Examples with AccessPolicyEntity org.apache.nifi.web.api.entity.AccessPolicyEntity used on opensource projects

Search in sources :

Example 6 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class AccessPolicyEntityMergerTest method testMergeAccessPolicy.

@Test
public void testMergeAccessPolicy() throws Exception {
    final NodeIdentifier node1 = new NodeIdentifier("node-1", "host-1", 8080, "host-1", 19998, null, null, null, false);
    final NodeIdentifier node2 = new NodeIdentifier("node-2", "host-2", 8081, "host-2", 19999, null, null, null, false);
    final PermissionsDTO permissed = new PermissionsDTO();
    permissed.setCanRead(true);
    permissed.setCanWrite(true);
    final TenantDTO user1DTO = new TenantDTO();
    user1DTO.setId("user-1");
    final TenantEntity user1Entity = new TenantEntity();
    user1Entity.setPermissions(permissed);
    user1Entity.setId(user1DTO.getId());
    user1Entity.setComponent(user1DTO);
    final TenantDTO user2DTO = new TenantDTO();
    user1DTO.setId("user-2");
    final TenantEntity user2Entity = new TenantEntity();
    user2Entity.setPermissions(permissed);
    user2Entity.setId(user2DTO.getId());
    user2Entity.setComponent(user2DTO);
    final AccessPolicyDTO accessPolicy1DTO = new AccessPolicyDTO();
    accessPolicy1DTO.setId("policy-1");
    accessPolicy1DTO.setUsers(Stream.of(user1Entity, user2Entity).collect(Collectors.toSet()));
    accessPolicy1DTO.setUserGroups(Stream.of(user2Entity).collect(Collectors.toSet()));
    final AccessPolicyEntity accessPolicy1Entity = new AccessPolicyEntity();
    accessPolicy1Entity.setPermissions(permissed);
    accessPolicy1Entity.setId(accessPolicy1DTO.getId());
    accessPolicy1Entity.setComponent(accessPolicy1DTO);
    final AccessPolicyDTO accessPolicy2DTO = new AccessPolicyDTO();
    accessPolicy2DTO.setId("policy-2");
    accessPolicy2DTO.setUsers(Stream.of(user1Entity).collect(Collectors.toSet()));
    accessPolicy2DTO.setUserGroups(Stream.of(user1Entity, user2Entity).collect(Collectors.toSet()));
    final AccessPolicyEntity accessPolicy2Entity = new AccessPolicyEntity();
    accessPolicy2Entity.setPermissions(permissed);
    accessPolicy2Entity.setId(accessPolicy2DTO.getId());
    accessPolicy2Entity.setComponent(accessPolicy2DTO);
    final Map<NodeIdentifier, AccessPolicyEntity> nodeMap = new HashMap<>();
    nodeMap.put(node1, accessPolicy1Entity);
    nodeMap.put(node2, accessPolicy2Entity);
    final AccessPolicyEntityMerger merger = new AccessPolicyEntityMerger();
    merger.merge(accessPolicy1Entity, nodeMap);
    assertEquals(1, accessPolicy1DTO.getUserGroups().size());
    assertTrue(accessPolicy1DTO.getUsers().contains(user1Entity));
    assertEquals(1, accessPolicy1DTO.getUserGroups().size());
    assertTrue(accessPolicy1DTO.getUserGroups().contains(user2Entity));
}
Also used : TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) HashMap(java.util.HashMap) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) TenantDTO(org.apache.nifi.web.api.dto.TenantDTO) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Test(org.junit.Test)

Example 7 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class AccessPolicyResource method getAccessPolicyForResource.

