Examples with NiFiUser org.apache.nifi.authorization.user.NiFiUser used on opensource projects

Example 1 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class StandardNiFiServiceFacade method deleteNode.

@Override
public void deleteNode(final String nodeId) {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    if (user == null) {
        throw new WebApplicationException(new Throwable("Unable to access details for current user."));
    }
    final String userDn = user.getIdentity();
    final NodeIdentifier nodeIdentifier = clusterCoordinator.getNodeIdentifier(nodeId);
    if (nodeIdentifier == null) {
        throw new UnknownNodeException("Cannot remove Node with ID " + nodeId + " because it is not part of the cluster");
    }
    final NodeConnectionStatus nodeConnectionStatus = clusterCoordinator.getConnectionStatus(nodeIdentifier);
    if (!nodeConnectionStatus.getState().equals(NodeConnectionState.DISCONNECTED)) {
        throw new IllegalNodeDeletionException("Cannot remove Node with ID " + nodeId + " because it is not disconnected, current state = " + nodeConnectionStatus.getState());
    }
    clusterCoordinator.removeNode(nodeIdentifier, userDn);
    heartbeatMonitor.removeHeartbeat(nodeIdentifier);
}

Example 2 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class StandardNiFiServiceFacade method getSiteToSiteDetails.

@Override
public ControllerDTO getSiteToSiteDetails() {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    if (user == null) {
        throw new WebApplicationException(new Throwable("Unable to access details for current user."));
    }
    // serialize the input ports this NiFi has access to
    final Set<PortDTO> inputPortDtos = new LinkedHashSet<>();
    final Set<RootGroupPort> inputPorts = controllerFacade.getInputPorts();
    for (final RootGroupPort inputPort : inputPorts) {
        if (isUserAuthorized(user, inputPort)) {
            final PortDTO dto = new PortDTO();
            dto.setId(inputPort.getIdentifier());
            dto.setName(inputPort.getName());
            dto.setComments(inputPort.getComments());
            dto.setState(inputPort.getScheduledState().toString());
            inputPortDtos.add(dto);
        }
    }
    // serialize the output ports this NiFi has access to
    final Set<PortDTO> outputPortDtos = new LinkedHashSet<>();
    for (final RootGroupPort outputPort : controllerFacade.getOutputPorts()) {
        if (isUserAuthorized(user, outputPort)) {
            final PortDTO dto = new PortDTO();
            dto.setId(outputPort.getIdentifier());
            dto.setName(outputPort.getName());
            dto.setComments(outputPort.getComments());
            dto.setState(outputPort.getScheduledState().toString());
            outputPortDtos.add(dto);
        }
    }
    // get the root group
    final ProcessGroup rootGroup = processGroupDAO.getProcessGroup(controllerFacade.getRootGroupId());
    final ProcessGroupCounts counts = rootGroup.getCounts();
    // create the controller dto
    final ControllerDTO controllerDTO = new ControllerDTO();
    controllerDTO.setId(controllerFacade.getRootGroupId());
    controllerDTO.setInstanceId(controllerFacade.getInstanceId());
    controllerDTO.setName(controllerFacade.getName());
    controllerDTO.setComments(controllerFacade.getComments());
    controllerDTO.setInputPorts(inputPortDtos);
    controllerDTO.setOutputPorts(outputPortDtos);
    controllerDTO.setInputPortCount(inputPortDtos.size());
    controllerDTO.setOutputPortCount(outputPortDtos.size());
    controllerDTO.setRunningCount(counts.getRunningCount());
    controllerDTO.setStoppedCount(counts.getStoppedCount());
    controllerDTO.setInvalidCount(counts.getInvalidCount());
    controllerDTO.setDisabledCount(counts.getDisabledCount());
    // determine the site to site configuration
    controllerDTO.setRemoteSiteListeningPort(controllerFacade.getRemoteSiteListeningPort());
    controllerDTO.setRemoteSiteHttpListeningPort(controllerFacade.getRemoteSiteListeningHttpPort());
    controllerDTO.setSiteToSiteSecure(controllerFacade.isRemoteSiteCommsSecure());
    return controllerDTO;
}

Example 3 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class StandardNiFiServiceFacade method getProcessorDiagnostics.

