use of org.apache.nifi.web.api.entity.FlowEntity in project nifi by apache.
the class ProcessGroupResource method copySnippet.
// ----------------
// snippet instance
// ----------------
/**
* Copies the specified snippet within this ProcessGroup. The snippet instance that is instantiated cannot be referenced at a later time, therefore there is no
* corresponding URI. Instead the request URI is returned.
* <p>
* Alternatively, we could have performed a PUT request. However, PUT requests are supposed to be idempotent and this endpoint is certainly not.
*
* @param httpServletRequest request
* @param groupId The group id
* @param requestCopySnippetEntity The copy snippet request
* @return A flowSnippetEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/snippet-instance")
@ApiOperation(value = "Copies a snippet and discards it.", response = FlowEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - /{component-type}/{uuid} - For each component in the snippet and their descendant components"), @Authorization(value = "Write - if the snippet contains any restricted Processors - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response copySnippet(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") String groupId, @ApiParam(value = "The copy snippet request.", required = true) CopySnippetRequestEntity requestCopySnippetEntity) {
// ensure the position has been specified
if (requestCopySnippetEntity == null || requestCopySnippetEntity.getOriginX() == null || requestCopySnippetEntity.getOriginY() == null) {
throw new IllegalArgumentException("The origin position (x, y) must be specified");
}
if (requestCopySnippetEntity.getSnippetId() == null) {
throw new IllegalArgumentException("The snippet id must be specified.");
}
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestCopySnippetEntity);
}
return withWriteLock(serviceFacade, requestCopySnippetEntity, lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final SnippetAuthorizable snippet = authorizeSnippetUsage(lookup, groupId, requestCopySnippetEntity.getSnippetId(), false);
final Consumer<ComponentAuthorizable> authorizeRestricted = authorizable -> {
if (authorizable.isRestricted()) {
authorizeRestrictions(authorizer, authorizable);
}
};
// consider each processor. note - this request will not create new controller services so we do not need to check
// for if there are not restricted controller services. it will however, need to authorize the user has access
// to any referenced services and this is done within authorizeSnippetUsage above.
snippet.getSelectedProcessors().stream().forEach(authorizeRestricted);
snippet.getSelectedProcessGroups().stream().forEach(processGroup -> {
processGroup.getEncapsulatedProcessors().forEach(authorizeRestricted);
});
}, null, copySnippetRequestEntity -> {
// copy the specified snippet
final FlowEntity flowEntity = serviceFacade.copySnippet(groupId, copySnippetRequestEntity.getSnippetId(), copySnippetRequestEntity.getOriginX(), copySnippetRequestEntity.getOriginY(), getIdGenerationSeed().orElse(null));
// get the snippet
final FlowDTO flow = flowEntity.getFlow();
// prune response as necessary
for (ProcessGroupEntity childGroupEntity : flow.getProcessGroups()) {
childGroupEntity.getComponent().setContents(null);
}
// create the response entity
populateRemainingSnippetContent(flow);
// generate the response
return generateCreatedResponse(getAbsolutePath(), flowEntity).build();
});
}
use of org.apache.nifi.web.api.entity.FlowEntity in project nifi by apache.
the class ITProcessorAccessControl method testCopyPasteRestrictedProcessor.
/**
* Tests attempting to copy/paste a restricted processor.
*
* @throws Exception ex
*/
@Test
public void testCopyPasteRestrictedProcessor() throws Exception {
final String copyUrl = helper.getBaseUrl() + "/process-groups/root/snippet-instance";
final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(RestrictedProcessor.class.getName(), helper.getPrivilegedUser());
final SnippetEntity snippetEntity = tuple.getValue();
// build the copy/paste request
final CopySnippetRequestEntity copyRequest = new CopySnippetRequestEntity();
copyRequest.setSnippetId(snippetEntity.getSnippet().getId());
copyRequest.setOriginX(0.0);
copyRequest.setOriginY(0.0);
// create the snippet
Response response = helper.getReadWriteUser().testPost(copyUrl, copyRequest);
// ensure the request failed... need privileged users since snippet comprised of the restricted components
assertEquals(403, response.getStatus());
// perform the request as a user with read/write and only execute code restricted access
response = helper.getExecuteCodeUser().testPost(copyUrl, copyRequest);
// ensure the request is successful
assertEquals(403, response.getStatus());
// create the snippet
response = helper.getPrivilegedUser().testPost(copyUrl, copyRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
// remove the restricted processors
deleteRestrictedComponent(tuple.getKey(), helper.getPrivilegedUser());
deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), helper.getPrivilegedUser());
}
use of org.apache.nifi.web.api.entity.FlowEntity in project nifi by apache.
the class ITProcessorAccessControl method testTemplateWithRestrictedProcessor.
/**
* Tests attempting to use a template with a restricted processor.
