : resources) {
            for (final RequestAction action : RequestAction.values()) {
                try {
                    // since the component is being deleted, also delete any relevant access policies
                    final AccessPolicy readPolicy = accessPolicyDAO.getAccessPolicy(action, resource.getIdentifier());
                    if (readPolicy != null) {
                        accessPolicyDAO.deleteAccessPolicy(readPolicy.getIdentifier());
                    }
                } catch (final Exception e) {
                    logger.warn(String.format("Unable to remove access policy for %s %s after component removal.", action, resource.getIdentifier()), e);
                }
            }
        }
    }
}
Also used : RequestAction(org.apache.nifi.authorization.RequestAction) EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) Resource(org.apache.nifi.authorization.Resource) ArrayList(java.util.ArrayList) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException) IOException(java.io.IOException) UnknownNodeException(org.apache.nifi.cluster.manager.exception.UnknownNodeException) IllegalNodeDeletionException(org.apache.nifi.cluster.manager.exception.IllegalNodeDeletionException) WebApplicationException(javax.ws.rs.WebApplicationException) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) ExpiredRevisionClaimException(org.apache.nifi.web.revision.ExpiredRevisionClaimException)

Example 12 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method deleteUserGroup.

@Override
public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) {
    final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
    final Set<TenantEntity> users = userGroup != null ? userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null;
    final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(userGroup.getIdentifier()).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
    final String resourceIdentifier = ResourceFactory.getTenantResource().getIdentifier() + "/" + userGroupId;
    final UserGroupDTO snapshot = deleteComponent(revision, new Resource() {

        @Override
        public String getIdentifier() {
            return resourceIdentifier;
        }

        @Override
        public String getName() {
            return resourceIdentifier;
        }

        @Override
        public String getSafeDescription() {
            return "User Group " + userGroupId;
        }
    }, () -> userGroupDAO.deleteUserGroup(userGroupId), // no user group specific policies to remove
    false, dtoFactory.createUserGroupDto(userGroup, users, policyEntities));
    return entityFactory.createUserGroupEntity(snapshot, null, permissions);
}
Also used : EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) ConnectionDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ConnectionDiagnosticsDTO) FlowComparison(org.apache.nifi.registry.flow.diff.FlowComparison) ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess) VersionedFlowSnapshotMetadata(org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException) Scope(org.apache.nifi.components.state.Scope) ControllerFacade(org.apache.nifi.web.controller.ControllerFacade) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) Map(java.util.Map) UserGroupDAO(org.apache.nifi.web.dao.UserGroupDAO) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Connection(org.apache.nifi.connectable.Connection) RevisionUpdate(org.apache.nifi.web.revision.RevisionUpdate) BulletinDTO(org.apache.nifi.web.api.dto.BulletinDTO) FlowDifferenceFilters(org.apache.nifi.util.FlowDifferenceFilters) NodeEvent(org.apache.nifi.cluster.event.NodeEvent) VersionedFlowDTO(org.apache.nifi.web.api.dto.VersionedFlowDTO) RemoteProcessGroupPortDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO) ComponentReferenceEntity(org.apache.nifi.web.api.entity.ComponentReferenceEntity) PortDTO(org.apache.nifi.web.api.dto.PortDTO) UserDTO(org.apache.nifi.web.api.dto.UserDTO) Stream(java.util.stream.Stream) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) InstantiatedVersionedProcessor(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessor) ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO) ProcessorDiagnosticsEntity(org.apache.nifi.web.api.entity.ProcessorDiagnosticsEntity) RegistryDAO(org.apache.nifi.web.dao.RegistryDAO) UserEntity(org.apache.nifi.web.api.entity.UserEntity) CountersSnapshotDTO(org.apache.nifi.web.api.dto.CountersSnapshotDTO) SnippetUtils(org.apache.nifi.web.util.SnippetUtils) RemoteProcessGroupStatusEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupStatusEntity) PreviousValue(org.apache.nifi.history.PreviousValue) StandardComparableDataFlow(org.apache.nifi.registry.flow.diff.StandardComparableDataFlow) ConnectionDAO(org.apache.nifi.web.dao.ConnectionDAO) ProvenanceEventDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO) ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Supplier(java.util.function.Supplier) CollectionUtils(org.apache.commons.collections4.CollectionUtils) LineageDTO(org.apache.nifi.web.api.dto.provenance.lineage.LineageDTO) LinkedHashMap(java.util.LinkedHashMap) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) ProcessGroupCounts(org.apache.nifi.groups.ProcessGroupCounts) VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO) FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO) RegistryDTO(org.apache.nifi.web.api.dto.RegistryDTO) ProvenanceDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceDTO) ClusterRoles(org.apache.nifi.cluster.coordination.node.ClusterRoles) VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState) FlowConfigurationEntity(org.apache.nifi.web.api.entity.FlowConfigurationEntity) ContentDirection(org.apache.nifi.controller.repository.claim.ContentDirection) PortDAO(org.apache.nifi.web.dao.PortDAO) AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup) RequestAction(org.apache.nifi.authorization.RequestAction) IOException(java.io.IOException) CountersDTO(org.apache.nifi.web.api.dto.CountersDTO) VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot) NiFiRegistryFlowMapper(org.apache.nifi.registry.flow.mapping.NiFiRegistryFlowMapper) HistoryDTO(org.apache.nifi.web.api.dto.action.HistoryDTO) SystemDiagnosticsDTO(org.apache.nifi.web.api.dto.SystemDiagnosticsDTO) ControllerServiceDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ControllerServiceDiagnosticsDTO) BulletinFactory(org.apache.nifi.events.BulletinFactory) VersionedFlowSnapshotMetadataEntity(org.apache.nifi.web.api.entity.VersionedFlowSnapshotMetadataEntity) ProcessorStatusEntity(org.apache.nifi.web.api.entity.ProcessorStatusEntity) ComponentStateDTO(org.apache.nifi.web.api.dto.ComponentStateDTO) UserDAO(org.apache.nifi.web.dao.UserDAO) RemoteProcessGroupDAO(org.apache.nifi.web.dao.RemoteProcessGroupDAO) UnknownNodeException(org.apache.nifi.cluster.manager.exception.UnknownNodeException) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity) BucketEntity(org.apache.nifi.web.api.entity.BucketEntity) ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity) DisconnectionCode(org.apache.nifi.cluster.coordination.node.DisconnectionCode) ProcessGroup(org.apache.nifi.groups.ProcessGroup) BulletinQueryDTO(org.apache.nifi.web.api.dto.BulletinQueryDTO) ListIterator(java.util.ListIterator) Date(java.util.Date) ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO) RegistryClientEntity(org.apache.nifi.web.api.entity.RegistryClientEntity) SnippetDAO(org.apache.nifi.web.dao.SnippetDAO) StandardFlowComparator(org.apache.nifi.registry.flow.diff.StandardFlowComparator) ControllerConfigurationEntity(org.apache.nifi.web.api.entity.ControllerConfigurationEntity) LabelDTO(org.apache.nifi.web.api.dto.LabelDTO) ControllerConfigurationDTO(org.apache.nifi.web.api.dto.ControllerConfigurationDTO) InstantiatedVersionedRemoteGroupPort(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedRemoteGroupPort) ControllerStatusDTO(org.apache.nifi.web.api.dto.status.ControllerStatusDTO) UpdateRevisionTask(org.apache.nifi.web.revision.UpdateRevisionTask) VersionedComponent(org.apache.nifi.registry.flow.VersionedComponent) Label(org.apache.nifi.controller.label.Label) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ControllerServiceReferencingComponentDTO(org.apache.nifi.web.api.dto.ControllerServiceReferencingComponentDTO) RequiredPermission(org.apache.nifi.components.RequiredPermission) EntityFactory(org.apache.nifi.web.api.dto.EntityFactory) Collection(java.util.Collection) RemoteProcessGroupPortEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity) RevisionManager(org.apache.nifi.web.revision.RevisionManager) UUID(java.util.UUID) Snippet(org.apache.nifi.controller.Snippet) PortEntity(org.apache.nifi.web.api.entity.PortEntity) Collectors(java.util.stream.Collectors) ResourceFactory(org.apache.nifi.authorization.resource.ResourceFactory) StateMap(org.apache.nifi.components.state.StateMap) Objects(java.util.Objects) Response(javax.ws.rs.core.Response) ComponentReferenceDTO(org.apache.nifi.web.api.dto.ComponentReferenceDTO) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState) ConnectionStatusDTO(org.apache.nifi.web.api.dto.status.ConnectionStatusDTO) ReportingTaskDTO(org.apache.nifi.web.api.dto.ReportingTaskDTO) AuditService(org.apache.nifi.admin.service.AuditService) FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) ReportingTaskDAO(org.apache.nifi.web.dao.ReportingTaskDAO) RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO) ProcessorNode(org.apache.nifi.controller.ProcessorNode) Bucket(org.apache.nifi.registry.bucket.Bucket) NodeHeartbeat(org.apache.nifi.cluster.coordination.heartbeat.NodeHeartbeat) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) ProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusDTO) Group(org.apache.nifi.authorization.Group) Function(java.util.function.Function) FlowRegistry(org.apache.nifi.registry.flow.FlowRegistry) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) HashSet(java.util.HashSet) ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO) ControllerServiceReferencingComponentEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentEntity) VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) ValidationResult(org.apache.nifi.components.ValidationResult) ComponentDifferenceDTO(org.apache.nifi.web.api.dto.ComponentDifferenceDTO) Logger(org.slf4j.Logger) RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort) PropertyHistoryDTO(org.apache.nifi.web.api.dto.PropertyHistoryDTO) FlowFileDTO(org.apache.nifi.web.api.dto.FlowFileDTO) VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity) VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow) IllegalNodeDeletionException(org.apache.nifi.cluster.manager.exception.IllegalNodeDeletionException) DropRequestDTO(org.apache.nifi.web.api.dto.DropRequestDTO) LabelEntity(org.apache.nifi.web.api.entity.LabelEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils) BulletinRepository(org.apache.nifi.reporting.BulletinRepository) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) NodeDTO(org.apache.nifi.web.api.dto.NodeDTO) Operation(org.apache.nifi.action.Operation) SnippetDTO(org.apache.nifi.web.api.dto.SnippetDTO) Comparator(java.util.Comparator) CounterDTO(org.apache.nifi.web.api.dto.CounterDTO) InstantiatedVersionedComponent(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedComponent) Arrays(java.util.Arrays) StatusHistoryEntity(org.apache.nifi.web.api.entity.StatusHistoryEntity) FlowChangePurgeDetails(org.apache.nifi.action.details.FlowChangePurgeDetails) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusSnapshotDTO) ControllerServiceDAO(org.apache.nifi.web.dao.ControllerServiceDAO) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) PropertyDescriptorDTO(org.apache.nifi.web.api.dto.PropertyDescriptorDTO) FunnelDAO(org.apache.nifi.web.dao.FunnelDAO) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) RootGroupPort(org.apache.nifi.remote.RootGroupPort) BulletinQuery(org.apache.nifi.reporting.BulletinQuery) Connectable(org.apache.nifi.connectable.Connectable) Bulletin(org.apache.nifi.reporting.Bulletin) FunnelDTO(org.apache.nifi.web.api.dto.FunnelDTO) ProcessorStatus(org.apache.nifi.controller.status.ProcessorStatus) HistoryQueryDTO(org.apache.nifi.web.api.dto.action.HistoryQueryDTO) ControllerServiceReferencingComponentsEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity) FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity) AccessPolicyDAO(org.apache.nifi.web.dao.AccessPolicyDAO) ProcessGroupStatus(org.apache.nifi.controller.status.ProcessGroupStatus) History(org.apache.nifi.history.History) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity) Set(java.util.Set) BulletinBoardDTO(org.apache.nifi.web.api.dto.BulletinBoardDTO) VersionedFlowCoordinates(org.apache.nifi.registry.flow.VersionedFlowCoordinates) FlowController