mirror of https://github.com/apache/nifi.git
NIFI-2237:
- Updating Rest Endpoint documentation specifically regarding access policies. - Ensuring the resource listing is accurate. - Removing unnecessary code.
This commit is contained in:
parent
fca59ff9d0
commit
9338f102cb
|
@ -34,30 +34,6 @@ public final class ResourceFactory {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private final static Resource CONTROLLER_SERVICE_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.ControllerService.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Controller Service";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource FUNNEL_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.Funnel.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Funnel";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource FLOW_RESOURCE = new Resource() {
|
private final static Resource FLOW_RESOURCE = new Resource() {
|
||||||
@Override
|
@Override
|
||||||
public String getIdentifier() {
|
public String getIdentifier() {
|
||||||
|
@ -70,42 +46,6 @@ public final class ResourceFactory {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private final static Resource INPUT_PORT_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.InputPort.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Input Port";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource LABEL_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.Label.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Label";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource OUTPUT_PORT_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.OutputPort.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Output Port";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource POLICY_RESOURCE = new Resource() {
|
private final static Resource POLICY_RESOURCE = new Resource() {
|
||||||
@Override
|
@Override
|
||||||
public String getIdentifier() {
|
public String getIdentifier() {
|
||||||
|
@ -118,30 +58,6 @@ public final class ResourceFactory {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private final static Resource PROCESSOR_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.Processor.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Processor";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource PROCESS_GROUP_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.ProcessGroup.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Process Group";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource COUNTERS_RESOURCE = new Resource() {
|
private final static Resource COUNTERS_RESOURCE = new Resource() {
|
||||||
@Override
|
@Override
|
||||||
public String getIdentifier() {
|
public String getIdentifier() {
|
||||||
|
@ -190,30 +106,6 @@ public final class ResourceFactory {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private final static Resource REMOTE_PROCESS_GROUP_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.RemoteProcessGroup.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Remote Process Group";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource REPORTING_TASK_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.ReportingTask.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Reporting Task";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource RESOURCE_RESOURCE = new Resource() {
|
private final static Resource RESOURCE_RESOURCE = new Resource() {
|
||||||
@Override
|
@Override
|
||||||
public String getIdentifier() {
|
public String getIdentifier() {
|
||||||
|
@ -250,18 +142,6 @@ public final class ResourceFactory {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private final static Resource TEMPLATE_RESOURCE = new Resource() {
|
|
||||||
@Override
|
|
||||||
public String getIdentifier() {
|
|
||||||
return ResourceType.Template.getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getName() {
|
|
||||||
return "Template";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private final static Resource TENANT_RESOURCE = new Resource() {
|
private final static Resource TENANT_RESOURCE = new Resource() {
|
||||||
@Override
|
@Override
|
||||||
public String getIdentifier() {
|
public String getIdentifier() {
|
||||||
|
@ -296,24 +176,6 @@ public final class ResourceFactory {
|
||||||
return CONTROLLER_RESOURCE;
|
return CONTROLLER_RESOURCE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Controller Services.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Controller Services
|
|
||||||
*/
|
|
||||||
public static Resource getControllerServiceResource() {
|
|
||||||
return CONTROLLER_SERVICE_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Funnels.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Funnels.
|
|
||||||
*/
|
|
||||||
public static Resource getFunnelResource() {
|
|
||||||
return FUNNEL_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the Resource for accessing the NiFi flow. This includes the data flow structure, component status, search results, and banner/about text.
|
* Gets the Resource for accessing the NiFi flow. This includes the data flow structure, component status, search results, and banner/about text.
|
||||||
*
|
*
|
||||||
|
@ -323,51 +185,6 @@ public final class ResourceFactory {
|
||||||
return FLOW_RESOURCE;
|
return FLOW_RESOURCE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Input Ports.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Input Ports
|
|
||||||
*/
|
|
||||||
public static Resource getInputPortResource() {
|
|
||||||
return INPUT_PORT_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Labels.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Labels
|
|
||||||
*/
|
|
||||||
public static Resource getLabelResource() {
|
|
||||||
return LABEL_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Output Ports.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Output Ports
|
|
||||||
*/
|
|
||||||
public static Resource getOutputPortResource() {
|
|
||||||
return OUTPUT_PORT_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Processors.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Processors
|
|
||||||
*/
|
|
||||||
public static Resource getProcessorResource() {
|
|
||||||
return PROCESSOR_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Process Groups.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Process Groups
|
|
||||||
*/
|
|
||||||
public static Resource getProcessGroupResource() {
|
|
||||||
return PROCESS_GROUP_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the Resource for accessing the Counters..
|
* Gets the Resource for accessing the Counters..
|
||||||
*
|
*
|
||||||
|
@ -396,24 +213,6 @@ public final class ResourceFactory {
|
||||||
return PROXY_RESOURCE;
|
return PROXY_RESOURCE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Remote Process Groups.
|
|
||||||
*
|
|
||||||
* @return The resource accessing Remote Process Groups
|
|
||||||
*/
|
|
||||||
public static Resource getRemoteProcessGroupResource() {
|
|
||||||
return REMOTE_PROCESS_GROUP_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Reporting Tasks.
|
|
||||||
*
|
|
||||||
* @return The resource for accessing Reporting Tasks
|
|
||||||
*/
|
|
||||||
public static Resource getReportingTaskResource() {
|
|
||||||
return REPORTING_TASK_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the Resource for detailing all available NiFi Resources.
|
* Gets the Resource for detailing all available NiFi Resources.
|
||||||
*
|
*
|
||||||
|
@ -442,15 +241,6 @@ public final class ResourceFactory {
|
||||||
return SYSTEM_RESOURCE;
|
return SYSTEM_RESOURCE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets the Resource for accessing Templates.
|
|
||||||
*
|
|
||||||
* @return The Resource for accessing Tempaltes
|
|
||||||
*/
|
|
||||||
public static Resource getTemplateResource() {
|
|
||||||
return TEMPLATE_RESOURCE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the Resource for accessing Tenants which includes creating, modifying, and deleting Users and UserGroups.
|
* Gets the Resource for accessing Tenants which includes creating, modifying, and deleting Users and UserGroups.
|
||||||
*
|
*
|
||||||
|
|
|
@ -102,14 +102,18 @@ public class AccessPolicyResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{action}/{resource: .+}")
|
@Path("{action}/{resource: .+}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets an access policy",
|
value = "Gets an access policy for the specified action and resource",
|
||||||
|
notes = "Will return the effective policy if no component specific policy exists for the specified action and resource. "
|
||||||
|
+ "Must have Read permissions to the policy with the desired action and resource. Permissions for the policy that is "
|
||||||
|
+ "returned will be indicated in the response. This means the client could be authorized to get the policy for a "
|
||||||
|
+ "given component but the effective policy may be inherited from an ancestor Process Group. If the client does not "
|
||||||
|
+ "have permissions to that policy, the response will not include the policy and the permissions in the response "
|
||||||
|
+ "will be marked accordingly. If the client does not have permissions to the policy of the desired action and resource "
|
||||||
|
+ "a 403 response will be returned.",
|
||||||
response = AccessPolicyEntity.class,
|
response = AccessPolicyEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /policies/{resource}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -172,12 +176,11 @@ public class AccessPolicyResource extends ApplicationResource {
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Creates an access policy",
|
value = "Creates an access policy",
|
||||||
response = AccessPolicyEntity.class,
|
response = AccessPolicyEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /policies/{resource}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -263,14 +266,11 @@ public class AccessPolicyResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets an access policy",
|
value = "Gets an access policy",
|
||||||
response = AccessPolicyEntity.class,
|
response = AccessPolicyEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /policies/{resource}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -300,7 +300,7 @@ public class AccessPolicyResource extends ApplicationResource {
|
||||||
|
|
||||||
// authorize access
|
// authorize access
|
||||||
serviceFacade.authorizeAccess(lookup -> {
|
serviceFacade.authorizeAccess(lookup -> {
|
||||||
Authorizable authorizable = lookup.getAccessPolicyById(id);
|
Authorizable authorizable = lookup.getAccessPolicyById(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -323,12 +323,11 @@ public class AccessPolicyResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a access policy",
|
value = "Updates a access policy",
|
||||||
response = AccessPolicyEntity.class,
|
response = AccessPolicyEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /policies/{resource}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -382,7 +381,7 @@ public class AccessPolicyResource extends ApplicationResource {
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getAccessPolicyById(id);
|
Authorizable authorizable = lookup.getAccessPolicyById(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
null,
|
null,
|
||||||
|
@ -412,12 +411,11 @@ public class AccessPolicyResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes an access policy",
|
value = "Deletes an access policy",
|
||||||
response = AccessPolicyEntity.class,
|
response = AccessPolicyEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /policies/{resource}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
|
|
@ -29,13 +29,6 @@ import org.apache.nifi.authentication.LoginIdentityProvider;
|
||||||
import org.apache.nifi.authentication.exception.IdentityAccessException;
|
import org.apache.nifi.authentication.exception.IdentityAccessException;
|
||||||
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
|
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
|
||||||
import org.apache.nifi.authorization.AccessDeniedException;
|
import org.apache.nifi.authorization.AccessDeniedException;
|
||||||
import org.apache.nifi.authorization.AuthorizationRequest;
|
|
||||||
import org.apache.nifi.authorization.AuthorizationResult;
|
|
||||||
import org.apache.nifi.authorization.AuthorizationResult.Result;
|
|
||||||
import org.apache.nifi.authorization.Authorizer;
|
|
||||||
import org.apache.nifi.authorization.RequestAction;
|
|
||||||
import org.apache.nifi.authorization.UserContextKeys;
|
|
||||||
import org.apache.nifi.authorization.resource.ResourceFactory;
|
|
||||||
import org.apache.nifi.authorization.user.NiFiUser;
|
import org.apache.nifi.authorization.user.NiFiUser;
|
||||||
import org.apache.nifi.authorization.user.NiFiUserDetails;
|
import org.apache.nifi.authorization.user.NiFiUserDetails;
|
||||||
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
||||||
|
@ -78,8 +71,6 @@ import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -87,8 +78,8 @@ import java.util.concurrent.TimeUnit;
|
||||||
*/
|
*/
|
||||||
@Path("/access")
|
@Path("/access")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/access",
|
value = "/access",
|
||||||
description = "Endpoints for obtaining an access token or checking access status."
|
description = "Endpoints for obtaining an access token or checking access status."
|
||||||
)
|
)
|
||||||
public class AccessResource extends ApplicationResource {
|
public class AccessResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -105,33 +96,6 @@ public class AccessResource extends ApplicationResource {
|
||||||
|
|
||||||
private KerberosService kerberosService;
|
private KerberosService kerberosService;
|
||||||
|
|
||||||
private Authorizer authorizer;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Authorizes access to the flow.
