Example 11 with PropertyValue
use of org.apache.nifi.components.PropertyValue in project nifi by apache.
the class LdapUserGroupProvider method setTimeout.
private void setTimeout(final AuthorizerConfigurationContext configurationContext, final Map<String, Object> baseEnvironment, final String configurationProperty, final String environmentKey) {
final PropertyValue rawTimeout = configurationContext.getProperty(configurationProperty);
if (rawTimeout.isSet()) {
try {
final Long timeout = FormatUtils.getTimeDuration(rawTimeout.getValue(), TimeUnit.MILLISECONDS);
baseEnvironment.put(environmentKey, timeout.toString());
} catch (final IllegalArgumentException iae) {
throw new AuthorizerCreationException(String.format("The %s '%s' is not a valid time duration", configurationProperty, rawTimeout));
}
}
}
Also used :
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
PropertyValue(org.apache.nifi.components.PropertyValue)
Example 12 with PropertyValue
use of org.apache.nifi.components.PropertyValue in project nifi by apache.
the class LdapUserGroupProvider method onConfigured.
@Override
public void onConfigured(final AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
final LdapContextSource context = new LdapContextSource();
final Map<String, Object> baseEnvironment = new HashMap<>();
// connect/read time out
setTimeout(configurationContext, baseEnvironment, PROP_CONNECT_TIMEOUT, "com.sun.jndi.ldap.connect.timeout");
setTimeout(configurationContext, baseEnvironment, PROP_READ_TIMEOUT, "com.sun.jndi.ldap.read.timeout");
// authentication strategy
final PropertyValue rawAuthenticationStrategy = configurationContext.getProperty(PROP_AUTHENTICATION_STRATEGY);
final LdapAuthenticationStrategy authenticationStrategy;
try {
authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy.getValue());
} catch (final IllegalArgumentException iae) {
throw new AuthorizerCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy.getValue(), StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
}
switch(authenticationStrategy) {
case ANONYMOUS:
context.setAnonymousReadOnly(true);
break;
default:
final String userDn = configurationContext.getProperty(PROP_MANAGER_DN).getValue();
final String password = configurationContext.getProperty(PROP_MANAGER_PASSWORD).getValue();
context.setUserDn(userDn);
context.setPassword(password);
switch(authenticationStrategy) {
case SIMPLE:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
break;
case LDAPS:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
// indicate a secure connection
baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
// get the configured ssl context
final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
if (ldapsSslContext != null) {
// initialize the ldaps socket factory prior to use
LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
}
break;
case START_TLS:
final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
// shutdown gracefully
final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully").getValue();
if (StringUtils.isNotBlank(rawShutdownGracefully)) {
final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
}
// get the configured ssl context
final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
if (startTlsSslContext != null) {
tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
}
// set the authentication strategy
context.setAuthenticationStrategy(tlsAuthenticationStrategy);
break;
}
break;
}
// referrals
final String rawReferralStrategy = configurationContext.getProperty(PROP_REFERRAL_STRATEGY).getValue();
final ReferralStrategy referralStrategy;
try {
referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
} catch (final IllegalArgumentException iae) {
throw new AuthorizerCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
}
// using the value as this needs to be the lowercase version while the value is configured with the enum constant
context.setReferral(referralStrategy.getValue());
// url
final String urls = configurationContext.getProperty(PROP_URL).getValue();
if (StringUtils.isBlank(urls)) {
throw new AuthorizerCreationException("LDAP identity provider 'Url' must be specified.");
}
// connection
context.setUrls(StringUtils.split(urls));
// raw user search base
final PropertyValue rawUserSearchBase = configurationContext.getProperty(PROP_USER_SEARCH_BASE);
