Search in sources :

Example 41 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessGroupResource method instantiateTemplate.

/**
 * Instantiates the specified template within this ProcessGroup. The template instance that is instantiated cannot be referenced at a later time, therefore there is no
 * corresponding URI. Instead the request URI is returned.
 * <p>
 * Alternatively, we could have performed a PUT request. However, PUT requests are supposed to be idempotent and this endpoint is certainly not.
 *
 * @param httpServletRequest               request
 * @param groupId                          The group id
 * @param requestInstantiateTemplateRequestEntity The instantiate template request
 * @return A flowEntity.
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/template-instance")
@ApiOperation(value = "Instantiates a template", response = FlowEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - /templates/{uuid}"), @Authorization(value = "Write - if the template contains any restricted components - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response instantiateTemplate(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") String groupId, @ApiParam(value = "The instantiate template request.", required = true) InstantiateTemplateRequestEntity requestInstantiateTemplateRequestEntity) {
    // ensure the position has been specified
    if (requestInstantiateTemplateRequestEntity == null || requestInstantiateTemplateRequestEntity.getOriginX() == null || requestInstantiateTemplateRequestEntity.getOriginY() == null) {
        throw new IllegalArgumentException("The origin position (x, y) must be specified.");
    }
    // ensure the template id was provided
    if (requestInstantiateTemplateRequestEntity.getTemplateId() == null) {
        throw new IllegalArgumentException("The template id must be specified.");
    }
    // ensure the template encoding version is valid
    if (requestInstantiateTemplateRequestEntity.getEncodingVersion() != null) {
        try {
            FlowEncodingVersion.parse(requestInstantiateTemplateRequestEntity.getEncodingVersion());
        } catch (final IllegalArgumentException e) {
            throw new IllegalArgumentException("The template encoding version is not valid. The expected format is <number>.<number>");
        }
    }
    // populate the encoding version if necessary
    if (requestInstantiateTemplateRequestEntity.getEncodingVersion() == null) {
        // if the encoding version is not specified, use the latest encoding version as these options were
        // not available pre 1.x, will be overridden if populating from the underlying template below
        requestInstantiateTemplateRequestEntity.setEncodingVersion(TemplateDTO.MAX_ENCODING_VERSION);
    }
    // populate the component bundles if necessary
    if (requestInstantiateTemplateRequestEntity.getSnippet() == null) {
        // get the desired template in order to determine the supported bundles
        final TemplateDTO requestedTemplate = serviceFacade.exportTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
        final FlowSnippetDTO requestTemplateContents = requestedTemplate.getSnippet();
        // determine the compatible bundles to use for each component in this template, this ensures the nodes in the cluster
        // instantiate the components from the same bundles
        discoverCompatibleBundles(requestTemplateContents);
        // update the requested template as necessary - use the encoding version from the underlying template
        requestInstantiateTemplateRequestEntity.setEncodingVersion(requestedTemplate.getEncodingVersion());
        requestInstantiateTemplateRequestEntity.setSnippet(requestTemplateContents);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST, requestInstantiateTemplateRequestEntity);
    }
    return withWriteLock(serviceFacade, requestInstantiateTemplateRequestEntity, lookup -> {
        final NiFiUser user = NiFiUserUtils.getNiFiUser();
        // ensure write on the group
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.WRITE, user);
        final Authorizable template = lookup.getTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
        template.authorize(authorizer, RequestAction.READ, user);
        // ensure read on the template
        final TemplateContentsAuthorizable templateContents = lookup.getTemplateContents(requestInstantiateTemplateRequestEntity.getSnippet());
        final Consumer<ComponentAuthorizable> authorizeRestricted = authorizable -> {
            if (authorizable.isRestricted()) {
                authorizeRestrictions(authorizer, authorizable);
            }
        };
        // ensure restricted access if necessary
        templateContents.getEncapsulatedProcessors().forEach(authorizeRestricted);
        templateContents.getEncapsulatedControllerServices().forEach(authorizeRestricted);
    }, () -> serviceFacade.verifyComponentTypes(requestInstantiateTemplateRequestEntity.getSnippet()), instantiateTemplateRequestEntity -> {
        // create the template and generate the json
        final FlowEntity entity = serviceFacade.createTemplateInstance(groupId, instantiateTemplateRequestEntity.getOriginX(), instantiateTemplateRequestEntity.getOriginY(), instantiateTemplateRequestEntity.getEncodingVersion(), instantiateTemplateRequestEntity.getSnippet(), getIdGenerationSeed().orElse(null));
        final FlowDTO flowSnippet = entity.getFlow();
        // prune response as necessary
        for (ProcessGroupEntity childGroupEntity : flowSnippet.getProcessGroups()) {
            childGroupEntity.getComponent().setContents(null);
        }
        // create the response entity
        populateRemainingSnippetContent(flowSnippet);
        // generate the response
        return generateCreatedResponse(getAbsolutePath(), entity).build();
    });
}
