Search in sources :

Example 41 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class ProcessorAuditor method generateAuditRecord.

/**
 * Generates an audit record for the creation of a processor.
 *
 * @param processor processor
 * @param operation operation
 * @param actionDetails details
 * @return action
 */
public Action generateAuditRecord(ProcessorNode processor, Operation operation, ActionDetails actionDetails) {
    FlowChangeAction action = null;
    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();
    // ensure the user was found
    if (user != null) {
        // create the processor details
        FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails();
        processorDetails.setType(processor.getComponentType());
        // create the processor action for adding this processor
        action = new FlowChangeAction();
        action.setUserIdentity(user.getIdentity());
        action.setOperation(operation);
        action.setTimestamp(new Date());
        action.setSourceId(processor.getIdentifier());
        action.setSourceName(processor.getName());
        action.setSourceType(Component.Processor);
        action.setComponentDetails(processorDetails);
        if (actionDetails != null) {
            action.setActionDetails(actionDetails);
        }
    }
    return action;
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) FlowChangeExtensionDetails(org.apache.nifi.action.component.details.FlowChangeExtensionDetails) Date(java.util.Date) FlowChangeAction(org.apache.nifi.action.FlowChangeAction)

Example 42 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class RemoteProcessGroupAuditor method generateAuditRecord.

/**
 * Generates an audit record for the specified remote process group.
 *
 * @param remoteProcessGroup group
 * @param operation operation
 * @param actionDetails details
 * @return action
 */
public Action generateAuditRecord(RemoteProcessGroup remoteProcessGroup, Operation operation, ActionDetails actionDetails) {
    FlowChangeAction action = null;
    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();
    // ensure the user was found
    if (user != null) {
        // create the remote process group details
        FlowChangeRemoteProcessGroupDetails remoteProcessGroupDetails = createFlowChangeDetails(remoteProcessGroup);
        // create the remote process group action
        action = new FlowChangeAction();
        action.setUserIdentity(user.getIdentity());
        action.setOperation(operation);
        action.setTimestamp(new Date());
        action.setSourceId(remoteProcessGroup.getIdentifier());
        action.setSourceName(remoteProcessGroup.getName());
        action.setSourceType(Component.RemoteProcessGroup);
        action.setComponentDetails(remoteProcessGroupDetails);
        if (actionDetails != null) {
            action.setActionDetails(actionDetails);
        }
    }
    return action;
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) FlowChangeRemoteProcessGroupDetails(org.apache.nifi.action.component.details.FlowChangeRemoteProcessGroupDetails) Date(java.util.Date) FlowChangeAction(org.apache.nifi.action.FlowChangeAction)

Example 43 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class RemoteProcessGroupAuditor method auditUpdateProcessGroupConfiguration.

