use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.
the class AccessPolicyResource method getAccessPolicy.
/**
* Retrieves the specified access policy.
*
* @param id The id of the access policy to retrieve
* @return An accessPolicyEntity.
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Gets an access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Read - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getAccessPolicy(@ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.GET);
}
// authorize access
serviceFacade.authorizeAccess(lookup -> {
Authorizable authorizable = lookup.getAccessPolicyById(id);
authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
});
// get the access policy
final AccessPolicyEntity entity = serviceFacade.getAccessPolicy(id);
populateRemainingAccessPolicyEntityContent(entity);
return generateOkResponse(entity).build();
}
use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.
the class AccessPolicyResource method removeAccessPolicy.
/**
* Removes the specified access policy.
*
* @param httpServletRequest request
* @param version The revision is used to verify the client is working with
* the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a
* new one will be generated. This value (whether specified or generated) is
* included in the response.
* @param id The id of the access policy to remove.
* @return A entity containing the client id and an updated revision.
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes an access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Write - /policies/{resource}"), @Authorization(value = "Write - Policy of the parent resource - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeAccessPolicy(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isConfigurableAccessPolicyProvider(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
final AccessPolicyEntity requestAccessPolicyEntity = new AccessPolicyEntity();
requestAccessPolicyEntity.setId(id);
// handle expects request (usually from the cluster manager)
final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
return withWriteLock(serviceFacade, requestAccessPolicyEntity, requestRevision, lookup -> {
final Authorizable accessPolicy = lookup.getAccessPolicyById(id);
// ensure write permission to the access policy
accessPolicy.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the policy for the parent process group
accessPolicy.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, (revision, accessPolicyEntity) -> {
// delete the specified access policy
final AccessPolicyEntity entity = serviceFacade.deleteAccessPolicy(revision, accessPolicyEntity.getId());
return generateOkResponse(entity).build();
});
}
use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.
the class UserGroupEntityMerger method mergeDtos.
private static void mergeDtos(final UserGroupDTO clientDto, final Map<NodeIdentifier, UserGroupDTO> dtoMap) {
// if unauthorized for the client dto, simple return
if (clientDto == null) {
return;
}
final Set<AccessPolicyEntity> accessPolicyEntities = new HashSet<>(clientDto.getAccessPolicies());
final Set<TenantEntity> userEntities = new HashSet<>(clientDto.getUsers());
for (final Map.Entry<NodeIdentifier, UserGroupDTO> nodeEntry : dtoMap.entrySet()) {
final UserGroupDTO nodeUserGroup = nodeEntry.getValue();
if (nodeUserGroup != null) {
accessPolicyEntities.retainAll(nodeUserGroup.getAccessPolicies());
userEntities.retainAll(nodeUserGroup.getUsers());
}
}
clientDto.setAccessPolicies(accessPolicyEntities);
clientDto.setUsers(userEntities);
}
use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.
the class UserGroupEntityMergerTest method testMergeAccessPolicy.
@Test
public void testMergeAccessPolicy() throws Exception {
final NodeIdentifier node1 = new NodeIdentifier("node-1", "host-1", 8080, "host-1", 19998, null, null, null, false);
final NodeIdentifier node2 = new NodeIdentifier("node-2", "host-2", 8081, "host-2", 19999, null, null, null, false);
final PermissionsDTO permissed = new PermissionsDTO();
permissed.setCanRead(true);
permissed.setCanWrite(true);
final TenantDTO user1DTO = new TenantDTO();
user1DTO.setId("user-1");
final TenantEntity user1Entity = new TenantEntity();
user1Entity.setPermissions(permissed);
user1Entity.setId(user1DTO.getId());
user1Entity.setComponent(user1DTO);
final TenantDTO user2DTO = new TenantDTO();
user1DTO.setId("user-2");
final TenantEntity user2Entity = new TenantEntity();
user2Entity.setPermissions(permissed);
user2Entity.setId(user2DTO.getId());
user2Entity.setComponent(user2DTO);
final AccessPolicyDTO policy1DTO = new AccessPolicyDTO();
policy1DTO.setId("policy-1");
final AccessPolicyEntity policy1Entity = new AccessPolicyEntity();
policy1Entity.setPermissions(permissed);
policy1Entity.setId(policy1DTO.getId());
policy1Entity.setComponent(policy1DTO);
final AccessPolicyDTO policy2DTO = new AccessPolicyDTO();
policy2DTO.setId("policy-2");
final AccessPolicyEntity policy2Entity = new AccessPolicyEntity();
policy2Entity.setPermissions(permissed);
policy2Entity.setId(policy2DTO.getId());
policy2Entity.setComponent(policy2DTO);
final UserGroupDTO userGroup1DTO = new UserGroupDTO();
userGroup1DTO.setId("user-1");
userGroup1DTO.setAccessPolicies(Stream.of(policy1Entity, policy2Entity).collect(Collectors.toSet()));
userGroup1DTO.setUsers(Stream.of(user2Entity).collect(Collectors.toSet()));
final UserGroupEntity userGroup1Entity = new UserGroupEntity();
userGroup1Entity.setPermissions(permissed);
userGroup1Entity.setId(userGroup1DTO.getId());
userGroup1Entity.setComponent(userGroup1DTO);
final UserGroupDTO userGroup2DTO = new UserGroupDTO();
userGroup2DTO.setId("user-2");
userGroup2DTO.setAccessPolicies(Stream.of(policy1Entity).collect(Collectors.toSet()));
userGroup2DTO.setUsers(Stream.of(user1Entity, user2Entity).collect(Collectors.toSet()));
final UserGroupEntity userGroup2Entity = new UserGroupEntity();
userGroup2Entity.setPermissions(permissed);
userGroup2Entity.setId(userGroup2DTO.getId());
userGroup2Entity.setComponent(userGroup2DTO);
final Map<NodeIdentifier, UserGroupEntity> nodeMap = new HashMap<>();
nodeMap.put(node1, userGroup1Entity);
nodeMap.put(node2, userGroup2Entity);
final UserGroupEntityMerger merger = new UserGroupEntityMerger();
merger.merge(userGroup1Entity, nodeMap);
assertEquals(1, userGroup1DTO.getUsers().size());
assertTrue(userGroup1DTO.getAccessPolicies().contains(policy1Entity));
assertEquals(1, userGroup1DTO.getUsers().size());
assertTrue(userGroup1DTO.getUsers().contains(user2Entity));
}
use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.
the class AccessPolicyEntityMerger method mergeComponents.
/**
* Merges the AccessPolicyEntity responses.
*
* @param clientEntity the entity being returned to the client
* @param entityMap all node responses
*/
public void mergeComponents(final AccessPolicyEntity clientEntity, final Map<NodeIdentifier, AccessPolicyEntity> entityMap) {
final AccessPolicyDTO clientDto = clientEntity.getComponent();
final Map<NodeIdentifier, AccessPolicyDTO> dtoMap = new HashMap<>();
for (final Map.Entry<NodeIdentifier, AccessPolicyEntity> entry : entityMap.entrySet()) {
final AccessPolicyEntity nodeAccessPolicyEntity = entry.getValue();
final AccessPolicyDTO nodeAccessPolicyDto = nodeAccessPolicyEntity.getComponent();
dtoMap.put(entry.getKey(), nodeAccessPolicyDto);
}
mergeDtos(clientDto, dtoMap);
}
Aggregations