*
* @throws Exception ex
*/
@Test
public void testTemplateWithRestrictedProcessor() throws Exception {
final String createTemplateUrl = helper.getBaseUrl() + "/process-groups/root/templates";
final String instantiateTemplateUrl = helper.getBaseUrl() + "/process-groups/root/template-instance";
final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(RestrictedProcessor.class.getName(), helper.getPrivilegedUser());
final SnippetEntity snippetEntity = tuple.getValue();
// create the template
final CreateTemplateRequestEntity createTemplateRequest = new CreateTemplateRequestEntity();
createTemplateRequest.setSnippetId(snippetEntity.getSnippet().getId());
createTemplateRequest.setName("test");
// create the snippet
Response response = helper.getWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request failed... need read perms to the components in the snippet
assertEquals(403, response.getStatus());
response = helper.getReadWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final TemplateEntity templateEntity = response.readEntity(TemplateEntity.class);
// build the template request
final InstantiateTemplateRequestEntity instantiateTemplateRequest = new InstantiateTemplateRequestEntity();
instantiateTemplateRequest.setTemplateId(templateEntity.getTemplate().getId());
instantiateTemplateRequest.setOriginX(0.0);
instantiateTemplateRequest.setOriginY(0.0);
// create the snippet
response = helper.getReadWriteUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request failed... need privileged user since the template is comprised of restricted components
assertEquals(403, response.getStatus());
// create the snippet
response = helper.getExecuteCodeUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request failed... need privileged user since the template is comprised of restricted components
assertEquals(403, response.getStatus());
// create the snippet
response = helper.getPrivilegedUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
// clean up the resources created during this test
deleteTemplate(templateEntity);
deleteRestrictedComponent(tuple.getKey(), helper.getPrivilegedUser());
deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), helper.getPrivilegedUser());
}
use of org.apache.nifi.web.api.entity.FlowEntity in project nifi by apache.
the class ITProcessorAccessControl method templateWithExecuteCodeRestrictedProcessor.
private void templateWithExecuteCodeRestrictedProcessor(final NiFiTestUser user) throws Exception {
final String createTemplateUrl = helper.getBaseUrl() + "/process-groups/root/templates";
final String instantiateTemplateUrl = helper.getBaseUrl() + "/process-groups/root/template-instance";
final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(ExecuteCodeRestrictedProcessor.class.getName(), helper.getPrivilegedUser());
final SnippetEntity snippetEntity = tuple.getValue();
// create the template
final CreateTemplateRequestEntity createTemplateRequest = new CreateTemplateRequestEntity();
createTemplateRequest.setSnippetId(snippetEntity.getSnippet().getId());
createTemplateRequest.setName("test");
// create the snippet
Response response = helper.getWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request failed... need read perms to the components in the snippet
assertEquals(403, response.getStatus());
response = helper.getReadWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final TemplateEntity templateEntity = response.readEntity(TemplateEntity.class);
// build the template request
final InstantiateTemplateRequestEntity instantiateTemplateRequest = new InstantiateTemplateRequestEntity();
instantiateTemplateRequest.setTemplateId(templateEntity.getTemplate().getId());
instantiateTemplateRequest.setOriginX(0.0);
instantiateTemplateRequest.setOriginY(0.0);
// create the snippet
response = helper.getReadWriteUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request failed... need privileged user since the template is comprised of restricted components
assertEquals(403, response.getStatus());
// create the snippet
response = user.testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
// clean up the resources created during this test
deleteTemplate(templateEntity);
deleteRestrictedComponent(tuple.getKey(), user);
deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), user);
}
use of org.apache.nifi.web.api.entity.FlowEntity in project nifi by apache.
the class ITProcessorAccessControl method copyPasteExecuteCodeRestrictedProcessor.
private void copyPasteExecuteCodeRestrictedProcessor(final NiFiTestUser user) throws Exception {
final String copyUrl = helper.getBaseUrl() + "/process-groups/root/snippet-instance";
final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(ExecuteCodeRestrictedProcessor.class.getName(), user);
final SnippetEntity snippetEntity = tuple.getValue();
// build the copy/paste request
final CopySnippetRequestEntity copyRequest = new CopySnippetRequestEntity();
copyRequest.setSnippetId(snippetEntity.getSnippet().getId());
copyRequest.setOriginX(0.0);
copyRequest.setOriginY(0.0);
// create the snippet
Response response = helper.getReadWriteUser().testPost(copyUrl, copyRequest);
// ensure the request failed... need privileged users since snippet comprised of the restricted components
assertEquals(403, response.getStatus());
// perform the request as a user with read/write and only execute code restricted access
response = user.testPost(copyUrl, copyRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
// remove the restricted processors
deleteRestrictedComponent(tuple.getKey(), user);
deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), user);
}
Aggregations