(org.apache.nifi.controller.FlowController) ProcessorDAO(org.apache.nifi.web.dao.ProcessorDAO) StandardCharsets(java.nio.charset.StandardCharsets) FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity) ScheduledState(org.apache.nifi.controller.ScheduledState) WebApplicationException(javax.ws.rs.WebApplicationException) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) RemoteProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO) ControllerBulletinsEntity(org.apache.nifi.web.api.entity.ControllerBulletinsEntity) Resource(org.apache.nifi.authorization.Resource) FlowComparator(org.apache.nifi.registry.flow.diff.FlowComparator) StaticDifferenceDescriptor(org.apache.nifi.registry.flow.diff.StaticDifferenceDescriptor) LeaderElectionManager(org.apache.nifi.controller.leader.election.LeaderElectionManager) Counter(org.apache.nifi.controller.Counter) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) TemplateDAO(org.apache.nifi.web.dao.TemplateDAO) ArrayList(java.util.ArrayList) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ComponentType(org.apache.nifi.reporting.ComponentType) ControllerServiceReference(org.apache.nifi.controller.service.ControllerServiceReference) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) NodeConnectionState(org.apache.nifi.cluster.coordination.node.NodeConnectionState) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) VersionControlComponentMappingEntity(org.apache.nifi.web.api.entity.VersionControlComponentMappingEntity) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO) NodeConnectionStatus(org.apache.nifi.cluster.coordination.node.NodeConnectionStatus) LinkedHashSet(java.util.LinkedHashSet) DocumentedTypeDTO(org.apache.nifi.web.api.dto.DocumentedTypeDTO) FlowConfigurationDTO(org.apache.nifi.web.api.dto.FlowConfigurationDTO) ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent) ProvenanceOptionsDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceOptionsDTO) LabelDAO(org.apache.nifi.web.dao.LabelDAO) InstantiatedVersionedControllerService(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedControllerService) StartVersionControlRequestEntity(org.apache.nifi.web.api.entity.StartVersionControlRequestEntity) ComponentDTO(org.apache.nifi.web.api.dto.ComponentDTO) Authorizer(org.apache.nifi.authorization.Authorizer) NiFiProperties(org.apache.nifi.util.NiFiProperties) ComponentHistoryDTO(org.apache.nifi.web.api.dto.ComponentHistoryDTO) BulletinEntity(org.apache.nifi.web.api.entity.BulletinEntity) VersionedFlowEntity(org.apache.nifi.web.api.entity.VersionedFlowEntity) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Permissions(org.apache.nifi.registry.authorization.Permissions) PreviousValueDTO(org.apache.nifi.web.api.dto.PreviousValueDTO) ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO) LoggerFactory(org.slf4j.LoggerFactory) Port(org.apache.nifi.connectable.Port) ProcessGroupStatusEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusEntity) TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO) ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity) UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) ConnectionStatusEntity(org.apache.nifi.web.api.entity.ConnectionStatusEntity) JVMDiagnosticsSnapshotDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsSnapshotDTO) ProcessGroupStatusSnapshotEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusSnapshotEntity) DifferenceType(org.apache.nifi.registry.flow.diff.DifferenceType) AccessPolicySummaryDTO(org.apache.nifi.web.api.dto.AccessPolicySummaryDTO) NodeProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.NodeProcessGroupStatusSnapshotDTO) VersionedConnection(org.apache.nifi.registry.flow.VersionedConnection) Template(org.apache.nifi.controller.Template) FlowRegistryClient(org.apache.nifi.registry.flow.FlowRegistryClient) BucketDTO(org.apache.nifi.web.api.dto.BucketDTO) ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO) ReportingTaskEntity(org.apache.nifi.web.api.entity.ReportingTaskEntity) Predicate(java.util.function.Predicate) Sets(com.google.common.collect.Sets) User(org.apache.nifi.authorization.User) JVMDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsDTO) SystemDiagnostics(org.apache.nifi.diagnostics.SystemDiagnostics) List(java.util.List) Result(org.apache.nifi.authorization.AuthorizationResult.Result) VersionControlInformation(org.apache.nifi.registry.flow.VersionControlInformation) StatusHistoryDTO(org.apache.nifi.web.api.dto.status.StatusHistoryDTO) HeartbeatMonitor(org.apache.nifi.cluster.coordination.heartbeat.HeartbeatMonitor) Optional(java.util.Optional) Action(org.apache.nifi.action.Action) Funnel(org.apache.nifi.connectable.Funnel) ClusterDTO(org.apache.nifi.web.api.dto.ClusterDTO) VariableEntity(org.apache.nifi.web.api.entity.VariableEntity) HashMap(java.util.HashMap) ConciseEvolvingDifferenceDescriptor(org.apache.nifi.registry.flow.diff.ConciseEvolvingDifferenceDescriptor) ResourceDTO(org.apache.nifi.web.api.dto.ResourceDTO) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) HistoryQuery(org.apache.nifi.history.HistoryQuery) ExpiredRevisionClaimException(org.apache.nifi.web.revision.ExpiredRevisionClaimException) PortStatusDTO(org.apache.nifi.web.api.dto.status.PortStatusDTO) ComparableDataFlow(org.apache.nifi.registry.flow.diff.ComparableDataFlow) ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator) StandardRevisionUpdate(org.apache.nifi.web.revision.StandardRevisionUpdate) ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) Validator(org.apache.nifi.components.Validator) PortStatusEntity(org.apache.nifi.web.api.entity.PortStatusEntity) ControllerDTO(org.apache.nifi.web.api.dto.ControllerDTO) ProcessorDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ProcessorDiagnosticsDTO) ComponentVariableRegistry(org.apache.nifi.registry.ComponentVariableRegistry) FlowDifference(org.apache.nifi.registry.flow.diff.FlowDifference) ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity) UserContextKeys(org.apache.nifi.authorization.UserContextKeys) VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity) DeleteRevisionTask(org.apache.nifi.web.revision.DeleteRevisionTask) Component(org.apache.nifi.action.Component) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) SearchResultsDTO(org.apache.nifi.web.api.dto.search.SearchResultsDTO) RegistryEntity(org.apache.nifi.web.api.entity.RegistryEntity) Collections(java.util.Collections) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) ProcessGroup(org.apache.nifi.groups.ProcessGroup) Group(org.apache.nifi.authorization.Group) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) Resource(org.apache.nifi.authorization.Resource) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity)

Example 13 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class SnippetUtils method rollbackClonedPolicy.

/**
 * Attempts to roll back all policies for the specified component. This includes the component resource, data resource
 * for the component, data transfer resource for the component, and policy resource for the component.
 *
 * @param componentResource component resource
 */
private void rollbackClonedPolicy(final Resource componentResource) {
    if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
        return;
    }
    final List<Resource> resources = new ArrayList<>();
    resources.add(componentResource);
    resources.add(ResourceFactory.getDataResource(componentResource));
    resources.add(ResourceFactory.getDataTransferResource(componentResource));
    resources.add(ResourceFactory.getPolicyResource(componentResource));
    for (final Resource resource : resources) {
        for (final RequestAction action : RequestAction.values()) {
            final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, resource.getIdentifier());
            if (accessPolicy != null) {
                try {
                    accessPolicyDAO.deleteAccessPolicy(accessPolicy.getIdentifier());
                } catch (final Exception e) {
                    logger.warn(String.format("Unable to clean up cloned access policy for %s %s after failed copy/paste action.", action, componentResource.getIdentifier()), e);
                }
            }
        }
    }
}
Also used : RequestAction(org.apache.nifi.authorization.RequestAction) Resource(org.apache.nifi.authorization.Resource) ArrayList(java.util.ArrayList) AccessPolicy(org.apache.nifi.authorization.AccessPolicy)

Example 14 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class SnippetUtils method cloneComponentSpecificPolicies.