Also used : ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) FunnelsEntity(org.apache.nifi.web.api.entity.FunnelsEntity) Produces(javax.ws.rs.Produces) InstantiateTemplateRequestEntity(org.apache.nifi.web.api.entity.InstantiateTemplateRequestEntity) ApiParam(io.swagger.annotations.ApiParam) SiteToSiteRestApiClient(org.apache.nifi.remote.util.SiteToSiteRestApiClient) ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) StringUtils(org.apache.commons.lang3.StringUtils) ClientIdParameter(org.apache.nifi.web.api.request.ClientIdParameter) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess) VariableRegistryUpdateStep(org.apache.nifi.registry.variable.VariableRegistryUpdateStep) PositionDTO(org.apache.nifi.web.api.dto.PositionDTO) MediaType(javax.ws.rs.core.MediaType) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException) Map(java.util.Map) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException) UriBuilder(javax.ws.rs.core.UriBuilder) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) ConnectionsEntity(org.apache.nifi.web.api.entity.ConnectionsEntity) FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity) VariableRegistryUpdateRequest(org.apache.nifi.registry.variable.VariableRegistryUpdateRequest) ControllerServicesEntity(org.apache.nifi.web.api.entity.ControllerServicesEntity) Set(java.util.Set) InputPortsEntity(org.apache.nifi.web.api.entity.InputPortsEntity) Executors(java.util.concurrent.Executors) ArrayBlockingQueue(java.util.concurrent.ArrayBlockingQueue) FormDataParam(org.glassfish.jersey.media.multipart.FormDataParam) ProcessGroupsEntity(org.apache.nifi.web.api.entity.ProcessGroupsEntity) FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity) ScheduledState(org.apache.nifi.controller.ScheduledState) LabelsEntity(org.apache.nifi.web.api.entity.LabelsEntity) UriInfo(javax.ws.rs.core.UriInfo) ApiImplicitParams(io.swagger.annotations.ApiImplicitParams) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) Entity(org.apache.nifi.web.api.entity.Entity) GET(javax.ws.rs.GET) ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) HttpMethod(javax.ws.rs.HttpMethod) HttpServletRequest(javax.servlet.http.HttpServletRequest) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) Api(io.swagger.annotations.Api) VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO) FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO) VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState) NiFiServiceFacade(org.apache.nifi.web.NiFiServiceFacade) AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup) RequestAction(org.apache.nifi.authorization.RequestAction) FlowEncodingVersion(org.apache.nifi.controller.serialization.FlowEncodingVersion) JAXBElement(javax.xml.bind.JAXBElement) RemoteProcessGroupsEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupsEntity) IOException(java.io.IOException) VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot) Authorizer(org.apache.nifi.authorization.Authorizer) ApiResponse(io.swagger.annotations.ApiResponse) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity) OutputPortsEntity(org.apache.nifi.web.api.entity.OutputPortsEntity) ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity) XmlUtils(org.apache.nifi.security.xml.XmlUtils) BundleCoordinate(org.apache.nifi.bundle.BundleCoordinate) ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO) Date(java.util.Date) ConnectableType(org.apache.nifi.connectable.ConnectableType) ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO) URISyntaxException(java.net.URISyntaxException) LoggerFactory(org.slf4j.LoggerFactory) Path(javax.ws.rs.Path) BundleDTO(org.apache.nifi.web.api.dto.BundleDTO) ApiOperation(io.swagger.annotations.ApiOperation) AuthorizeControllerServiceReference(org.apache.nifi.authorization.AuthorizeControllerServiceReference) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO) ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity) XMLStreamReader(javax.xml.stream.XMLStreamReader) DefaultValue(javax.ws.rs.DefaultValue) URI(java.net.URI) ThreadFactory(java.util.concurrent.ThreadFactory) NodeResponse(org.apache.nifi.cluster.manager.NodeResponse) DELETE(javax.ws.rs.DELETE) Context(javax.ws.rs.core.Context) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO) ApiImplicitParam(io.swagger.annotations.ApiImplicitParam) Collection(java.util.Collection) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable) UUID(java.util.UUID) BundleUtils(org.apache.nifi.util.BundleUtils) PortEntity(org.apache.nifi.web.api.entity.PortEntity) LongParameter(org.apache.nifi.web.api.request.LongParameter) JAXBException(javax.xml.bind.JAXBException) Collectors(java.util.stream.Collectors) List(java.util.List) Response(javax.ws.rs.core.Response) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState) CopySnippetRequestEntity(org.apache.nifi.web.api.entity.CopySnippetRequestEntity) Authentication(org.springframework.security.core.Authentication) Pause(org.apache.nifi.web.util.Pause) FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO) PathParam(javax.ws.rs.PathParam) Bucket(org.apache.nifi.registry.bucket.Bucket) Revision(org.apache.nifi.web.Revision) ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor) HashMap(java.util.HashMap) ApiResponses(io.swagger.annotations.ApiResponses) Function(java.util.function.Function) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) ConcurrentMap(java.util.concurrent.ConcurrentMap) FlowRegistryUtils(org.apache.nifi.registry.flow.FlowRegistryUtils) CreateTemplateRequestEntity(org.apache.nifi.web.api.entity.CreateTemplateRequestEntity) VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO) VariableRegistryUpdateRequestEntity(org.apache.nifi.web.api.entity.VariableRegistryUpdateRequestEntity) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Status(javax.ws.rs.core.Response.Status) JAXBContext(javax.xml.bind.JAXBContext) ExecutorService(java.util.concurrent.ExecutorService) Unmarshaller(javax.xml.bind.Unmarshaller) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) Logger(org.slf4j.Logger) POST(javax.ws.rs.POST) ProcessorsEntity(org.apache.nifi.web.api.entity.ProcessorsEntity) VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity) VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) TimeUnit(java.util.concurrent.TimeUnit) Consumer(java.util.function.Consumer) LabelEntity(org.apache.nifi.web.api.entity.LabelEntity) ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils) PUT(javax.ws.rs.PUT) Authorization(io.swagger.annotations.Authorization) Collections(java.util.Collections) InputStream(java.io.InputStream) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 42 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessGroupResource method deleteVariableRegistryUpdateRequest.