/**
 * Audits the update of remote process group configuration.
 *
 * @param proceedingJoinPoint   join point
 * @param remoteProcessGroupDTO dto
 * @param remoteProcessGroupDAO dao
 * @return group
 * @throws Throwable ex
 */
@Around("within(org.apache.nifi.web.dao.RemoteProcessGroupDAO+) && " + "execution(org.apache.nifi.groups.RemoteProcessGroup updateRemoteProcessGroup(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO)) && " + "args(remoteProcessGroupDTO) && " + "target(remoteProcessGroupDAO)")
public RemoteProcessGroup auditUpdateProcessGroupConfiguration(ProceedingJoinPoint proceedingJoinPoint, RemoteProcessGroupDTO remoteProcessGroupDTO, RemoteProcessGroupDAO remoteProcessGroupDAO) throws Throwable {
    final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupDTO.getId());
    // record the current value of this remoteProcessGroups configuration for comparisons later
    final boolean transmissionState = remoteProcessGroup.isTransmitting();
    final Map<String, Object> previousValues = ConfigurationRecorder.capturePreviousValues(CONFIG_RECORDERS, remoteProcessGroup);
    // perform the underlying operation
    final RemoteProcessGroup updatedRemoteProcessGroup = (RemoteProcessGroup) proceedingJoinPoint.proceed();
    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();
    // ensure the user was found
    if (user != null) {
        final Collection<ActionDetails> details = new ArrayList<>();
        // see if any property has changed
        ConfigurationRecorder.checkConfigured(CONFIG_RECORDERS, remoteProcessGroupDTO, updatedRemoteProcessGroup, previousValues, details);
        final Date timestamp = new Date();
        final Collection<Action> actions = new ArrayList<>();
        // create the remote process group details
        final FlowChangeRemoteProcessGroupDetails remoteProcessGroupDetails = createFlowChangeDetails(remoteProcessGroup);
        // save the actions if necessary
        if (!details.isEmpty()) {
            // create the actions
            for (ActionDetails detail : details) {
                // create a configure action for each updated property
                FlowChangeAction remoteProcessGroupAction = createFlowChangeAction(user, timestamp, updatedRemoteProcessGroup, remoteProcessGroupDetails);
                remoteProcessGroupAction.setOperation(Operation.Configure);
                remoteProcessGroupAction.setActionDetails(detail);
                actions.add(remoteProcessGroupAction);
            }
        }
        // determine the new executing state
        boolean updatedTransmissionState = updatedRemoteProcessGroup.isTransmitting();
        // determine if the running state has changed
        if (transmissionState != updatedTransmissionState) {
            // create a remote process group action
            FlowChangeAction remoteProcessGroupAction = createFlowChangeAction(user, timestamp, updatedRemoteProcessGroup, remoteProcessGroupDetails);
            // set the operation accordingly
            if (updatedTransmissionState) {
                remoteProcessGroupAction.setOperation(Operation.Start);
            } else {
                remoteProcessGroupAction.setOperation(Operation.Stop);
            }
            actions.add(remoteProcessGroupAction);
        }
        // ensure there are actions to record
        if (!actions.isEmpty()) {
            // save the actions
            saveActions(actions, logger);
        }
    }
    return updatedRemoteProcessGroup;
}
Also used : RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Action(org.apache.nifi.action.Action) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ArrayList(java.util.ArrayList) FlowChangeRemoteProcessGroupDetails(org.apache.nifi.action.component.details.FlowChangeRemoteProcessGroupDetails) Date(java.util.Date) ActionDetails(org.apache.nifi.action.details.ActionDetails) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Around(org.aspectj.lang.annotation.Around)

Example 44 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class ReportingTaskAuditor method updateReportingTaskAdvice.