|
|
||||||
*/
|
|
||||||
private boolean hasFlowAccess(final NiFiUser user) {
|
|
||||||
final Map<String,String> userContext;
|
|
||||||
if (!StringUtils.isBlank(user.getClientAddress())) {
|
|
||||||
userContext = new HashMap<>();
|
|
||||||
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
|
||||||
} else {
|
|
||||||
userContext = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
|
||||||
.resource(ResourceFactory.getFlowResource())
|
|
||||||
.identity(user.getIdentity())
|
|
||||||
.anonymous(user.isAnonymous())
|
|
||||||
.accessAttempt(true)
|
|
||||||
.action(RequestAction.READ)
|
|
||||||
.userContext(userContext)
|
|
||||||
.build();
|
|
||||||
|
|
||||||
final AuthorizationResult result = authorizer.authorize(request);
|
|
||||||
return Result.Approved.equals(result.getResult());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieves the access configuration for this NiFi.
|
* Retrieves the access configuration for this NiFi.
|
||||||
*
|
*
|
||||||
|
@ -173,6 +137,7 @@ public class AccessResource extends ApplicationResource {
|
||||||
@Path("")
|
@Path("")
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the status the client's access",
|
value = "Gets the status the client's access",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = AccessStatusEntity.class
|
response = AccessStatusEntity.class
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -507,9 +472,6 @@ public class AccessResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
public void setAuthorizer(Authorizer authorizer) {
|
|
||||||
this.authorizer = authorizer;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setLoginIdentityProvider(LoginIdentityProvider loginIdentityProvider) {
|
public void setLoginIdentityProvider(LoginIdentityProvider loginIdentityProvider) {
|
||||||
this.loginIdentityProvider = loginIdentityProvider;
|
this.loginIdentityProvider = loginIdentityProvider;
|
||||||
|
|
|
@ -95,6 +95,8 @@ public abstract class ApplicationResource {
|
||||||
public static final String PROXY_PORT_HTTP_HEADER = "X-ProxyPort";
|
public static final String PROXY_PORT_HTTP_HEADER = "X-ProxyPort";
|
||||||
public static final String PROXY_CONTEXT_PATH_HTTP_HEADER = "X-ProxyContextPath";
|
public static final String PROXY_CONTEXT_PATH_HTTP_HEADER = "X-ProxyContextPath";
|
||||||
|
|
||||||
|
protected static final String NON_GUARANTEED_ENDPOINT = "Note: This endpoint is subject to change as the NiFi and it's REST API evolve.";
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(ApplicationResource.class);
|
private static final Logger logger = LoggerFactory.getLogger(ApplicationResource.class);
|
||||||
|
|
||||||
public static final String NODEWISE = "false";
|
public static final String NODEWISE = "false";
|
||||||
|
@ -459,7 +461,7 @@ public abstract class ApplicationResource {
|
||||||
|
|
||||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||||
return withWriteLock(serviceFacade, authorizer, verifier, action,
|
return withWriteLock(serviceFacade, authorizer, verifier, action,
|
||||||
() -> serviceFacade.verifyRevision(revision, user));
|
() -> serviceFacade.verifyRevision(revision, user));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -476,23 +478,23 @@ public abstract class ApplicationResource {
|
||||||
final Runnable verifier, final Supplier<Response> action) {
|
final Runnable verifier, final Supplier<Response> action) {
|
||||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||||
return withWriteLock(serviceFacade, authorizer, verifier, action,
|
return withWriteLock(serviceFacade, authorizer, verifier, action,
|
||||||
() -> serviceFacade.verifyRevisions(revisions, user));
|
() -> serviceFacade.verifyRevisions(revisions, user));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Executes an action through the service facade using the specified revision.
|
* Executes an action through the service facade using the specified revision.
|
||||||
*
|
*
|
||||||
* @param serviceFacade service facade
|
* @param serviceFacade service facade
|
||||||
* @param authorizer authorizer
|
* @param authorizer authorizer
|
||||||
* @param verifier verifier
|
* @param verifier verifier
|
||||||
* @param action the action to execute
|
* @param action the action to execute
|
||||||
* @param verifyRevision a callback that will claim the necessary revisions for the operation
|
* @param verifyRevision a callback that will claim the necessary revisions for the operation
|
||||||
* @return the response
|
* @return the response
|
||||||
*/
|
*/
|
||||||
private Response withWriteLock(
|
private Response withWriteLock(
|
||||||
final NiFiServiceFacade serviceFacade, final AuthorizeAccess authorizer, final Runnable verifier, final Supplier<Response> action,
|
final NiFiServiceFacade serviceFacade, final AuthorizeAccess authorizer, final Runnable verifier, final Supplier<Response> action,
|
||||||
final Runnable verifyRevision) {
|
final Runnable verifyRevision) {
|
||||||
|
|
||||||
final boolean validationPhase = isValidationPhase(httpServletRequest);
|
final boolean validationPhase = isValidationPhase(httpServletRequest);
|
||||||
if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
|
if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
|
||||||
|
@ -570,7 +572,7 @@ public abstract class ApplicationResource {
|
||||||
} else {
|
} else {
|
||||||
headers.put(RequestReplicator.REPLICATION_TARGET_NODE_UUID_HEADER, nodeId.getId());
|
headers.put(RequestReplicator.REPLICATION_TARGET_NODE_UUID_HEADER, nodeId.getId());
|
||||||
return requestReplicator.replicate(Collections.singleton(getClusterCoordinatorNode()), method,
|
return requestReplicator.replicate(Collections.singleton(getClusterCoordinatorNode()), method,
|
||||||
path, entity, headers, false, true).awaitMergedResponse().getResponse();
|
path, entity, headers, false, true).awaitMergedResponse().getResponse();
|
||||||
}
|
}
|
||||||
} catch (final InterruptedException ie) {
|
} catch (final InterruptedException ie) {
|
||||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Request to " + method + " " + path + " was interrupted").type("text/plain").build();
|
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Request to " + method + " " + path + " was interrupted").type("text/plain").build();
|
||||||
|
@ -663,8 +665,8 @@ public abstract class ApplicationResource {
|
||||||
* used will be those provided by the {@link #getHeaders()} method. The URI that will be used will be
|
* used will be those provided by the {@link #getHeaders()} method. The URI that will be used will be
|
||||||
* that provided by the {@link #getAbsolutePath()} method
|
* that provided by the {@link #getAbsolutePath()} method
|
||||||
*
|
*
|
||||||
* @param method the HTTP method to use
|
* @param method the HTTP method to use
|
||||||
* @param entity the entity to replicate
|
* @param entity the entity to replicate
|
||||||
* @param headersToOverride the headers to override
|
* @param headersToOverride the headers to override
|
||||||
* @return the response from the request
|
* @return the response from the request
|
||||||
* @see #replicateNodeResponse(String, Object, Map)
|
* @see #replicateNodeResponse(String, Object, Map)
|
||||||
|
@ -683,12 +685,10 @@ public abstract class ApplicationResource {
|
||||||
* that provided by the {@link #getAbsolutePath()} method. This method returns the NodeResponse,
|
* that provided by the {@link #getAbsolutePath()} method. This method returns the NodeResponse,
|
||||||
* rather than a Response object.
|
* rather than a Response object.
|
||||||
*
|
*
|
||||||
* @param method the HTTP method to use
|
* @param method the HTTP method to use
|
||||||
* @param entity the entity to replicate
|
* @param entity the entity to replicate
|
||||||
* @param headersToOverride the headers to override
|
* @param headersToOverride the headers to override
|
||||||
*
|
|
||||||
* @return the response from the request
|
* @return the response from the request
|
||||||
*
|
|
||||||
* @throws InterruptedException if interrupted while replicating the request
|
* @throws InterruptedException if interrupted while replicating the request
|
||||||
* @see #replicate(String, Object, Map)
|
* @see #replicate(String, Object, Map)
|
||||||
*/
|
*/
|
||||||
|
@ -851,7 +851,7 @@ public abstract class ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response handshakeExceptionResponse(HandshakeException e) {
|
public Response handshakeExceptionResponse(HandshakeException e) {
|
||||||
if(logger.isDebugEnabled()){
|
if (logger.isDebugEnabled()) {
|
||||||
logger.debug("Handshake failed, {}", e.getMessage());
|
logger.debug("Handshake failed, {}", e.getMessage());
|
||||||
}
|
}
|
||||||
ResponseCode handshakeRes = e.getResponseCode();
|
ResponseCode handshakeRes = e.getResponseCode();
|
||||||
|
|
|
@ -32,8 +32,6 @@ import org.apache.nifi.connectable.Connectable;
|
||||||
import org.apache.nifi.web.NiFiServiceFacade;
|
import org.apache.nifi.web.NiFiServiceFacade;
|
||||||
import org.apache.nifi.web.Revision;
|
import org.apache.nifi.web.Revision;
|
||||||
import org.apache.nifi.web.api.dto.ConnectionDTO;
|
import org.apache.nifi.web.api.dto.ConnectionDTO;
|
||||||
import org.apache.nifi.web.api.dto.FlowFileSummaryDTO;
|
|
||||||
import org.apache.nifi.web.api.dto.ListingRequestDTO;
|
|
||||||
import org.apache.nifi.web.api.entity.ConnectionEntity;
|
import org.apache.nifi.web.api.entity.ConnectionEntity;
|
||||||
import org.apache.nifi.web.api.request.ClientIdParameter;
|
import org.apache.nifi.web.api.request.ClientIdParameter;
|
||||||
import org.apache.nifi.web.api.request.LongParameter;
|
import org.apache.nifi.web.api.request.LongParameter;
|
||||||
|
@ -59,8 +57,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/connections")
|
@Path("/connections")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/connections",
|
value = "/connections",
|
||||||
description = "Endpoint for managing a Connection."
|
description = "Endpoint for managing a Connection."
|
||||||
)
|
)
|
||||||
public class ConnectionResource extends ApplicationResource {
|
public class ConnectionResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -87,42 +85,10 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
* @return dto
|
* @return dto
|
||||||
*/
|
*/
|
||||||
public ConnectionEntity populateRemainingConnectionEntityContent(ConnectionEntity connectionEntity) {
|
public ConnectionEntity populateRemainingConnectionEntityContent(ConnectionEntity connectionEntity) {
|
||||||
connectionEntity.setUri(generateResourceUri("connections", connectionEntity.getId()));
|
connectionEntity.setUri(generateResourceUri("connections", connectionEntity.getId()));
|
||||||
return connectionEntity;
|
return connectionEntity;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Populate the URIs for the specified flowfile listing.
|
|
||||||
*
|
|
||||||
* @param connectionId connection
|
|
||||||
* @param flowFileListing flowfile listing
|
|
||||||
* @return dto
|
|
||||||
*/
|
|
||||||
public ListingRequestDTO populateRemainingFlowFileListingContent(final String connectionId, final ListingRequestDTO flowFileListing) {
|
|
||||||
// uri of the listing
|
|
||||||
flowFileListing.setUri(generateResourceUri("connections", connectionId, "listing-requests", flowFileListing.getId()));
|
|
||||||
|
|
||||||
// uri of each flowfile
|
|
||||||
if (flowFileListing.getFlowFileSummaries() != null) {
|
|
||||||
for (final FlowFileSummaryDTO flowFile : flowFileListing.getFlowFileSummaries()) {
|
|
||||||
populateRemainingFlowFileContent(connectionId, flowFile);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return flowFileListing;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Populate the URIs for the specified flowfile.
