Example 21 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class DataTransferResource method constructPeer.
private Peer constructPeer(final HttpServletRequest req, final InputStream inputStream, final OutputStream outputStream, final String portId, final String transactionId) {
String clientHostName = req.getRemoteHost();
try {
// req.getRemoteHost returns IP address, try to resolve hostname to be consistent with RAW protocol.
final InetAddress clientAddress = InetAddress.getByName(clientHostName);
clientHostName = clientAddress.getHostName();
} catch (UnknownHostException e) {
logger.info("Failed to resolve client hostname {}, due to {}", clientHostName, e.getMessage());
}
final int clientPort = req.getRemotePort();
final PeerDescription peerDescription = new PeerDescription(clientHostName, clientPort, req.isSecure());
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final String userDn = user == null ? null : user.getIdentity();
final HttpServerCommunicationsSession commSession = new HttpServerCommunicationsSession(inputStream, outputStream, transactionId, userDn);
boolean useCompression = false;
final String useCompressionStr = req.getHeader(HANDSHAKE_PROPERTY_USE_COMPRESSION);
if (!isEmpty(useCompressionStr) && Boolean.valueOf(useCompressionStr)) {
useCompression = true;
}
final String requestExpiration = req.getHeader(HANDSHAKE_PROPERTY_REQUEST_EXPIRATION);
final String batchCount = req.getHeader(HANDSHAKE_PROPERTY_BATCH_COUNT);
final String batchSize = req.getHeader(HANDSHAKE_PROPERTY_BATCH_SIZE);
final String batchDuration = req.getHeader(HANDSHAKE_PROPERTY_BATCH_DURATION);
commSession.putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, portId);
commSession.putHandshakeParam(HandshakeProperty.GZIP, String.valueOf(useCompression));
if (!isEmpty(requestExpiration)) {
commSession.putHandshakeParam(REQUEST_EXPIRATION_MILLIS, requestExpiration);
}
if (!isEmpty(batchCount)) {
commSession.putHandshakeParam(BATCH_COUNT, batchCount);
}
if (!isEmpty(batchSize)) {
commSession.putHandshakeParam(BATCH_SIZE, batchSize);
}
if (!isEmpty(batchDuration)) {
commSession.putHandshakeParam(BATCH_DURATION, batchDuration);
}
if (peerDescription.isSecure()) {
final NiFiUser nifiUser = NiFiUserUtils.getNiFiUser();
logger.debug("initiating peer, nifiUser={}", nifiUser);
commSession.setUserDn(nifiUser.getIdentity());
}
// TODO: Followed how SocketRemoteSiteListener define peerUrl and clusterUrl, but it can be more meaningful values, especially for clusterUrl.
final String peerUrl = "nifi://" + clientHostName + ":" + clientPort;
final String clusterUrl = "nifi://localhost:" + req.getLocalPort();
return new Peer(peerDescription, commSession, peerUrl, clusterUrl);
}
Also used :
HttpServerCommunicationsSession(org.apache.nifi.remote.io.http.HttpServerCommunicationsSession)
UnknownHostException(java.net.UnknownHostException)
PeerDescription(org.apache.nifi.remote.PeerDescription)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Peer(org.apache.nifi.remote.Peer)
InetAddress(java.net.InetAddress)
Example 22 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class FlowResource method getComponentHistory.
/**
* Gets the actions for the specified component.
*
* @param componentId The id of the component.
* @return An processorHistoryEntity.