// -----------------
// get access policy
// -----------------
/**
 * Retrieves the specified access policy.
 *
 * @return An accessPolicyEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{action}/{resource: .+}")
@ApiOperation(value = "Gets an access policy for the specified action and resource", notes = "Will return the effective policy if no component specific policy exists for the specified action and resource. " + "Must have Read permissions to the policy with the desired action and resource. Permissions for the policy that is " + "returned will be indicated in the response. This means the client could be authorized to get the policy for a " + "given component but the effective policy may be inherited from an ancestor Process Group. If the client does not " + "have permissions to that policy, the response will not include the policy and the permissions in the response " + "will be marked accordingly. If the client does not have permissions to the policy of the desired action and resource " + "a 403 response will be returned.", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Read - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getAccessPolicyForResource(@ApiParam(value = "The request action.", allowableValues = "read, write", required = true) @PathParam("action") final String action, @ApiParam(value = "The resource of the policy.", required = true) @PathParam("resource") String rawResource) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
    }
    // parse the action and resource type
    final RequestAction requestAction = RequestAction.valueOfValue(action);
    final String resource = "/" + rawResource;
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable accessPolicy = lookup.getAccessPolicyByResource(resource);
        accessPolicy.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the access policy
    final AccessPolicyEntity entity = serviceFacade.getAccessPolicy(requestAction, resource);
    populateRemainingAccessPolicyEntityContent(entity);
    return generateOkResponse(entity).build();
}
Also used : RequestAction(org.apache.nifi.authorization.RequestAction) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 8 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class AccessPolicyResource method createAccessPolicy.

// -----------------------
// manage an access policy
// -----------------------
/**
 * Creates a new access policy.
 *
 * @param httpServletRequest request
 * @param requestAccessPolicyEntity An accessPolicyEntity.
 * @return An accessPolicyEntity.
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Creates an access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Write - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createAccessPolicy(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy configuration details.", required = true) final AccessPolicyEntity requestAccessPolicyEntity) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableAccessPolicyProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
    }
    if (requestAccessPolicyEntity == null || requestAccessPolicyEntity.getComponent() == null) {
        throw new IllegalArgumentException("Access policy details must be specified.");
    }
    if (requestAccessPolicyEntity.getRevision() == null || (requestAccessPolicyEntity.getRevision().getVersion() == null || requestAccessPolicyEntity.getRevision().getVersion() != 0)) {
        throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Policy.");
    }
    final AccessPolicyDTO requestAccessPolicy = requestAccessPolicyEntity.getComponent();
    if (requestAccessPolicy.getId() != null) {
        throw new IllegalArgumentException("Access policy ID cannot be specified.");
    }
    if (requestAccessPolicy.getResource() == null) {
        throw new IllegalArgumentException("Access policy resource must be specified.");
    }
    // ensure this is a valid action
    RequestAction.valueOfValue(requestAccessPolicy.getAction());
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST, requestAccessPolicyEntity);
    }
    // handle expects request (usually from the cluster manager)
    return withWriteLock(serviceFacade, requestAccessPolicyEntity, lookup -> {
        final Authorizable accessPolicies = lookup.getAccessPolicyByResource(requestAccessPolicy.getResource());
        accessPolicies.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, accessPolicyEntity -> {
        final AccessPolicyDTO accessPolicy = accessPolicyEntity.getComponent();
        // set the access policy id as appropriate
        accessPolicy.setId(generateUuid());
        // get revision from the config
        final RevisionDTO revisionDTO = accessPolicyEntity.getRevision();
        Revision revision = new Revision(revisionDTO.getVersion(), revisionDTO.getClientId(), accessPolicyEntity.getComponent().getId());
        // create the access policy and generate the json
        final AccessPolicyEntity entity = serviceFacade.createAccessPolicy(revision, accessPolicyEntity.getComponent());
        populateRemainingAccessPolicyEntityContent(entity);
        // build the response
        return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
    });
}
Also used : Revision(org.apache.nifi.web.Revision) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 9 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class AccessPolicyResource method updateAccessPolicy.

