Examples with AccessPolicyDTO org.apache.nifi.web.api.dto.AccessPolicyDTO used on opensource projects

Search in sources :

Example 6 with AccessPolicyDTO

use of org.apache.nifi.web.api.dto.AccessPolicyDTO in project nifi by apache.

the class AccessPolicyEntityMerger method mergeDtos.

private static void mergeDtos(final AccessPolicyDTO clientDto, final Map<NodeIdentifier, AccessPolicyDTO> dtoMap) {
    // if unauthorized for the client dto, simple return
    if (clientDto == null) {
        return;
    }
    final Set<TenantEntity> users = new HashSet<>(clientDto.getUsers());
    final Set<TenantEntity> userGroups = new HashSet<>(clientDto.getUserGroups());
    for (final Map.Entry<NodeIdentifier, AccessPolicyDTO> nodeEntry : dtoMap.entrySet()) {
        final AccessPolicyDTO nodeAccessPolicy = nodeEntry.getValue();
        if (nodeAccessPolicy != null) {
            users.retainAll(nodeAccessPolicy.getUsers());
            userGroups.retainAll(nodeAccessPolicy.getUserGroups());
        }
    }
    clientDto.setUsers(users);
    clientDto.setUserGroups(userGroups);
}
Also used : TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Map(java.util.Map) HashMap(java.util.HashMap) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) HashSet(java.util.HashSet)

Example 7 with AccessPolicyDTO

use of org.apache.nifi.web.api.dto.AccessPolicyDTO in project nifi by apache.

the class AccessPolicyEntityMergerTest method testMergeAccessPolicy.

@Test
public void testMergeAccessPolicy() throws Exception {
    final NodeIdentifier node1 = new NodeIdentifier("node-1", "host-1", 8080, "host-1", 19998, null, null, null, false);
    final NodeIdentifier node2 = new NodeIdentifier("node-2", "host-2", 8081, "host-2", 19999, null, null, null, false);
    final PermissionsDTO permissed = new PermissionsDTO();
    permissed.setCanRead(true);
    permissed.setCanWrite(true);
    final TenantDTO user1DTO = new TenantDTO();
    user1DTO.setId("user-1");
    final TenantEntity user1Entity = new TenantEntity();
    user1Entity.setPermissions(permissed);
    user1Entity.setId(user1DTO.getId());
    user1Entity.setComponent(user1DTO);
    final TenantDTO user2DTO = new TenantDTO();
    user1DTO.setId("user-2");
    final TenantEntity user2Entity = new TenantEntity();
    user2Entity.setPermissions(permissed);
    user2Entity.setId(user2DTO.getId());
    user2Entity.setComponent(user2DTO);
    final AccessPolicyDTO accessPolicy1DTO = new AccessPolicyDTO();
    accessPolicy1DTO.setId("policy-1");
    accessPolicy1DTO.setUsers(Stream.of(user1Entity, user2Entity).collect(Collectors.toSet()));
    accessPolicy1DTO.setUserGroups(Stream.of(user2Entity).collect(Collectors.toSet()));
    final AccessPolicyEntity accessPolicy1Entity = new AccessPolicyEntity();
    accessPolicy1Entity.setPermissions(permissed);
    accessPolicy1Entity.setId(accessPolicy1DTO.getId());
    accessPolicy1Entity.setComponent(accessPolicy1DTO);
    final AccessPolicyDTO accessPolicy2DTO = new AccessPolicyDTO();
    accessPolicy2DTO.setId("policy-2");
    accessPolicy2DTO.setUsers(Stream.of(user1Entity).collect(Collectors.toSet()));
    accessPolicy2DTO.setUserGroups(Stream.of(user1Entity, user2Entity).collect(Collectors.toSet()));
    final AccessPolicyEntity accessPolicy2Entity = new AccessPolicyEntity();
    accessPolicy2Entity.setPermissions(permissed);
    accessPolicy2Entity.setId(accessPolicy2DTO.getId());
    accessPolicy2Entity.setComponent(accessPolicy2DTO);
    final Map<NodeIdentifier, AccessPolicyEntity> nodeMap = new HashMap<>();
    nodeMap.put(node1, accessPolicy1Entity);
    nodeMap.put(node2, accessPolicy2Entity);
    final AccessPolicyEntityMerger merger = new AccessPolicyEntityMerger();
    merger.merge(accessPolicy1Entity, nodeMap);
    assertEquals(1, accessPolicy1DTO.getUserGroups().size());
    assertTrue(accessPolicy1DTO.getUsers().contains(user1Entity));
    assertEquals(1, accessPolicy1DTO.getUserGroups().size());
    assertTrue(accessPolicy1DTO.getUserGroups().contains(user2Entity));
}
Also used : TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) HashMap(java.util.HashMap) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) TenantDTO(org.apache.nifi.web.api.dto.TenantDTO) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Test(org.junit.Test)

Example 8 with AccessPolicyDTO

use of org.apache.nifi.web.api.dto.AccessPolicyDTO in project nifi by apache.

the class AccessPolicyResource method createAccessPolicy.