@Override
public ProcessorDiagnosticsEntity getProcessorDiagnostics(final String id) {
    final ProcessorNode processor = processorDAO.getProcessor(id);
    final ProcessorStatus processorStatus = controllerFacade.getProcessorStatus(id);
    // Generate Processor Diagnostics
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final ProcessorDiagnosticsDTO dto = controllerFacade.getProcessorDiagnostics(processor, processorStatus, bulletinRepository, serviceId -> createControllerServiceEntity(serviceId, user));
    // Filter anything out of diagnostics that the user is not authorized to see.
    final List<JVMDiagnosticsSnapshotDTO> jvmDiagnosticsSnaphots = new ArrayList<>();
    final JVMDiagnosticsDTO jvmDiagnostics = dto.getJvmDiagnostics();
    jvmDiagnosticsSnaphots.add(jvmDiagnostics.getAggregateSnapshot());
    // filter controller-related information
    final boolean canReadController = authorizableLookup.getController().isAuthorized(authorizer, RequestAction.READ, user);
    if (!canReadController) {
        for (final JVMDiagnosticsSnapshotDTO snapshot : jvmDiagnosticsSnaphots) {
            snapshot.setControllerDiagnostics(null);
        }
    }
    // filter system diagnostics information
    final boolean canReadSystem = authorizableLookup.getSystem().isAuthorized(authorizer, RequestAction.READ, user);
    if (!canReadSystem) {
        for (final JVMDiagnosticsSnapshotDTO snapshot : jvmDiagnosticsSnaphots) {
            snapshot.setSystemDiagnosticsDto(null);
        }
    }
    final boolean canReadFlow = authorizableLookup.getFlow().isAuthorized(authorizer, RequestAction.READ, user);
    if (!canReadFlow) {
        for (final JVMDiagnosticsSnapshotDTO snapshot : jvmDiagnosticsSnaphots) {
            snapshot.setFlowDiagnosticsDto(null);
        }
    }
    // filter connections
    final Predicate<ConnectionDiagnosticsDTO> connectionAuthorized = connectionDiagnostics -> {
        final String connectionId = connectionDiagnostics.getConnection().getId();
        return authorizableLookup.getConnection(connectionId).getAuthorizable().isAuthorized(authorizer, RequestAction.READ, user);
    };
    // Filter incoming connections by what user is authorized to READ
    final Set<ConnectionDiagnosticsDTO> incoming = dto.getIncomingConnections();
    final Set<ConnectionDiagnosticsDTO> filteredIncoming = incoming.stream().filter(connectionAuthorized).collect(Collectors.toSet());
    dto.setIncomingConnections(filteredIncoming);
    // Filter outgoing connections by what user is authorized to READ
    final Set<ConnectionDiagnosticsDTO> outgoing = dto.getOutgoingConnections();
    final Set<ConnectionDiagnosticsDTO> filteredOutgoing = outgoing.stream().filter(connectionAuthorized).collect(Collectors.toSet());
    dto.setOutgoingConnections(filteredOutgoing);
    // Filter out any controller services that are referenced by the Processor
    final Set<ControllerServiceDiagnosticsDTO> referencedServices = dto.getReferencedControllerServices();
    final Set<ControllerServiceDiagnosticsDTO> filteredReferencedServices = referencedServices.stream().filter(csDiagnostics -> {
        final String csId = csDiagnostics.getControllerService().getId();
        return authorizableLookup.getControllerService(csId).getAuthorizable().isAuthorized(authorizer, RequestAction.READ, user);
    }).map(csDiagnostics -> {
        // Filter out any referencing components because those are generally not relevant from this context.
        final ControllerServiceDTO serviceDto = csDiagnostics.getControllerService().getComponent();
        if (serviceDto != null) {
            serviceDto.setReferencingComponents(null);
        }
        return csDiagnostics;
    }).collect(Collectors.toSet());
    dto.setReferencedControllerServices(filteredReferencedServices);
    final Revision revision = revisionManager.getRevision(id);
    final RevisionDTO revisionDto = dtoFactory.createRevisionDTO(revision);
    final PermissionsDTO permissionsDto = dtoFactory.createPermissionsDto(processor);
    final List<BulletinEntity> bulletins = bulletinRepository.findBulletinsForSource(id).stream().map(bulletin -> dtoFactory.createBulletinDto(bulletin)).map(bulletin -> entityFactory.createBulletinEntity(bulletin, permissionsDto.getCanRead())).collect(Collectors.toList());
    final ProcessorStatusDTO processorStatusDto = dtoFactory.createProcessorStatusDto(controllerFacade.getProcessorStatus(processor.getIdentifier()));
    return entityFactory.createProcessorDiagnosticsEntity(dto, revisionDto, permissionsDto, processorStatusDto, bulletins);
}

Example 4 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class StandardNiFiServiceFacade method createOutputPortEntity.

private PortEntity createOutputPortEntity(final Port port, final NiFiUser user) {
    final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(port.getIdentifier()));
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(port, user);
    final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getOutputPortStatus(port.getIdentifier()));
    final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(port.getIdentifier()));
    final List<BulletinEntity> bulletinEntities = bulletins.stream().map(bulletin -> entityFactory.createBulletinEntity(bulletin, permissions.getCanRead())).collect(Collectors.toList());
    return entityFactory.createPortEntity(dtoFactory.createPortDto(port), revision, permissions, status, bulletinEntities);
}

Example 5 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class StandardNiFiServiceFacade method getCurrentUser.

@Override
public CurrentUserEntity getCurrentUser() {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final CurrentUserEntity entity = new CurrentUserEntity();
    entity.setIdentity(user.getIdentity());
    entity.setAnonymous(user.isAnonymous());
    entity.setProvenancePermissions(dtoFactory.createPermissionsDto(authorizableLookup.getProvenance()));
    entity.setCountersPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getCounters()));
    entity.setTenantsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
    entity.setControllerPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getController()));
    entity.setPoliciesPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getPolicies()));
    entity.setSystemPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getSystem()));
    entity.setCanVersionFlows(CollectionUtils.isNotEmpty(flowRegistryClient.getRegistryIdentifiers()));
    entity.setRestrictedComponentsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents()));
    final Set<ComponentRestrictionPermissionDTO> componentRestrictionPermissions = new HashSet<>();
    Arrays.stream(RequiredPermission.values()).forEach(requiredPermission -> {
        final PermissionsDTO restrictionPermissions = dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents(requiredPermission));
        final RequiredPermissionDTO requiredPermissionDto = new RequiredPermissionDTO();
        requiredPermissionDto.setId(requiredPermission.getPermissionIdentifier());
        requiredPermissionDto.setLabel(requiredPermission.getPermissionLabel());
        final ComponentRestrictionPermissionDTO componentRestrictionPermissionDto = new ComponentRestrictionPermissionDTO();
        componentRestrictionPermissionDto.setRequiredPermission(requiredPermissionDto);
        componentRestrictionPermissionDto.setPermissions(restrictionPermissions);
        componentRestrictionPermissions.add(componentRestrictionPermissionDto);
    });
    entity.setComponentRestrictionPermissions(componentRestrictionPermissions);
    return entity;
}