Example 26 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupResource method createProcessor.
// ----------
// processors
// ----------
/**
* Creates a new processor.
*
* @param httpServletRequest request
* @param groupId The group id
* @param requestProcessorEntity A processorEntity.
* @return A processorEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/processors")
@ApiOperation(value = "Creates a new processor", response = ProcessorEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}"), @Authorization(value = "Write - if the Processor is restricted - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createProcessor(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") final String groupId, @ApiParam(value = "The processor configuration details.", required = true) final ProcessorEntity requestProcessorEntity) {
if (requestProcessorEntity == null || requestProcessorEntity.getComponent() == null) {
throw new IllegalArgumentException("Processor details must be specified.");
}
if (requestProcessorEntity.getRevision() == null || (requestProcessorEntity.getRevision().getVersion() == null || requestProcessorEntity.getRevision().getVersion() != 0)) {
throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
}
final ProcessorDTO requestProcessor = requestProcessorEntity.getComponent();
if (requestProcessor.getId() != null) {
throw new IllegalArgumentException("Processor ID cannot be specified.");
}
if (StringUtils.isBlank(requestProcessor.getType())) {
throw new IllegalArgumentException("The type of processor to create must be specified.");
}
final PositionDTO proposedPosition = requestProcessor.getPosition();
if (proposedPosition != null) {
if (proposedPosition.getX() == null || proposedPosition.getY() == null) {
throw new IllegalArgumentException("The x and y coordinate of the proposed position must be specified.");
}
}
if (requestProcessor.getParentGroupId() != null && !groupId.equals(requestProcessor.getParentGroupId())) {
throw new IllegalArgumentException(String.format("If specified, the parent process group id %s must be the same as specified in the URI %s", requestProcessor.getParentGroupId(), groupId));
}
requestProcessor.setParentGroupId(groupId);
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestProcessorEntity);
}
return withWriteLock(serviceFacade, requestProcessorEntity, lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.WRITE, user);
ComponentAuthorizable authorizable = null;
try {
authorizable = lookup.getConfigurableComponent(requestProcessor.getType(), requestProcessor.getBundle());
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
final ProcessorConfigDTO config = requestProcessor.getConfig();
if (config != null && config.getProperties() != null) {
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(config.getProperties(), authorizable, authorizer, lookup);
}
} finally {
if (authorizable != null) {
authorizable.cleanUpResources();
}
}
}, () -> serviceFacade.verifyCreateProcessor(requestProcessor), processorEntity -> {
final ProcessorDTO processor = processorEntity.getComponent();
// set the processor id as appropriate
processor.setId(generateUuid());
// create the new processor
final Revision revision = getRevision(processorEntity, processor.getId());
final ProcessorEntity entity = serviceFacade.createProcessor(revision, groupId, processor);
processorResource.populateRemainingProcessorEntityContent(entity);
// generate a 201 created response
String uri = entity.getUri();
return generateCreatedResponse(URI.create(uri), entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Revision(org.apache.nifi.web.Revision)
ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
PositionDTO(org.apache.nifi.web.api.dto.PositionDTO)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 27 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupResource method createControllerService.
// -------------------
// controller services
// -------------------
/**
* Creates a new Controller Service.
*
* @param httpServletRequest request
* @param requestControllerServiceEntity A controllerServiceEntity.
* @return A controllerServiceEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/controller-services")
@ApiOperation(value = "Creates a new controller service", response = ControllerServiceEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}"), @Authorization(value = "Write - if the Controller Service is restricted - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createControllerService(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") final String groupId, @ApiParam(value = "The controller service configuration details.", required = true) final ControllerServiceEntity requestControllerServiceEntity) {
if (requestControllerServiceEntity == null || requestControllerServiceEntity.getComponent() == null) {
throw new IllegalArgumentException("Controller service details must be specified.");
}
if (requestControllerServiceEntity.getRevision() == null || (requestControllerServiceEntity.getRevision().getVersion() == null || requestControllerServiceEntity.getRevision().getVersion() != 0)) {
throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Controller service.");
}
final ControllerServiceDTO requestControllerService = requestControllerServiceEntity.getComponent();
if (requestControllerService.getId() != null) {
throw new IllegalArgumentException("Controller service ID cannot be specified.");
}
if (StringUtils.isBlank(requestControllerService.getType())) {
throw new IllegalArgumentException("The type of controller service to create must be specified.");
}
if (requestControllerService.getParentGroupId() != null && !groupId.equals(requestControllerService.getParentGroupId())) {
throw new IllegalArgumentException(String.format("If specified, the parent process group id %s must be the same as specified in the URI %s", requestControllerService.getParentGroupId(), groupId));
}
requestControllerService.setParentGroupId(groupId);
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestControllerServiceEntity);
}
return withWriteLock(serviceFacade, requestControllerServiceEntity, lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
processGroup.authorize(authorizer, RequestAction.WRITE, user);
ComponentAuthorizable authorizable = null;
try {
authorizable = lookup.getConfigurableComponent(requestControllerService.getType(), requestControllerService.getBundle());
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
if (requestControllerService.getProperties() != null) {
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(requestControllerService.getProperties(), authorizable, authorizer, lookup);
}
} finally {
if (authorizable != null) {
authorizable.cleanUpResources();
}
}
}, () -> serviceFacade.verifyCreateControllerService(requestControllerService), controllerServiceEntity -> {
final ControllerServiceDTO controllerService = controllerServiceEntity.getComponent();
// set the processor id as appropriate
controllerService.setId(generateUuid());
// create the controller service and generate the json
final Revision revision = getRevision(controllerServiceEntity, controllerService.getId());
final ControllerServiceEntity entity = serviceFacade.createControllerService(revision, groupId, controllerService);
controllerServiceResource.populateRemainingControllerServiceEntityContent(entity);
// build the response
return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO)
ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Revision(org.apache.nifi.web.Revision)
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable)
ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 28 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupResource method authorizeSnippetUsage.