// -----------------------
// manage an access policy
// -----------------------
/**
 * Creates a new access policy.
 *
 * @param httpServletRequest request
 * @param requestAccessPolicyEntity An accessPolicyEntity.
 * @return An accessPolicyEntity.
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Creates an access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Write - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createAccessPolicy(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy configuration details.", required = true) final AccessPolicyEntity requestAccessPolicyEntity) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableAccessPolicyProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
    }
    if (requestAccessPolicyEntity == null || requestAccessPolicyEntity.getComponent() == null) {
        throw new IllegalArgumentException("Access policy details must be specified.");
    }
    if (requestAccessPolicyEntity.getRevision() == null || (requestAccessPolicyEntity.getRevision().getVersion() == null || requestAccessPolicyEntity.getRevision().getVersion() != 0)) {
        throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Policy.");
    }
    final AccessPolicyDTO requestAccessPolicy = requestAccessPolicyEntity.getComponent();
    if (requestAccessPolicy.getId() != null) {
        throw new IllegalArgumentException("Access policy ID cannot be specified.");
    }
    if (requestAccessPolicy.getResource() == null) {
        throw new IllegalArgumentException("Access policy resource must be specified.");
    }
    // ensure this is a valid action
    RequestAction.valueOfValue(requestAccessPolicy.getAction());
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST, requestAccessPolicyEntity);
    }
    // handle expects request (usually from the cluster manager)
    return withWriteLock(serviceFacade, requestAccessPolicyEntity, lookup -> {
        final Authorizable accessPolicies = lookup.getAccessPolicyByResource(requestAccessPolicy.getResource());
        accessPolicies.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, accessPolicyEntity -> {
        final AccessPolicyDTO accessPolicy = accessPolicyEntity.getComponent();
        // set the access policy id as appropriate
        accessPolicy.setId(generateUuid());
        // get revision from the config
        final RevisionDTO revisionDTO = accessPolicyEntity.getRevision();
        Revision revision = new Revision(revisionDTO.getVersion(), revisionDTO.getClientId(), accessPolicyEntity.getComponent().getId());
        // create the access policy and generate the json
        final AccessPolicyEntity entity = serviceFacade.createAccessPolicy(revision, accessPolicyEntity.getComponent());
        populateRemainingAccessPolicyEntityContent(entity);
        // build the response
        return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
    });
}
Also used : Revision(org.apache.nifi.web.Revision) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 9 with AccessPolicyDTO

use of org.apache.nifi.web.api.dto.AccessPolicyDTO in project nifi by apache.

the class AccessPolicyResource method updateAccessPolicy.

/**
 * Updates an access policy.
 *
 * @param httpServletRequest request
 * @param id                 The id of the access policy to update.
 * @param requestAccessPolicyEntity An accessPolicyEntity.
 * @return An accessPolicyEntity.
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Updates a access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Write - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateAccessPolicy(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The access policy configuration details.", required = true) final AccessPolicyEntity requestAccessPolicyEntity) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableAccessPolicyProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
    }
    if (requestAccessPolicyEntity == null || requestAccessPolicyEntity.getComponent() == null) {
        throw new IllegalArgumentException("Access policy details must be specified.");
    }
    if (requestAccessPolicyEntity.getRevision() == null) {
        throw new IllegalArgumentException("Revision must be specified.");
    }
    // ensure the ids are the same
    final AccessPolicyDTO requestAccessPolicyDTO = requestAccessPolicyEntity.getComponent();
    if (!id.equals(requestAccessPolicyDTO.getId())) {
        throw new IllegalArgumentException(String.format("The access policy id (%s) in the request body does not equal the " + "access policy id of the requested resource (%s).", requestAccessPolicyDTO.getId(), id));
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.PUT, requestAccessPolicyEntity);
    }
    // Extract the revision
    final Revision requestRevision = getRevision(requestAccessPolicyEntity, id);
    return withWriteLock(serviceFacade, requestAccessPolicyEntity, requestRevision, lookup -> {
        Authorizable authorizable = lookup.getAccessPolicyById(id);
        authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, (revision, accessPolicyEntity) -> {
        final AccessPolicyDTO accessPolicyDTO = accessPolicyEntity.getComponent();
        // update the access policy
        final AccessPolicyEntity entity = serviceFacade.updateAccessPolicy(revision, accessPolicyDTO);
        populateRemainingAccessPolicyEntityContent(entity);
        return generateOkResponse(entity).build();
    });
}
Also used : Revision(org.apache.nifi.web.Revision) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) PUT(javax.ws.rs.PUT) ApiResponses(io.swagger.annotations.ApiResponses)

