Example 51 with ProcessorEntity
use of org.apache.nifi.web.api.entity.ProcessorEntity in project nifi by apache.
the class ITProcessorAccessControl method testTemplateWithRestrictedProcessor.
/**
* Tests attempting to use a template with a restricted processor.
*
* @throws Exception ex
*/
@Test
public void testTemplateWithRestrictedProcessor() throws Exception {
final String createTemplateUrl = helper.getBaseUrl() + "/process-groups/root/templates";
final String instantiateTemplateUrl = helper.getBaseUrl() + "/process-groups/root/template-instance";
final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(RestrictedProcessor.class.getName(), helper.getPrivilegedUser());
final SnippetEntity snippetEntity = tuple.getValue();
// create the template
final CreateTemplateRequestEntity createTemplateRequest = new CreateTemplateRequestEntity();
createTemplateRequest.setSnippetId(snippetEntity.getSnippet().getId());
createTemplateRequest.setName("test");
// create the snippet
Response response = helper.getWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request failed... need read perms to the components in the snippet
assertEquals(403, response.getStatus());
response = helper.getReadWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final TemplateEntity templateEntity = response.readEntity(TemplateEntity.class);
// build the template request
final InstantiateTemplateRequestEntity instantiateTemplateRequest = new InstantiateTemplateRequestEntity();
instantiateTemplateRequest.setTemplateId(templateEntity.getTemplate().getId());
instantiateTemplateRequest.setOriginX(0.0);
instantiateTemplateRequest.setOriginY(0.0);
// create the snippet
response = helper.getReadWriteUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request failed... need privileged user since the template is comprised of restricted components
assertEquals(403, response.getStatus());
// create the snippet
response = helper.getExecuteCodeUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request failed... need privileged user since the template is comprised of restricted components
assertEquals(403, response.getStatus());
// create the snippet
response = helper.getPrivilegedUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
// clean up the resources created during this test
deleteTemplate(templateEntity);
deleteRestrictedComponent(tuple.getKey(), helper.getPrivilegedUser());
deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), helper.getPrivilegedUser());
}
Also used :
Response(javax.ws.rs.core.Response)
InstantiateTemplateRequestEntity(org.apache.nifi.web.api.entity.InstantiateTemplateRequestEntity)
SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity)
ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor)
RestrictedProcessor(org.apache.nifi.integration.util.RestrictedProcessor)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
CreateTemplateRequestEntity(org.apache.nifi.web.api.entity.CreateTemplateRequestEntity)
TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity)
ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity)
FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)
Test(org.junit.Test)
Example 52 with ProcessorEntity
use of org.apache.nifi.web.api.entity.ProcessorEntity in project nifi by apache.
the class ITProcessorAccessControl method testReadWriteUserPutProcessor.
/**
* Ensures the READ_WRITE user can put a processor.
*
* @throws Exception ex
*/
@Test
public void testReadWriteUserPutProcessor() throws Exception {
final ProcessorEntity entity = getRandomProcessor(helper.getReadWriteUser());
assertTrue(entity.getPermissions().getCanRead());
assertTrue(entity.getPermissions().getCanWrite());
assertNotNull(entity.getComponent());
final String updatedName = "Updated Name";
// attempt to update the name
final long version = entity.getRevision().getVersion();
entity.getRevision().setClientId(AccessControlHelper.READ_WRITE_CLIENT_ID);
entity.getComponent().setName(updatedName);
// perform the request
final Response response = updateProcessor(helper.getReadWriteUser(), entity);
// ensure successful response
assertEquals(200, response.getStatus());
// get the response
final ProcessorEntity responseEntity = response.readEntity(ProcessorEntity.class);
// verify
assertEquals(READ_WRITE_CLIENT_ID, responseEntity.getRevision().getClientId());
assertEquals(version + 1, responseEntity.getRevision().getVersion().longValue());
assertEquals(updatedName, responseEntity.getComponent().getName());
}
Also used :
Response(javax.ws.rs.core.Response)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
Test(org.junit.Test)
Example 53 with ProcessorEntity
use of org.apache.nifi.web.api.entity.ProcessorEntity in project nifi by apache.
the class ITProcessorAccessControl method templateWithExecuteCodeRestrictedProcessor.