final PropertyValue rawUserObjectClass = configurationContext.getProperty(PROP_USER_OBJECT_CLASS);
final PropertyValue rawUserSearchScope = configurationContext.getProperty(PROP_USER_SEARCH_SCOPE);
// if loading the users, ensure the object class set
if (rawUserSearchBase.isSet() && !rawUserObjectClass.isSet()) {
throw new AuthorizerCreationException("LDAP user group provider 'User Object Class' must be specified when 'User Search Base' is set.");
}
// if loading the users, ensure the search scope is set
if (rawUserSearchBase.isSet() && !rawUserSearchScope.isSet()) {
throw new AuthorizerCreationException("LDAP user group provider 'User Search Scope' must be specified when 'User Search Base' is set.");
}
// user search criteria
userSearchBase = rawUserSearchBase.getValue();
userObjectClass = rawUserObjectClass.getValue();
userSearchFilter = configurationContext.getProperty(PROP_USER_SEARCH_FILTER).getValue();
userIdentityAttribute = configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE).getValue();
userGroupNameAttribute = configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE).getValue();
userGroupReferencedGroupAttribute = configurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE).getValue();
try {
userSearchScope = SearchScope.valueOf(rawUserSearchScope.getValue());
} catch (final IllegalArgumentException iae) {
throw new AuthorizerCreationException(String.format("Unrecognized user search scope '%s'. Possible values are [%s]", rawUserSearchScope.getValue(), StringUtils.join(SearchScope.values(), ", ")));
}
// determine user behavior
useDnForUserIdentity = StringUtils.isBlank(userIdentityAttribute);
performUserSearch = StringUtils.isNotBlank(userSearchBase);
// raw group search criteria
final PropertyValue rawGroupSearchBase = configurationContext.getProperty(PROP_GROUP_SEARCH_BASE);
final PropertyValue rawGroupObjectClass = configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS);
final PropertyValue rawGroupSearchScope = configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE);
// if loading the groups, ensure the object class is set
if (rawGroupSearchBase.isSet() && !rawGroupObjectClass.isSet()) {
throw new AuthorizerCreationException("LDAP user group provider 'Group Object Class' must be specified when 'Group Search Base' is set.");
}
// if loading the groups, ensure the search scope is set
if (rawGroupSearchBase.isSet() && !rawGroupSearchScope.isSet()) {
throw new AuthorizerCreationException("LDAP user group provider 'Group Search Scope' must be specified when 'Group Search Base' is set.");
}
// group search criteria
groupSearchBase = rawGroupSearchBase.getValue();
groupObjectClass = rawGroupObjectClass.getValue();
groupSearchFilter = configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER).getValue();
groupNameAttribute = configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE).getValue();
groupMemberAttribute = configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE).getValue();
groupMemberReferencedUserAttribute = configurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE).getValue();
try {
groupSearchScope = SearchScope.valueOf(rawGroupSearchScope.getValue());
} catch (final IllegalArgumentException iae) {
throw new AuthorizerCreationException(String.format("Unrecognized group search scope '%s'. Possible values are [%s]", rawGroupSearchScope.getValue(), StringUtils.join(SearchScope.values(), ", ")));
}
// determine group behavior
useDnForGroupName = StringUtils.isBlank(groupNameAttribute);
performGroupSearch = StringUtils.isNotBlank(groupSearchBase);
// ensure we are either searching users or groups (at least one must be specified)
if (!performUserSearch && !performGroupSearch) {
throw new AuthorizerCreationException("LDAP user group provider 'User Search Base' or 'Group Search Base' must be specified.");
}
// ensure group member attribute is set if searching groups but not users
if (performGroupSearch && !performUserSearch && StringUtils.isBlank(groupMemberAttribute)) {
throw new AuthorizerCreationException("'Group Member Attribute' is required when searching groups but not users.");
}
// ensure that performUserSearch is set when groupMemberReferencedUserAttribute is specified
if (StringUtils.isNotBlank(groupMemberReferencedUserAttribute) && !performUserSearch) {
throw new AuthorizerCreationException("''User Search Base' must be set when specifying 'Group Member Attribute - Referenced User Attribute'.");
