Examples with Resource org.apache.nifi.authorization.Resource used on opensource projects

Example 11 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method cleanUpPolicies.

/**
 * Clean up the policies for the specified component resource.
 *
 * @param componentResource the resource for the component
 */
private void cleanUpPolicies(final Resource componentResource) {
    // ensure the authorizer supports configuration
    if (accessPolicyDAO.supportsConfigurableAuthorizer()) {
        final List<Resource> resources = new ArrayList<>();
        resources.add(componentResource);
        resources.add(ResourceFactory.getDataResource(componentResource));
        resources.add(ResourceFactory.getDataTransferResource(componentResource));
        resources.add(ResourceFactory.getPolicyResource(componentResource));
        for (final Resource resource : resources) {
            for (final RequestAction action : RequestAction.values()) {
                try {
                    // since the component is being deleted, also delete any relevant access policies
                    final AccessPolicy readPolicy = accessPolicyDAO.getAccessPolicy(action, resource.getIdentifier());
                    if (readPolicy != null) {
                        accessPolicyDAO.deleteAccessPolicy(readPolicy.getIdentifier());
                    }
                } catch (final Exception e) {
                    logger.warn(String.format("Unable to remove access policy for %s %s after component removal.", action, resource.getIdentifier()), e);
                }
            }
        }
    }
}

Example 12 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method deleteUserGroup.

@Override
public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) {
    final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
    final Set<TenantEntity> users = userGroup != null ? userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null;
    final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(userGroup.getIdentifier()).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
    final String resourceIdentifier = ResourceFactory.getTenantResource().getIdentifier() + "/" + userGroupId;
    final UserGroupDTO snapshot = deleteComponent(revision, new Resource() {

        @Override
        public String getIdentifier() {
            return resourceIdentifier;
        }

        @Override
        public String getName() {
            return resourceIdentifier;
        }

        @Override
        public String getSafeDescription() {
            return "User Group " + userGroupId;
        }
    }, () -> userGroupDAO.deleteUserGroup(userGroupId), // no user group specific policies to remove
    false, dtoFactory.createUserGroupDto(userGroup, users, policyEntities));
    return entityFactory.createUserGroupEntity(snapshot, null, permissions);
}

Example 13 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class SnippetUtils method rollbackClonedPolicy.

/**
 * Attempts to roll back all policies for the specified component. This includes the component resource, data resource
 * for the component, data transfer resource for the component, and policy resource for the component.
 *
 * @param componentResource component resource
 */
private void rollbackClonedPolicy(final Resource componentResource) {
    if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
        return;
    }
    final List<Resource> resources = new ArrayList<>();
    resources.add(componentResource);
    resources.add(ResourceFactory.getDataResource(componentResource));
    resources.add(ResourceFactory.getDataTransferResource(componentResource));
    resources.add(ResourceFactory.getPolicyResource(componentResource));
    for (final Resource resource : resources) {
        for (final RequestAction action : RequestAction.values()) {
            final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, resource.getIdentifier());
            if (accessPolicy != null) {
                try {
                    accessPolicyDAO.deleteAccessPolicy(accessPolicy.getIdentifier());
                } catch (final Exception e) {
                    logger.warn(String.format("Unable to clean up cloned access policy for %s %s after failed copy/paste action.", action, componentResource.getIdentifier()), e);
                }
            }
        }
    }
}

Example 14 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class SnippetUtils method cloneComponentSpecificPolicies.

/**
 * Clones all the component specified policies for the specified original component. This will include the component resource, data resource
 * for the component, data transfer resource for the component, and policy resource for the component.
 *
 * @param originalComponentResource original component resource
 * @param clonedComponentResource cloned component resource
 * @param idGenerationSeed id generation seed
 */
private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) {
    if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
        return;
    }
    final Map<Resource, Resource> resources = new HashMap<>();
    resources.put(originalComponentResource, clonedComponentResource);
    resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource));
    resources.put(ResourceFactory.getDataTransferResource(originalComponentResource), ResourceFactory.getDataTransferResource(clonedComponentResource));
    resources.put(ResourceFactory.getPolicyResource(originalComponentResource), ResourceFactory.getPolicyResource(clonedComponentResource));
    for (final Entry<Resource, Resource> entry : resources.entrySet()) {
        final Resource originalResource = entry.getKey();
        final Resource cloneResource = entry.getValue();
        for (final RequestAction action : RequestAction.values()) {
            final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, originalResource.getIdentifier());
            // if there is a component specific policy we want to clone it for the new component
            if (accessPolicy != null) {
                final AccessPolicyDTO cloneAccessPolicy = new AccessPolicyDTO();
                cloneAccessPolicy.setId(generateId(accessPolicy.getIdentifier(), idGenerationSeed, true));
                cloneAccessPolicy.setAction(accessPolicy.getAction().toString());
                cloneAccessPolicy.setResource(cloneResource.getIdentifier());
                final Set<TenantEntity> users = new HashSet<>();
                accessPolicy.getUsers().forEach(userId -> {
                    final TenantEntity entity = new TenantEntity();
                    entity.setId(userId);
                    users.add(entity);
                });
                cloneAccessPolicy.setUsers(users);
                final Set<TenantEntity> groups = new HashSet<>();
                accessPolicy.getGroups().forEach(groupId -> {
                    final TenantEntity entity = new TenantEntity();
                    entity.setId(groupId);
                    groups.add(entity);
                });
                cloneAccessPolicy.setUserGroups(groups);
                // create the access policy for the cloned policy
                accessPolicyDAO.createAccessPolicy(cloneAccessPolicy);
            }
        }
    }
}