|
|
||||||
*
|
|
||||||
* @param connectionId the connection id
|
|
||||||
* @param flowFile the flowfile
|
|
||||||
* @return the dto
|
|
||||||
*/
|
|
||||||
public FlowFileSummaryDTO populateRemainingFlowFileContent(final String connectionId, final FlowFileSummaryDTO flowFile) {
|
|
||||||
flowFile.setUri(generateResourceUri("connections", connectionId, "flowfiles", flowFile.getUuid()));
|
|
||||||
return flowFile;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieves the specified connection.
|
* Retrieves the specified connection.
|
||||||
*
|
*
|
||||||
|
@ -134,23 +100,21 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}")
|
@Path("/{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a connection",
|
value = "Gets a connection",
|
||||||
response = ConnectionEntity.class,
|
response = ConnectionEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read Source - /{component-type}/{uuid}", type = ""),
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
@Authorization(value = "Read Destination - /{component-type}/{uuid}", type = "")
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getConnection(
|
public Response getConnection(
|
||||||
|
@ -158,7 +122,7 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) throws InterruptedException {
|
@PathParam("id") final String id) throws InterruptedException {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.GET);
|
return replicate(HttpMethod.GET);
|
||||||
|
@ -183,8 +147,8 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
* Updates the specified connection.
|
* Updates the specified connection.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the connection.
|
* @param id The id of the connection.
|
||||||
* @param connectionEntity A connectionEntity.
|
* @param connectionEntity A connectionEntity.
|
||||||
* @return A connectionEntity.
|
* @return A connectionEntity.
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
*/
|
*/
|
||||||
|
@ -192,21 +156,23 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}")
|
@Path("/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a connection",
|
value = "Updates a connection",
|
||||||
response = ConnectionEntity.class,
|
response = ConnectionEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write Source - /{component-type}/{uuid}", type = ""),
|
||||||
|
@Authorization(value = "Write Destination - /{component-type}/{uuid}", type = ""),
|
||||||
|
@Authorization(value = "Write New Destination - /{component-type}/{uuid} - if updating Destination", type = ""),
|
||||||
|
@Authorization(value = "Write Process Group - /process-groups/{uuid} - if updating Destination", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateConnection(
|
public Response updateConnection(
|
||||||
|
@ -219,7 +185,7 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The connection configuration details.",
|
value = "The connection configuration details.",
|
||||||
required = true
|
required = true
|
||||||
) final ConnectionEntity connectionEntity) throws InterruptedException {
|
) final ConnectionEntity connectionEntity) throws InterruptedException {
|
||||||
|
|
||||||
if (connectionEntity == null || connectionEntity.getComponent() == null) {
|
if (connectionEntity == null || connectionEntity.getComponent() == null) {
|
||||||
throw new IllegalArgumentException("Connection details must be specified.");
|
throw new IllegalArgumentException("Connection details must be specified.");
|
||||||
|
@ -247,41 +213,41 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
|
|
||||||
final Revision revision = getRevision(connectionEntity, id);
|
final Revision revision = getRevision(connectionEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
// verifies write access to this connection (this checks the current source and destination)
|
// verifies write access to this connection (this checks the current source and destination)
|
||||||
ConnectionAuthorizable connAuth = lookup.getConnection(id);
|
ConnectionAuthorizable connAuth = lookup.getConnection(id);
|
||||||
connAuth.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
connAuth.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
|
|
||||||
// if a destination has been specified and is different
|
// if a destination has been specified and is different
|
||||||
final Connectable currentDestination = connAuth.getDestination();
|
final Connectable currentDestination = connAuth.getDestination();
|
||||||
if (connection.getDestination() != null && currentDestination.getIdentifier().equals(connection.getDestination().getId())) {
|
if (connection.getDestination() != null && currentDestination.getIdentifier().equals(connection.getDestination().getId())) {
|
||||||
// verify access of the new destination (current destination was already authorized as part of the connection check)
|
// verify access of the new destination (current destination was already authorized as part of the connection check)
|
||||||
final Authorizable newDestinationAuthorizable = lookup.getConnectable(connection.getDestination().getId());
|
final Authorizable newDestinationAuthorizable = lookup.getConnectable(connection.getDestination().getId());
|
||||||
newDestinationAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
newDestinationAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
|
|
||||||
// verify access of the parent group (this is the same check that is performed when creating the connection)
|
// verify access of the parent group (this is the same check that is performed when creating the connection)
|
||||||
connAuth.getParentGroup().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
connAuth.getParentGroup().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateConnection(connection),
|
() -> serviceFacade.verifyUpdateConnection(connection),
|
||||||
() -> {
|
() -> {
|
||||||
final ConnectionEntity entity = serviceFacade.updateConnection(revision, connection);
|
final ConnectionEntity entity = serviceFacade.updateConnection(revision, connection);
|
||||||
populateRemainingConnectionEntityContent(entity);
|
populateRemainingConnectionEntityContent(entity);
|
||||||
|
|
||||||
// generate the response
|
// generate the response
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes the specified connection.
|
* Removes the specified connection.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
||||||
* @param id The id of the connection.
|
* @param id The id of the connection.
|
||||||
* @return An Entity containing the client id and an updated revision.
|
* @return An Entity containing the client id and an updated revision.
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
*/
|
*/
|
||||||
|
@ -289,21 +255,21 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}")
|
@Path("/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a connection",
|
value = "Deletes a connection",
|
||||||
response = ConnectionEntity.class,
|
response = ConnectionEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write Source - /{component-type}/{uuid}", type = ""),
|
||||||
|
@Authorization(value = "Write Destination - /{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response deleteConnection(
|
public Response deleteConnection(
|
||||||
|
@ -322,7 +288,7 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) throws InterruptedException {
|
@PathParam("id") final String id) throws InterruptedException {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.DELETE);
|
return replicate(HttpMethod.DELETE);
|
||||||
|
@ -334,21 +300,21 @@ public class ConnectionResource extends ApplicationResource {
|
||||||
|
|
||||||
// get the current user
|
// get the current user
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
// verifies write access to the source and destination
|
// verifies write access to the source and destination
|
||||||
final Authorizable authorizable = lookup.getConnection(id).getAuthorizable();
|
final Authorizable authorizable = lookup.getConnection(id).getAuthorizable();
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteConnection(id),
|
() -> serviceFacade.verifyDeleteConnection(id),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the connection
|
// delete the connection
|
||||||
final ConnectionEntity entity = serviceFacade.deleteConnection(revision, id);
|
final ConnectionEntity entity = serviceFacade.deleteConnection(revision, id);
|
||||||
|
|
||||||
// generate the response
|
// generate the response
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,25 +16,13 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.web.api;
|
package org.apache.nifi.web.api;
|
||||||
|
|
||||||
import java.net.URI;
|
import com.sun.jersey.api.core.ResourceContext;
|
||||||
import java.util.HashMap;
|
import com.wordnik.swagger.annotations.Api;
|
||||||
import java.util.Map;
|
import com.wordnik.swagger.annotations.ApiOperation;
|
||||||
|
import com.wordnik.swagger.annotations.ApiParam;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import com.wordnik.swagger.annotations.ApiResponse;
|
||||||
import javax.ws.rs.Consumes;
|
import com.wordnik.swagger.annotations.ApiResponses;
|
||||||
import javax.ws.rs.DELETE;
|
import com.wordnik.swagger.annotations.Authorization;
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.HttpMethod;
|
|
||||||
import javax.ws.rs.POST;
|
|
||||||
import javax.ws.rs.PUT;
|
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.PathParam;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.QueryParam;
|
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.nifi.authorization.AccessDeniedException;
|
import org.apache.nifi.authorization.AccessDeniedException;
|
||||||
import org.apache.nifi.authorization.AuthorizationRequest;
|
import org.apache.nifi.authorization.AuthorizationRequest;
|
||||||
|
@ -60,21 +48,31 @@ import org.apache.nifi.web.api.entity.NodeEntity;
|
||||||
import org.apache.nifi.web.api.entity.ReportingTaskEntity;
|
import org.apache.nifi.web.api.entity.ReportingTaskEntity;
|
||||||
import org.apache.nifi.web.api.request.DateTimeParameter;
|
import org.apache.nifi.web.api.request.DateTimeParameter;
|
||||||
|
|
||||||
import com.sun.jersey.api.core.ResourceContext;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import com.wordnik.swagger.annotations.Api;
|
import javax.ws.rs.Consumes;
|
||||||
import com.wordnik.swagger.annotations.ApiOperation;
|
import javax.ws.rs.DELETE;
|
||||||
import com.wordnik.swagger.annotations.ApiParam;
|
import javax.ws.rs.GET;
|
||||||
import com.wordnik.swagger.annotations.ApiResponse;
|
import javax.ws.rs.HttpMethod;
|
||||||
import com.wordnik.swagger.annotations.ApiResponses;
|
import javax.ws.rs.POST;
|
||||||
import com.wordnik.swagger.annotations.Authorization;
|
import javax.ws.rs.PUT;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.QueryParam;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* RESTful endpoint for managing a Flow Controller.
|
* RESTful endpoint for managing a Flow Controller.
|
||||||
*/
|
*/
|
||||||
@Path("/controller")
|
@Path("/controller")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/controller",
|
value = "/controller",
|
||||||
description = "Provides realtime command and control of this NiFi instance"
|
description = "Provides realtime command and control of this NiFi instance"
|
||||||
)
|
)
|
||||||
public class ControllerResource extends ApplicationResource {
|
public class ControllerResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -93,7 +91,7 @@ public class ControllerResource extends ApplicationResource {
|
||||||
private void authorizeController(final RequestAction action) {
|
private void authorizeController(final RequestAction action) {
|
||||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||||
|
|
||||||
final Map<String,String> userContext;
|
final Map<String, String> userContext;
|
||||||
if (!StringUtils.isBlank(user.getClientAddress())) {
|
if (!StringUtils.isBlank(user.getClientAddress())) {
|
||||||
userContext = new HashMap<>();
|
userContext = new HashMap<>();
|
||||||
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
||||||
|
@ -126,23 +124,19 @@ public class ControllerResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("config")
|
@Path("config")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_NIFI')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Retrieves the configuration for this NiFi Controller",
|
value = "Retrieves the configuration for this NiFi Controller",
|
||||||
response = ControllerConfigurationEntity.class,
|
response = ControllerConfigurationEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /controller", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN"),
|
|
||||||
@Authorization(value = "ROLE_NIFI", type = "ROLE_NIFI")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getControllerConfig() {
|
public Response getControllerConfig() {
|
||||||
|
@ -161,27 +155,26 @@ public class ControllerResource extends ApplicationResource {
|
||||||
* Update the configuration for this NiFi.
|
* Update the configuration for this NiFi.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param configEntity A controllerConfigurationEntity.
|
* @param configEntity A controllerConfigurationEntity.
|
||||||
* @return A controllerConfigurationEntity.
|
* @return A controllerConfigurationEntity.
