Example 81 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class PortAuditor method updatePortAdvice.
/**
* Audits the update of a port.
*
* @param proceedingJoinPoint join point
* @param portDTO port dto
* @param portDAO port dao
* @return port
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.PortDAO+) && " + "execution(org.apache.nifi.connectable.Port updatePort(org.apache.nifi.web.api.dto.PortDTO)) && " + "args(portDTO) && " + "target(portDAO)")
public Port updatePortAdvice(ProceedingJoinPoint proceedingJoinPoint, PortDTO portDTO, PortDAO portDAO) throws Throwable {
final Port port = portDAO.getPort(portDTO.getId());
final ScheduledState scheduledState = port.getScheduledState();
final String name = port.getName();
final String comments = port.getComments();
final int maxConcurrentTasks = port.getMaxConcurrentTasks();
final Set<String> existingUsers = new HashSet<>();
final Set<String> existingGroups = new HashSet<>();
boolean isRootGroupPort = false;
if (port instanceof RootGroupPort) {
isRootGroupPort = true;
existingUsers.addAll(((RootGroupPort) port).getUserAccessControl());
existingGroups.addAll(((RootGroupPort) port).getGroupAccessControl());
}
// perform the underlying operation
final Port updatedPort = (Port) proceedingJoinPoint.proceed();
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
Collection<ActionDetails> configurationDetails = new ArrayList<>();
// see if the name has changed
if (name != null && portDTO.getName() != null && !name.equals(updatedPort.getName())) {
// create the config details
FlowChangeConfigureDetails configDetails = new FlowChangeConfigureDetails();
configDetails.setName("Name");
configDetails.setValue(updatedPort.getName());
configDetails.setPreviousValue(name);
configurationDetails.add(configDetails);
}
// see if the comments has changed
if (comments != null && portDTO.getComments() != null && !comments.equals(updatedPort.getComments())) {
// create the config details
FlowChangeConfigureDetails configDetails = new FlowChangeConfigureDetails();
configDetails.setName("Comments");
configDetails.setValue(updatedPort.getComments());
configDetails.setPreviousValue(comments);
configurationDetails.add(configDetails);
}
// if this is a root group port, consider concurrent tasks
if (isRootGroupPort) {
if (portDTO.getConcurrentlySchedulableTaskCount() != null && updatedPort.getMaxConcurrentTasks() != maxConcurrentTasks) {
// create the config details
FlowChangeConfigureDetails configDetails = new FlowChangeConfigureDetails();
configDetails.setName("Concurrent Tasks");
configDetails.setValue(String.valueOf(updatedPort.getMaxConcurrentTasks()));
configDetails.setPreviousValue(String.valueOf(maxConcurrentTasks));
configurationDetails.add(configDetails);
}
// if user access control was specified in the request
if (portDTO.getUserAccessControl() != null) {
final Set<String> newUsers = new HashSet<>(portDTO.getUserAccessControl());
newUsers.removeAll(existingUsers);
final Set<String> removedUsers = new HashSet<>(existingUsers);
removedUsers.removeAll(portDTO.getUserAccessControl());
// if users were added/removed
if (newUsers.size() > 0 || removedUsers.size() > 0) {
// create the config details
FlowChangeConfigureDetails configDetails = new FlowChangeConfigureDetails();
configDetails.setName("User Access Control");
configDetails.setValue(StringUtils.join(portDTO.getUserAccessControl(), ", "));
configDetails.setPreviousValue(StringUtils.join(existingUsers, ", "));
configurationDetails.add(configDetails);
}
}
// if group access control was specified in the request
if (portDTO.getGroupAccessControl() != null) {
final Set<String> newGroups = new HashSet<>(portDTO.getGroupAccessControl());
newGroups.removeAll(existingGroups);
final Set<String> removedGroups = new HashSet<>(existingGroups);
removedGroups.removeAll(portDTO.getGroupAccessControl());
// if groups were added/removed
if (newGroups.size() > 0 || removedGroups.size() > 0) {
// create the config details
FlowChangeConfigureDetails configDetails = new FlowChangeConfigureDetails();
configDetails.setName("Group Access Control");
configDetails.setValue(StringUtils.join(portDTO.getGroupAccessControl(), ", "));
configDetails.setPreviousValue(StringUtils.join(existingGroups, ", "));