}
// ensure that performGroupSearch is set when userGroupReferencedGroupAttribute is specified
if (StringUtils.isNotBlank(userGroupReferencedGroupAttribute) && !performGroupSearch) {
throw new AuthorizerCreationException("'Group Search Base' must be set when specifying 'User Group Name Attribute - Referenced Group Attribute'.");
}
// get the page size if configured
final PropertyValue rawPageSize = configurationContext.getProperty(PROP_PAGE_SIZE);
if (rawPageSize.isSet() && StringUtils.isNotBlank(rawPageSize.getValue())) {
pageSize = rawPageSize.asInteger();
}
// extract the identity mappings from nifi.properties if any are provided
identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties));
// set the base environment is necessary
if (!baseEnvironment.isEmpty()) {
context.setBaseEnvironmentProperties(baseEnvironment);
}
try {
// handling initializing beans
context.afterPropertiesSet();
} catch (final Exception e) {
throw new AuthorizerCreationException(e.getMessage(), e);
}
final PropertyValue rawSyncInterval = configurationContext.getProperty(PROP_SYNC_INTERVAL);
final long syncInterval;
if (rawSyncInterval.isSet()) {
try {
syncInterval = FormatUtils.getTimeDuration(rawSyncInterval.getValue(), TimeUnit.MILLISECONDS);
} catch (final IllegalArgumentException iae) {
throw new AuthorizerCreationException(String.format("The %s '%s' is not a valid time duration", PROP_SYNC_INTERVAL, rawSyncInterval.getValue()));
}
if (syncInterval < MINIMUM_SYNC_INTERVAL_MILLISECONDS) {
throw new AuthorizerCreationException(String.format("The %s '%s' is below the minimum value of '%d ms'", PROP_SYNC_INTERVAL, rawSyncInterval.getValue(), MINIMUM_SYNC_INTERVAL_MILLISECONDS));
}
} else {
throw new AuthorizerCreationException(String.format("The '%s' must be specified.", PROP_SYNC_INTERVAL));
}
try {
// perform the initial load, tenants must be loaded as the configured UserGroupProvider is supplied
// to the AccessPolicyProvider for granting initial permissions
load(context);
// ensure the tenants were successfully synced
if (tenants.get() == null) {
throw new AuthorizerCreationException("Unable to sync users and groups.");
}
// schedule the background thread to load the users/groups
ldapSync.scheduleWithFixedDelay(() -> load(context), syncInterval, syncInterval, TimeUnit.MILLISECONDS);
} catch (final AuthorizationAccessException e) {
throw new AuthorizerCreationException(e);
}
}
Also used :
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
HashMap(java.util.HashMap)
SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
PropertyValue(org.apache.nifi.components.PropertyValue)
AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy)
LdapAuthenticationStrategy(org.apache.nifi.ldap.LdapAuthenticationStrategy)
SSLContext(javax.net.ssl.SSLContext)
LdapsSocketFactory(org.apache.nifi.ldap.LdapsSocketFactory)
NamingException(javax.naming.NamingException)
KeyStoreException(java.security.KeyStoreException)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
KeyManagementException(java.security.KeyManagementException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ProviderDestructionException(org.apache.nifi.authentication.exception.ProviderDestructionException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
AuthorizationAccessException(org.apache.nifi.authorization.exception.AuthorizationAccessException)
AuthorizationAccessException(org.apache.nifi.authorization.exception.AuthorizationAccessException)
ReferralStrategy(org.apache.nifi.ldap.ReferralStrategy)
DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)
Example 13 with PropertyValue
use of org.apache.nifi.components.PropertyValue in project nifi by apache.
the class ConsumeKafka method onScheduled.
@OnScheduled
public void onScheduled(final ProcessContext context) {
final PropertyValue heartbeatIntervalMsConfig = context.getProperty(ConsumerConfig.HEARTBEAT_INTERVAL_MS_CONFIG);
if (heartbeatIntervalMsConfig != null && heartbeatIntervalMsConfig.isSet()) {
heartbeatCheckIntervalMillis = heartbeatIntervalMsConfig.asInteger();
} else {
// Derived from org.apache.kafka.clients.consumer.ConsumerConfig.
heartbeatCheckIntervalMillis = 3_000;
}
// Without this, it remains -1 if downstream connections are full when this processor is scheduled at the 1st run after restart.