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("history/components/{componentId}")
@ApiOperation(value = "Gets configuration history for a component", notes = NON_GUARANTEED_ENDPOINT, response = ComponentHistoryEntity.class, authorizations = { @Authorization(value = "Read - /flow"), @Authorization(value = "Read underlying component - /{component-type}/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getComponentHistory(@ApiParam(value = "The component id.", required = true) @PathParam("componentId") final String componentId) {
serviceFacade.authorizeAccess(lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// authorize the flow
authorizeFlow();
try {
final Authorizable authorizable = lookup.getProcessor(componentId).getAuthorizable();
authorizable.authorize(authorizer, RequestAction.READ, user);
return;
} catch (final ResourceNotFoundException e) {
// ignore as the component may not be a processor
}
try {
final Authorizable authorizable = lookup.getControllerService(componentId).getAuthorizable();
authorizable.authorize(authorizer, RequestAction.READ, user);
return;
} catch (final ResourceNotFoundException e) {
// ignore as the component may not be a controller service
}
try {
final Authorizable authorizable = lookup.getReportingTask(componentId).getAuthorizable();
authorizable.authorize(authorizer, RequestAction.READ, user);
return;
} catch (final ResourceNotFoundException e) {
// ignore as the component may not be a reporting task
}
// a component for the specified id could not be found, attempt to authorize based on read to the controller
final Authorizable controller = lookup.getController();
controller.authorize(authorizer, RequestAction.READ, user);
});
// Note: History requests are not replicated throughout the cluster and are instead handled by the nodes independently
// create the response entity
final ComponentHistoryEntity entity = new ComponentHistoryEntity();
entity.setComponentHistory(serviceFacade.getComponentHistory(componentId));
// generate the response
return generateOkResponse(entity).build();
}
Also used :
ComponentHistoryEntity(org.apache.nifi.web.api.entity.ComponentHistoryEntity)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 23 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupResource method instantiateTemplate.
/**
* Instantiates the specified template within this ProcessGroup. The template instance that is instantiated cannot be referenced at a later time, therefore there is no
* corresponding URI. Instead the request URI is returned.
* <p>
* Alternatively, we could have performed a PUT request. However, PUT requests are supposed to be idempotent and this endpoint is certainly not.
*
* @param httpServletRequest request
* @param groupId The group id
* @param requestInstantiateTemplateRequestEntity The instantiate template request
* @return A flowEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/template-instance")
@ApiOperation(value = "Instantiates a template", response = FlowEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - /templates/{uuid}"), @Authorization(value = "Write - if the template contains any restricted components - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response instantiateTemplate(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") String groupId, @ApiParam(value = "The instantiate template request.", required = true) InstantiateTemplateRequestEntity requestInstantiateTemplateRequestEntity) {
// ensure the position has been specified
if (requestInstantiateTemplateRequestEntity == null || requestInstantiateTemplateRequestEntity.getOriginX() == null || requestInstantiateTemplateRequestEntity.getOriginY() == null) {
throw new IllegalArgumentException("The origin position (x, y) must be specified.");
}
// ensure the template id was provided
if (requestInstantiateTemplateRequestEntity.getTemplateId() == null) {
throw new IllegalArgumentException("The template id must be specified.");
}
// ensure the template encoding version is valid
if (requestInstantiateTemplateRequestEntity.getEncodingVersion() != null) {
try {
FlowEncodingVersion.parse(requestInstantiateTemplateRequestEntity.getEncodingVersion());
} catch (final IllegalArgumentException e) {
throw new IllegalArgumentException("The template encoding version is not valid. The expected format is <number>.<number>");
}
}
// populate the encoding version if necessary
if (requestInstantiateTemplateRequestEntity.getEncodingVersion() == null) {
// if the encoding version is not specified, use the latest encoding version as these options were
// not available pre 1.x, will be overridden if populating from the underlying template below
requestInstantiateTemplateRequestEntity.setEncodingVersion(TemplateDTO.MAX_ENCODING_VERSION);
}
// populate the component bundles if necessary
if (requestInstantiateTemplateRequestEntity.getSnippet() == null) {
// get the desired template in order to determine the supported bundles