/**
 * Audits the configuration of a reporting task.
 *
 * @param proceedingJoinPoint joinpoint
 * @param reportingTaskDTO dto
 * @param reportingTaskDAO dao
 * @return object
 * @throws Throwable ex
 */
@Around("within(org.apache.nifi.web.dao.ReportingTaskDAO+) && " + "execution(org.apache.nifi.controller.ReportingTaskNode updateReportingTask(org.apache.nifi.web.api.dto.ReportingTaskDTO)) && " + "args(reportingTaskDTO) && " + "target(reportingTaskDAO)")
public Object updateReportingTaskAdvice(ProceedingJoinPoint proceedingJoinPoint, ReportingTaskDTO reportingTaskDTO, ReportingTaskDAO reportingTaskDAO) throws Throwable {
    // determine the initial values for each property/setting thats changing
    ReportingTaskNode reportingTask = reportingTaskDAO.getReportingTask(reportingTaskDTO.getId());
    final Map<String, String> values = extractConfiguredPropertyValues(reportingTask, reportingTaskDTO);
    final ScheduledState scheduledState = reportingTask.getScheduledState();
    // update the reporting task state
    final ReportingTaskNode updatedReportingTask = (ReportingTaskNode) proceedingJoinPoint.proceed();
    // if no exceptions were thrown, add the reporting task action...
    reportingTask = reportingTaskDAO.getReportingTask(updatedReportingTask.getIdentifier());
    // get the current user
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    // ensure the user was found
    if (user != null) {
        // determine the updated values
        Map<String, String> updatedValues = extractConfiguredPropertyValues(reportingTask, reportingTaskDTO);
        // create the reporting task details
        FlowChangeExtensionDetails taskDetails = new FlowChangeExtensionDetails();
        taskDetails.setType(reportingTask.getComponentType());
        // create a reporting task action
        Date actionTimestamp = new Date();
        Collection<Action> actions = new ArrayList<>();
        // go through each updated value
        for (String property : updatedValues.keySet()) {
            String newValue = updatedValues.get(property);
            String oldValue = values.get(property);
            Operation operation = null;
            // determine the type of operation
            if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
                operation = Operation.Configure;
            }
            // create a configuration action accordingly
            if (operation != null) {
                // clear the value if this property is sensitive
                final PropertyDescriptor propertyDescriptor = reportingTask.getReportingTask().getPropertyDescriptor(property);
                if (propertyDescriptor != null && propertyDescriptor.isSensitive()) {
                    if (newValue != null) {
                        newValue = "********";
                    }
                    if (oldValue != null) {
                        oldValue = "********";
                    }
                } else if (ANNOTATION_DATA.equals(property)) {
                    if (newValue != null) {
                        newValue = "<annotation data not shown>";
                    }
                    if (oldValue != null) {
                        oldValue = "<annotation data not shown>";
                    }
                }
                final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
                actionDetails.setName(property);
                actionDetails.setValue(newValue);
                actionDetails.setPreviousValue(oldValue);
                // create a configuration action
                FlowChangeAction configurationAction = new FlowChangeAction();
                configurationAction.setUserIdentity(user.getIdentity());
                configurationAction.setOperation(operation);
                configurationAction.setTimestamp(actionTimestamp);
                configurationAction.setSourceId(reportingTask.getIdentifier());
                configurationAction.setSourceName(reportingTask.getName());
                configurationAction.setSourceType(Component.ReportingTask);
                configurationAction.setComponentDetails(taskDetails);
                configurationAction.setActionDetails(actionDetails);
                actions.add(configurationAction);
            }
        }
        // determine the new executing state
        final ScheduledState updatedScheduledState = reportingTask.getScheduledState();
        // determine if the running state has changed and its not disabled
        if (scheduledState != updatedScheduledState) {
            // create a reporting task action
            FlowChangeAction taskAction = new FlowChangeAction();
            taskAction.setUserIdentity(user.getIdentity());
            taskAction.setTimestamp(new Date());
            taskAction.setSourceId(reportingTask.getIdentifier());
            taskAction.setSourceName(reportingTask.getName());
            taskAction.setSourceType(Component.ReportingTask);
            taskAction.setComponentDetails(taskDetails);
            // set the operation accordingly
            if (ScheduledState.RUNNING.equals(updatedScheduledState)) {
                taskAction.setOperation(Operation.Start);
            } else if (ScheduledState.DISABLED.equals(updatedScheduledState)) {
                taskAction.setOperation(Operation.Disable);
            } else {
                // state is now stopped... consider the previous state
                if (ScheduledState.RUNNING.equals(scheduledState)) {
                    taskAction.setOperation(Operation.Stop);
                } else if (ScheduledState.DISABLED.equals(scheduledState)) {
                    taskAction.setOperation(Operation.Enable);
                }
            }
            actions.add(taskAction);
        }
        // ensure there are actions to record
        if (!actions.isEmpty()) {
            // save the actions
            saveActions(actions, logger);
        }
    }
    return updatedReportingTask;
}
Also used : FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Action(org.apache.nifi.action.Action) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ArrayList(java.util.ArrayList) Operation(org.apache.nifi.action.Operation) Date(java.util.Date) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) ScheduledState(org.apache.nifi.controller.ScheduledState) FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails) FlowChangeExtensionDetails(org.apache.nifi.action.component.details.FlowChangeExtensionDetails) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Around(org.aspectj.lang.annotation.Around)

Example 45 with NiFiUser

use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.

the class UserAuditor method updateUserAdvice.