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("config")
|
@Path("config")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Retrieves the configuration for this NiFi",
|
value = "Retrieves the configuration for this NiFi",
|
||||||
response = ControllerConfigurationEntity.class,
|
response = ControllerConfigurationEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /controller", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateControllerConfig(
|
public Response updateControllerConfig(
|
||||||
|
@ -225,7 +218,7 @@ public class ControllerResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Creates a new Reporting Task.
|
* Creates a new Reporting Task.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param reportingTaskEntity A reportingTaskEntity.
|
* @param reportingTaskEntity A reportingTaskEntity.
|
||||||
* @return A reportingTaskEntity.
|
* @return A reportingTaskEntity.
|
||||||
*/
|
*/
|
||||||
|
@ -233,28 +226,27 @@ public class ControllerResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("reporting-tasks")
|
@Path("reporting-tasks")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Creates a new reporting task",
|
value = "Creates a new reporting task",
|
||||||
response = ReportingTaskEntity.class,
|
response = ReportingTaskEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /controller", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response createReportingTask(
|
public Response createReportingTask(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The reporting task configuration details.",
|
value = "The reporting task configuration details.",
|
||||||
required = true
|
required = true
|
||||||
) final ReportingTaskEntity reportingTaskEntity) {
|
) final ReportingTaskEntity reportingTaskEntity) {
|
||||||
|
|
||||||
if (reportingTaskEntity == null || reportingTaskEntity.getComponent() == null) {
|
if (reportingTaskEntity == null || reportingTaskEntity.getComponent() == null) {
|
||||||
throw new IllegalArgumentException("Reporting task details must be specified.");
|
throw new IllegalArgumentException("Reporting task details must be specified.");
|
||||||
|
@ -307,7 +299,7 @@ public class ControllerResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Creates a new Controller Service.
|
* Creates a new Controller Service.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param controllerServiceEntity A controllerServiceEntity.
|
* @param controllerServiceEntity A controllerServiceEntity.
|
||||||
* @return A controllerServiceEntity.
|
* @return A controllerServiceEntity.
|
||||||
*/
|
*/
|
||||||
|
@ -315,28 +307,27 @@ public class ControllerResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("controller-services")
|
@Path("controller-services")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Creates a new controller service",
|
value = "Creates a new controller service",
|
||||||
response = ControllerServiceEntity.class,
|
response = ControllerServiceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /controller", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response createControllerService(
|
public Response createControllerService(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The controller service configuration details.",
|
value = "The controller service configuration details.",
|
||||||
required = true
|
required = true
|
||||||
) final ControllerServiceEntity controllerServiceEntity) {
|
) final ControllerServiceEntity controllerServiceEntity) {
|
||||||
|
|
||||||
if (controllerServiceEntity == null || controllerServiceEntity.getComponent() == null) {
|
if (controllerServiceEntity == null || controllerServiceEntity.getComponent() == null) {
|
||||||
throw new IllegalArgumentException("Controller service details must be specified.");
|
throw new IllegalArgumentException("Controller service details must be specified.");
|
||||||
|
@ -395,15 +386,12 @@ public class ControllerResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("cluster")
|
@Path("cluster")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the contents of the cluster",
|
value = "Gets the contents of the cluster",
|
||||||
notes = "Returns the contents of the cluster including all nodes and their status.",
|
notes = "Returns the contents of the cluster including all nodes and their status.",
|
||||||
response = ClusterEntity.class,
|
response = ClusterEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /controller", type = "")
|
||||||
@Authorization(value = "DFM", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Admin", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -447,14 +435,11 @@ public class ControllerResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("cluster/nodes/{id}")
|
@Path("cluster/nodes/{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a node in the cluster",
|
value = "Gets a node in the cluster",
|
||||||
response = NodeEntity.class,
|
response = NodeEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /controller", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -494,7 +479,7 @@ public class ControllerResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Updates the contents of the specified node in this NiFi cluster.
|
* Updates the contents of the specified node in this NiFi cluster.
|
||||||
*
|
*
|
||||||
* @param id The id of the node
|
* @param id The id of the node
|
||||||
* @param nodeEntity A nodeEntity
|
* @param nodeEntity A nodeEntity
|
||||||
* @return A nodeEntity
|
* @return A nodeEntity
|
||||||
*/
|
*/
|
||||||
|
@ -507,7 +492,7 @@ public class ControllerResource extends ApplicationResource {
|
||||||
value = "Updates a node in the cluster",
|
value = "Updates a node in the cluster",
|
||||||
response = NodeEntity.class,
|
response = NodeEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
@Authorization(value = "Write - /controller", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -573,12 +558,11 @@ public class ControllerResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("cluster/nodes/{id}")
|
@Path("cluster/nodes/{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Removes a node from the cluster",
|
value = "Removes a node from the cluster",
|
||||||
response = NodeEntity.class,
|
response = NodeEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
@Authorization(value = "Write - /controller", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -631,12 +615,11 @@ public class ControllerResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("history")
|
@Path("history")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Purges history",
|
value = "Purges history",
|
||||||
response = HistoryEntity.class,
|
response = HistoryEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
@Authorization(value = "Write - /controller", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
|
|
@ -75,8 +75,8 @@ import java.util.stream.Collectors;
|
||||||
*/
|
*/
|
||||||
@Path("/controller-services")
|
@Path("/controller-services")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/controller-services",
|
value = "/controller-services",
|
||||||
description = "Endpoint for managing a Controller Service."
|
description = "Endpoint for managing a Controller Service."
|
||||||
)
|
)
|
||||||
public class ControllerServiceResource extends ApplicationResource {
|
public class ControllerServiceResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -148,23 +148,20 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a controller service",
|
value = "Gets a controller service",
|
||||||
response = ControllerServiceEntity.class,
|
response = ControllerServiceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /controller-services/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getControllerService(
|
public Response getControllerService(
|
||||||
|
@ -194,7 +191,7 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Returns the descriptor for the specified property.
|
* Returns the descriptor for the specified property.
|
||||||
*
|
*
|
||||||
* @param id The id of the controller service.
|
* @param id The id of the controller service.
|
||||||
* @param propertyName The property
|
* @param propertyName The property
|
||||||
* @return a propertyDescriptorEntity
|
* @return a propertyDescriptorEntity
|
||||||
*/
|
*/
|
||||||
|
@ -202,23 +199,20 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/descriptors")
|
@Path("{id}/descriptors")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a controller service property descriptor",
|
value = "Gets a controller service property descriptor",
|
||||||
response = PropertyDescriptorEntity.class,
|
response = PropertyDescriptorEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /controller-services/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getPropertyDescriptor(
|
public Response getPropertyDescriptor(
|
||||||
|
@ -269,29 +263,28 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/state")
|
@Path("{id}/state")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the state for a controller service",
|
value = "Gets the state for a controller service",
|
||||||
response = ComponentStateDTO.class,
|
response = ComponentStateDTO.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /controller-services/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getState(
|
public Response getState(
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The controller service id.",
|
value = "The controller service id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) {
|
@PathParam("id") final String id) {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.GET);
|
return replicate(HttpMethod.GET);
|
||||||
|
@ -318,37 +311,36 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
* Clears the state for a controller service.
|
* Clears the state for a controller service.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest servlet request
|
* @param httpServletRequest servlet request
|
||||||
* @param id The id of the controller service
|
* @param id The id of the controller service
|
||||||
* @return a componentStateEntity
|
* @return a componentStateEntity
|
||||||
*/
|
*/
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/state/clear-requests")
|
@Path("{id}/state/clear-requests")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Clears the state for a controller service",
|
value = "Clears the state for a controller service",
|
||||||
response = ComponentStateDTO.class,
|
response = ComponentStateDTO.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /controller-services/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response clearState(
|
public Response clearState(
|
||||||
@Context HttpServletRequest httpServletRequest,
|
@Context HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The controller service id.",
|
value = "The controller service id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) {
|
@PathParam("id") final String id) {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.POST);
|
return replicate(HttpMethod.POST);
|
||||||
|
@ -358,8 +350,8 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
|
if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
|
||||||
// authorize access
|
// authorize access
|
||||||
serviceFacade.authorizeAccess(lookup -> {
|
serviceFacade.authorizeAccess(lookup -> {
|
||||||
final Authorizable processor = lookup.getControllerService(id);
|
final Authorizable controllerService = lookup.getControllerService(id);
|
||||||
processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
if (validationPhase) {
|
if (validationPhase) {
|
||||||
|
@ -387,23 +379,20 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/references")
|
@Path("{id}/references")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a controller service",
|
value = "Gets a controller service",
|
||||||
response = ControllerServiceEntity.class,
|
response = ControllerServiceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /controller-services/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getControllerServiceReferences(
|
public Response getControllerServiceReferences(
|
||||||
|
@ -432,7 +421,7 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Updates the references of the specified controller service.
|
* Updates the references of the specified controller service.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param updateReferenceRequest The update request
|
* @param updateReferenceRequest The update request
|
||||||
* @return A controllerServiceReferencingComponentsEntity.
|
* @return A controllerServiceReferencingComponentsEntity.