configurationDetails.add(configDetails);
}
}
}
final Collection<Action> actions = new ArrayList<>();
// determine the type of port
Component componentType = Component.OutputPort;
if (ConnectableType.INPUT_PORT == updatedPort.getConnectableType()) {
componentType = Component.InputPort;
}
// add each configuration detail
if (!configurationDetails.isEmpty()) {
// create the timestamp for the update
Date timestamp = new Date();
// create the actions
for (ActionDetails detail : configurationDetails) {
// create the port action for updating the name
FlowChangeAction portAction = new FlowChangeAction();
portAction.setUserIdentity(user.getIdentity());
portAction.setOperation(Operation.Configure);
portAction.setTimestamp(timestamp);
portAction.setSourceId(updatedPort.getIdentifier());
portAction.setSourceName(updatedPort.getName());
portAction.setSourceType(componentType);
portAction.setActionDetails(detail);
actions.add(portAction);
}
}
// determine the new executing state
final ScheduledState updatedScheduledState = updatedPort.getScheduledState();
// determine if the running state has changed
if (scheduledState != updatedScheduledState) {
// create a processor action
FlowChangeAction processorAction = new FlowChangeAction();
processorAction.setUserIdentity(user.getIdentity());
processorAction.setTimestamp(new Date());
processorAction.setSourceId(updatedPort.getIdentifier());
processorAction.setSourceName(updatedPort.getName());
processorAction.setSourceType(componentType);
// set the operation accordingly
if (ScheduledState.RUNNING.equals(updatedScheduledState)) {
processorAction.setOperation(Operation.Start);
} else if (ScheduledState.DISABLED.equals(updatedScheduledState)) {
processorAction.setOperation(Operation.Disable);
} else {
// state is now stopped... consider the previous state
if (ScheduledState.RUNNING.equals(scheduledState)) {
processorAction.setOperation(Operation.Stop);
} else if (ScheduledState.DISABLED.equals(scheduledState)) {
processorAction.setOperation(Operation.Enable);
}
}
actions.add(processorAction);
}
// ensure there are actions to record
if (!actions.isEmpty()) {
// save the actions
saveActions(actions, logger);
}
}
return updatedPort;
}
Also used :
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Action(org.apache.nifi.action.Action)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
RootGroupPort(org.apache.nifi.remote.RootGroupPort)
Port(org.apache.nifi.connectable.Port)
RootGroupPort(org.apache.nifi.remote.RootGroupPort)
ArrayList(java.util.ArrayList)
ProceedingJoinPoint(org.aspectj.lang.ProceedingJoinPoint)
Date(java.util.Date)
ScheduledState(org.apache.nifi.controller.ScheduledState)
FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails)
ActionDetails(org.apache.nifi.action.details.ActionDetails)
Component(org.apache.nifi.action.Component)
HashSet(java.util.HashSet)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Around(org.aspectj.lang.annotation.Around)
Example 82 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class PortAuditor method generateAuditRecord.
/**
* Generates an audit record for the creation of the specified port.
*
* @param port port
* @param operation operation
* @param actionDetails details
* @return action
*/
public Action generateAuditRecord(Port port, Operation operation, ActionDetails actionDetails) {
FlowChangeAction action = null;
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// determine the type of port
Component componentType = Component.OutputPort;
if (ConnectableType.INPUT_PORT == port.getConnectableType()) {
componentType = Component.InputPort;
}
// create the port action for adding this processor
action = new FlowChangeAction();
action.setUserIdentity(user.getIdentity());
action.setOperation(operation);
action.setTimestamp(new Date());
action.setSourceId(port.getIdentifier());
action.setSourceName(port.getName());
action.setSourceType(componentType);
if (actionDetails != null) {
action.setActionDetails(actionDetails);
}
}
return action;
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Component(org.apache.nifi.action.Component)
Date(java.util.Date)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Example 83 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupAuditor method updateProcessGroupFlowAdvice.
