Example 36 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ControllerServiceAuditor method generateAuditRecord.
/**
* Generates an audit record for the creation of a controller service.
*
* @param controllerService service
* @param operation operation
* @param actionDetails details
* @return action
*/
private Action generateAuditRecord(ControllerServiceNode controllerService, Operation operation, ActionDetails actionDetails) {
FlowChangeAction action = null;
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// create the controller service details
FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
serviceDetails.setType(controllerService.getComponentType());
// create the controller service action for adding this controller service
action = new FlowChangeAction();
action.setUserIdentity(user.getIdentity());
action.setOperation(operation);
action.setTimestamp(new Date());
action.setSourceId(controllerService.getIdentifier());
action.setSourceName(controllerService.getName());
action.setSourceType(Component.ControllerService);
action.setComponentDetails(serviceDetails);
if (actionDetails != null) {
action.setActionDetails(actionDetails);
}
}
return action;
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
FlowChangeExtensionDetails(org.apache.nifi.action.component.details.FlowChangeExtensionDetails)
Date(java.util.Date)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Example 37 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ControllerServiceAuditor method updateControllerServiceAdvice.
/**
* Audits the configuration of a single controller service.
*
* @param proceedingJoinPoint join point
* @param controllerServiceDTO dto
* @param controllerServiceDAO dao
* @return object
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ControllerServiceDAO+) && " + "execution(org.apache.nifi.controller.service.ControllerServiceNode updateControllerService(org.apache.nifi.web.api.dto.ControllerServiceDTO)) && " + "args(controllerServiceDTO) && " + "target(controllerServiceDAO)")
public Object updateControllerServiceAdvice(ProceedingJoinPoint proceedingJoinPoint, ControllerServiceDTO controllerServiceDTO, ControllerServiceDAO controllerServiceDAO) throws Throwable {
// determine the initial values for each property/setting that's changing
ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceDTO.getId());
final Map<String, String> values = extractConfiguredPropertyValues(controllerService, controllerServiceDTO);
final boolean isDisabled = isDisabled(controllerService);
// update the controller service state
final ControllerServiceNode updatedControllerService = (ControllerServiceNode) proceedingJoinPoint.proceed();
// if no exceptions were thrown, add the controller service action...
controllerService = controllerServiceDAO.getControllerService(updatedControllerService.getIdentifier());
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// determine the updated values
Map<String, String> updatedValues = extractConfiguredPropertyValues(controllerService, controllerServiceDTO);
// create the controller service details
FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
serviceDetails.setType(controllerService.getComponentType());
// create a controller service action
Date actionTimestamp = new Date();
Collection<Action> actions = new ArrayList<>();
// go through each updated value
for (String property : updatedValues.keySet()) {
String newValue = updatedValues.get(property);
String oldValue = values.get(property);
Operation operation = null;
// determine the type of operation
if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
operation = Operation.Configure;
}
// create a configuration action accordingly
if (operation != null) {
// clear the value if this property is sensitive
final PropertyDescriptor propertyDescriptor = controllerService.getControllerServiceImplementation().getPropertyDescriptor(property);
if (propertyDescriptor != null && propertyDescriptor.isSensitive()) {
if (newValue != null) {
newValue = "********";
}
if (oldValue != null) {
oldValue = "********";
}
} else if (ANNOTATION_DATA.equals(property)) {
if (newValue != null) {
newValue = "<annotation data not shown>";
}
if (oldValue != null) {
oldValue = "<annotation data not shown>";
}
}
final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
actionDetails.setName(property);
actionDetails.setValue(newValue);
actionDetails.setPreviousValue(oldValue);
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
configurationAction.setSourceId(controllerService.getIdentifier());
configurationAction.setSourceName(controllerService.getName());
configurationAction.setSourceType(Component.ControllerService);
configurationAction.setComponentDetails(serviceDetails);
configurationAction.setActionDetails(actionDetails);
actions.add(configurationAction);
}
}
// determine the new executing state
final boolean updateIsDisabled = isDisabled(updatedControllerService);
// determine if the running state has changed and its not disabled
if (isDisabled != updateIsDisabled) {
// create a controller service action
FlowChangeAction serviceAction = new FlowChangeAction();
serviceAction.setUserIdentity(user.getIdentity());
serviceAction.setTimestamp(new Date());
serviceAction.setSourceId(controllerService.getIdentifier());
serviceAction.setSourceName(controllerService.getName());
serviceAction.setSourceType(Component.ControllerService);
serviceAction.setComponentDetails(serviceDetails);
// set the operation accordingly
if (updateIsDisabled) {
serviceAction.setOperation(Operation.Disable);
} else {
serviceAction.setOperation(Operation.Enable);
}
actions.add(serviceAction);
}
// ensure there are actions to record
if (!actions.isEmpty()) {
// save the actions
saveActions(actions, logger);
}
}
return updatedControllerService;
}
Also used :
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Action(org.apache.nifi.action.Action)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
ArrayList(java.util.ArrayList)
Operation(org.apache.nifi.action.Operation)
Date(java.util.Date)
ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode)
FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails)
FlowChangeExtensionDetails(org.apache.nifi.action.component.details.FlowChangeExtensionDetails)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Around(org.aspectj.lang.annotation.Around)
Example 38 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupAuditor method generateAuditRecord.