lastTriggeredTimestamp = System.currentTimeMillis();
// Stop previous connectionRetainer, if any, just in case, this shouldn't happen though
final ComponentLog logger = getLogger();
if (connectionRetainer != null) {
logger.warn("Connection retainer {} is still running, indicating something had happened.", new Object[] { connectionRetainer });
stopConnectionRetainer();
}
connectionRetainer = Executors.newSingleThreadScheduledExecutor();
connectionRetainer.scheduleAtFixedRate(() -> {
final long now = System.currentTimeMillis();
if (lastTriggeredTimestamp < 0 || lastTriggeredTimestamp > now - heartbeatCheckIntervalMillis) {
if (logger.isDebugEnabled()) {
logger.debug("No need to retain connection. Triggered at {}, {} millis ago.", new Object[] { lastTriggeredTimestamp, now - lastTriggeredTimestamp });
}
return;
}
try {
final ConsumerPool pool = getConsumerPool(context);
if (logger.isDebugEnabled()) {
final ConsumerPool.PoolStats stats = pool.getPoolStats();
logger.debug("Trying to retain connection. Obtained pool={}," + " leaseObtainedCount={}, consumerCreatedCount={}, consumerClosedCount={}", new Object[] { pool, stats.leasesObtainedCount, stats.consumerCreatedCount, stats.consumerClosedCount });
}
pool.retainConsumers();
} catch (final Exception e) {
logger.warn("Failed to retain connection due to {}", new Object[] { e }, e);
}
}, heartbeatCheckIntervalMillis, heartbeatCheckIntervalMillis, TimeUnit.MILLISECONDS);
}
Also used :
PropertyValue(org.apache.nifi.components.PropertyValue)
ComponentLog(org.apache.nifi.logging.ComponentLog)
KafkaException(org.apache.kafka.common.KafkaException)
ProcessException(org.apache.nifi.processor.exception.ProcessException)
WakeupException(org.apache.kafka.common.errors.WakeupException)
OnScheduled(org.apache.nifi.annotation.lifecycle.OnScheduled)
Example 14 with PropertyValue
use of org.apache.nifi.components.PropertyValue in project nifi by apache.
the class RouteOnAttribute method onTrigger.
@Override
public void onTrigger(final ProcessContext context, final ProcessSession session) {
FlowFile flowFile = session.get();
if (flowFile == null) {
return;
}
final ComponentLog logger = getLogger();
final Map<Relationship, PropertyValue> propMap = this.propertyMap;
final Set<Relationship> matchingRelationships = new HashSet<>();
for (final Map.Entry<Relationship, PropertyValue> entry : propMap.entrySet()) {
final PropertyValue value = entry.getValue();
final boolean matches = value.evaluateAttributeExpressions(flowFile).asBoolean();
if (matches) {
matchingRelationships.add(entry.getKey());
}
}
final Set<Relationship> destinationRelationships = new HashSet<>();
switch(context.getProperty(ROUTE_STRATEGY).getValue()) {
case routeAllMatchValue:
if (matchingRelationships.size() == propMap.size()) {
destinationRelationships.add(REL_MATCH);
} else {
destinationRelationships.add(REL_NO_MATCH);
}
break;
case routeAnyMatches:
if (matchingRelationships.isEmpty()) {
destinationRelationships.add(REL_NO_MATCH);
} else {
destinationRelationships.add(REL_MATCH);
}
break;
case routePropertyNameValue:
default:
destinationRelationships.addAll(matchingRelationships);
break;
}
if (destinationRelationships.isEmpty()) {
logger.info("Routing {} to unmatched", new Object[] { flowFile });
flowFile = session.putAttribute(flowFile, ROUTE_ATTRIBUTE_KEY, REL_NO_MATCH.getName());
session.getProvenanceReporter().route(flowFile, REL_NO_MATCH);
session.transfer(flowFile, REL_NO_MATCH);
} else {
final Iterator<Relationship> relationshipNameIterator = destinationRelationships.iterator();
final Relationship firstRelationship = relationshipNameIterator.next();
final Map<Relationship, FlowFile> transferMap = new HashMap<>();
final Set<FlowFile> clones = new HashSet<>();
// make all the clones for any remaining relationships
while (relationshipNameIterator.hasNext()) {