@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{groupId}/variable-registry/update-requests/{updateId}")
@ApiOperation(value = "Deletes an update request for a process group's variable registry. If the request is not yet complete, it will automatically be cancelled.", response = VariableRegistryUpdateRequestEntity.class, notes = NON_GUARANTEED_ENDPOINT, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response deleteVariableRegistryUpdateRequest(@ApiParam(value = "The process group id.", required = true) @PathParam("groupId") final String groupId, @ApiParam(value = "The ID of the Variable Registry Update Request", required = true) @PathParam("updateId") final String updateId) {
    if (groupId == null || updateId == null) {
        throw new IllegalArgumentException("Group ID and Update ID must both be specified.");
    }
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.READ, user);
        processGroup.authorize(authorizer, RequestAction.WRITE, user);
    });
    final VariableRegistryUpdateRequest request = varRegistryUpdateRequests.remove(updateId);
    if (request == null) {
        throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId);
    }
    if (!groupId.equals(request.getProcessGroupId())) {
        throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId + " for Process Group with identifier " + groupId);
    }
    if (!user.equals(request.getUser())) {
        throw new IllegalArgumentException("Only the user that submitted the update request can remove it.");
    }
    request.cancel();
    final VariableRegistryUpdateRequestEntity entity = new VariableRegistryUpdateRequestEntity();
    entity.setRequest(dtoFactory.createVariableRegistryUpdateRequestDto(request));
    entity.setProcessGroupRevision(request.getProcessGroupRevision());
    entity.getRequest().setUri(generateResourceUri("process-groups", groupId, "variable-registry", updateId));
    return generateOkResponse(entity).build();
}
Also used : VariableRegistryUpdateRequest(org.apache.nifi.registry.variable.VariableRegistryUpdateRequest) VariableRegistryUpdateRequestEntity(org.apache.nifi.web.api.entity.VariableRegistryUpdateRequestEntity) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 43 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessGroupResource method getProcessGroup.