private void templateWithExecuteCodeRestrictedProcessor(final NiFiTestUser user) throws Exception {
final String createTemplateUrl = helper.getBaseUrl() + "/process-groups/root/templates";
final String instantiateTemplateUrl = helper.getBaseUrl() + "/process-groups/root/template-instance";
final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(ExecuteCodeRestrictedProcessor.class.getName(), helper.getPrivilegedUser());
final SnippetEntity snippetEntity = tuple.getValue();
// create the template
final CreateTemplateRequestEntity createTemplateRequest = new CreateTemplateRequestEntity();
createTemplateRequest.setSnippetId(snippetEntity.getSnippet().getId());
createTemplateRequest.setName("test");
// create the snippet
Response response = helper.getWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request failed... need read perms to the components in the snippet
assertEquals(403, response.getStatus());
response = helper.getReadWriteUser().testPost(createTemplateUrl, createTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final TemplateEntity templateEntity = response.readEntity(TemplateEntity.class);
// build the template request
final InstantiateTemplateRequestEntity instantiateTemplateRequest = new InstantiateTemplateRequestEntity();
instantiateTemplateRequest.setTemplateId(templateEntity.getTemplate().getId());
instantiateTemplateRequest.setOriginX(0.0);
instantiateTemplateRequest.setOriginY(0.0);
// create the snippet
response = helper.getReadWriteUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request failed... need privileged user since the template is comprised of restricted components
assertEquals(403, response.getStatus());
// create the snippet
response = user.testPost(instantiateTemplateUrl, instantiateTemplateRequest);
// ensure the request is successful
assertEquals(201, response.getStatus());
final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
// clean up the resources created during this test
deleteTemplate(templateEntity);
deleteRestrictedComponent(tuple.getKey(), user);
deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), user);
}
Also used :
Response(javax.ws.rs.core.Response)
InstantiateTemplateRequestEntity(org.apache.nifi.web.api.entity.InstantiateTemplateRequestEntity)
SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity)
ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
CreateTemplateRequestEntity(org.apache.nifi.web.api.entity.CreateTemplateRequestEntity)
TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity)
ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity)
FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)
Example 54 with ProcessorEntity
use of org.apache.nifi.web.api.entity.ProcessorEntity in project nifi by apache.
the class ITProcessorAccessControl method testWriteUserClearState.
/**
* Ensures the WRITE user can clear state.
*
* @throws Exception ex
*/
@Test
public void testWriteUserClearState() throws Exception {
final ProcessorEntity entity = getRandomProcessor(helper.getReadUser());
assertTrue(entity.getPermissions().getCanRead());
assertFalse(entity.getPermissions().getCanWrite());
assertNotNull(entity.getComponent());
final String url = helper.getBaseUrl() + "/processors/" + entity.getId() + "/state/clear-requests";
// perform the request
final Response response = helper.getWriteUser().testPost(url);
// ensure ok response
assertEquals(200, response.getStatus());
}
Also used :
Response(javax.ws.rs.core.Response)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
Test(org.junit.Test)
Example 55 with ProcessorEntity
use of org.apache.nifi.web.api.entity.ProcessorEntity in project nifi by apache.
the class ITProcessorAccessControl method testCreateRestrictedProcessor.
/**
* Tests attempt to create a restricted processor.
*
* @throws Exception if there is an error creating this processor
*/
@Test
public void testCreateRestrictedProcessor() throws Exception {
String url = helper.getBaseUrl() + "/process-groups/root/processors";
// create the processor
ProcessorDTO processor = new ProcessorDTO();
processor.setName("restricted");
processor.setType(RestrictedProcessor.class.getName());
// create the revision
final RevisionDTO revision = new RevisionDTO();
revision.setClientId(READ_WRITE_CLIENT_ID);
revision.setVersion(0L);
// create the entity body
ProcessorEntity entity = new ProcessorEntity();
entity.setRevision(revision);
entity.setComponent(processor);
// perform the request as a user with read/write but no restricted access
Response response = helper.getReadWriteUser().testPost(url, entity);
// ensure the request is successful
assertEquals(403, response.getStatus());
// perform the request as a user with read/write and only execute code restricted access
response = helper.getExecuteCodeUser().testPost(url, entity);
// ensure the request is successful
assertEquals(403, response.getStatus());
// perform the request as a user with read/write and restricted access
response = helper.getPrivilegedUser().testPost(url, entity);
// ensure the request is successful
assertEquals(201, response.getStatus());
final ProcessorEntity responseEntity = response.readEntity(ProcessorEntity.class);
// remove the restricted component
deleteRestrictedComponent(responseEntity, helper.getPrivilegedUser());
}
Also used :
Response(javax.ws.rs.core.Response)
ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO)
ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor)
RestrictedProcessor(org.apache.nifi.integration.util.RestrictedProcessor)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)
Test(org.junit.Test)
Aggregations
ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)60
Response (javax.ws.rs.core.Response)29
Test (org.junit.Test)26
HashMap (java.util.HashMap)20
NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)19
HashSet (java.util.HashSet)17
ProcessorDTO (org.apache.nifi.web.api.dto.ProcessorDTO)17
URI (java.net.URI)16
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)16
Map (java.util.Map)15
NodeResponse (org.apache.nifi.cluster.manager.NodeResponse)12
NiFiUserDetails (org.apache.nifi.authorization.user.NiFiUserDetails)11
NiFiAuthenticationToken (org.apache.nifi.web.security.token.NiFiAuthenticationToken)11
Authentication (org.springframework.security.core.Authentication)11
Set (java.util.Set)10
Authorizable (org.apache.nifi.authorization.resource.Authorizable)10
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)10
List (java.util.List)8
Collectors (java.util.stream.Collectors)8
ClusterCoordinator (org.apache.nifi.cluster.coordination.ClusterCoordinator)8