/**
* Generates an audit record for the creation of a process group.
*
* @param processGroup group
* @param operation operation
* @param actionDetails details
* @return action
*/
public Action generateAuditRecord(ProcessGroup processGroup, Operation operation, ActionDetails actionDetails) {
FlowChangeAction action = null;
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// create the process group action for adding this process group
action = new FlowChangeAction();
action.setUserIdentity(user.getIdentity());
action.setOperation(operation);
action.setTimestamp(new Date());
action.setSourceId(processGroup.getIdentifier());
action.setSourceName(processGroup.getName());
action.setSourceType(Component.ProcessGroup);
if (actionDetails != null) {
action.setActionDetails(actionDetails);
}
}
return action;
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Date(java.util.Date)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Example 39 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessGroupAuditor method updateProcessGroupAdvice.
/**
* Audits the update of process group configuration.
*
* @param proceedingJoinPoint join point
* @param processGroupDTO dto
* @return group
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ProcessGroupDAO+) && " + "execution(org.apache.nifi.groups.ProcessGroup updateProcessGroup(org.apache.nifi.web.api.dto.ProcessGroupDTO)) && " + "args(processGroupDTO)")
public ProcessGroup updateProcessGroupAdvice(ProceedingJoinPoint proceedingJoinPoint, ProcessGroupDTO processGroupDTO) throws Throwable {
ProcessGroupDAO processGroupDAO = getProcessGroupDAO();
ProcessGroup processGroup = processGroupDAO.getProcessGroup(processGroupDTO.getId());
String name = processGroup.getName();
String comments = processGroup.getComments();
// perform the underlying operation
ProcessGroup updatedProcessGroup = (ProcessGroup) proceedingJoinPoint.proceed();
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
Collection<ActionDetails> details = new ArrayList<>();
// see if the name has changed
if (name != null && updatedProcessGroup.getName() != null && !name.equals(updatedProcessGroup.getName())) {
// create the config details
FlowChangeConfigureDetails configDetails = new FlowChangeConfigureDetails();
configDetails.setName("name");
configDetails.setValue(updatedProcessGroup.getName());
configDetails.setPreviousValue(name);
details.add(configDetails);
}
// see if the comments has changed
if (comments != null && updatedProcessGroup.getComments() != null && !comments.equals(updatedProcessGroup.getComments())) {
// create the config details
FlowChangeConfigureDetails configDetails = new FlowChangeConfigureDetails();
configDetails.setName("comments");
configDetails.setValue(updatedProcessGroup.getComments());
configDetails.setPreviousValue(comments);
details.add(configDetails);
}
// hold all actions
Collection<Action> actions = new ArrayList<>();
// save the actions if necessary
if (!details.isEmpty()) {
Date timestamp = new Date();
// create the actions
for (ActionDetails detail : details) {
// determine the type of operation being performed
Operation operation = Operation.Configure;
if (detail instanceof FlowChangeMoveDetails) {
operation = Operation.Move;
}
// create the port action for updating the name
FlowChangeAction processGroupAction = new FlowChangeAction();
processGroupAction.setUserIdentity(user.getIdentity());
processGroupAction.setOperation(operation);
processGroupAction.setTimestamp(timestamp);
processGroupAction.setSourceId(updatedProcessGroup.getIdentifier());
processGroupAction.setSourceName(updatedProcessGroup.getName());
processGroupAction.setSourceType(Component.ProcessGroup);
processGroupAction.setActionDetails(detail);
actions.add(processGroupAction);
}
}
// save actions if necessary
if (!actions.isEmpty()) {
saveActions(actions, logger);
}
}
return updatedProcessGroup;
}
Also used :
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Action(org.apache.nifi.action.Action)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
FlowChangeMoveDetails(org.apache.nifi.action.details.FlowChangeMoveDetails)
ArrayList(java.util.ArrayList)
Operation(org.apache.nifi.action.Operation)
Date(java.util.Date)
ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO)
FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails)
ProcessGroup(org.apache.nifi.groups.ProcessGroup)
ActionDetails(org.apache.nifi.action.details.ActionDetails)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Around(org.aspectj.lang.annotation.Around)
Example 40 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ProcessorAuditor method updateProcessorAdvice.
/**
* Audits the configuration of a single processor.
