Search in sources :

Example 6 with SnippetEntity

use of org.apache.nifi.web.api.entity.SnippetEntity in project nifi by apache.

the class ITProcessorAccessControl method testCopyPasteRestrictedProcessor.

/**
 * Tests attempting to copy/paste a restricted processor.
 *
 * @throws Exception ex
 */
@Test
public void testCopyPasteRestrictedProcessor() throws Exception {
    final String copyUrl = helper.getBaseUrl() + "/process-groups/root/snippet-instance";
    final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(RestrictedProcessor.class.getName(), helper.getPrivilegedUser());
    final SnippetEntity snippetEntity = tuple.getValue();
    // build the copy/paste request
    final CopySnippetRequestEntity copyRequest = new CopySnippetRequestEntity();
    copyRequest.setSnippetId(snippetEntity.getSnippet().getId());
    copyRequest.setOriginX(0.0);
    copyRequest.setOriginY(0.0);
    // create the snippet
    Response response = helper.getReadWriteUser().testPost(copyUrl, copyRequest);
    // ensure the request failed... need privileged users since snippet comprised of the restricted components
    assertEquals(403, response.getStatus());
    // perform the request as a user with read/write and only execute code restricted access
    response = helper.getExecuteCodeUser().testPost(copyUrl, copyRequest);
    // ensure the request is successful
    assertEquals(403, response.getStatus());
    // create the snippet
    response = helper.getPrivilegedUser().testPost(copyUrl, copyRequest);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
    // remove the restricted processors
    deleteRestrictedComponent(tuple.getKey(), helper.getPrivilegedUser());
    deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), helper.getPrivilegedUser());
}
Also used : Response(javax.ws.rs.core.Response) CopySnippetRequestEntity(org.apache.nifi.web.api.entity.CopySnippetRequestEntity) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor) RestrictedProcessor(org.apache.nifi.integration.util.RestrictedProcessor) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) Test(org.junit.Test)

Example 7 with SnippetEntity

use of org.apache.nifi.web.api.entity.SnippetEntity in project nifi by apache.

the class ITProcessorAccessControl method testTemplateWithRestrictedProcessor.

/**
 * Tests attempting to use a template with a restricted processor.
 *
 * @throws Exception ex
 */
@Test
public void testTemplateWithRestrictedProcessor() throws Exception {
    final String createTemplateUrl = helper.getBaseUrl() + "/process-groups/root/templates";
    final String instantiateTemplateUrl = helper.getBaseUrl() + "/process-groups/root/template-instance";
    final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(RestrictedProcessor.class.getName(), helper.getPrivilegedUser());
    final SnippetEntity snippetEntity = tuple.getValue();
    // create the template
    final CreateTemplateRequestEntity createTemplateRequest = new CreateTemplateRequestEntity();
    createTemplateRequest.setSnippetId(snippetEntity.getSnippet().getId());
    createTemplateRequest.setName("test");
    // create the snippet
    Response response = helper.getWriteUser().testPost(createTemplateUrl, createTemplateRequest);
    // ensure the request failed... need read perms to the components in the snippet
    assertEquals(403, response.getStatus());
    response = helper.getReadWriteUser().testPost(createTemplateUrl, createTemplateRequest);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    final TemplateEntity templateEntity = response.readEntity(TemplateEntity.class);
    // build the template request
    final InstantiateTemplateRequestEntity instantiateTemplateRequest = new InstantiateTemplateRequestEntity();
    instantiateTemplateRequest.setTemplateId(templateEntity.getTemplate().getId());
    instantiateTemplateRequest.setOriginX(0.0);
    instantiateTemplateRequest.setOriginY(0.0);
    // create the snippet
    response = helper.getReadWriteUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
    // ensure the request failed... need privileged user since the template is comprised of restricted components
    assertEquals(403, response.getStatus());
    // create the snippet
    response = helper.getExecuteCodeUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
    // ensure the request failed... need privileged user since the template is comprised of restricted components
    assertEquals(403, response.getStatus());
    // create the snippet
    response = helper.getPrivilegedUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
    // clean up the resources created during this test
    deleteTemplate(templateEntity);
    deleteRestrictedComponent(tuple.getKey(), helper.getPrivilegedUser());
    deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), helper.getPrivilegedUser());
}
Also used : Response(javax.ws.rs.core.Response) InstantiateTemplateRequestEntity(org.apache.nifi.web.api.entity.InstantiateTemplateRequestEntity) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor) RestrictedProcessor(org.apache.nifi.integration.util.RestrictedProcessor) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) CreateTemplateRequestEntity(org.apache.nifi.web.api.entity.CreateTemplateRequestEntity) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) Test(org.junit.Test)

Example 8 with SnippetEntity

use of org.apache.nifi.web.api.entity.SnippetEntity in project nifi by apache.

the class ITProcessorAccessControl method templateWithExecuteCodeRestrictedProcessor.

private void templateWithExecuteCodeRestrictedProcessor(final NiFiTestUser user) throws Exception {
    final String createTemplateUrl = helper.getBaseUrl() + "/process-groups/root/templates";
    final String instantiateTemplateUrl = helper.getBaseUrl() + "/process-groups/root/template-instance";
    final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(ExecuteCodeRestrictedProcessor.class.getName(), helper.getPrivilegedUser());
    final SnippetEntity snippetEntity = tuple.getValue();
    // create the template
    final CreateTemplateRequestEntity createTemplateRequest = new CreateTemplateRequestEntity();
    createTemplateRequest.setSnippetId(snippetEntity.getSnippet().getId());
    createTemplateRequest.setName("test");
    // create the snippet
    Response response = helper.getWriteUser().testPost(createTemplateUrl, createTemplateRequest);
    // ensure the request failed... need read perms to the components in the snippet
    assertEquals(403, response.getStatus());
    response = helper.getReadWriteUser().testPost(createTemplateUrl, createTemplateRequest);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    final TemplateEntity templateEntity = response.readEntity(TemplateEntity.class);
    // build the template request
    final InstantiateTemplateRequestEntity instantiateTemplateRequest = new InstantiateTemplateRequestEntity();
    instantiateTemplateRequest.setTemplateId(templateEntity.getTemplate().getId());
    instantiateTemplateRequest.setOriginX(0.0);
    instantiateTemplateRequest.setOriginY(0.0);
    // create the snippet
    response = helper.getReadWriteUser().testPost(instantiateTemplateUrl, instantiateTemplateRequest);
    // ensure the request failed... need privileged user since the template is comprised of restricted components
    assertEquals(403, response.getStatus());
    // create the snippet
    response = user.testPost(instantiateTemplateUrl, instantiateTemplateRequest);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
    // clean up the resources created during this test
    deleteTemplate(templateEntity);
    deleteRestrictedComponent(tuple.getKey(), user);
    deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), user);
}
Also used : Response(javax.ws.rs.core.Response) InstantiateTemplateRequestEntity(org.apache.nifi.web.api.entity.InstantiateTemplateRequestEntity) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) CreateTemplateRequestEntity(org.apache.nifi.web.api.entity.CreateTemplateRequestEntity) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)

Example 9 with SnippetEntity

use of org.apache.nifi.web.api.entity.SnippetEntity in project nifi by apache.

the class ITProcessorAccessControl method createSnippetWithRestrictedComponent.

private Tuple<ProcessorEntity, SnippetEntity> createSnippetWithRestrictedComponent(final String restrictedClassName, final NiFiTestUser user) throws Exception {
    final String processorUrl = helper.getBaseUrl() + "/process-groups/root/processors";
    final String snippetUrl = helper.getBaseUrl() + "/snippets";
    // create the processor
    ProcessorDTO processor = new ProcessorDTO();
    processor.setName("restricted");
    processor.setType(restrictedClassName);
    // create the revision
    final RevisionDTO revision = new RevisionDTO();
    revision.setClientId(READ_WRITE_CLIENT_ID);
    revision.setVersion(0L);
    // create the entity body
    ProcessorEntity entity = new ProcessorEntity();
    entity.setRevision(revision);
    entity.setComponent(processor);
    // perform the request as a user with read/write and restricted access
    Response response = user.testPost(processorUrl, entity);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    // get the response
    final ProcessorEntity responseProcessorEntity = response.readEntity(ProcessorEntity.class);
    // build the snippet for the copy/paste
    final SnippetDTO snippet = new SnippetDTO();
    snippet.setParentGroupId(responseProcessorEntity.getComponent().getParentGroupId());
    snippet.getProcessors().put(responseProcessorEntity.getId(), responseProcessorEntity.getRevision());
    // create the entity body
    final SnippetEntity snippetEntity = new SnippetEntity();
    snippetEntity.setSnippet(snippet);
    // create the snippet
    response = helper.getNoneUser().testPost(snippetUrl, snippetEntity);
    // ensure the request failed... need either read or write to create snippet (not sure what snippet will be used for)
    assertEquals(403, response.getStatus());
    // create the snippet
    response = helper.getReadWriteUser().testPost(snippetUrl, snippetEntity);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    // get the response
    return new Tuple<>(responseProcessorEntity, response.readEntity(SnippetEntity.class));
}
Also used : Response(javax.ws.rs.core.Response) SnippetDTO(org.apache.nifi.web.api.dto.SnippetDTO) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Tuple(org.apache.nifi.util.Tuple)

Example 10 with SnippetEntity

use of org.apache.nifi.web.api.entity.SnippetEntity in project nifi by apache.

the class ITProcessorAccessControl method copyPasteExecuteCodeRestrictedProcessor.

private void copyPasteExecuteCodeRestrictedProcessor(final NiFiTestUser user) throws Exception {
    final String copyUrl = helper.getBaseUrl() + "/process-groups/root/snippet-instance";
    final Tuple<ProcessorEntity, SnippetEntity> tuple = createSnippetWithRestrictedComponent(ExecuteCodeRestrictedProcessor.class.getName(), user);
    final SnippetEntity snippetEntity = tuple.getValue();
    // build the copy/paste request
    final CopySnippetRequestEntity copyRequest = new CopySnippetRequestEntity();
    copyRequest.setSnippetId(snippetEntity.getSnippet().getId());
    copyRequest.setOriginX(0.0);
    copyRequest.setOriginY(0.0);
    // create the snippet
    Response response = helper.getReadWriteUser().testPost(copyUrl, copyRequest);
    // ensure the request failed... need privileged users since snippet comprised of the restricted components
    assertEquals(403, response.getStatus());
    // perform the request as a user with read/write and only execute code restricted access
    response = user.testPost(copyUrl, copyRequest);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    final FlowEntity flowEntity = response.readEntity(FlowEntity.class);
    // remove the restricted processors
    deleteRestrictedComponent(tuple.getKey(), user);
    deleteRestrictedComponent(flowEntity.getFlow().getProcessors().stream().findFirst().orElse(null), user);
}
Also used : Response(javax.ws.rs.core.Response) CopySnippetRequestEntity(org.apache.nifi.web.api.entity.CopySnippetRequestEntity) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity)

Aggregations

SnippetEntity (org.apache.nifi.web.api.entity.SnippetEntity)10 Response (javax.ws.rs.core.Response)8 ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)6 SnippetDTO (org.apache.nifi.web.api.dto.SnippetDTO)5 FlowEntity (org.apache.nifi.web.api.entity.FlowEntity)5 ProcessGroupFlowEntity (org.apache.nifi.web.api.entity.ProcessGroupFlowEntity)5 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)4 ExecuteCodeRestrictedProcessor (org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor)4 ApiOperation (io.swagger.annotations.ApiOperation)3 ApiResponses (io.swagger.annotations.ApiResponses)3 Set (java.util.Set)3 Collectors (java.util.stream.Collectors)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 AuthorizableLookup (org.apache.nifi.authorization.AuthorizableLookup)3 Authorizer (org.apache.nifi.authorization.Authorizer)3 RequestAction (org.apache.nifi.authorization.RequestAction)3 Authorizable (org.apache.nifi.authorization.resource.Authorizable)3 NiFiUserUtils (org.apache.nifi.authorization.user.NiFiUserUtils)3