Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Example 26 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ControllerServiceResource method updateControllerServiceReferences.

/**
 * Updates the references of the specified controller service.
 *
 * @param httpServletRequest     request
 * @param requestUpdateReferenceRequest The update request
 * @return A controllerServiceReferencingComponentsEntity.
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/references")
@ApiOperation(value = "Updates a controller services references", response = ControllerServiceReferencingComponentsEntity.class, authorizations = { @Authorization(value = "Write - /{component-type}/{uuid} - For each referencing component specified") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateControllerServiceReferences(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The controller service id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The controller service request update request.", required = true) final UpdateControllerServiceReferenceRequestEntity requestUpdateReferenceRequest) {
    if (requestUpdateReferenceRequest.getId() == null) {
        throw new IllegalArgumentException("The controller service identifier must be specified.");
    }
    if (requestUpdateReferenceRequest.getReferencingComponentRevisions() == null) {
        throw new IllegalArgumentException("The controller service referencing components revisions must be specified.");
    }
    // parse the state to determine the desired action
    // need to consider controller service state first as it shares a state with
    // scheduled state (disabled) which is applicable for referencing services
    // but not referencing schedulable components
    ControllerServiceState requestControllerServiceState = null;
    try {
        requestControllerServiceState = ControllerServiceState.valueOf(requestUpdateReferenceRequest.getState());
    } catch (final IllegalArgumentException iae) {
    // ignore
    }
    ScheduledState requestScheduledState = null;
    try {
        requestScheduledState = ScheduledState.valueOf(requestUpdateReferenceRequest.getState());
    } catch (final IllegalArgumentException iae) {
    // ignore
    }
    // ensure an action has been specified
    if (requestScheduledState == null && requestControllerServiceState == null) {
        throw new IllegalArgumentException("Must specify the updated state. To update referencing Processors " + "and Reporting Tasks the state should be RUNNING or STOPPED. To update the referencing Controller Services the " + "state should be ENABLED or DISABLED.");
    }
    // ensure the controller service state is not ENABLING or DISABLING
    if (requestControllerServiceState != null && (ControllerServiceState.ENABLING.equals(requestControllerServiceState) || ControllerServiceState.DISABLING.equals(requestControllerServiceState))) {
        throw new IllegalArgumentException("Cannot set the referencing services to ENABLING or DISABLING");
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.PUT, requestUpdateReferenceRequest);
    }
    // convert the referencing revisions
    final Map<String, Revision> requestReferencingRevisions = requestUpdateReferenceRequest.getReferencingComponentRevisions().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> {
        final RevisionDTO rev = e.getValue();
        return new Revision(rev.getVersion(), rev.getClientId(), e.getKey());
    }));
    final Set<Revision> requestRevisions = new HashSet<>(requestReferencingRevisions.values());
    final ScheduledState verifyScheduledState = requestScheduledState;
    final ControllerServiceState verifyControllerServiceState = requestControllerServiceState;
    return withWriteLock(serviceFacade, requestUpdateReferenceRequest, requestRevisions, lookup -> {
        requestReferencingRevisions.entrySet().stream().forEach(e -> {
            final Authorizable controllerService = lookup.getControllerServiceReferencingComponent(id, e.getKey());
            controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        });
    }, () -> serviceFacade.verifyUpdateControllerServiceReferencingComponents(requestUpdateReferenceRequest.getId(), verifyScheduledState, verifyControllerServiceState), (revisions, updateReferenceRequest) -> {
        ScheduledState scheduledState = null;
        try {
            scheduledState = ScheduledState.valueOf(updateReferenceRequest.getState());
        } catch (final IllegalArgumentException e) {
        // ignore
        }
        ControllerServiceState controllerServiceState = null;
        try {
            controllerServiceState = ControllerServiceState.valueOf(updateReferenceRequest.getState());
        } catch (final IllegalArgumentException iae) {
        // ignore
        }
        final Map<String, Revision> referencingRevisions = updateReferenceRequest.getReferencingComponentRevisions().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> {
            final RevisionDTO rev = e.getValue();
            return new Revision(rev.getVersion(), rev.getClientId(), e.getKey());
        }));
        // update the controller service references
        final ControllerServiceReferencingComponentsEntity entity = serviceFacade.updateControllerServiceReferencingComponents(referencingRevisions, updateReferenceRequest.getId(), scheduledState, controllerServiceState);
        return generateOkResponse(entity).build();
    });
}

Example 27 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ControllerServiceResource method getControllerService.

/**
 * Retrieves the specified controller service.
 *
 * @param id The id of the controller service to retrieve
 * @return A controllerServiceEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Gets a controller service", response = ControllerServiceEntity.class, authorizations = { @Authorization(value = "Read - /controller-services/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getControllerService(@ApiParam(value = "The controller service id.", required = true) @PathParam("id") final String id) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable controllerService = lookup.getControllerService(id).getAuthorizable();
        controllerService.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the controller service
    final ControllerServiceEntity entity = serviceFacade.getControllerService(id);
    populateRemainingControllerServiceEntityContent(entity);
    return generateOkResponse(entity).build();
}

Example 28 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ControllerServiceResource method clearState.

/**
 * Clears the state for a controller service.
 *
 * @param httpServletRequest servlet request
 * @param id                 The id of the controller service
 * @return a componentStateEntity
 */
@POST
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/state/clear-requests")
@ApiOperation(value = "Clears the state for a controller service", response = ComponentStateEntity.class, authorizations = { @Authorization(value = "Write - /controller-services/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response clearState(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The controller service id.", required = true) @PathParam("id") final String id) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST);
    }
    final ControllerServiceEntity requestControllerServiceEntity = new ControllerServiceEntity();
    requestControllerServiceEntity.setId(id);
    return withWriteLock(serviceFacade, requestControllerServiceEntity, lookup -> {
        final Authorizable controllerService = lookup.getControllerService(id).getAuthorizable();
        controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, () -> serviceFacade.verifyCanClearControllerServiceState(id), (controllerServiceEntity) -> {
        // get the component state
        serviceFacade.clearControllerServiceState(controllerServiceEntity.getId());
        // generate the response entity
        final ComponentStateEntity entity = new ComponentStateEntity();
        // generate the response
        return generateOkResponse(entity).build();
    });
}

Example 29 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class CountersResource method authorizeCounters.

/**
 * Authorizes access to the flow.
 */
private void authorizeCounters(final RequestAction action) {
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable counters = lookup.getCounters();
        counters.authorize(authorizer, action, NiFiUserUtils.getNiFiUser());
    });
}

Example 30 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class FlowFileQueueResource method deleteListingRequest.

/**
 * Deletes the specified listing request.
 *
 * @param httpServletRequest request
 * @param connectionId       The connection id
 * @param listingRequestId   The drop request id
 * @return A dropRequestEntity
 */
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/listing-requests/{listing-request-id}")
@ApiOperation(value = "Cancels and/or removes a request to list the contents of this connection.", response = ListingRequestEntity.class, authorizations = { @Authorization(value = "Read Source Data - /data/{component-type}/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response deleteListingRequest(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The connection id.", required = true) @PathParam("id") final String connectionId, @ApiParam(value = "The listing request id.", required = true) @PathParam("listing-request-id") final String listingRequestId) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.DELETE);
    }
    return withWriteLock(serviceFacade, new ListingEntity(connectionId, listingRequestId), lookup -> {
        final ConnectionAuthorizable connAuth = lookup.getConnection(connectionId);
        final Authorizable dataAuthorizable = connAuth.getSourceData();
        dataAuthorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    }, null, (listingEntity) -> {
        // delete the listing request
        final ListingRequestDTO listingRequest = serviceFacade.deleteFlowFileListingRequest(listingEntity.getConnectionId(), listingEntity.getListingRequestId());
        // prune the results as they were already received when the listing completed
        listingRequest.setFlowFileSummaries(null);
        // populate remaining content
        populateRemainingFlowFileListingContent(listingEntity.getConnectionId(), listingRequest);
        // create the response entity
        final ListingRequestEntity entity = new ListingRequestEntity();
        entity.setListingRequest(listingRequest);
        return generateOkResponse(entity).build();
    });
}