*
* @param proceedingJoinPoint join point
* @param processorDTO dto
* @param processorDAO dao
* @return node
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ProcessorDAO+) && " + "execution(org.apache.nifi.controller.ProcessorNode updateProcessor(org.apache.nifi.web.api.dto.ProcessorDTO)) && " + "args(processorDTO) && " + "target(processorDAO)")
public ProcessorNode updateProcessorAdvice(ProceedingJoinPoint proceedingJoinPoint, ProcessorDTO processorDTO, ProcessorDAO processorDAO) throws Throwable {
// determine the initial values for each property/setting that's changing
ProcessorNode processor = processorDAO.getProcessor(processorDTO.getId());
final Map<String, String> values = extractConfiguredPropertyValues(processor, processorDTO);
final ScheduledState scheduledState = processor.getScheduledState();
// update the processor state
final ProcessorNode updatedProcessor = (ProcessorNode) proceedingJoinPoint.proceed();
// if no exceptions were thrown, add the processor action...
processor = processorDAO.getProcessor(updatedProcessor.getIdentifier());
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// determine the updated values
Map<String, String> updatedValues = extractConfiguredPropertyValues(processor, processorDTO);
// create the processor details
FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails();
processorDetails.setType(processor.getComponentType());
// create a processor action
Date actionTimestamp = new Date();
Collection<Action> actions = new ArrayList<>();
// go through each updated value
for (String property : updatedValues.keySet()) {
String newValue = updatedValues.get(property);
String oldValue = values.get(property);
Operation operation = null;
// determine the type of operation
if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
operation = Operation.Configure;
}
// create a configuration action accordingly
if (operation != null) {
// clear the value if this property is sensitive
final PropertyDescriptor propertyDescriptor = processor.getProcessor().getPropertyDescriptor(property);
if (propertyDescriptor != null && propertyDescriptor.isSensitive()) {
if (newValue != null) {
newValue = "********";
}
if (oldValue != null) {
oldValue = "********";
}
} else if (ANNOTATION_DATA.equals(property)) {
if (newValue != null) {
newValue = "<annotation data not shown>";
}
if (oldValue != null) {
oldValue = "<annotation data not shown>";
}
}
final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
actionDetails.setName(property);
actionDetails.setValue(newValue);
actionDetails.setPreviousValue(oldValue);
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
configurationAction.setSourceId(processor.getIdentifier());
configurationAction.setSourceName(processor.getName());
configurationAction.setSourceType(Component.Processor);
configurationAction.setComponentDetails(processorDetails);
configurationAction.setActionDetails(actionDetails);
actions.add(configurationAction);
}
}
// determine the new executing state
final ScheduledState updatedScheduledState = processor.getScheduledState();
// determine if the running state has changed and its not disabled
if (scheduledState != updatedScheduledState) {
// create a processor action
FlowChangeAction processorAction = new FlowChangeAction();
processorAction.setUserIdentity(user.getIdentity());
processorAction.setTimestamp(new Date());
processorAction.setSourceId(processor.getIdentifier());
processorAction.setSourceName(processor.getName());
processorAction.setSourceType(Component.Processor);
processorAction.setComponentDetails(processorDetails);
// set the operation accordingly
if (ScheduledState.RUNNING.equals(updatedScheduledState)) {
processorAction.setOperation(Operation.Start);
} else if (ScheduledState.DISABLED.equals(updatedScheduledState)) {
processorAction.setOperation(Operation.Disable);
} else {
// state is now stopped... consider the previous state
if (ScheduledState.RUNNING.equals(scheduledState)) {
processorAction.setOperation(Operation.Stop);
} else if (ScheduledState.DISABLED.equals(scheduledState)) {
processorAction.setOperation(Operation.Enable);
}
}
actions.add(processorAction);
}
// ensure there are actions to record
if (!actions.isEmpty()) {
// save the actions
saveActions(actions, logger);
}
}
return updatedProcessor;
}
Also used :
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Action(org.apache.nifi.action.Action)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
ArrayList(java.util.ArrayList)
Operation(org.apache.nifi.action.Operation)
Date(java.util.Date)
ProcessorNode(org.apache.nifi.controller.ProcessorNode)
ScheduledState(org.apache.nifi.controller.ScheduledState)
FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails)
FlowChangeExtensionDetails(org.apache.nifi.action.component.details.FlowChangeExtensionDetails)
FlowChangeAction(org.apache.nifi.action.FlowChangeAction)
Around(org.aspectj.lang.annotation.Around)
Aggregations
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)127
Date (java.util.Date)47
FlowChangeAction (org.apache.nifi.action.FlowChangeAction)42
ArrayList (java.util.ArrayList)33
Authorizable (org.apache.nifi.authorization.resource.Authorizable)32
Action (org.apache.nifi.action.Action)29
HashMap (java.util.HashMap)27
Map (java.util.Map)26
AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)26
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)26
IOException (java.io.IOException)25
Set (java.util.Set)25
ScheduledState (org.apache.nifi.controller.ScheduledState)25
Collectors (java.util.stream.Collectors)24
UUID (java.util.UUID)23
ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)22
AffectedComponentDTO (org.apache.nifi.web.api.dto.AffectedComponentDTO)22
DtoFactory (org.apache.nifi.web.api.dto.DtoFactory)22
AffectedComponentEntity (org.apache.nifi.web.api.entity.AffectedComponentEntity)22
ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)22
