NIFI-2421: - Only attempting to clone policies when NiFI supports a configurable authorizer.

This closes #738

Signed-off-by: jpercivall <joepercivall@yahoo.com>

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java

@@ -23,7 +23,6 @@ import org.apache.nifi.action.FlowChangeAction;
 import org.apache.nifi.action.Operation;
 import org.apache.nifi.action.details.FlowChangePurgeDetails;
 import org.apache.nifi.admin.service.AuditService;
-import org.apache.nifi.authorization.AbstractPolicyBasedAuthorizer;
 import org.apache.nifi.authorization.AccessDeniedException;
 import org.apache.nifi.authorization.AccessPolicy;
 import org.apache.nifi.authorization.AuthorizableLookup;
@@ -999,7 +998,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                 logger.debug("Deletion of component {} was successful", resourceIdentifier);
 
                 // clean up the policy if necessary and configured with a policy based authorizer
-                if (cleanUpPolicies && authorizer instanceof AbstractPolicyBasedAuthorizer) {
+                if (cleanUpPolicies && accessPolicyDAO.supportsConfigurableAuthorizer()) {
                     try {
                         // since the component is being deleted, also delete any relevant read access policies
                         final AccessPolicy readPolicy = accessPolicyDAO.getAccessPolicy(RequestAction.READ, resourceIdentifier);

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/AccessPolicyDAO.java

@@ -23,6 +23,13 @@ import org.apache.nifi.web.api.dto.AccessPolicyDTO;
 
 public interface AccessPolicyDAO {
 
+    /**
+     * Whether or not NiFi supports a configurable authorizer.
+     *
+     * @return whether or not NiFi supports a configurable authorizer
+     */
+    boolean supportsConfigurableAuthorizer();
+
     /**
      * @param accessPolicyId access policy ID
      * @return Determines if the specified access policy exists

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java

@@ -46,10 +46,12 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
 
     static final String MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER = "This NiFi is not configured to internally manage users, groups, and policies.  Please contact your system administrator.";
     private final AbstractPolicyBasedAuthorizer authorizer;
+    private final boolean supportsConfigurableAuthorizer;
 
     public StandardPolicyBasedAuthorizerDAO(final Authorizer authorizer) {
         if (authorizer instanceof AbstractPolicyBasedAuthorizer) {
             this.authorizer = (AbstractPolicyBasedAuthorizer) authorizer;
+            this.supportsConfigurableAuthorizer = true;
         } else {
             this.authorizer = new AbstractPolicyBasedAuthorizer() {
                 @Override
@@ -149,6 +151,7 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
                 public void preDestruction() throws AuthorizerDestructionException {
                 }
             };
+            this.supportsConfigurableAuthorizer = false;
         }
     }
 
@@ -159,6 +162,11 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
                 .orElse(null);
     }
 
+    @Override
+    public boolean supportsConfigurableAuthorizer() {
+        return supportsConfigurableAuthorizer;
+    }
+
     @Override
     public boolean hasAccessPolicy(final String accessPolicyId) {
         return authorizer.getAccessPolicy(accessPolicyId) != null;

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/util/SnippetUtils.java

@@ -612,6 +612,10 @@ public final class SnippetUtils {
      * @param idGenerationSeed id generation seed
      */
     private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) {
+        if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
+            return;
+        }
+
         final Map<Resource, Resource> resources = new HashMap<>();
         resources.put(originalComponentResource, clonedComponentResource);
         resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource));
@@ -661,6 +665,10 @@ public final class SnippetUtils {
      * @param snippet snippet
      */
     public void rollbackClonedPolicies(final FlowSnippetDTO snippet) {
+        if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
+            return;
+        }
+
         snippet.getControllerServices().forEach(controllerServiceDTO -> {
             rollbackClonedPolicy(ResourceFactory.getComponentResource(ResourceType.ControllerService, controllerServiceDTO.getId(), controllerServiceDTO.getName()));
         });
@@ -699,6 +707,10 @@ public final class SnippetUtils {
      * @param componentResource component resource
      */
     private void rollbackClonedPolicy(final Resource componentResource) {
+        if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
+            return;
+        }
+
         final List<Resource> resources = new ArrayList<>();
         resources.add(componentResource);
         resources.add(ResourceFactory.getDataResource(componentResource));