Example 1 with AccessPolicy
use of org.apache.nifi.registry.authorization.AccessPolicy in project nifi-registry by apache.
the class AuthorizationService method deleteAccessPolicy.
public AccessPolicy deleteAccessPolicy(String identifier) {
verifyAccessPolicyProviderIsConfigurable();
writeLock.lock();
try {
AccessPolicy deletedAccessPolicyDTO = getAccessPolicy(identifier);
if (deletedAccessPolicyDTO != null) {
((ConfigurableAccessPolicyProvider) accessPolicyProvider).deleteAccessPolicy(identifier);
}
return deletedAccessPolicyDTO;
} finally {
writeLock.unlock();
}
}
Also used :
ConfigurableAccessPolicyProvider(org.apache.nifi.registry.security.authorization.ConfigurableAccessPolicyProvider)
AccessPolicy(org.apache.nifi.registry.authorization.AccessPolicy)
Example 2 with AccessPolicy
use of org.apache.nifi.registry.authorization.AccessPolicy in project nifi-registry by apache.
the class SecureLdapIT method createAccessPoliciesSnapshot.
private List<AccessPolicy> createAccessPoliciesSnapshot() {
final AccessPolicySummary[] policySummaries = client.target(createURL("policies")).request().header("Authorization", "Bearer " + adminAuthToken).get(AccessPolicySummary[].class);
final List<AccessPolicy> policies = new ArrayList<>(policySummaries.length);
for (AccessPolicySummary s : policySummaries) {
AccessPolicy policy = client.target(createURL("policies/" + s.getIdentifier())).request().header("Authorization", "Bearer " + adminAuthToken).get(AccessPolicy.class);
policies.add(policy);
}
return policies;
}
Also used :
AccessPolicySummary(org.apache.nifi.registry.authorization.AccessPolicySummary)
ArrayList(java.util.ArrayList)
AccessPolicy(org.apache.nifi.registry.authorization.AccessPolicy)
Example 3 with AccessPolicy
use of org.apache.nifi.registry.authorization.AccessPolicy in project nifi-registry by apache.
the class SecureLdapIT method getPolicyByResourceAction.
/**
* A helper method to lookup access policies
*
* @return A string containing the identifier of the policy, or null if the policy identity is not found.
*/
private AccessPolicy getPolicyByResourceAction(String action, String resource) {
final AccessPolicySummary[] policies = client.target(createURL("policies")).request().header("Authorization", "Bearer " + adminAuthToken).get(AccessPolicySummary[].class);
final AccessPolicySummary matchedPolicy = Arrays.stream(policies).filter(p -> p.getAction().equalsIgnoreCase(action) && p.getResource().equalsIgnoreCase(resource)).findFirst().orElse(null);
if (matchedPolicy == null) {
return null;
}
String policyId = matchedPolicy.getIdentifier();
final AccessPolicy policy = client.target(createURL("policies/" + policyId)).request().header("Authorization", "Bearer " + adminAuthToken).get(AccessPolicy.class);
return policy;
}
Also used :
AccessPolicySummary(org.apache.nifi.registry.authorization.AccessPolicySummary)
AccessPolicy(org.apache.nifi.registry.authorization.AccessPolicy)
Example 4 with AccessPolicy
use of org.apache.nifi.registry.authorization.AccessPolicy in project nifi-registry by apache.
the class SecureLdapIT method restoreAccessPoliciesSnapshot.
private void restoreAccessPoliciesSnapshot(List<AccessPolicy> accessPoliciesSnapshot) {
List<AccessPolicy> currentAccessPolicies = createAccessPoliciesSnapshot();
Set<String> policiesToRestore = accessPoliciesSnapshot.stream().map(AccessPolicy::getIdentifier).collect(Collectors.toSet());
Set<String> policiesToDelete = currentAccessPolicies.stream().filter(p -> !policiesToRestore.contains(p.getIdentifier())).map(AccessPolicy::getIdentifier).collect(Collectors.toSet());
for (AccessPolicy originalPolicy : accessPoliciesSnapshot) {
Response getCurrentPolicy = client.target(createURL("policies/" + originalPolicy.getIdentifier())).request().header("Authorization", "Bearer " + adminAuthToken).get(Response.class);
if (getCurrentPolicy.getStatus() == 200) {
// update policy to match original
client.target(createURL("policies/" + originalPolicy.getIdentifier())).request().header("Authorization", "Bearer " + adminAuthToken).put(Entity.entity(originalPolicy, MediaType.APPLICATION_JSON));
} else {
// post the original policy
client.target(createURL("policies")).request().header("Authorization", "Bearer " + adminAuthToken).post(Entity.entity(originalPolicy, MediaType.APPLICATION_JSON));
}
}
for (String id : policiesToDelete) {
try {
client.target(createURL("policies/" + id)).request().header("Authorization", "Bearer " + adminAuthToken).delete();
} catch (Exception e) {
// do nothing
}
}
}
Also used :
Response(javax.ws.rs.core.Response)
AccessPolicy(org.apache.nifi.registry.authorization.AccessPolicy)
Example 5 with AccessPolicy
use of org.apache.nifi.registry.authorization.AccessPolicy in project nifi-registry by apache.
the class AccessPolicyResource method removeAccessPolicy.
/**
* Remove a specified access policy.
*
* @param httpServletRequest request
* @param identifier The id of the access policy to remove.
* @return The deleted access policy
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes an access policy", response = AccessPolicy.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "delete"), @ExtensionProperty(name = "resource", value = "/policies") }) })
@ApiResponses({ @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409 + " The NiFi Registry might not be configured to use a ConfigurableAccessPolicyProvider.") })
public Response removeAccessPolicy(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String identifier) {
verifyAuthorizerSupportsConfigurablePolicies();
authorizeAccess(RequestAction.DELETE);
AccessPolicy deletedPolicy = authorizationService.deleteAccessPolicy(identifier);
if (deletedPolicy == null) {
logger.warn("The specified access policy id [{}] does not exist.", identifier);
throw new ResourceNotFoundException("The specified policy does not exist in this registry.");
}
return generateOkResponse(deletedPolicy).build();
}
Also used :
ResourceNotFoundException(org.apache.nifi.registry.exception.ResourceNotFoundException)
AccessPolicy(org.apache.nifi.registry.authorization.AccessPolicy)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
AccessPolicy (org.apache.nifi.registry.authorization.AccessPolicy)11
ApiOperation (io.swagger.annotations.ApiOperation)5
ApiResponses (io.swagger.annotations.ApiResponses)5
Consumes (javax.ws.rs.Consumes)5
Produces (javax.ws.rs.Produces)5
Path (javax.ws.rs.Path)4
ResourceNotFoundException (org.apache.nifi.registry.exception.ResourceNotFoundException)3
GET (javax.ws.rs.GET)2
Response (javax.ws.rs.core.Response)2
AccessPolicySummary (org.apache.nifi.registry.authorization.AccessPolicySummary)2
ArrayList (java.util.ArrayList)1
DELETE (javax.ws.rs.DELETE)1
POST (javax.ws.rs.POST)1
PUT (javax.ws.rs.PUT)1
CurrentUser (org.apache.nifi.registry.authorization.CurrentUser)1
Permissions (org.apache.nifi.registry.authorization.Permissions)1
Tenant (org.apache.nifi.registry.authorization.Tenant)1
Bucket (org.apache.nifi.registry.bucket.Bucket)1
ConfigurableAccessPolicyProvider (org.apache.nifi.registry.security.authorization.ConfigurableAccessPolicyProvider)1
RequestAction (org.apache.nifi.registry.security.authorization.RequestAction)1