final Relationship relationship = relationshipNameIterator.next();
final FlowFile cloneFlowFile = session.clone(flowFile);
clones.add(cloneFlowFile);
transferMap.put(relationship, cloneFlowFile);
}
// now transfer any clones generated
for (final Map.Entry<Relationship, FlowFile> entry : transferMap.entrySet()) {
logger.info("Cloned {} into {} and routing clone to relationship {}", new Object[] { flowFile, entry.getValue(), entry.getKey() });
FlowFile updatedFlowFile = session.putAttribute(entry.getValue(), ROUTE_ATTRIBUTE_KEY, entry.getKey().getName());
session.getProvenanceReporter().route(updatedFlowFile, entry.getKey());
session.transfer(updatedFlowFile, entry.getKey());
}
// now transfer the original flow file
logger.info("Routing {} to {}", new Object[] { flowFile, firstRelationship });
session.getProvenanceReporter().route(flowFile, firstRelationship);
flowFile = session.putAttribute(flowFile, ROUTE_ATTRIBUTE_KEY, firstRelationship.getName());
session.transfer(flowFile, firstRelationship);
}
}
Also used :
FlowFile(org.apache.nifi.flowfile.FlowFile)
HashMap(java.util.HashMap)
PropertyValue(org.apache.nifi.components.PropertyValue)
ComponentLog(org.apache.nifi.logging.ComponentLog)
Relationship(org.apache.nifi.processor.Relationship)
DynamicRelationship(org.apache.nifi.annotation.behavior.DynamicRelationship)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 15 with PropertyValue
use of org.apache.nifi.components.PropertyValue in project nifi by apache.
the class RouteText method onScheduled.
/**
* When this processor is scheduled, update the dynamic properties into the map
* for quick access during each onTrigger call
*
* @param context ProcessContext used to retrieve dynamic properties
*/
@OnScheduled
public void onScheduled(final ProcessContext context) {
final String regex = context.getProperty(GROUPING_REGEX).getValue();
if (regex != null) {
groupingRegex = Pattern.compile(regex);
}
final Map<Relationship, PropertyValue> newPropertyMap = new HashMap<>();
for (final PropertyDescriptor descriptor : context.getProperties().keySet()) {
if (!descriptor.isDynamic()) {
continue;
}
getLogger().debug("Adding new dynamic property: {}", new Object[] { descriptor });
newPropertyMap.put(new Relationship.Builder().name(descriptor.getName()).build(), context.getProperty(descriptor));
}
this.propertyMap = newPropertyMap;
}
Also used :
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
HashMap(java.util.HashMap)
Relationship(org.apache.nifi.processor.Relationship)
DynamicRelationship(org.apache.nifi.annotation.behavior.DynamicRelationship)
PropertyValue(org.apache.nifi.components.PropertyValue)
OnScheduled(org.apache.nifi.annotation.lifecycle.OnScheduled)
Aggregations
PropertyValue (org.apache.nifi.components.PropertyValue)73
HashMap (java.util.HashMap)29
Test (org.junit.Test)22
StandardPropertyValue (org.apache.nifi.attribute.expression.language.StandardPropertyValue)21
ComponentLog (org.apache.nifi.logging.ComponentLog)18
PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)16
IOException (java.io.IOException)15
Map (java.util.Map)13
FlowFile (org.apache.nifi.flowfile.FlowFile)11
ProcessException (org.apache.nifi.processor.exception.ProcessException)11
MockPropertyValue (org.apache.nifi.util.MockPropertyValue)11
ArrayList (java.util.ArrayList)9
SSLContext (javax.net.ssl.SSLContext)7
Relationship (org.apache.nifi.processor.Relationship)7
AuthorizerCreationException (org.apache.nifi.authorization.exception.AuthorizerCreationException)6
File (java.io.File)5
DynamicRelationship (org.apache.nifi.annotation.behavior.DynamicRelationship)5
RecordSchema (org.apache.nifi.serialization.record.RecordSchema)5
SchemaIdentifier (org.apache.nifi.serialization.record.SchemaIdentifier)5
InvocationOnMock (org.mockito.invocation.InvocationOnMock)5