/**
 * Audits the configuration of a single user.
 *
 * @param proceedingJoinPoint join point
 * @param userDTO dto
 * @param userDAO dao
 * @return node
 * @throws Throwable ex
 */
@Around("within(org.apache.nifi.web.dao.UserDAO+) && " + "execution(org.apache.nifi.authorization.User updateUser(org.apache.nifi.web.api.dto.UserDTO)) && " + "args(userDTO) && " + "target(userDAO)")
public User updateUserAdvice(ProceedingJoinPoint proceedingJoinPoint, UserDTO userDTO, UserDAO userDAO) throws Throwable {
    // determine the initial values for each property/setting that's changing
    User user = userDAO.getUser(userDTO.getId());
    final Map<String, String> values = extractConfiguredPropertyValues(user, userDTO);
    // update the user state
    final User updatedUser = (User) proceedingJoinPoint.proceed();
    // if no exceptions were thrown, add the user action...
    user = userDAO.getUser(updatedUser.getIdentifier());
    // get the current user
    NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
    // ensure the user was found
    if (niFiUser != null) {
        // determine the updated values
        Map<String, String> updatedValues = extractConfiguredPropertyValues(user, userDTO);
        // create a user action
        Date actionTimestamp = new Date();
        Collection<Action> actions = new ArrayList<>();
        // go through each updated value
        for (String property : updatedValues.keySet()) {
            String newValue = updatedValues.get(property);
            String oldValue = values.get(property);
            Operation operation = null;
            // determine the type of operation
            if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
                operation = Operation.Configure;
            }
            // create a configuration action accordingly
            if (operation != null) {
                final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
                actionDetails.setName(property);
                actionDetails.setValue(newValue);
                actionDetails.setPreviousValue(oldValue);
                // create a configuration action
                FlowChangeAction configurationAction = new FlowChangeAction();
                configurationAction.setUserIdentity(niFiUser.getIdentity());
                configurationAction.setOperation(operation);
                configurationAction.setTimestamp(actionTimestamp);
                configurationAction.setSourceId(user.getIdentifier());
                configurationAction.setSourceName(user.getIdentity());
                configurationAction.setSourceType(Component.User);
                configurationAction.setActionDetails(actionDetails);
                actions.add(configurationAction);
            }
        }
        // ensure there are actions to record
        if (!actions.isEmpty()) {
            // save the actions
            saveActions(actions, logger);
        }
    }
    return updatedUser;
}
Also used : FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Action(org.apache.nifi.action.Action) User(org.apache.nifi.authorization.User) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) FlowChangeConfigureDetails(org.apache.nifi.action.details.FlowChangeConfigureDetails) ArrayList(java.util.ArrayList) Operation(org.apache.nifi.action.Operation) Date(java.util.Date) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Around(org.aspectj.lang.annotation.Around)

Aggregations

NiFiUser (org.apache.nifi.authorization.user.NiFiUser)127 Date (java.util.Date)47 FlowChangeAction (org.apache.nifi.action.FlowChangeAction)42 ArrayList (java.util.ArrayList)33 Authorizable (org.apache.nifi.authorization.resource.Authorizable)32 Action (org.apache.nifi.action.Action)29 HashMap (java.util.HashMap)27 Map (java.util.Map)26 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)26 RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)26 IOException (java.io.IOException)25 Set (java.util.Set)25 ScheduledState (org.apache.nifi.controller.ScheduledState)25 Collectors (java.util.stream.Collectors)24 UUID (java.util.UUID)23 ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)22 AffectedComponentDTO (org.apache.nifi.web.api.dto.AffectedComponentDTO)22 DtoFactory (org.apache.nifi.web.api.dto.DtoFactory)22 AffectedComponentEntity (org.apache.nifi.web.api.entity.AffectedComponentEntity)22 ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)22