|
||||||
*/
|
*/
|
||||||
|
@ -440,33 +429,32 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/references")
|
@Path("{id}/references")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a controller services references",
|
value = "Updates a controller services references",
|
||||||
response = ControllerServiceReferencingComponentsEntity.class,
|
response = ControllerServiceReferencingComponentsEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /{component-type}/{uuid} - For each referencing component specified", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateControllerServiceReferences(
|
public Response updateControllerServiceReferences(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The controller service id.",
|
value = "The controller service id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id,
|
@PathParam("id") final String id,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The controller service request update request.",
|
value = "The controller service request update request.",
|
||||||
required = true
|
required = true
|
||||||
) final UpdateControllerServiceReferenceRequestEntity updateReferenceRequest) {
|
) final UpdateControllerServiceReferenceRequestEntity updateReferenceRequest) {
|
||||||
|
|
||||||
if (updateReferenceRequest.getId() == null) {
|
if (updateReferenceRequest.getId() == null) {
|
||||||
|
@ -504,7 +492,7 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
|
|
||||||
// ensure the controller service state is not ENABLING or DISABLING
|
// ensure the controller service state is not ENABLING or DISABLING
|
||||||
if (requestControllerServiceState != null
|
if (requestControllerServiceState != null
|
||||||
&& (ControllerServiceState.ENABLING.equals(requestControllerServiceState) || ControllerServiceState.DISABLING.equals(requestControllerServiceState))) {
|
&& (ControllerServiceState.ENABLING.equals(requestControllerServiceState) || ControllerServiceState.DISABLING.equals(requestControllerServiceState))) {
|
||||||
|
|
||||||
throw new IllegalArgumentException("Cannot set the referencing services to ENABLING or DISABLING");
|
throw new IllegalArgumentException("Cannot set the referencing services to ENABLING or DISABLING");
|
||||||
}
|
}
|
||||||
|
@ -515,39 +503,39 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
|
|
||||||
// convert the referencing revisions
|
// convert the referencing revisions
|
||||||
final Map<String, Revision> referencingRevisions = updateReferenceRequest.getReferencingComponentRevisions().entrySet().stream()
|
final Map<String, Revision> referencingRevisions = updateReferenceRequest.getReferencingComponentRevisions().entrySet().stream()
|
||||||
.collect(Collectors.toMap(Map.Entry::getKey, e -> {
|
.collect(Collectors.toMap(Map.Entry::getKey, e -> {
|
||||||
final RevisionDTO rev = e.getValue();
|
final RevisionDTO rev = e.getValue();
|
||||||
return new Revision(rev.getVersion(), rev.getClientId(), e.getKey());
|
return new Revision(rev.getVersion(), rev.getClientId(), e.getKey());
|
||||||
}));
|
}));
|
||||||
final Set<Revision> revisions = new HashSet<>(referencingRevisions.values());
|
final Set<Revision> revisions = new HashSet<>(referencingRevisions.values());
|
||||||
|
|
||||||
final ScheduledState scheduledState = requestScheduledState;
|
final ScheduledState scheduledState = requestScheduledState;
|
||||||
final ControllerServiceState controllerServiceState = requestControllerServiceState;
|
final ControllerServiceState controllerServiceState = requestControllerServiceState;
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revisions,
|
revisions,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
referencingRevisions.entrySet().stream().forEach(e -> {
|
referencingRevisions.entrySet().stream().forEach(e -> {
|
||||||
final Authorizable controllerService = lookup.getControllerServiceReferencingComponent(id, e.getKey());
|
final Authorizable controllerService = lookup.getControllerServiceReferencingComponent(id, e.getKey());
|
||||||
controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateControllerServiceReferencingComponents(updateReferenceRequest.getId(), scheduledState, controllerServiceState),
|
() -> serviceFacade.verifyUpdateControllerServiceReferencingComponents(updateReferenceRequest.getId(), scheduledState, controllerServiceState),
|
||||||
() -> {
|
() -> {
|
||||||
// update the controller service references
|
// update the controller service references
|
||||||
final ControllerServiceReferencingComponentsEntity entity = serviceFacade.updateControllerServiceReferencingComponents(
|
final ControllerServiceReferencingComponentsEntity entity = serviceFacade.updateControllerServiceReferencingComponents(
|
||||||
referencingRevisions, updateReferenceRequest.getId(), scheduledState, controllerServiceState);
|
referencingRevisions, updateReferenceRequest.getId(), scheduledState, controllerServiceState);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Updates the specified a new Controller Service.
|
* Updates the specified a new Controller Service.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the controller service to update.
|
* @param id The id of the controller service to update.
|
||||||
* @param controllerServiceEntity A controllerServiceEntity.
|
* @param controllerServiceEntity A controllerServiceEntity.
|
||||||
* @return A controllerServiceEntity.
|
* @return A controllerServiceEntity.
|
||||||
*/
|
*/
|
||||||
|
@ -555,21 +543,20 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a controller service",
|
value = "Updates a controller service",
|
||||||
response = ControllerServiceEntity.class,
|
response = ControllerServiceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /controller-services/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateControllerService(
|
public Response updateControllerService(
|
||||||
|
@ -606,20 +593,20 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(controllerServiceEntity, id);
|
final Revision revision = getRevision(controllerServiceEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getControllerService(id);
|
Authorizable authorizable = lookup.getControllerService(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateControllerService(requestControllerServiceDTO),
|
() -> serviceFacade.verifyUpdateControllerService(requestControllerServiceDTO),
|
||||||
() -> {
|
() -> {
|
||||||
// update the controller service
|
// update the controller service
|
||||||
final ControllerServiceEntity entity = serviceFacade.updateControllerService(revision, requestControllerServiceDTO);
|
final ControllerServiceEntity entity = serviceFacade.updateControllerService(revision, requestControllerServiceDTO);
|
||||||
populateRemainingControllerServiceEntityContent(entity);
|
populateRemainingControllerServiceEntityContent(entity);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -627,33 +614,32 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
* Removes the specified controller service.
|
* Removes the specified controller service.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with
|
* @param version The revision is used to verify the client is working with
|
||||||
* the latest version of the flow.
|
* the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a
|
* @param clientId Optional client id. If the client id is not specified, a
|
||||||
* new one will be generated. This value (whether specified or generated) is
|
* new one will be generated. This value (whether specified or generated) is
|
||||||
* included in the response.
|
* included in the response.
|
||||||
* @param id The id of the controller service to remove.
|
* @param id The id of the controller service to remove.
|
||||||
* @return A entity containing the client id and an updated revision.
|
* @return A entity containing the client id and an updated revision.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a controller service",
|
value = "Deletes a controller service",
|
||||||
response = ControllerServiceEntity.class,
|
response = ControllerServiceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /controller-services/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeControllerService(
|
public Response removeControllerService(
|
||||||
|
@ -681,18 +667,18 @@ public class ControllerServiceResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable controllerService = lookup.getControllerService(id);
|
final Authorizable controllerService = lookup.getControllerService(id);
|
||||||
controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteControllerService(id),
|
() -> serviceFacade.verifyDeleteControllerService(id),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the specified controller service
|
// delete the specified controller service
|
||||||
final ControllerServiceEntity entity = serviceFacade.deleteControllerService(revision, id);
|
final ControllerServiceEntity entity = serviceFacade.deleteControllerService(revision, id);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -42,7 +42,6 @@ import org.apache.nifi.web.api.dto.CounterDTO;
|
||||||
import org.apache.nifi.web.api.dto.CountersDTO;
|
import org.apache.nifi.web.api.dto.CountersDTO;
|
||||||
import org.apache.nifi.web.api.entity.CounterEntity;
|
import org.apache.nifi.web.api.entity.CounterEntity;
|
||||||
import org.apache.nifi.web.api.entity.CountersEntity;
|
import org.apache.nifi.web.api.entity.CountersEntity;
|
||||||
import org.apache.nifi.web.api.entity.Entity;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -85,7 +84,7 @@ public class CountersResource extends ApplicationResource {
|
||||||
private void authorizeCounters(final RequestAction action) {
|
private void authorizeCounters(final RequestAction action) {
|
||||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||||
|
|
||||||
final Map<String,String> userContext;
|
final Map<String, String> userContext;
|
||||||
if (!StringUtils.isBlank(user.getClientAddress())) {
|
if (!StringUtils.isBlank(user.getClientAddress())) {
|
||||||
userContext = new HashMap<>();
|
userContext = new HashMap<>();
|
||||||
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
||||||
|
@ -119,14 +118,12 @@ public class CountersResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("") // necessary due to a bug in swagger
|
@Path("") // necessary due to a bug in swagger
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the current counters for this NiFi",
|
value = "Gets the current counters for this NiFi",
|
||||||
response = Entity.class,
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
|
response = CountersEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /counters", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -204,7 +201,7 @@ public class CountersResource extends ApplicationResource {
|
||||||
* Update the specified counter. This will reset the counter value to 0.
|
* Update the specified counter. This will reset the counter value to 0.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the counter.
|
* @param id The id of the counter.
|
||||||
* @return A counterEntity.
|
* @return A counterEntity.
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
|
@ -214,9 +211,10 @@ public class CountersResource extends ApplicationResource {
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates the specified counter. This will reset the counter value to 0",
|
value = "Updates the specified counter. This will reset the counter value to 0",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = CounterEntity.class,
|
response = CounterEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /counters", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
|
|
@ -119,7 +119,7 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authorizes access to data transfers.
|
* Authorizes access to data transfers.
|
||||||
*
|
* <p>
|
||||||
* Note: Protected for testing purposes
|
* Note: Protected for testing purposes
|
||||||
*/
|
*/
|
||||||
protected void authorizeDataTransfer(final ResourceType resourceType, final String identifier) {
|
protected void authorizeDataTransfer(final ResourceType resourceType, final String identifier) {
|
||||||
|
@ -129,7 +129,7 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
throw new IllegalArgumentException("The resource must be an Input or Output Port.");
|
throw new IllegalArgumentException("The resource must be an Input or Output Port.");
|
||||||
}
|
}
|
||||||
|
|
||||||
final Map<String,String> userContext;
|
final Map<String, String> userContext;
|
||||||
if (user.getClientAddress() != null && !user.getClientAddress().trim().isEmpty()) {
|
if (user.getClientAddress() != null && !user.getClientAddress().trim().isEmpty()) {
|
||||||
userContext = new HashMap<>();
|
userContext = new HashMap<>();
|
||||||
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
||||||
|
@ -137,7 +137,6 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
userContext = null;
|
userContext = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO - use DataTransferAuthorizable after looking up underlying component for consistentency
|
|
||||||
final Resource resource = ResourceFactory.getComponentResource(resourceType, identifier, identifier);
|
final Resource resource = ResourceFactory.getComponentResource(resourceType, identifier, identifier);
|
||||||
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
||||||
.resource(ResourceFactory.getDataTransferResource(resource))
|
.resource(ResourceFactory.getDataTransferResource(resource))
|
||||||
|
@ -158,14 +157,11 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@POST
|
@POST
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{portType}/{portId}/transactions")
|
@Path("{portType}/{portId}/transactions")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Create a transaction to the specified output port or input port",
|
value = "Create a transaction to the specified output port or input port",
|
||||||
response = TransactionResultEntity.class,
|
response = TransactionResultEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Write - /data-transfer/{component-type}/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -192,7 +188,7 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
InputStream inputStream) {
|
InputStream inputStream) {
|
||||||
|
|
||||||
|
|
||||||
if(!PORT_TYPE_INPUT.equals(portType) && !PORT_TYPE_OUTPUT.equals(portType)){
|
if (!PORT_TYPE_INPUT.equals(portType) && !PORT_TYPE_OUTPUT.equals(portType)) {
|
||||||
return responseCreator.wrongPortTypeResponse(portType, portId);
|
return responseCreator.wrongPortTypeResponse(portType, portId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -235,14 +231,11 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_OCTET_STREAM)
|
@Consumes(MediaType.APPLICATION_OCTET_STREAM)
|
||||||
@Produces(MediaType.TEXT_PLAIN)
|
@Produces(MediaType.TEXT_PLAIN)
|
||||||
@Path("input-ports/{portId}/transactions/{transactionId}/flow-files")
|
@Path("input-ports/{portId}/transactions/{transactionId}/flow-files")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Transfer flow files to the input port",
|
value = "Transfer flow files to the input port",
|
||||||
response = String.class,
|
response = String.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Write - /data-transfer/input-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -301,7 +294,7 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
return responseCreator.unexpectedErrorResponse(portId, e);
|
return responseCreator.unexpectedErrorResponse(portId, e);
|
||||||
}
|
}
|
||||||
|
|
||||||
String serverChecksum = ((HttpServerCommunicationsSession)peer.getCommunicationsSession()).getChecksum();
|
String serverChecksum = ((HttpServerCommunicationsSession) peer.getCommunicationsSession()).getChecksum();
|
||||||
return responseCreator.acceptedResponse(transactionManager, serverChecksum, transportProtocolVersion);
|
return responseCreator.acceptedResponse(transactionManager, serverChecksum, transportProtocolVersion);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -379,14 +372,11 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_OCTET_STREAM)
|
@Consumes(MediaType.APPLICATION_OCTET_STREAM)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("output-ports/{portId}/transactions/{transactionId}")
|
@Path("output-ports/{portId}/transactions/{transactionId}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Commit or cancel the specified transaction",
|
value = "Commit or cancel the specified transaction",
|
||||||
response = TransactionResultEntity.class,
|
response = TransactionResultEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Write - /data-transfer/output-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -445,12 +435,12 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
String inputErrMessage = null;
|
String inputErrMessage = null;
|
||||||
if (responseCode == null) {
|
if (responseCode == null) {
|
||||||
inputErrMessage = "responseCode is required.";
|
inputErrMessage = "responseCode is required.";
|
||||||
} else if(ResponseCode.CONFIRM_TRANSACTION.getCode() != responseCode
|
} else if (ResponseCode.CONFIRM_TRANSACTION.getCode() != responseCode
|
||||||
&& ResponseCode.CANCEL_TRANSACTION.getCode() != responseCode) {
|
&& ResponseCode.CANCEL_TRANSACTION.getCode() != responseCode) {
|
||||||
inputErrMessage = "responseCode " + responseCode + " is invalid. ";
|
inputErrMessage = "responseCode " + responseCode + " is invalid. ";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (inputErrMessage != null){
|
if (inputErrMessage != null) {
|
||||||
entity.setMessage(inputErrMessage);
|
entity.setMessage(inputErrMessage);
|
||||||
entity.setResponseCode(ResponseCode.ABORT.getCode());
|
entity.setResponseCode(ResponseCode.ABORT.getCode());
|
||||||
return Response.status(Response.Status.BAD_REQUEST).entity(entity).build();
|
return Response.status(Response.Status.BAD_REQUEST).entity(entity).build();
|
||||||
|
@ -470,7 +460,7 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
HttpServerCommunicationsSession commsSession = (HttpServerCommunicationsSession) peer.getCommunicationsSession();
|
HttpServerCommunicationsSession commsSession = (HttpServerCommunicationsSession) peer.getCommunicationsSession();
|
||||||
logger.error("Failed to process the request", e);
|
logger.error("Failed to process the request", e);
|
||||||
if(ResponseCode.BAD_CHECKSUM.equals(commsSession.getResponseCode())){
|
if (ResponseCode.BAD_CHECKSUM.equals(commsSession.getResponseCode())) {
|
||||||
entity.setResponseCode(commsSession.getResponseCode().getCode());
|
entity.setResponseCode(commsSession.getResponseCode().getCode());
|
||||||
entity.setMessage(e.getMessage());
|
entity.setMessage(e.getMessage());
|
||||||
|
|
||||||
|
@ -489,14 +479,11 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_OCTET_STREAM)
|
@Consumes(MediaType.APPLICATION_OCTET_STREAM)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("input-ports/{portId}/transactions/{transactionId}")
|
@Path("input-ports/{portId}/transactions/{transactionId}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Commit or cancel the specified transaction",
|
value = "Commit or cancel the specified transaction",
|
||||||
response = TransactionResultEntity.class,
|
response = TransactionResultEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Write - /data-transfer/input-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -552,13 +539,13 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
String inputErrMessage = null;
|
String inputErrMessage = null;
|
||||||
if (responseCode == null) {
|
if (responseCode == null) {
|
||||||
inputErrMessage = "responseCode is required.";
|
inputErrMessage = "responseCode is required.";
|
||||||
} else if(ResponseCode.BAD_CHECKSUM.getCode() != responseCode
|
} else if (ResponseCode.BAD_CHECKSUM.getCode() != responseCode
|
||||||
&& ResponseCode.CONFIRM_TRANSACTION.getCode() != responseCode
|
&& ResponseCode.CONFIRM_TRANSACTION.getCode() != responseCode
|
||||||
&& ResponseCode.CANCEL_TRANSACTION.getCode() != responseCode) {
|
&& ResponseCode.CANCEL_TRANSACTION.getCode() != responseCode) {
|
||||||
inputErrMessage = "responseCode " + responseCode + " is invalid. ";
|
inputErrMessage = "responseCode " + responseCode + " is invalid. ";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (inputErrMessage != null){
|
if (inputErrMessage != null) {
|
||||||
entity.setMessage(inputErrMessage);
|
entity.setMessage(inputErrMessage);
|
||||||
entity.setResponseCode(ResponseCode.ABORT.getCode());
|
entity.setResponseCode(ResponseCode.ABORT.getCode());
|
||||||
return Response.status(Response.Status.BAD_REQUEST).entity(entity).build();
|
return Response.status(Response.Status.BAD_REQUEST).entity(entity).build();
|
||||||
|
@ -575,8 +562,8 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
entity.setResponseCode(commsSession.getResponseCode().getCode());
|
entity.setResponseCode(commsSession.getResponseCode().getCode());
|
||||||
entity.setFlowFileSent(flowFileSent);
|
entity.setFlowFileSent(flowFileSent);
|
||||||
|
|
||||||
} catch (IOException e){
|
} catch (IOException e) {
|
||||||
if (ResponseCode.BAD_CHECKSUM.getCode() == responseCode && e.getMessage().contains("Received a BadChecksum response")){
|
if (ResponseCode.BAD_CHECKSUM.getCode() == responseCode && e.getMessage().contains("Received a BadChecksum response")) {
|
||||||
// AbstractFlowFileServerProtocol throws IOException after it canceled transaction.
|
// AbstractFlowFileServerProtocol throws IOException after it canceled transaction.
|
||||||
// This is a known behavior and if we return 500 with this exception,
|
// This is a known behavior and if we return 500 with this exception,
|
||||||
// it's not clear if there is an issue at server side, or cancel operation has been accomplished.
|
// it's not clear if there is an issue at server side, or cancel operation has been accomplished.
|
||||||
|
@ -610,14 +597,11 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_OCTET_STREAM)
|
@Produces(MediaType.APPLICATION_OCTET_STREAM)
|
||||||
@Path("output-ports/{portId}/transactions/{transactionId}/flow-files")
|
@Path("output-ports/{portId}/transactions/{transactionId}/flow-files")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Transfer flow files from the output port",
|
value = "Transfer flow files from the output port",
|
||||||
response = StreamingOutput.class,
|
response = StreamingOutput.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Write - /data-transfer/output-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -665,13 +649,13 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@Override
|
@Override
|
||||||
public void write(OutputStream outputStream) throws IOException, WebApplicationException {
|
public void write(OutputStream outputStream) throws IOException, WebApplicationException {
|
||||||
|
|
||||||
HttpOutput output = (HttpOutput)peer.getCommunicationsSession().getOutput();
|
HttpOutput output = (HttpOutput) peer.getCommunicationsSession().getOutput();
|
||||||
output.setOutputStream(outputStream);
|
output.setOutputStream(outputStream);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
int numOfFlowFiles = serverProtocol.getPort().transferFlowFiles(peer, serverProtocol);
|
int numOfFlowFiles = serverProtocol.getPort().transferFlowFiles(peer, serverProtocol);
|
||||||
logger.debug("finished transferring flow files, numOfFlowFiles={}", numOfFlowFiles);
|
logger.debug("finished transferring flow files, numOfFlowFiles={}", numOfFlowFiles);
|
||||||
if(numOfFlowFiles < 1){
|
if (numOfFlowFiles < 1) {
|
||||||
// There was no flow file to transfer. Throw this exception to stop responding with SEE OTHER.
|
// There was no flow file to transfer. Throw this exception to stop responding with SEE OTHER.
|
||||||
throw new WebApplicationException(Response.Status.OK);
|
throw new WebApplicationException(Response.Status.OK);
|
||||||
}
|
}
|
||||||
|
@ -697,14 +681,11 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("input-ports/{portId}/transactions/{transactionId}")
|
@Path("input-ports/{portId}/transactions/{transactionId}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Extend transaction TTL",
|
value = "Extend transaction TTL",
|
||||||
response = TransactionResultEntity.class,
|
response = TransactionResultEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Write - /data-transfer/input-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -735,14 +716,11 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("output-ports/{portId}/transactions/{transactionId}")
|
@Path("output-ports/{portId}/transactions/{transactionId}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Extend transaction TTL",
|
value = "Extend transaction TTL",
|
||||||
response = TransactionResultEntity.class,
|
response = TransactionResultEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Write - /data-transfer/output-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -785,7 +763,7 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
return validationResult.errResponse;
|
return validationResult.errResponse;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!PORT_TYPE_INPUT.equals(portType) && !PORT_TYPE_OUTPUT.equals(portType)){
|
if (!PORT_TYPE_INPUT.equals(portType) && !PORT_TYPE_OUTPUT.equals(portType)) {
|
||||||
return responseCreator.wrongPortTypeResponse(portType, portId);
|
return responseCreator.wrongPortTypeResponse(portType, portId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -826,7 +804,7 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
|
|
||||||
private ValidateRequestResult validateResult(HttpServletRequest req, String portId, String transactionId) {
|
private ValidateRequestResult validateResult(HttpServletRequest req, String portId, String transactionId) {
|
||||||
ValidateRequestResult result = new ValidateRequestResult();
|
ValidateRequestResult result = new ValidateRequestResult();
|
||||||
if(!properties.isSiteToSiteHttpEnabled()) {
|
if (!properties.isSiteToSiteHttpEnabled()) {
|
||||||
result.errResponse = responseCreator.httpSiteToSiteIsNotEnabledResponse();
|
result.errResponse = responseCreator.httpSiteToSiteIsNotEnabledResponse();
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -838,9 +816,9 @@ public class DataTransferResource extends ApplicationResource {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!isEmpty(transactionId) && !transactionManager.isTransactionActive(transactionId)) {
|
if (!isEmpty(transactionId) && !transactionManager.isTransactionActive(transactionId)) {
|
||||||
result.errResponse = responseCreator.transactionNotFoundResponse(portId, transactionId);
|
result.errResponse = responseCreator.transactionNotFoundResponse(portId, transactionId);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
|
|
|
@ -69,8 +69,8 @@ import java.net.URI;
|
||||||
*/
|
*/
|
||||||
@Path("/flowfile-queues")
|
@Path("/flowfile-queues")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/flowfile-queues",
|
value = "/flowfile-queues",
|
||||||
description = "Endpoint for managing a FlowFile Queue."