// ---------
// templates
// ---------
private SnippetAuthorizable authorizeSnippetUsage(final AuthorizableLookup lookup, final String groupId, final String snippetId, final boolean authorizeTransitiveServices) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure write access to the target process group
lookup.getProcessGroup(groupId).getAuthorizable().authorize(authorizer, RequestAction.WRITE, user);
// ensure read permission to every component in the snippet including referenced services
final SnippetAuthorizable snippet = lookup.getSnippet(snippetId);
authorizeSnippet(snippet, authorizer, lookup, RequestAction.READ, true, authorizeTransitiveServices);
return snippet;
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable)
Example 29 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessorResource method updateProcessor.
/**
* Updates the specified processor with the specified values.
*
* @param httpServletRequest request
* @param id The id of the processor to update.
* @param requestProcessorEntity A processorEntity.
* @return A processorEntity.
* @throws InterruptedException if interrupted
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
@ApiOperation(value = "Updates a processor", response = ProcessorEntity.class, authorizations = { @Authorization(value = "Write - /processors/{uuid}"), @Authorization(value = "Read - any referenced Controller Services if this request changes the reference - /controller-services/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateProcessor(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The processor id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The processor configuration details.", required = true) final ProcessorEntity requestProcessorEntity) throws InterruptedException {
if (requestProcessorEntity == null || requestProcessorEntity.getComponent() == null) {
throw new IllegalArgumentException("Processor details must be specified.");
}
if (requestProcessorEntity.getRevision() == null) {
throw new IllegalArgumentException("Revision must be specified.");
}
// ensure the same id is being used
final ProcessorDTO requestProcessorDTO = requestProcessorEntity.getComponent();
if (!id.equals(requestProcessorDTO.getId())) {
throw new IllegalArgumentException(String.format("The processor id (%s) in the request body does " + "not equal the processor id of the requested resource (%s).", requestProcessorDTO.getId(), id));
}
final PositionDTO proposedPosition = requestProcessorDTO.getPosition();
if (proposedPosition != null) {
if (proposedPosition.getX() == null || proposedPosition.getY() == null) {
throw new IllegalArgumentException("The x and y coordinate of the proposed position must be specified.");
}
}
if (isReplicateRequest()) {
return replicate(HttpMethod.PUT, requestProcessorEntity);
}
// handle expects request (usually from the cluster manager)
final Revision requestRevision = getRevision(requestProcessorEntity, id);
return withWriteLock(serviceFacade, requestProcessorEntity, requestRevision, lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final ComponentAuthorizable authorizable = lookup.getProcessor(id);
authorizable.getAuthorizable().authorize(authorizer, RequestAction.WRITE, user);
final ProcessorConfigDTO config = requestProcessorDTO.getConfig();
if (config != null) {
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(config.getProperties(), authorizable, authorizer, lookup);
}
}, () -> serviceFacade.verifyUpdateProcessor(requestProcessorDTO), (revision, processorEntity) -> {
final ProcessorDTO processorDTO = processorEntity.getComponent();
// update the processor
final ProcessorEntity entity = serviceFacade.updateProcessor(revision, processorDTO);
populateRemainingProcessorEntityContent(entity);
return generateOkResponse(entity).build();
});
}
Also used :
ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable)
ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO)
Revision(org.apache.nifi.web.Revision)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
PositionDTO(org.apache.nifi.web.api.dto.PositionDTO)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
PUT(javax.ws.rs.PUT)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 30 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ControllerFacade method submitReplay.
/**
* Submits a replay request for the specified event id.
*
* @param eventId event id
* @return provenance event
*/
public ProvenanceEventDTO submitReplay(final Long eventId) {
try {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user == null) {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
// lookup the original event
final ProvenanceEventRecord originalEvent = flowController.getProvenanceRepository().getEvent(eventId);
if (originalEvent == null) {
throw new ResourceNotFoundException("Unable to find the specified event.");
}
// authorize the replay
authorizeReplay(originalEvent);
// replay the flow file
final ProvenanceEventRecord event = flowController.replayFlowFile(originalEvent, user);
// convert the event record
return createProvenanceEventDto(event, false);
} catch (final IOException ioe) {
throw new NiFiCoreException("An error occurred while getting the specified event.", ioe);
}
}
Also used :
NiFiCoreException(org.apache.nifi.web.NiFiCoreException)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
WebApplicationException(javax.ws.rs.WebApplicationException)
ProvenanceEventRecord(org.apache.nifi.provenance.ProvenanceEventRecord)
IOException(java.io.IOException)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
Aggregations
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)127
Date (java.util.Date)47
FlowChangeAction (org.apache.nifi.action.FlowChangeAction)42
ArrayList (java.util.ArrayList)33
Authorizable (org.apache.nifi.authorization.resource.Authorizable)32
Action (org.apache.nifi.action.Action)29
HashMap (java.util.HashMap)27
Map (java.util.Map)26
AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)26
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)26
IOException (java.io.IOException)25
Set (java.util.Set)25
ScheduledState (org.apache.nifi.controller.ScheduledState)25
Collectors (java.util.stream.Collectors)24
UUID (java.util.UUID)23
ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)22
AffectedComponentDTO (org.apache.nifi.web.api.dto.AffectedComponentDTO)22
DtoFactory (org.apache.nifi.web.api.dto.DtoFactory)22
AffectedComponentEntity (org.apache.nifi.web.api.entity.AffectedComponentEntity)22
ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)22