@Around("within(org.apache.nifi.web.dao.ProcessGroupDAO+) && " + "execution(org.apache.nifi.groups.ProcessGroup updateProcessGroupFlow(..))")
public ProcessGroup updateProcessGroupFlowAdvice(final ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
final Object[] args = proceedingJoinPoint.getArgs();
final String groupId = (String) args[0];
final NiFiUser user = (NiFiUser) args[1];
final ProcessGroupDAO processGroupDAO = getProcessGroupDAO();
final ProcessGroup processGroup = processGroupDAO.getProcessGroup(groupId);
final VersionControlInformation vci = processGroup.getVersionControlInformation();
final ProcessGroup updatedProcessGroup = (ProcessGroup) proceedingJoinPoint.proceed();
final VersionControlInformation updatedVci = updatedProcessGroup.getVersionControlInformation();
final Operation operation;
if (vci == null) {
operation = Operation.StartVersionControl;
} else {
if (updatedVci == null) {
operation = Operation.StopVersionControl;
} else if (vci.getVersion() == updatedVci.getVersion()) {
operation = Operation.RevertLocalChanges;
} else {
operation = Operation.ChangeVersion;
}
}
saveUpdateAction(user, groupId, operation);
return updatedProcessGroup;
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO)
VersionControlInformation(org.apache.nifi.registry.flow.VersionControlInformation)
ProcessGroup(org.apache.nifi.groups.ProcessGroup)
Operation(org.apache.nifi.action.Operation)
Around(org.aspectj.lang.annotation.Around)
Example 84 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class RelationshipAuditor method updateConnectionAdvice.
/**
* Audits the creation and removal of relationships via updateConnection().
*
* @param proceedingJoinPoint join point
* @param connectionDTO dto
* @param connectionDAO dao
* @return connection
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ConnectionDAO+) && " + "execution(org.apache.nifi.connectable.Connection updateConnection(org.apache.nifi.web.api.dto.ConnectionDTO)) && " + "args(connectionDTO) && " + "target(connectionDAO)")
public Connection updateConnectionAdvice(ProceedingJoinPoint proceedingJoinPoint, ConnectionDTO connectionDTO, ConnectionDAO connectionDAO) throws Throwable {
// get the previous configuration
Connection connection = connectionDAO.getConnection(connectionDTO.getId());
Connectable previousDestination = connection.getDestination();
Collection<Relationship> previousRelationships = connection.getRelationships();
Map<String, String> values = extractConfiguredPropertyValues(connection, connectionDTO);
// perform the underlying operation
connection = (Connection) proceedingJoinPoint.proceed();
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
Collection<Action> actions = new ArrayList<>();
Map<String, String> updatedValues = extractConfiguredPropertyValues(connection, connectionDTO);
// get the source
Connectable source = connection.getSource();
// get the current target
Connectable destination = connection.getDestination();
// determine if a new target was specified in the initial request
if (destination != null && !previousDestination.getIdentifier().equals(destination.getIdentifier())) {
// record the removal of all relationships from the previous target
final ConnectDetails disconnectDetails = createConnectDetails(connection, source, previousRelationships, previousDestination);
actions.add(generateAuditRecordForConnection(connection, Operation.Disconnect, disconnectDetails));
// record the addition of all relationships to the new target
final ConnectDetails connectDetails = createConnectDetails(connection, connection.getRelationships());
actions.add(generateAuditRecordForConnection(connection, Operation.Connect, connectDetails));
}
// audit and relationships added/removed
Collection<Relationship> newRelationships = connection.getRelationships();
// identify any relationships that were added
if (newRelationships != null) {
List<Relationship> relationshipsToAdd = new ArrayList<>(newRelationships);
if (previousRelationships != null) {
relationshipsToAdd.removeAll(previousRelationships);
}
if (!relationshipsToAdd.isEmpty()) {
final ConnectDetails connectDetails = createConnectDetails(connection, relationshipsToAdd);
actions.add(generateAuditRecordForConnection(connection, Operation.Connect, connectDetails));
}
}
// identify any relationships that were removed
if (previousRelationships != null) {
List<Relationship> relationshipsToRemove = new ArrayList<>(previousRelationships);
if (newRelationships != null) {
relationshipsToRemove.removeAll(newRelationships);
}