/**
 * Clones all the component specified policies for the specified original component. This will include the component resource, data resource
 * for the component, data transfer resource for the component, and policy resource for the component.
 *
 * @param originalComponentResource original component resource
 * @param clonedComponentResource cloned component resource
 * @param idGenerationSeed id generation seed
 */
private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) {
    if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
        return;
    }
    final Map<Resource, Resource> resources = new HashMap<>();
    resources.put(originalComponentResource, clonedComponentResource);
    resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource));
    resources.put(ResourceFactory.getDataTransferResource(originalComponentResource), ResourceFactory.getDataTransferResource(clonedComponentResource));
    resources.put(ResourceFactory.getPolicyResource(originalComponentResource), ResourceFactory.getPolicyResource(clonedComponentResource));
    for (final Entry<Resource, Resource> entry : resources.entrySet()) {
        final Resource originalResource = entry.getKey();
        final Resource cloneResource = entry.getValue();
        for (final RequestAction action : RequestAction.values()) {
            final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, originalResource.getIdentifier());
            // if there is a component specific policy we want to clone it for the new component
            if (accessPolicy != null) {
                final AccessPolicyDTO cloneAccessPolicy = new AccessPolicyDTO();
                cloneAccessPolicy.setId(generateId(accessPolicy.getIdentifier(), idGenerationSeed, true));
                cloneAccessPolicy.setAction(accessPolicy.getAction().toString());
                cloneAccessPolicy.setResource(cloneResource.getIdentifier());
                final Set<TenantEntity> users = new HashSet<>();
                accessPolicy.getUsers().forEach(userId -> {
                    final TenantEntity entity = new TenantEntity();
                    entity.setId(userId);
                    users.add(entity);
                });
                cloneAccessPolicy.setUsers(users);
                final Set<TenantEntity> groups = new HashSet<>();
                accessPolicy.getGroups().forEach(groupId -> {
                    final TenantEntity entity = new TenantEntity();
                    entity.setId(groupId);
                    groups.add(entity);
                });
                cloneAccessPolicy.setUserGroups(groups);
                // create the access policy for the cloned policy
                accessPolicyDAO.createAccessPolicy(cloneAccessPolicy);
            }
        }
    }
}
Also used : HashMap(java.util.HashMap) RequestAction(org.apache.nifi.authorization.RequestAction) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) Resource(org.apache.nifi.authorization.Resource) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Aggregations

Resource (org.apache.nifi.authorization.Resource)14 EnforcePolicyPermissionsThroughBaseResource (org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource)8 AccessPolicy (org.apache.nifi.authorization.AccessPolicy)7 ArrayList (java.util.ArrayList)6 HashSet (java.util.HashSet)6 RequestAction (org.apache.nifi.authorization.RequestAction)6 HashMap (java.util.HashMap)5 LinkedHashSet (java.util.LinkedHashSet)5 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)5 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)5 IOException (java.io.IOException)4 WebApplicationException (javax.ws.rs.WebApplicationException)4 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)4 ProcessGroup (org.apache.nifi.groups.ProcessGroup)4 RemoteProcessGroup (org.apache.nifi.groups.RemoteProcessGroup)4 VersionedProcessGroup (org.apache.nifi.registry.flow.VersionedProcessGroup)4 Arrays (java.util.Arrays)3 Collection (java.util.Collection)3 Collections (java.util.Collections)3 Comparator (java.util.Comparator)3