final TemplateDTO requestedTemplate = serviceFacade.exportTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
final FlowSnippetDTO requestTemplateContents = requestedTemplate.getSnippet();
// determine the compatible bundles to use for each component in this template, this ensures the nodes in the cluster
// instantiate the components from the same bundles
discoverCompatibleBundles(requestTemplateContents);
// update the requested template as necessary - use the encoding version from the underlying template
requestInstantiateTemplateRequestEntity.setEncodingVersion(requestedTemplate.getEncodingVersion());
requestInstantiateTemplateRequestEntity.setSnippet(requestTemplateContents);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestInstantiateTemplateRequestEntity);
}
return withWriteLock(serviceFacade, requestInstantiateTemplateRequestEntity, lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure write on the group
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.WRITE, user);
final Authorizable template = lookup.getTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
template.authorize(authorizer, RequestAction.READ, user);
// ensure read on the template
final TemplateContentsAuthorizable templateContents = lookup.getTemplateContents(requestInstantiateTemplateRequestEntity.getSnippet());
final Consumer<ComponentAuthorizable> authorizeRestricted = authorizable -> {
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
};
// ensure restricted access if necessary
templateContents.getEncapsulatedProcessors().forEach(authorizeRestricted);
templateContents.getEncapsulatedControllerServices().forEach(authorizeRestricted);
}, () -> serviceFacade.verifyComponentTypes(requestInstantiateTemplateRequestEntity.getSnippet()), instantiateTemplateRequestEntity -> {
// create the template and generate the json
final FlowEntity entity = serviceFacade.createTemplateInstance(groupId, instantiateTemplateRequestEntity.getOriginX(), instantiateTemplateRequestEntity.getOriginY(), instantiateTemplateRequestEntity.getEncodingVersion(), instantiateTemplateRequestEntity.getSnippet(), getIdGenerationSeed().orElse(null));
final FlowDTO flowSnippet = entity.getFlow();
// prune response as necessary
for (ProcessGroupEntity childGroupEntity : flowSnippet.getProcessGroups()) {
childGroupEntity.getComponent().setContents(null);
}
// create the response entity
populateRemainingSnippetContent(flowSnippet);
// generate the response
return generateCreatedResponse(getAbsolutePath(), entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
FunnelsEntity(org.apache.nifi.web.api.entity.FunnelsEntity)
Produces(javax.ws.rs.Produces)
InstantiateTemplateRequestEntity(org.apache.nifi.web.api.entity.InstantiateTemplateRequestEntity)
ApiParam(io.swagger.annotations.ApiParam)
SiteToSiteRestApiClient(org.apache.nifi.remote.util.SiteToSiteRestApiClient)
ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
StringUtils(org.apache.commons.lang3.StringUtils)
ClientIdParameter(org.apache.nifi.web.api.request.ClientIdParameter)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess)
VariableRegistryUpdateStep(org.apache.nifi.registry.variable.VariableRegistryUpdateStep)
PositionDTO(org.apache.nifi.web.api.dto.PositionDTO)
MediaType(javax.ws.rs.core.MediaType)
ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO)
NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException)
Map(java.util.Map)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
UriBuilder(javax.ws.rs.core.UriBuilder)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
ConnectionsEntity(org.apache.nifi.web.api.entity.ConnectionsEntity)
FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity)
VariableRegistryUpdateRequest(org.apache.nifi.registry.variable.VariableRegistryUpdateRequest)
ControllerServicesEntity(org.apache.nifi.web.api.entity.ControllerServicesEntity)
Set(java.util.Set)
InputPortsEntity(org.apache.nifi.web.api.entity.InputPortsEntity)
Executors(java.util.concurrent.Executors)
ArrayBlockingQueue(java.util.concurrent.ArrayBlockingQueue)
FormDataParam(org.glassfish.jersey.media.multipart.FormDataParam)
ProcessGroupsEntity(org.apache.nifi.web.api.entity.ProcessGroupsEntity)
FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity)
ScheduledState(org.apache.nifi.controller.ScheduledState)
LabelsEntity(org.apache.nifi.web.api.entity.LabelsEntity)
UriInfo(javax.ws.rs.core.UriInfo)
ApiImplicitParams(io.swagger.annotations.ApiImplicitParams)
DtoFactory(org.apache.nifi.web.api.dto.DtoFactory)
Entity(org.apache.nifi.web.api.entity.Entity)
GET(javax.ws.rs.GET)
ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity)
ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent)
TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity)
RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)
HttpMethod(javax.ws.rs.HttpMethod)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails)
Api(io.swagger.annotations.Api)
VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO)
FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO)
VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState)
NiFiServiceFacade(org.apache.nifi.web.NiFiServiceFacade)
AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup)
RequestAction(org.apache.nifi.authorization.RequestAction)
FlowEncodingVersion(org.apache.nifi.controller.serialization.FlowEncodingVersion)
JAXBElement(javax.xml.bind.JAXBElement)
RemoteProcessGroupsEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupsEntity)
IOException(java.io.IOException)
VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot)
Authorizer(org.apache.nifi.authorization.Authorizer)
ApiResponse(io.swagger.annotations.ApiResponse)
FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)
AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity)
OutputPortsEntity(org.apache.nifi.web.api.entity.OutputPortsEntity)
ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity)
XmlUtils(org.apache.nifi.security.xml.XmlUtils)
BundleCoordinate(org.apache.nifi.bundle.BundleCoordinate)
ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO)
Date(java.util.Date)
ConnectableType(org.apache.nifi.connectable.ConnectableType)
ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO)
URISyntaxException(java.net.URISyntaxException)
LoggerFactory(org.slf4j.LoggerFactory)
Path(javax.ws.rs.Path)
BundleDTO(org.apache.nifi.web.api.dto.BundleDTO)
ApiOperation(io.swagger.annotations.ApiOperation)
AuthorizeControllerServiceReference(org.apache.nifi.authorization.AuthorizeControllerServiceReference)
QueryParam(javax.ws.rs.QueryParam)
Consumes(javax.ws.rs.Consumes)
TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO)
ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
DefaultValue(javax.ws.rs.DefaultValue)
URI(java.net.URI)
ThreadFactory(java.util.concurrent.ThreadFactory)
NodeResponse(org.apache.nifi.cluster.manager.NodeResponse)
DELETE(javax.ws.rs.DELETE)
Context(javax.ws.rs.core.Context)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO)
ApiImplicitParam(io.swagger.annotations.ApiImplicitParam)
Collection(java.util.Collection)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
UUID(java.util.UUID)
BundleUtils(org.apache.nifi.util.BundleUtils)
PortEntity(org.apache.nifi.web.api.entity.PortEntity)
LongParameter(org.apache.nifi.web.api.request.LongParameter)
JAXBException(javax.xml.bind.JAXBException)
Collectors(java.util.stream.Collectors)
List(java.util.List)
Response(javax.ws.rs.core.Response)
ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity)
ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO)
ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState)
CopySnippetRequestEntity(org.apache.nifi.web.api.entity.CopySnippetRequestEntity)
Authentication(org.springframework.security.core.Authentication)
Pause(org.apache.nifi.web.util.Pause)
FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO)
RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO)
PathParam(javax.ws.rs.PathParam)
Bucket(org.apache.nifi.registry.bucket.Bucket)
Revision(org.apache.nifi.web.Revision)
ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor)
HashMap(java.util.HashMap)
ApiResponses(io.swagger.annotations.ApiResponses)
Function(java.util.function.Function)
AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO)
ConcurrentMap(java.util.concurrent.ConcurrentMap)
FlowRegistryUtils(org.apache.nifi.registry.flow.FlowRegistryUtils)
CreateTemplateRequestEntity(org.apache.nifi.web.api.entity.CreateTemplateRequestEntity)
VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO)
VariableRegistryUpdateRequestEntity(org.apache.nifi.web.api.entity.VariableRegistryUpdateRequestEntity)
NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)
Status(javax.ws.rs.core.Response.Status)
JAXBContext(javax.xml.bind.JAXBContext)
ExecutorService(java.util.concurrent.ExecutorService)
Unmarshaller(javax.xml.bind.Unmarshaller)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
Logger(org.slf4j.Logger)
POST(javax.ws.rs.POST)
ProcessorsEntity(org.apache.nifi.web.api.entity.ProcessorsEntity)
VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity)
VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
TimeUnit(java.util.concurrent.TimeUnit)
Consumer(java.util.function.Consumer)
LabelEntity(org.apache.nifi.web.api.entity.LabelEntity)
ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity)
NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils)
PUT(javax.ws.rs.PUT)
Authorization(io.swagger.annotations.Authorization)
Collections(java.util.Collections)
InputStream(java.io.InputStream)
ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity)
RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity)
FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO)
FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 24 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupResource method deleteVariableRegistryUpdateRequest.