Example 10 with AccessPolicyDTO

use of org.apache.nifi.web.api.dto.AccessPolicyDTO in project nifi by apache.

the class SnippetUtils method cloneComponentSpecificPolicies.

/**
 * Clones all the component specified policies for the specified original component. This will include the component resource, data resource
 * for the component, data transfer resource for the component, and policy resource for the component.
 *
 * @param originalComponentResource original component resource
 * @param clonedComponentResource cloned component resource
 * @param idGenerationSeed id generation seed
 */
private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) {
    if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
        return;
    }
    final Map<Resource, Resource> resources = new HashMap<>();
    resources.put(originalComponentResource, clonedComponentResource);
    resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource));
    resources.put(ResourceFactory.getDataTransferResource(originalComponentResource), ResourceFactory.getDataTransferResource(clonedComponentResource));
    resources.put(ResourceFactory.getPolicyResource(originalComponentResource), ResourceFactory.getPolicyResource(clonedComponentResource));
    for (final Entry<Resource, Resource> entry : resources.entrySet()) {
        final Resource originalResource = entry.getKey();
        final Resource cloneResource = entry.getValue();
        for (final RequestAction action : RequestAction.values()) {
            final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, originalResource.getIdentifier());
            // if there is a component specific policy we want to clone it for the new component
            if (accessPolicy != null) {
                final AccessPolicyDTO cloneAccessPolicy = new AccessPolicyDTO();
                cloneAccessPolicy.setId(generateId(accessPolicy.getIdentifier(), idGenerationSeed, true));
                cloneAccessPolicy.setAction(accessPolicy.getAction().toString());
                cloneAccessPolicy.setResource(cloneResource.getIdentifier());
                final Set<TenantEntity> users = new HashSet<>();
                accessPolicy.getUsers().forEach(userId -> {
                    final TenantEntity entity = new TenantEntity();
                    entity.setId(userId);
                    users.add(entity);
                });
                cloneAccessPolicy.setUsers(users);
                final Set<TenantEntity> groups = new HashSet<>();
                accessPolicy.getGroups().forEach(groupId -> {
                    final TenantEntity entity = new TenantEntity();
                    entity.setId(groupId);
                    groups.add(entity);
                });
                cloneAccessPolicy.setUserGroups(groups);
                // create the access policy for the cloned policy
                accessPolicyDAO.createAccessPolicy(cloneAccessPolicy);
            }
        }
    }
}
Also used : HashMap(java.util.HashMap) RequestAction(org.apache.nifi.authorization.RequestAction) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) Resource(org.apache.nifi.authorization.Resource) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Aggregations

AccessPolicyDTO (org.apache.nifi.web.api.dto.AccessPolicyDTO)10 TenantEntity (org.apache.nifi.web.api.entity.TenantEntity)6 HashMap (java.util.HashMap)5 PermissionsDTO (org.apache.nifi.web.api.dto.PermissionsDTO)5 AccessPolicyEntity (org.apache.nifi.web.api.entity.AccessPolicyEntity)5 Authorizable (org.apache.nifi.authorization.resource.Authorizable)4 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)4 AccessPolicy (org.apache.nifi.authorization.AccessPolicy)3 ComponentReferenceEntity (org.apache.nifi.web.api.entity.ComponentReferenceEntity)3 ApiOperation (io.swagger.annotations.ApiOperation)2 ApiResponses (io.swagger.annotations.ApiResponses)2 HashSet (java.util.HashSet)2 Map (java.util.Map)2 Consumes (javax.ws.rs.Consumes)2 Produces (javax.ws.rs.Produces)2 Resource (org.apache.nifi.authorization.Resource)2 Revision (org.apache.nifi.web.Revision)2 RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)2 TenantDTO (org.apache.nifi.web.api.dto.TenantDTO)2 Test (org.junit.Test)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial