Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-2421: - Only attempting to clone policies when NiFI supports a configurable authorizer. 

This closes #738

Signed-off-by: jpercivall <joepercivall@yahoo.com>
This commit is contained in:
Matt Gilman 2016-07-28 12:56:39 -04:00 committed by jpercivall
parent 09b124714e
commit 01adb050f9
4 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
View File

@ -23,7 +23,6 @@ import org.apache.nifi.action.FlowChangeAction;
import org.apache.nifi.action.Operation;
import org.apache.nifi.action.details.FlowChangePurgeDetails;
import org.apache.nifi.admin.service.AuditService;
import org.apache.nifi.authorization.AbstractPolicyBasedAuthorizer;
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.AccessPolicy;
import org.apache.nifi.authorization.AuthorizableLookup;
@ -999,7 +998,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
logger.debug("Deletion of component {} was successful", resourceIdentifier);
// clean up the policy if necessary and configured with a policy based authorizer
if (cleanUpPolicies && authorizer instanceof AbstractPolicyBasedAuthorizer) {
if (cleanUpPolicies && accessPolicyDAO.supportsConfigurableAuthorizer()) {
try {
// since the component is being deleted, also delete any relevant read access policies
final AccessPolicy readPolicy = accessPolicyDAO.getAccessPolicy(RequestAction.READ, resourceIdentifier);

7
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/AccessPolicyDAO.java
View File

@ -23,6 +23,13 @@ import org.apache.nifi.web.api.dto.AccessPolicyDTO;
public interface AccessPolicyDAO {
/**
* Whether or not NiFi supports a configurable authorizer.
*
* @return whether or not NiFi supports a configurable authorizer
*/
boolean supportsConfigurableAuthorizer();
/**
* @param accessPolicyId access policy ID
* @return Determines if the specified access policy exists

8
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
View File

@ -46,10 +46,12 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
static final String MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER = "This NiFi is not configured to internally manage users, groups, and policies. Please contact your system administrator.";
private final AbstractPolicyBasedAuthorizer authorizer;
private final boolean supportsConfigurableAuthorizer;
public StandardPolicyBasedAuthorizerDAO(final Authorizer authorizer) {
if (authorizer instanceof AbstractPolicyBasedAuthorizer) {
this.authorizer = (AbstractPolicyBasedAuthorizer) authorizer;
this.supportsConfigurableAuthorizer = true;
} else {
this.authorizer = new AbstractPolicyBasedAuthorizer() {
@Override
@ -149,6 +151,7 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
public void preDestruction() throws AuthorizerDestructionException {
}
};
this.supportsConfigurableAuthorizer = false;
}
}
@ -159,6 +162,11 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
.orElse(null);
}
@Override
public boolean supportsConfigurableAuthorizer() {
return supportsConfigurableAuthorizer;
}
@Override
public boolean hasAccessPolicy(final String accessPolicyId) {
return authorizer.getAccessPolicy(accessPolicyId) != null;

12
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/util/SnippetUtils.java
View File

@ -612,6 +612,10 @@ public final class SnippetUtils {
* @param idGenerationSeed id generation seed
*/
private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) {
if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
return;
}
final Map<Resource, Resource> resources = new HashMap<>();
resources.put(originalComponentResource, clonedComponentResource);
resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource));
@ -661,6 +665,10 @@ public final class SnippetUtils {
* @param snippet snippet
*/
public void rollbackClonedPolicies(final FlowSnippetDTO snippet) {
if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
return;
}
snippet.getControllerServices().forEach(controllerServiceDTO -> {
rollbackClonedPolicy(ResourceFactory.getComponentResource(ResourceType.ControllerService, controllerServiceDTO.getId(), controllerServiceDTO.getName()));
});
@ -699,6 +707,10 @@ public final class SnippetUtils {
* @param componentResource component resource
*/
private void rollbackClonedPolicy(final Resource componentResource) {
if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
return;
}
final List<Resource> resources = new ArrayList<>();
resources.add(componentResource);
resources.add(ResourceFactory.getDataResource(componentResource));