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{groupId}/variable-registry/update-requests/{updateId}")
@ApiOperation(value = "Deletes an update request for a process group's variable registry. If the request is not yet complete, it will automatically be cancelled.", response = VariableRegistryUpdateRequestEntity.class, notes = NON_GUARANTEED_ENDPOINT, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response deleteVariableRegistryUpdateRequest(@ApiParam(value = "The process group id.", required = true) @PathParam("groupId") final String groupId, @ApiParam(value = "The ID of the Variable Registry Update Request", required = true) @PathParam("updateId") final String updateId) {
if (groupId == null || updateId == null) {
throw new IllegalArgumentException("Group ID and Update ID must both be specified.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.READ, user);
processGroup.authorize(authorizer, RequestAction.WRITE, user);
});
final VariableRegistryUpdateRequest request = varRegistryUpdateRequests.remove(updateId);
if (request == null) {
throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId);
}
if (!groupId.equals(request.getProcessGroupId())) {
throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId + " for Process Group with identifier " + groupId);
}
if (!user.equals(request.getUser())) {
throw new IllegalArgumentException("Only the user that submitted the update request can remove it.");
}
request.cancel();
final VariableRegistryUpdateRequestEntity entity = new VariableRegistryUpdateRequestEntity();
entity.setRequest(dtoFactory.createVariableRegistryUpdateRequestDto(request));
entity.setProcessGroupRevision(request.getProcessGroupRevision());
entity.getRequest().setUri(generateResourceUri("process-groups", groupId, "variable-registry", updateId));
return generateOkResponse(entity).build();
}
Also used :
VariableRegistryUpdateRequest(org.apache.nifi.registry.variable.VariableRegistryUpdateRequest)
VariableRegistryUpdateRequestEntity(org.apache.nifi.web.api.entity.VariableRegistryUpdateRequestEntity)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 25 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupResource method getVariableRegistryUpdateRequest.
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{groupId}/variable-registry/update-requests/{updateId}")
@ApiOperation(value = "Gets a process group's variable registry", response = VariableRegistryUpdateRequestEntity.class, notes = NON_GUARANTEED_ENDPOINT, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getVariableRegistryUpdateRequest(@ApiParam(value = "The process group id.", required = true) @PathParam("groupId") final String groupId, @ApiParam(value = "The ID of the Variable Registry Update Request", required = true) @PathParam("updateId") final String updateId) {
if (groupId == null || updateId == null) {
throw new IllegalArgumentException("Group ID and Update ID must both be specified.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.READ, user);
});
final VariableRegistryUpdateRequest request = varRegistryUpdateRequests.get(updateId);
if (request == null) {
throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId);
}
if (!groupId.equals(request.getProcessGroupId())) {
throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId + " for Process Group with identifier " + groupId);
}
if (!user.equals(request.getUser())) {
throw new IllegalArgumentException("Only the user that submitted the update request can retrieve it.");
}
final VariableRegistryUpdateRequestEntity entity = new VariableRegistryUpdateRequestEntity();
entity.setRequest(dtoFactory.createVariableRegistryUpdateRequestDto(request));
entity.setProcessGroupRevision(request.getProcessGroupRevision());
entity.getRequest().setUri(generateResourceUri("process-groups", groupId, "variable-registry", updateId));
return generateOkResponse(entity).build();
}
Also used :
VariableRegistryUpdateRequest(org.apache.nifi.registry.variable.VariableRegistryUpdateRequest)
VariableRegistryUpdateRequestEntity(org.apache.nifi.web.api.entity.VariableRegistryUpdateRequestEntity)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)127
Date (java.util.Date)47
FlowChangeAction (org.apache.nifi.action.FlowChangeAction)42
ArrayList (java.util.ArrayList)33
Authorizable (org.apache.nifi.authorization.resource.Authorizable)32
Action (org.apache.nifi.action.Action)29
HashMap (java.util.HashMap)27
Map (java.util.Map)26
AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)26
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)26
IOException (java.io.IOException)25
Set (java.util.Set)25
ScheduledState (org.apache.nifi.controller.ScheduledState)25
Collectors (java.util.stream.Collectors)24
UUID (java.util.UUID)23
ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)22
AffectedComponentDTO (org.apache.nifi.web.api.dto.AffectedComponentDTO)22
DtoFactory (org.apache.nifi.web.api.dto.DtoFactory)22
AffectedComponentEntity (org.apache.nifi.web.api.entity.AffectedComponentEntity)22
ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)22