if (!relationshipsToRemove.isEmpty()) {
final ConnectDetails connectDetails = createConnectDetails(connection, relationshipsToRemove);
actions.add(generateAuditRecordForConnection(connection, Operation.Disconnect, connectDetails));
}
}
// go through each updated value
Date actionTimestamp = new Date();
for (String property : updatedValues.keySet()) {
String newValue = updatedValues.get(property);
String oldValue = values.get(property);
// ensure the value is changing
if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
// create the config details
FlowChangeConfigureDetails configurationDetails = new FlowChangeConfigureDetails();
configurationDetails.setName(property);
configurationDetails.setValue(newValue);
configurationDetails.setPreviousValue(oldValue);
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setOperation(Operation.Configure);
configurationAction.setTimestamp(actionTimestamp);
configurationAction.setSourceId(connection.getIdentifier());
configurationAction.setSourceName(connection.getName());
configurationAction.setSourceType(Component.Connection);
configurationAction.setActionDetails(configurationDetails);
actions.add(configurationAction);
}
}
// save the actions
if (!actions.isEmpty()) {
saveActions(actions, logger);
}
}
return connection;
}
Also used :
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Action(org.apache.nifi.action.Action)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
ConnectDetails(org.apache.nifi.action.details.ConnectDetails)
FlowChangeConnectDetails(org.apache.nifi.action.details.FlowChangeConnectDetails)
Connection(org.apache.nifi.connectable.Connection)
ArrayList(java.util.ArrayList)
Date(java.util.Date)
Connectable(org.apache.nifi.connectable.Connectable)
FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails)
Relationship(org.apache.nifi.processor.Relationship)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Around(org.aspectj.lang.annotation.Around)
Example 85 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class RelationshipAuditor method generateAuditRecordForConnection.
/**
* Generates the audit records for the specified connection.
*
* @param connection connection
* @param operation operation
* @param actionDetails details
* @return action
*/
public Action generateAuditRecordForConnection(Connection connection, Operation operation, ActionDetails actionDetails) {
FlowChangeAction action = null;
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// determine the source details
final String connectionId = connection.getIdentifier();
String connectionName = connection.getName();
if (StringUtils.isBlank(connectionName)) {
Collection<String> relationshipNames = new HashSet<>(connection.getRelationships().size());
for (final Relationship relationship : connection.getRelationships()) {
relationshipNames.add(relationship.getName());
}
connectionName = StringUtils.join(relationshipNames, ", ");
}
// go through each relationship added
Date actionTimestamp = new Date();
// create a new relationship action
action = new FlowChangeAction();
action.setUserIdentity(user.getIdentity());
action.setOperation(operation);
action.setTimestamp(actionTimestamp);
action.setSourceId(connectionId);
action.setSourceName(connectionName);
action.setSourceType(Component.Connection);
if (actionDetails != null) {
action.setActionDetails(actionDetails);
}
}
return action;
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Relationship(org.apache.nifi.processor.Relationship)
Date(java.util.Date)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
HashSet(java.util.HashSet)
Aggregations
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)127
Date (java.util.Date)47
FlowChangeAction (org.apache.nifi.action.FlowChangeAction)42
ArrayList (java.util.ArrayList)33
Authorizable (org.apache.nifi.authorization.resource.Authorizable)32
Action (org.apache.nifi.action.Action)29
HashMap (java.util.HashMap)27
Map (java.util.Map)26
AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)26
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)26
IOException (java.io.IOException)25
Set (java.util.Set)25
ScheduledState (org.apache.nifi.controller.ScheduledState)25
Collectors (java.util.stream.Collectors)24
UUID (java.util.UUID)23
ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)22
AffectedComponentDTO (org.apache.nifi.web.api.dto.AffectedComponentDTO)22
DtoFactory (org.apache.nifi.web.api.dto.DtoFactory)22
AffectedComponentEntity (org.apache.nifi.web.api.entity.AffectedComponentEntity)22
ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)22