|
description = "Endpoint for managing a FlowFile Queue."
|
||||||
)
|
)
|
||||||
public class FlowFileQueueResource extends ApplicationResource {
|
public class FlowFileQueueResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Populate the URIs for the specified flowfile listing.
|
* Populate the URIs for the specified flowfile listing.
|
||||||
*
|
*
|
||||||
* @param connectionId connection
|
* @param connectionId connection
|
||||||
* @param flowFileListing flowfile listing
|
* @param flowFileListing flowfile listing
|
||||||
* @return dto
|
* @return dto
|
||||||
*/
|
*/
|
||||||
|
@ -101,7 +101,7 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
* Populate the URIs for the specified flowfile.
|
* Populate the URIs for the specified flowfile.
|
||||||
*
|
*
|
||||||
* @param connectionId the connection id
|
* @param connectionId the connection id
|
||||||
* @param flowFile the flowfile
|
* @param flowFile the flowfile
|
||||||
* @return the dto
|
* @return the dto
|
||||||
*/
|
*/
|
||||||
public FlowFileSummaryDTO populateRemainingFlowFileContent(final String connectionId, final FlowFileSummaryDTO flowFile) {
|
public FlowFileSummaryDTO populateRemainingFlowFileContent(final String connectionId, final FlowFileSummaryDTO flowFile) {
|
||||||
|
@ -112,8 +112,8 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Gets the specified flowfile from the specified connection.
|
* Gets the specified flowfile from the specified connection.
|
||||||
*
|
*
|
||||||
* @param connectionId The connection id
|
* @param connectionId The connection id
|
||||||
* @param flowFileUuid The flowfile uuid
|
* @param flowFileUuid The flowfile uuid
|
||||||
* @param clusterNodeId The cluster node id where the flowfile resides
|
* @param clusterNodeId The cluster node id where the flowfile resides
|
||||||
* @return a flowFileDTO
|
* @return a flowFileDTO
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
|
@ -122,38 +122,37 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/flowfiles/{flowfile-uuid}")
|
@Path("{id}/flowfiles/{flowfile-uuid}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a FlowFile from a Connection.",
|
value = "Gets a FlowFile from a Connection.",
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Read Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getFlowFile(
|
public Response getFlowFile(
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String connectionId,
|
@PathParam("id") final String connectionId,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The flowfile uuid.",
|
value = "The flowfile uuid.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("flowfile-uuid") final String flowFileUuid,
|
@PathParam("flowfile-uuid") final String flowFileUuid,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The id of the node where the content exists if clustered.",
|
value = "The id of the node where the content exists if clustered.",
|
||||||
required = false
|
required = false
|
||||||
)
|
)
|
||||||
@QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
|
@QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
|
||||||
|
|
||||||
// replicate if cluster manager
|
// replicate if cluster manager
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
|
@ -187,9 +186,9 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Gets the content for the specified flowfile in the specified connection.
|
* Gets the content for the specified flowfile in the specified connection.
|
||||||
*
|
*
|
||||||
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
||||||
* @param connectionId The connection id
|
* @param connectionId The connection id
|
||||||
* @param flowFileUuid The flowfile uuid
|
* @param flowFileUuid The flowfile uuid
|
||||||
* @param clusterNodeId The cluster node id
|
* @param clusterNodeId The cluster node id
|
||||||
* @return The content stream
|
* @return The content stream
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
|
@ -198,43 +197,42 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.WILDCARD)
|
@Produces(MediaType.WILDCARD)
|
||||||
@Path("{id}/flowfiles/{flowfile-uuid}/content")
|
@Path("{id}/flowfiles/{flowfile-uuid}/content")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the content for a FlowFile in a Connection.",
|
value = "Gets the content for a FlowFile in a Connection.",
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Read Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response downloadFlowFileContent(
|
public Response downloadFlowFileContent(
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
|
value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
|
||||||
required = false
|
required = false
|
||||||
)
|
)
|
||||||
@QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId,
|
@QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String connectionId,
|
@PathParam("id") final String connectionId,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The flowfile uuid.",
|
value = "The flowfile uuid.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("flowfile-uuid") final String flowFileUuid,
|
@PathParam("flowfile-uuid") final String flowFileUuid,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The id of the node where the content exists if clustered.",
|
value = "The id of the node where the content exists if clustered.",
|
||||||
required = false
|
required = false
|
||||||
)
|
)
|
||||||
@QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
|
@QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
|
||||||
|
|
||||||
// replicate if cluster manager
|
// replicate if cluster manager
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
|
@ -287,36 +285,35 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
* Creates a request to list the flowfiles in the queue of the specified connection.
|
* Creates a request to list the flowfiles in the queue of the specified connection.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the connection
|
* @param id The id of the connection
|
||||||
* @return A listRequestEntity
|
* @return A listRequestEntity
|
||||||
*/
|
*/
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/listing-requests")
|
@Path("{id}/listing-requests")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Lists the contents of the queue in this connection.",
|
value = "Lists the contents of the queue in this connection.",
|
||||||
response = ListingRequestEntity.class,
|
response = ListingRequestEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Read Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 202, message = "The request has been accepted. A HTTP response header will contain the URI where the response can be polled."),
|
@ApiResponse(code = 202, message = "The request has been accepted. A HTTP response header will contain the URI where the response can be polled."),
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response createFlowFileListing(
|
public Response createFlowFileListing(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) {
|
@PathParam("id") final String id) {
|
||||||
|
|
||||||
|
@ -358,7 +355,7 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Checks the status of an outstanding listing request.
|
* Checks the status of an outstanding listing request.
|
||||||
*
|
*
|
||||||
* @param connectionId The id of the connection
|
* @param connectionId The id of the connection
|
||||||
* @param listingRequestId The id of the drop request
|
* @param listingRequestId The id of the drop request
|
||||||
* @return A dropRequestEntity
|
* @return A dropRequestEntity
|
||||||
*/
|
*/
|
||||||
|
@ -366,32 +363,31 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/listing-requests/{listing-request-id}")
|
@Path("{id}/listing-requests/{listing-request-id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the current status of a listing request for the specified connection.",
|
value = "Gets the current status of a listing request for the specified connection.",
|
||||||
response = ListingRequestEntity.class,
|
response = ListingRequestEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Read Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getListingRequest(
|
public Response getListingRequest(
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String connectionId,
|
@PathParam("id") final String connectionId,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The listing request id.",
|
value = "The listing request id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("listing-request-id") final String listingRequestId) {
|
@PathParam("listing-request-id") final String listingRequestId) {
|
||||||
|
|
||||||
|
@ -421,41 +417,40 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
* Deletes the specified listing request.
|
* Deletes the specified listing request.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param connectionId The connection id
|
* @param connectionId The connection id
|
||||||
* @param listingRequestId The drop request id
|
* @param listingRequestId The drop request id
|
||||||
* @return A dropRequestEntity
|
* @return A dropRequestEntity
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/listing-requests/{listing-request-id}")
|
@Path("{id}/listing-requests/{listing-request-id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Cancels and/or removes a request to list the contents of this connection.",
|
value = "Cancels and/or removes a request to list the contents of this connection.",
|
||||||
response = DropRequestEntity.class,
|
response = DropRequestEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Read Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response deleteListingRequest(
|
public Response deleteListingRequest(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String connectionId,
|
@PathParam("id") final String connectionId,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The listing request id.",
|
value = "The listing request id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("listing-request-id") final String listingRequestId) {
|
@PathParam("listing-request-id") final String listingRequestId) {
|
||||||
|
|
||||||
|
@ -497,38 +492,37 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
* Creates a request to delete the flowfiles in the queue of the specified connection.
|
* Creates a request to delete the flowfiles in the queue of the specified connection.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the connection
|
* @param id The id of the connection
|
||||||
* @return A dropRequestEntity
|
* @return A dropRequestEntity
|
||||||
*/
|
*/
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/drop-requests")
|
@Path("{id}/drop-requests")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Creates a request to drop the contents of the queue in this connection.",
|
value = "Creates a request to drop the contents of the queue in this connection.",
|
||||||
response = DropRequestEntity.class,
|
response = DropRequestEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 202, message = "The request has been accepted. A HTTP response header will contain the URI where the response can be polled."),
|
@ApiResponse(code = 202, message = "The request has been accepted. A HTTP response header will contain the URI where the response can be polled."),
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response createDropRequest(
|
public Response createDropRequest(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The connection id.",
|
value = "The connection id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) {
|
@PathParam("id") final String id) {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.POST);
|
return replicate(HttpMethod.POST);
|
||||||
|
@ -567,7 +561,7 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Checks the status of an outstanding drop request.
|
* Checks the status of an outstanding drop request.
|
||||||
*
|
*
|
||||||
* @param connectionId The id of the connection
|
* @param connectionId The id of the connection
|
||||||
* @param dropRequestId The id of the drop request
|
* @param dropRequestId The id of the drop request
|
||||||
* @return A dropRequestEntity
|
* @return A dropRequestEntity
|
||||||
*/
|
*/
|
||||||
|
@ -575,21 +569,20 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/drop-requests/{drop-request-id}")
|
@Path("{id}/drop-requests/{drop-request-id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the current status of a drop request for the specified connection.",
|
value = "Gets the current status of a drop request for the specified connection.",
|
||||||
response = DropRequestEntity.class,
|
response = DropRequestEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getDropRequest(
|
public Response getDropRequest(
|
||||||
|
@ -630,29 +623,28 @@ public class FlowFileQueueResource extends ApplicationResource {
|
||||||
* Deletes the specified drop request.
|
* Deletes the specified drop request.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param connectionId The connection id
|
* @param connectionId The connection id
|
||||||
* @param dropRequestId The drop request id
|
* @param dropRequestId The drop request id
|
||||||
* @return A dropRequestEntity
|
* @return A dropRequestEntity
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/drop-requests/{drop-request-id}")
|
@Path("{id}/drop-requests/{drop-request-id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Cancels and/or removes a request to drop the contents of this connection.",
|
value = "Cancels and/or removes a request to drop the contents of this connection.",
|
||||||
response = DropRequestEntity.class,
|
response = DropRequestEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write Source Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeDropRequest(
|
public Response removeDropRequest(
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -55,8 +55,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/funnels")
|
@Path("/funnels")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/funnel",
|
value = "/funnel",
|
||||||
description = "Endpoint for managing a Funnel."
|
description = "Endpoint for managing a Funnel."
|
||||||
)
|
)
|
||||||
public class FunnelResource extends ApplicationResource {
|
public class FunnelResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -97,23 +97,20 @@ public class FunnelResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a funnel",
|
value = "Gets a funnel",
|
||||||
response = FunnelEntity.class,
|
response = FunnelEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /funnels/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getFunnel(
|
public Response getFunnel(
|
||||||
|
@ -144,29 +141,28 @@ public class FunnelResource extends ApplicationResource {
|
||||||
* Creates a new Funnel.
|
* Creates a new Funnel.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the funnel to update.
|
* @param id The id of the funnel to update.
|
||||||
* @param funnelEntity A funnelEntity.
|
* @param funnelEntity A funnelEntity.
|
||||||
* @return A funnelEntity.
|
* @return A funnelEntity.