/**
 * Updates an access policy.
 *
 * @param httpServletRequest request
 * @param id                 The id of the access policy to update.
 * @param requestAccessPolicyEntity An accessPolicyEntity.
 * @return An accessPolicyEntity.
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Updates a access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Write - /policies/{resource}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateAccessPolicy(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The access policy configuration details.", required = true) final AccessPolicyEntity requestAccessPolicyEntity) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableAccessPolicyProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
    }
    if (requestAccessPolicyEntity == null || requestAccessPolicyEntity.getComponent() == null) {
        throw new IllegalArgumentException("Access policy details must be specified.");
    }
    if (requestAccessPolicyEntity.getRevision() == null) {
        throw new IllegalArgumentException("Revision must be specified.");
    }
    // ensure the ids are the same
    final AccessPolicyDTO requestAccessPolicyDTO = requestAccessPolicyEntity.getComponent();
    if (!id.equals(requestAccessPolicyDTO.getId())) {
        throw new IllegalArgumentException(String.format("The access policy id (%s) in the request body does not equal the " + "access policy id of the requested resource (%s).", requestAccessPolicyDTO.getId(), id));
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.PUT, requestAccessPolicyEntity);
    }
    // Extract the revision
    final Revision requestRevision = getRevision(requestAccessPolicyEntity, id);
    return withWriteLock(serviceFacade, requestAccessPolicyEntity, requestRevision, lookup -> {
        Authorizable authorizable = lookup.getAccessPolicyById(id);
        authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, (revision, accessPolicyEntity) -> {
        final AccessPolicyDTO accessPolicyDTO = accessPolicyEntity.getComponent();
        // update the access policy
        final AccessPolicyEntity entity = serviceFacade.updateAccessPolicy(revision, accessPolicyDTO);
        populateRemainingAccessPolicyEntityContent(entity);
        return generateOkResponse(entity).build();
    });
}
Also used : Revision(org.apache.nifi.web.Revision) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) PUT(javax.ws.rs.PUT) ApiResponses(io.swagger.annotations.ApiResponses)

Example 10 with AccessPolicyEntity

use of org.apache.nifi.web.api.entity.AccessPolicyEntity in project nifi by apache.

the class EntityFactory method createAccessPolicyEntity.

public AccessPolicyEntity createAccessPolicyEntity(final AccessPolicyDTO dto, final RevisionDTO revision, final PermissionsDTO permissions) {
    final AccessPolicyEntity entity = new AccessPolicyEntity();
    entity.setRevision(revision);
    entity.setGenerated(new Date());
    if (dto != null) {
        entity.setPermissions(permissions);
        entity.setId(dto.getId());
        if (permissions != null && permissions.getCanRead()) {
            entity.setComponent(dto);
        }
    }
    return entity;
}
Also used : Date(java.util.Date) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity)

Aggregations

AccessPolicyEntity (org.apache.nifi.web.api.entity.AccessPolicyEntity)10 ApiOperation (io.swagger.annotations.ApiOperation)5 ApiResponses (io.swagger.annotations.ApiResponses)5 Consumes (javax.ws.rs.Consumes)5 Produces (javax.ws.rs.Produces)5 Authorizable (org.apache.nifi.authorization.resource.Authorizable)5 AccessPolicyDTO (org.apache.nifi.web.api.dto.AccessPolicyDTO)5 HashMap (java.util.HashMap)4 Path (javax.ws.rs.Path)4 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)4 Revision (org.apache.nifi.web.Revision)3 TenantEntity (org.apache.nifi.web.api.entity.TenantEntity)3 Map (java.util.Map)2 GET (javax.ws.rs.GET)2 PermissionsDTO (org.apache.nifi.web.api.dto.PermissionsDTO)2 TenantDTO (org.apache.nifi.web.api.dto.TenantDTO)2 UserGroupDTO (org.apache.nifi.web.api.dto.UserGroupDTO)2 Test (org.junit.Test)2 Date (java.util.Date)1 HashSet (java.util.HashSet)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial