Search in sources :

Example 71 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class StandardNiFiServiceFacade method createRegistryClient.

@Override
public RegistryClientEntity createRegistryClient(Revision revision, RegistryDTO registryDTO) {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    // request claim for component to be created... revision already verified (version == 0)
    final RevisionClaim claim = new StandardRevisionClaim(revision);
    // update revision through revision manager
    final RevisionUpdate<FlowRegistry> revisionUpdate = revisionManager.updateRevision(claim, user, () -> {
        // add the component
        final FlowRegistry registry = registryDAO.createFlowRegistry(registryDTO);
        // save the flow
        controllerFacade.save();
        final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getIdentity());
        return new StandardRevisionUpdate<>(registry, lastMod);
    });
    final FlowRegistry registry = revisionUpdate.getComponent();
    return createRegistryClientEntity(registry);
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) FlowRegistry(org.apache.nifi.registry.flow.FlowRegistry) StandardRevisionUpdate(org.apache.nifi.web.revision.StandardRevisionUpdate) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim)

Example 72 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class StandardNiFiServiceFacade method createComponent.

/**
 * Creates a component using the optimistic locking manager.
 *
 * @param componentDto the DTO that will be used to create the component
 * @param daoCreation  A Supplier that will create the NiFi Component to use
 * @param dtoCreation  a Function that will convert the NiFi Component into a corresponding DTO
 * @param <D>          the DTO Type
 * @param <C>          the NiFi Component Type
 * @return a RevisionUpdate that represents the updated configuration
 */
private <D, C> RevisionUpdate<D> createComponent(final Revision revision, final ComponentDTO componentDto, final Supplier<C> daoCreation, final Function<C, D> dtoCreation) {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    // read lock on the containing group
    // request claim for component to be created... revision already verified (version == 0)
    final RevisionClaim claim = new StandardRevisionClaim(revision);
    // update revision through revision manager
    return revisionManager.updateRevision(claim, user, () -> {
        // add the component
        final C component = daoCreation.get();
        // save the flow
        controllerFacade.save();
        final D dto = dtoCreation.apply(component);
        final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getIdentity());
        return new StandardRevisionUpdate<>(dto, lastMod);
    });
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) UUID(java.util.UUID) StandardRevisionUpdate(org.apache.nifi.web.revision.StandardRevisionUpdate) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim)

Example 73 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class TestThreadPoolRequestReplicator method testRequestChain.

@Test
public void testRequestChain() {
    final String proxyIdentity2 = "proxy-2";
    final String proxyIdentity1 = "proxy-1";
    final String userIdentity = "user";
    withReplicator(replicator -> {
        final Set<NodeIdentifier> nodeIds = new HashSet<>();
        nodeIds.add(new NodeIdentifier("1", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false));
        final URI uri = new URI("http://localhost:8080/processors/1");
        final Entity entity = new ProcessorEntity();
        // set the user
        final NiFiUser proxy2 = new Builder().identity(proxyIdentity2).build();
        final NiFiUser proxy1 = new Builder().identity(proxyIdentity1).chain(proxy2).build();
        final NiFiUser user = new Builder().identity(userIdentity).chain(proxy1).build();
        final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(user));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        replicator.replicate(nodeIds, HttpMethod.GET, uri, entity, new HashMap<>(), true, true);
    }, Response.Status.OK, 0L, null, "<" + userIdentity + "><" + proxyIdentity1 + "><" + proxyIdentity2 + ">");
}
Also used : ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) Entity(org.apache.nifi.web.api.entity.Entity) StandardNiFiUser(org.apache.nifi.authorization.user.StandardNiFiUser) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ClientBuilder(javax.ws.rs.client.ClientBuilder) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) URI(java.net.URI) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Authentication(org.springframework.security.core.Authentication) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 74 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class AccessPolicyAuditor method updateAccessPolicyAdvice.

/**
 * Audits the configuration of a single policy.
 *
 * @param proceedingJoinPoint join point
 * @param accessPolicyDTO dto
 * @param accessPolicyDAO dao
 * @return node
 * @throws Throwable ex
 */
@Around("within(org.apache.nifi.web.dao.AccessPolicyDAO+) && " + "execution(org.apache.nifi.authorization.AccessPolicy updateAccessPolicy(org.apache.nifi.web.api.dto.AccessPolicyDTO)) && " + "args(accessPolicyDTO) && " + "target(accessPolicyDAO)")
public AccessPolicy updateAccessPolicyAdvice(ProceedingJoinPoint proceedingJoinPoint, AccessPolicyDTO accessPolicyDTO, AccessPolicyDAO accessPolicyDAO) throws Throwable {
    // determine the initial values for each property/setting that's changing
    AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyDTO.getId());
    final Map<String, String> values = extractConfiguredPropertyValues(accessPolicy, accessPolicyDTO);
    // update the policy state
    final AccessPolicy updatedAccessPolicy = (AccessPolicy) proceedingJoinPoint.proceed();
    // if no exceptions were thrown, add the policy action...
    accessPolicy = accessPolicyDAO.getAccessPolicy(updatedAccessPolicy.getIdentifier());
    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();
    // ensure the user was found
    if (user != null) {
        // determine the updated values
        Map<String, String> updatedValues = extractConfiguredPropertyValues(accessPolicy, accessPolicyDTO);
        // create a policy action
        Date actionTimestamp = new Date();
        Collection<Action> actions = new ArrayList<>();
        // go through each updated value
        for (String property : updatedValues.keySet()) {
            String newValue = updatedValues.get(property);
            String oldValue = values.get(property);
            Operation operation = null;
            // determine the type of operation
            if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
                operation = Operation.Configure;
            }
            // create a configuration action accordingly
            if (operation != null) {
                final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
                actionDetails.setName(property);
                actionDetails.setValue(newValue);
                actionDetails.setPreviousValue(oldValue);
                // create a configuration action
                FlowChangeAction configurationAction = new FlowChangeAction();
                configurationAction.setUserIdentity(user.getIdentity());
                configurationAction.setOperation(operation);
                configurationAction.setTimestamp(actionTimestamp);
                configurationAction.setSourceId(accessPolicy.getIdentifier());
                configurationAction.setSourceName(formatPolicyName(accessPolicy));
                configurationAction.setSourceType(Component.AccessPolicy);
                configurationAction.setActionDetails(actionDetails);
                actions.add(configurationAction);
            }
        }
        // ensure there are actions to record
        if (!actions.isEmpty()) {
            // save the actions
            saveActions(actions, logger);
        }
    }
    return updatedAccessPolicy;
}
Also used : FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Action(org.apache.nifi.action.Action) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails) ArrayList(java.util.ArrayList) Operation(org.apache.nifi.action.Operation) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) Date(java.util.Date) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Around(org.aspectj.lang.annotation.Around)

Example 75 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class ComponentStateAuditor method clearReportingTaskStateAdvice.

/**
 * Audits clearing of state from a Processor.
 *
 * @param proceedingJoinPoint join point
 * @param reportingTask the reporting task
 * @throws java.lang.Throwable ex
 */
@Around("within(org.apache.nifi.web.dao.ComponentStateDAO+) && " + "execution(void clearState(org.apache.nifi.controller.ReportingTaskNode)) && " + "args(reportingTask)")
public StateMap clearReportingTaskStateAdvice(ProceedingJoinPoint proceedingJoinPoint, ReportingTaskNode reportingTask) throws Throwable {
    // update the reporting task state
    final StateMap stateMap = (StateMap) proceedingJoinPoint.proceed();
    // if no exception were thrown, add the clear action...
    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();
    // ensure the user was found
    if (user != null) {
        Collection<Action> actions = new ArrayList<>();
        // create the reporting task details
        FlowChangeExtensionDetails reportingTaskDetails = new FlowChangeExtensionDetails();
        reportingTaskDetails.setType(reportingTask.getReportingTask().getClass().getSimpleName());
        // create the clear action
        FlowChangeAction configAction = new FlowChangeAction();
        configAction.setUserIdentity(user.getIdentity());
        configAction.setOperation(Operation.ClearState);
        configAction.setTimestamp(new Date());
        configAction.setSourceId(reportingTask.getIdentifier());
        configAction.setSourceName(reportingTask.getName());
        configAction.setSourceType(Component.ReportingTask);
        configAction.setComponentDetails(reportingTaskDetails);
        actions.add(configAction);
        // record the action
        saveActions(actions, logger);
    }
    return stateMap;
}
Also used : FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Action(org.apache.nifi.action.Action) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) StateMap(org.apache.nifi.components.state.StateMap) FlowChangeExtensionDetails(org.apache.nifi.action.component.details.FlowChangeExtensionDetails) ArrayList(java.util.ArrayList) Date(java.util.Date) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Around(org.aspectj.lang.annotation.Around)

Aggregations

NiFiUser (org.apache.nifi.authorization.user.NiFiUser)127 Date (java.util.Date)47 FlowChangeAction (org.apache.nifi.action.FlowChangeAction)42 ArrayList (java.util.ArrayList)33 Authorizable (org.apache.nifi.authorization.resource.Authorizable)32 Action (org.apache.nifi.action.Action)29 HashMap (java.util.HashMap)27 Map (java.util.Map)26 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)26 RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)26 IOException (java.io.IOException)25 Set (java.util.Set)25 ScheduledState (org.apache.nifi.controller.ScheduledState)25 Collectors (java.util.stream.Collectors)24 UUID (java.util.UUID)23 ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)22 AffectedComponentDTO (org.apache.nifi.web.api.dto.AffectedComponentDTO)22 DtoFactory (org.apache.nifi.web.api.dto.DtoFactory)22 AffectedComponentEntity (org.apache.nifi.web.api.entity.AffectedComponentEntity)22 ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)22