use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class UserGroupAuditor method generateAuditRecord.
/**
* Generates an audit record for the creation of a user group.
*
* @param userGroup userGroup
* @param operation operation
* @param actionDetails details
* @return action
*/
public Action generateAuditRecord(Group userGroup, Operation operation, ActionDetails actionDetails) {
FlowChangeAction action = null;
// get the current user
NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (niFiUser != null) {
// create the user action for adding this user
action = new FlowChangeAction();
action.setUserIdentity(niFiUser.getIdentity());
action.setOperation(operation);
action.setTimestamp(new Date());
action.setSourceId(userGroup.getIdentifier());
action.setSourceName(userGroup.getName());
action.setSourceType(Component.UserGroup);
if (actionDetails != null) {
action.setActionDetails(actionDetails);
}
}
return action;
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class StandardAuthorizableLookup method getRootGroupInputPort.
@Override
public RootGroupPortAuthorizable getRootGroupInputPort(String id) {
final Port inputPort = inputPortDAO.getPort(id);
if (!(inputPort instanceof RootGroupPort)) {
throw new IllegalArgumentException(String.format("The specified id '%s' does not represent an input port in the root group.", id));
}
final DataTransferAuthorizable baseAuthorizable = new DataTransferAuthorizable(inputPort);
return new RootGroupPortAuthorizable() {
@Override
public Authorizable getAuthorizable() {
return baseAuthorizable;
}
@Override
public AuthorizationResult checkAuthorization(NiFiUser user) {
// perform the authorization of the user by using the underlying component, ensures consistent authorization with raw s2s
final PortAuthorizationResult authorizationResult = ((RootGroupPort) inputPort).checkUserAuthorization(user);
if (authorizationResult.isAuthorized()) {
return AuthorizationResult.approved();
} else {
return AuthorizationResult.denied(authorizationResult.getExplanation());
}
}
};
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class TestPersistentProvenanceRepository method testNotAuthorizedQuery.
@Test(timeout = 10000)
public void testNotAuthorizedQuery() throws IOException, InterruptedException {
assumeFalse(isWindowsEnvironment());
final RepositoryConfiguration config = createConfiguration();
config.setMaxRecordLife(5, TimeUnit.MINUTES);
config.setMaxStorageCapacity(1024L * 1024L);
config.setMaxEventFileLife(500, TimeUnit.MILLISECONDS);
config.setMaxEventFileCapacity(1024L * 1024L);
config.setSearchableFields(new ArrayList<>(SearchableFields.getStandardFields()));
// force new index to be created for each rollover
config.setDesiredIndexSize(10);
repo = new PersistentProvenanceRepository(config, DEFAULT_ROLLOVER_MILLIS) {
@Override
public boolean isAuthorized(ProvenanceEventRecord event, NiFiUser user) {
return event.getEventId() > 2;
}
};
repo.initialize(getEventReporter(), null, null, IdentifierLookup.EMPTY);
final String uuid = "00000000-0000-0000-0000-000000000000";
final Map<String, String> attributes = new HashMap<>();
attributes.put("abc", "xyz");
attributes.put("xyz", "abc");
attributes.put("filename", "file-" + uuid);
final ProvenanceEventBuilder builder = new StandardProvenanceEventRecord.Builder();
builder.setEventTime(System.currentTimeMillis());
builder.setEventType(ProvenanceEventType.RECEIVE);
builder.setTransitUri("nifi://unit-test");
builder.fromFlowFile(createFlowFile(3L, 3000L, attributes));
builder.setComponentId("1234");
builder.setComponentType("dummy processor");
for (int i = 0; i < 10; i++) {
attributes.put("uuid", "00000000-0000-0000-0000-00000000000" + i);
builder.fromFlowFile(createFlowFile(i, 3000L, attributes));
// make sure the events are destroyed when we call purge
builder.setEventTime(10L);
repo.registerEvent(builder.build());
}
repo.waitForRollover();
final Query query = new Query("1234");
query.addSearchTerm(SearchTerms.newSearchTerm(SearchableFields.ComponentID, "1234"));
final QuerySubmission submission = repo.submitQuery(query, createUser());
final QueryResult result = submission.getResult();
while (!result.isFinished()) {
Thread.sleep(100L);
}
// Ensure that we gets events with ID's 3 through 10.
final List<ProvenanceEventRecord> events = result.getMatchingEvents();
assertEquals(7, events.size());
final List<Long> eventIds = events.stream().map(event -> event.getEventId()).sorted().collect(Collectors.toList());
for (int i = 0; i < 7; i++) {
Assert.assertEquals(i + 3, eventIds.get(i).intValue());
}
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class TestLuceneEventIndex method testUnauthorizedEventsGetPlaceholdersForFindParents.
@Test(timeout = 60000)
public void testUnauthorizedEventsGetPlaceholdersForFindParents() throws InterruptedException {
assumeFalse(isWindowsEnvironment());
final RepositoryConfiguration repoConfig = createConfig(1);
repoConfig.setDesiredIndexSize(1L);
final IndexManager indexManager = new SimpleIndexManager(repoConfig);
final ArrayListEventStore eventStore = new ArrayListEventStore();
final LuceneEventIndex index = new LuceneEventIndex(repoConfig, indexManager, 3, EventReporter.NO_OP);
index.initialize(eventStore);
final ProvenanceEventRecord firstEvent = createEvent("4444");
final Map<String, String> previousAttributes = new HashMap<>();
previousAttributes.put("uuid", "4444");
final Map<String, String> updatedAttributes = new HashMap<>();
updatedAttributes.put("updated", "true");
final ProvenanceEventRecord join = new StandardProvenanceEventRecord.Builder().setEventType(ProvenanceEventType.JOIN).setAttributes(previousAttributes, updatedAttributes).addParentUuid("4444").addChildFlowFile("1234").setComponentId("component-1").setComponentType("unit test").setEventId(idGenerator.getAndIncrement()).setEventTime(System.currentTimeMillis()).setFlowFileEntryDate(System.currentTimeMillis()).setFlowFileUUID("1234").setLineageStartDate(System.currentTimeMillis()).setCurrentContentClaim("container", "section", "unit-test-id", 0L, 1024L).build();
index.addEvents(eventStore.addEvent(firstEvent).getStorageLocations());
index.addEvents(eventStore.addEvent(join).getStorageLocations());
for (int i = 0; i < 3; i++) {
final ProvenanceEventRecord event = createEvent("1234");
final StorageResult storageResult = eventStore.addEvent(event);
index.addEvents(storageResult.getStorageLocations());
}
final NiFiUser user = createUser();
final EventAuthorizer allowJoinEvents = new EventAuthorizer() {
@Override
public boolean isAuthorized(ProvenanceEventRecord event) {
return event.getEventType() == ProvenanceEventType.JOIN;
}
@Override
public void authorize(ProvenanceEventRecord event) throws AccessDeniedException {
}
};
List<LineageNode> nodes = Collections.emptyList();
while (nodes.size() < 2) {
final ComputeLineageSubmission submission = index.submitExpandParents(1L, user, allowJoinEvents);
assertTrue(submission.getResult().awaitCompletion(5, TimeUnit.SECONDS));
nodes = submission.getResult().getNodes();
Thread.sleep(25L);
}
assertEquals(2, nodes.size());
final Map<ProvenanceEventType, List<LineageNode>> eventMap = nodes.stream().filter(n -> n.getNodeType() == LineageNodeType.PROVENANCE_EVENT_NODE).collect(Collectors.groupingBy(n -> ((ProvenanceEventLineageNode) n).getEventType()));
assertEquals(2, eventMap.size());
assertEquals(1, eventMap.get(ProvenanceEventType.JOIN).size());
assertEquals(1, eventMap.get(ProvenanceEventType.UNKNOWN).size());
assertEquals("4444", eventMap.get(ProvenanceEventType.UNKNOWN).get(0).getFlowFileUuid());
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class TestLuceneEventIndex method testUnauthorizedEventsGetPlaceholdersForLineage.
@Test(timeout = 60000)
public void testUnauthorizedEventsGetPlaceholdersForLineage() throws InterruptedException {
assumeFalse(isWindowsEnvironment());
final RepositoryConfiguration repoConfig = createConfig(1);
repoConfig.setDesiredIndexSize(1L);
final IndexManager indexManager = new SimpleIndexManager(repoConfig);
final ArrayListEventStore eventStore = new ArrayListEventStore();
final LuceneEventIndex index = new LuceneEventIndex(repoConfig, indexManager, 3, EventReporter.NO_OP);
index.initialize(eventStore);
for (int i = 0; i < 3; i++) {
final ProvenanceEventRecord event = createEvent("1234");
final StorageResult storageResult = eventStore.addEvent(event);
index.addEvents(storageResult.getStorageLocations());
}
final NiFiUser user = createUser();
List<LineageNode> nodes = Collections.emptyList();
while (nodes.size() < 3) {
final ComputeLineageSubmission submission = index.submitLineageComputation(1L, user, EventAuthorizer.DENY_ALL);
assertTrue(submission.getResult().awaitCompletion(5, TimeUnit.SECONDS));
nodes = submission.getResult().getNodes();
Thread.sleep(25L);
}
assertEquals(3, nodes.size());
for (final LineageNode node : nodes) {
assertEquals(LineageNodeType.PROVENANCE_EVENT_NODE, node.getNodeType());
final ProvenanceEventLineageNode eventNode = (ProvenanceEventLineageNode) node;
assertEquals(ProvenanceEventType.UNKNOWN, eventNode.getEventType());
}
}
Aggregations