Search in sources :

Example 1 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class AccessPolicyResource method getAccessPolicy.

/**
 * Retrieves the specified access policy.
 *
 * @param id The id of the access policy to retrieve
 * @return An accessPolicyEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Gets an access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Read - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getAccessPolicy(@ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        Authorizable authorizable = lookup.getAccessPolicyById(id);
        authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the access policy
    final AccessPolicyEntity entity = serviceFacade.getAccessPolicy(id);
    populateRemainingAccessPolicyEntityContent(entity);
    return generateOkResponse(entity).build();
}
Also used : Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 2 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class AccessPolicyResource method removeAccessPolicy.

/**
 * Removes the specified access policy.
 *
 * @param httpServletRequest request
 * @param version            The revision is used to verify the client is working with
 *                           the latest version of the flow.
 * @param clientId           Optional client id. If the client id is not specified, a
 *                           new one will be generated. This value (whether specified or generated) is
 *                           included in the response.
 * @param id                 The id of the access policy to remove.
 * @return A entity containing the client id and an updated revision.
 */
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes an access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Write - /policies/{resource}"), @Authorization(value = "Write - Policy of the parent resource - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeAccessPolicy(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableAccessPolicyProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.DELETE);
    }
    final AccessPolicyEntity requestAccessPolicyEntity = new AccessPolicyEntity();
    requestAccessPolicyEntity.setId(id);
    // handle expects request (usually from the cluster manager)
    final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
    return withWriteLock(serviceFacade, requestAccessPolicyEntity, requestRevision, lookup -> {
        final Authorizable accessPolicy = lookup.getAccessPolicyById(id);
        // ensure write permission to the access policy
        accessPolicy.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        // ensure write permission to the policy for the parent process group
        accessPolicy.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, (revision, accessPolicyEntity) -> {
        // delete the specified access policy
        final AccessPolicyEntity entity = serviceFacade.deleteAccessPolicy(revision, accessPolicyEntity.getId());
        return generateOkResponse(entity).build();
    });
}
Also used : Revision(org.apache.nifi.web.Revision) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 3 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class UserGroupEntityMerger method mergeDtos.

private static void mergeDtos(final UserGroupDTO clientDto, final Map<NodeIdentifier, UserGroupDTO> dtoMap) {
    // if unauthorized for the client dto, simple return
    if (clientDto == null) {
        return;
    }
    final Set<AccessPolicyEntity> accessPolicyEntities = new HashSet<>(clientDto.getAccessPolicies());
    final Set<TenantEntity> userEntities = new HashSet<>(clientDto.getUsers());
    for (final Map.Entry<NodeIdentifier, UserGroupDTO> nodeEntry : dtoMap.entrySet()) {
        final UserGroupDTO nodeUserGroup = nodeEntry.getValue();
        if (nodeUserGroup != null) {
            accessPolicyEntities.retainAll(nodeUserGroup.getAccessPolicies());
            userEntities.retainAll(nodeUserGroup.getUsers());
        }
    }
    clientDto.setAccessPolicies(accessPolicyEntities);
    clientDto.setUsers(userEntities);
}
Also used : TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) Map(java.util.Map) HashMap(java.util.HashMap) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) HashSet(java.util.HashSet)

Example 4 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class UserGroupEntityMergerTest method testMergeAccessPolicy.