/**
 * Retrieves the contents of the specified group.
 *
 * @param groupId The id of the process group.
 * @return A processGroupEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Gets a process group", response = ProcessGroupEntity.class, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getProcessGroup(@ApiParam(value = "The process group id.", required = false) @PathParam("id") final String groupId) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get this process group contents
    final ProcessGroupEntity entity = serviceFacade.getProcessGroup(groupId);
    populateRemainingProcessGroupEntityContent(entity);
    if (entity.getComponent() != null) {
        entity.getComponent().setContents(null);
    }
    return generateOkResponse(entity).build();
}
Also used : ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 44 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessGroupResource method getVariableRegistryUpdateRequest.

@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{groupId}/variable-registry/update-requests/{updateId}")
@ApiOperation(value = "Gets a process group's variable registry", response = VariableRegistryUpdateRequestEntity.class, notes = NON_GUARANTEED_ENDPOINT, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getVariableRegistryUpdateRequest(@ApiParam(value = "The process group id.", required = true) @PathParam("groupId") final String groupId, @ApiParam(value = "The ID of the Variable Registry Update Request", required = true) @PathParam("updateId") final String updateId) {
    if (groupId == null || updateId == null) {
        throw new IllegalArgumentException("Group ID and Update ID must both be specified.");
    }
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.READ, user);
    });
    final VariableRegistryUpdateRequest request = varRegistryUpdateRequests.get(updateId);
    if (request == null) {
        throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId);
    }
    if (!groupId.equals(request.getProcessGroupId())) {
        throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId + " for Process Group with identifier " + groupId);
    }
    if (!user.equals(request.getUser())) {
        throw new IllegalArgumentException("Only the user that submitted the update request can retrieve it.");
    }
    final VariableRegistryUpdateRequestEntity entity = new VariableRegistryUpdateRequestEntity();
    entity.setRequest(dtoFactory.createVariableRegistryUpdateRequestDto(request));
    entity.setProcessGroupRevision(request.getProcessGroupRevision());
    entity.getRequest().setUri(generateResourceUri("process-groups", groupId, "variable-registry", updateId));
    return generateOkResponse(entity).build();
}
Also used : VariableRegistryUpdateRequest(org.apache.nifi.registry.variable.VariableRegistryUpdateRequest) VariableRegistryUpdateRequestEntity(org.apache.nifi.web.api.entity.VariableRegistryUpdateRequestEntity) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 45 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessGroupResource method getFunnels.

/**
 * Retrieves all the of funnels in this NiFi.
 *
 * @return A funnelsEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/funnels")
@ApiOperation(value = "Gets all funnels", response = FunnelsEntity.class, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getFunnels(@ApiParam(value = "The process group id.", required = true) @PathParam("id") final String groupId) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get all the funnels
    final Set<FunnelEntity> funnels = serviceFacade.getFunnels(groupId);
    // create the response entity
    final FunnelsEntity entity = new FunnelsEntity();
    entity.setFunnels(funnelResource.populateRemainingFunnelEntitiesContent(funnels));
    // generate the response
    return generateOkResponse(entity).build();
}
Also used : FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity) FunnelsEntity(org.apache.nifi.web.api.entity.FunnelsEntity) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

Authorizable (org.apache.nifi.authorization.resource.Authorizable)140 ApiOperation (io.swagger.annotations.ApiOperation)96 ApiResponses (io.swagger.annotations.ApiResponses)96 Consumes (javax.ws.rs.Consumes)96 Produces (javax.ws.rs.Produces)96 Path (javax.ws.rs.Path)95 ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)53 GET (javax.ws.rs.GET)46 Revision (org.apache.nifi.web.Revision)44 ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)33 SnippetAuthorizable (org.apache.nifi.authorization.SnippetAuthorizable)28 TemplateContentsAuthorizable (org.apache.nifi.authorization.TemplateContentsAuthorizable)28 POST (javax.ws.rs.POST)24 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)21 ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)21 DELETE (javax.ws.rs.DELETE)20 PUT (javax.ws.rs.PUT)20 RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)19 PositionDTO (org.apache.nifi.web.api.dto.PositionDTO)18 PortEntity (org.apache.nifi.web.api.entity.PortEntity)15