@Test
public void testMergeAccessPolicy() throws Exception {
    final NodeIdentifier node1 = new NodeIdentifier("node-1", "host-1", 8080, "host-1", 19998, null, null, null, false);
    final NodeIdentifier node2 = new NodeIdentifier("node-2", "host-2", 8081, "host-2", 19999, null, null, null, false);
    final PermissionsDTO permissed = new PermissionsDTO();
    permissed.setCanRead(true);
    permissed.setCanWrite(true);
    final TenantDTO user1DTO = new TenantDTO();
    user1DTO.setId("user-1");
    final TenantEntity user1Entity = new TenantEntity();
    user1Entity.setPermissions(permissed);
    user1Entity.setId(user1DTO.getId());
    user1Entity.setComponent(user1DTO);
    final TenantDTO user2DTO = new TenantDTO();
    user1DTO.setId("user-2");
    final TenantEntity user2Entity = new TenantEntity();
    user2Entity.setPermissions(permissed);
    user2Entity.setId(user2DTO.getId());
    user2Entity.setComponent(user2DTO);
    final AccessPolicyDTO policy1DTO = new AccessPolicyDTO();
    policy1DTO.setId("policy-1");
    final AccessPolicyEntity policy1Entity = new AccessPolicyEntity();
    policy1Entity.setPermissions(permissed);
    policy1Entity.setId(policy1DTO.getId());
    policy1Entity.setComponent(policy1DTO);
    final AccessPolicyDTO policy2DTO = new AccessPolicyDTO();
    policy2DTO.setId("policy-2");
    final AccessPolicyEntity policy2Entity = new AccessPolicyEntity();
    policy2Entity.setPermissions(permissed);
    policy2Entity.setId(policy2DTO.getId());
    policy2Entity.setComponent(policy2DTO);
    final UserGroupDTO userGroup1DTO = new UserGroupDTO();
    userGroup1DTO.setId("user-1");
    userGroup1DTO.setAccessPolicies(Stream.of(policy1Entity, policy2Entity).collect(Collectors.toSet()));
    userGroup1DTO.setUsers(Stream.of(user2Entity).collect(Collectors.toSet()));
    final UserGroupEntity userGroup1Entity = new UserGroupEntity();
    userGroup1Entity.setPermissions(permissed);
    userGroup1Entity.setId(userGroup1DTO.getId());
    userGroup1Entity.setComponent(userGroup1DTO);
    final UserGroupDTO userGroup2DTO = new UserGroupDTO();
    userGroup2DTO.setId("user-2");
    userGroup2DTO.setAccessPolicies(Stream.of(policy1Entity).collect(Collectors.toSet()));
    userGroup2DTO.setUsers(Stream.of(user1Entity, user2Entity).collect(Collectors.toSet()));
    final UserGroupEntity userGroup2Entity = new UserGroupEntity();
    userGroup2Entity.setPermissions(permissed);
    userGroup2Entity.setId(userGroup2DTO.getId());
    userGroup2Entity.setComponent(userGroup2DTO);
    final Map<NodeIdentifier, UserGroupEntity> nodeMap = new HashMap<>();
    nodeMap.put(node1, userGroup1Entity);
    nodeMap.put(node2, userGroup2Entity);
    final UserGroupEntityMerger merger = new UserGroupEntityMerger();
    merger.merge(userGroup1Entity, nodeMap);
    assertEquals(1, userGroup1DTO.getUsers().size());
    assertTrue(userGroup1DTO.getAccessPolicies().contains(policy1Entity));
    assertEquals(1, userGroup1DTO.getUsers().size());
    assertTrue(userGroup1DTO.getUsers().contains(user2Entity));
}
Also used : TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) HashMap(java.util.HashMap) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) TenantDTO(org.apache.nifi.web.api.dto.TenantDTO) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Test(org.junit.Test)

Example 5 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class AccessPolicyEntityMerger method mergeComponents.

/**
 * Merges the AccessPolicyEntity responses.
 *
 * @param clientEntity the entity being returned to the client
 * @param entityMap all node responses
 */
public void mergeComponents(final AccessPolicyEntity clientEntity, final Map<NodeIdentifier, AccessPolicyEntity> entityMap) {
    final AccessPolicyDTO clientDto = clientEntity.getComponent();
    final Map<NodeIdentifier, AccessPolicyDTO> dtoMap = new HashMap<>();
    for (final Map.Entry<NodeIdentifier, AccessPolicyEntity> entry : entityMap.entrySet()) {
        final AccessPolicyEntity nodeAccessPolicyEntity = entry.getValue();
        final AccessPolicyDTO nodeAccessPolicyDto = nodeAccessPolicyEntity.getComponent();
        dtoMap.put(entry.getKey(), nodeAccessPolicyDto);
    }
    mergeDtos(clientDto, dtoMap);
}
Also used : HashMap(java.util.HashMap) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) Map(java.util.Map) HashMap(java.util.HashMap) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity)

Aggregations

AccessPolicyEntity (org.apache.nifi.web.api.entity.AccessPolicyEntity)10 ApiOperation (io.swagger.annotations.ApiOperation)5 ApiResponses (io.swagger.annotations.ApiResponses)5 Consumes (javax.ws.rs.Consumes)5 Produces (javax.ws.rs.Produces)5 Authorizable (org.apache.nifi.authorization.resource.Authorizable)5 AccessPolicyDTO (org.apache.nifi.web.api.dto.AccessPolicyDTO)5 HashMap (java.util.HashMap)4 Path (javax.ws.rs.Path)4 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)4 Revision (org.apache.nifi.web.Revision)3 TenantEntity (org.apache.nifi.web.api.entity.TenantEntity)3 Map (java.util.Map)2 GET (javax.ws.rs.GET)2 PermissionsDTO (org.apache.nifi.web.api.dto.PermissionsDTO)2 TenantDTO (org.apache.nifi.web.api.dto.TenantDTO)2 UserGroupDTO (org.apache.nifi.web.api.dto.UserGroupDTO)2 Test (org.junit.Test)2 Date (java.util.Date)1 HashSet (java.util.HashSet)1