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a funnel",
|
value = "Updates a funnel",
|
||||||
response = FunnelEntity.class,
|
response = FunnelEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /funnels/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateFunnel(
|
public Response updateFunnel(
|
||||||
|
@ -203,20 +199,20 @@ public class FunnelResource extends ApplicationResource {
|
||||||
// Extract the revision
|
// Extract the revision
|
||||||
final Revision revision = getRevision(funnelEntity, id);
|
final Revision revision = getRevision(funnelEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getFunnel(id);
|
Authorizable authorizable = lookup.getFunnel(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
null,
|
null,
|
||||||
() -> {
|
() -> {
|
||||||
// update the funnel
|
// update the funnel
|
||||||
final FunnelEntity entity = serviceFacade.updateFunnel(revision, requestFunnelDTO);
|
final FunnelEntity entity = serviceFacade.updateFunnel(revision, requestFunnelDTO);
|
||||||
populateRemainingFunnelEntityContent(entity);
|
populateRemainingFunnelEntityContent(entity);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -224,33 +220,32 @@ public class FunnelResource extends ApplicationResource {
|
||||||
* Removes the specified funnel.
|
* Removes the specified funnel.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with
|
* @param version The revision is used to verify the client is working with
|
||||||
* the latest version of the flow.
|
* the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a
|
* @param clientId Optional client id. If the client id is not specified, a
|
||||||
* new one will be generated. This value (whether specified or generated) is
|
* new one will be generated. This value (whether specified or generated) is
|
||||||
* included in the response.
|
* included in the response.
|
||||||
* @param id The id of the funnel to remove.
|
* @param id The id of the funnel to remove.
|
||||||
* @return A entity containing the client id and an updated revision.
|
* @return A entity containing the client id and an updated revision.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a funnel",
|
value = "Deletes a funnel",
|
||||||
response = FunnelEntity.class,
|
response = FunnelEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /funnels/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeFunnel(
|
public Response removeFunnel(
|
||||||
|
@ -278,22 +273,23 @@ public class FunnelResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable funnel = lookup.getFunnel(id);
|
final Authorizable funnel = lookup.getFunnel(id);
|
||||||
funnel.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
funnel.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteFunnel(id),
|
() -> serviceFacade.verifyDeleteFunnel(id),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the specified funnel
|
// delete the specified funnel
|
||||||
final FunnelEntity entity = serviceFacade.deleteFunnel(revision, id);
|
final FunnelEntity entity = serviceFacade.deleteFunnel(revision, id);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,8 +55,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/input-ports")
|
@Path("/input-ports")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/input-ports",
|
value = "/input-ports",
|
||||||
description = "Endpoint for managing an Input Port."
|
description = "Endpoint for managing an Input Port."
|
||||||
)
|
)
|
||||||
public class InputPortResource extends ApplicationResource {
|
public class InputPortResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -76,12 +76,12 @@ public class InputPortResource extends ApplicationResource {
|
||||||
return inputPortEntites;
|
return inputPortEntites;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Populates the uri for the specified input port.
|
* Populates the uri for the specified input port.
|
||||||
*
|
*
|
||||||
* @param inputPortEntity port
|
* @param inputPortEntity port
|
||||||
* @return ports
|
* @return ports
|
||||||
*/
|
*/
|
||||||
public PortEntity populateRemainingInputPortEntityContent(PortEntity inputPortEntity) {
|
public PortEntity populateRemainingInputPortEntityContent(PortEntity inputPortEntity) {
|
||||||
inputPortEntity.setUri(generateResourceUri("input-ports", inputPortEntity.getId()));
|
inputPortEntity.setUri(generateResourceUri("input-ports", inputPortEntity.getId()));
|
||||||
return inputPortEntity;
|
return inputPortEntity;
|
||||||
|
@ -97,23 +97,20 @@ public class InputPortResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets an input port",
|
value = "Gets an input port",
|
||||||
response = PortEntity.class,
|
response = PortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /input-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getInputPort(
|
public Response getInputPort(
|
||||||
|
@ -144,29 +141,28 @@ public class InputPortResource extends ApplicationResource {
|
||||||
* Updates the specified input port.
|
* Updates the specified input port.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the input port to update.
|
* @param id The id of the input port to update.
|
||||||
* @param portEntity A inputPortEntity.
|
* @param portEntity A inputPortEntity.
|
||||||
* @return A inputPortEntity.
|
* @return A inputPortEntity.
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates an input port",
|
value = "Updates an input port",
|
||||||
response = PortEntity.class,
|
response = PortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /input-ports/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateInputPort(
|
public Response updateInputPort(
|
||||||
|
@ -203,20 +199,20 @@ public class InputPortResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(portEntity, id);
|
final Revision revision = getRevision(portEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getInputPort(id);
|
Authorizable authorizable = lookup.getInputPort(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateInputPort(requestPortDTO),
|
() -> serviceFacade.verifyUpdateInputPort(requestPortDTO),
|
||||||
() -> {
|
() -> {
|
||||||
// update the input port
|
// update the input port
|
||||||
final PortEntity entity = serviceFacade.updateInputPort(revision, requestPortDTO);
|
final PortEntity entity = serviceFacade.updateInputPort(revision, requestPortDTO);
|
||||||
populateRemainingInputPortEntityContent(entity);
|
populateRemainingInputPortEntityContent(entity);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -224,30 +220,29 @@ public class InputPortResource extends ApplicationResource {
|
||||||
* Removes the specified input port.
|
* Removes the specified input port.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
||||||
* @param id The id of the input port to remove.
|
* @param id The id of the input port to remove.
|
||||||
* @return A inputPortEntity.
|
* @return A inputPortEntity.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes an input port",
|
value = "Deletes an input port",
|
||||||
response = PortEntity.class,
|
response = PortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /input-ports/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeInputPort(
|
public Response removeInputPort(
|
||||||
|
@ -275,22 +270,23 @@ public class InputPortResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable inputPort = lookup.getInputPort(id);
|
final Authorizable inputPort = lookup.getInputPort(id);
|
||||||
inputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
inputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteInputPort(id),
|
() -> serviceFacade.verifyDeleteInputPort(id),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the specified input port
|
// delete the specified input port
|
||||||
final PortEntity entity = serviceFacade.deleteInputPort(revision, id);
|
final PortEntity entity = serviceFacade.deleteInputPort(revision, id);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,8 +55,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/labels")
|
@Path("/labels")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/labels",
|
value = "/labels",
|
||||||
description = "Endpoint for managing a Label."
|
description = "Endpoint for managing a Label."
|
||||||
)
|
)
|
||||||
public class LabelResource extends ApplicationResource {
|
public class LabelResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -97,23 +97,20 @@ public class LabelResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a label",
|
value = "Gets a label",
|
||||||
response = LabelEntity.class,
|
response = LabelEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /labels/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getLabel(
|
public Response getLabel(
|
||||||
|
@ -144,29 +141,28 @@ public class LabelResource extends ApplicationResource {
|
||||||
* Updates the specified label.
|
* Updates the specified label.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the label to update.
|
* @param id The id of the label to update.
|
||||||
* @param labelEntity A labelEntity.
|
* @param labelEntity A labelEntity.
|
||||||
* @return A labelEntity.
|
* @return A labelEntity.
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a label",
|
value = "Updates a label",
|
||||||
response = LabelEntity.class,
|
response = LabelEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /labels/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateLabel(
|
public Response updateLabel(
|
||||||
|
@ -203,20 +199,20 @@ public class LabelResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(labelEntity, id);
|
final Revision revision = getRevision(labelEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getLabel(id);
|
Authorizable authorizable = lookup.getLabel(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
null,
|
null,
|
||||||
() -> {
|
() -> {
|
||||||
// update the label
|
// update the label
|
||||||
final LabelEntity entity = serviceFacade.updateLabel(revision, requestLabelDTO);
|
final LabelEntity entity = serviceFacade.updateLabel(revision, requestLabelDTO);
|
||||||
populateRemainingLabelEntityContent(entity);
|
populateRemainingLabelEntityContent(entity);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -224,30 +220,29 @@ public class LabelResource extends ApplicationResource {
|
||||||
* Removes the specified label.
|
* Removes the specified label.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
||||||
* @param id The id of the label to remove.
|
* @param id The id of the label to remove.
|
||||||
* @return A entity containing the client id and an updated revision.
|
* @return A entity containing the client id and an updated revision.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a label",
|
value = "Deletes a label",
|
||||||
response = LabelEntity.class,
|
response = LabelEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /labels/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeLabel(
|
public Response removeLabel(
|
||||||
|
@ -275,22 +270,23 @@ public class LabelResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable label = lookup.getLabel(id);
|
final Authorizable label = lookup.getLabel(id);
|
||||||
label.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
label.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
null,
|
null,
|
||||||
() -> {
|
() -> {
|
||||||
// delete the specified label
|
// delete the specified label
|
||||||
final LabelEntity entity = serviceFacade.deleteLabel(revision, id);
|
final LabelEntity entity = serviceFacade.deleteLabel(revision, id);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,8 +55,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/output-ports")
|
@Path("/output-ports")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/output-ports",
|
value = "/output-ports",
|
||||||
description = "Endpoint for managing an Output Port."
|
description = "Endpoint for managing an Output Port."
|
||||||
)
|
)
|
||||||
public class OutputPortResource extends ApplicationResource {
|
public class OutputPortResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -97,23 +97,20 @@ public class OutputPortResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets an output port",
|
value = "Gets an output port",
|
||||||
response = PortEntity.class,
|
response = PortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /output-ports/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getOutputPort(
|
public Response getOutputPort(
|
||||||
|
@ -144,29 +141,28 @@ public class OutputPortResource extends ApplicationResource {
|
||||||
* Updates the specified output port.
|
* Updates the specified output port.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the output port to update.
|
* @param id The id of the output port to update.
|
||||||
* @param portEntity A outputPortEntity.
|
* @param portEntity A outputPortEntity.
|
||||||
* @return A outputPortEntity.
|
* @return A outputPortEntity.
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates an output port",
|
value = "Updates an output port",
|
||||||
response = PortEntity.class,
|
response = PortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /output-ports/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateOutputPort(
|
public Response updateOutputPort(
|
||||||
|
@ -203,20 +199,20 @@ public class OutputPortResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(portEntity, id);
|
final Revision revision = getRevision(portEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getOutputPort(id);
|
Authorizable authorizable = lookup.getOutputPort(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateOutputPort(requestPortDTO),
|
() -> serviceFacade.verifyUpdateOutputPort(requestPortDTO),
|
||||||
() -> {
|
() -> {
|
||||||
// update the output port
|
// update the output port
|
||||||
final PortEntity entity = serviceFacade.updateOutputPort(revision, requestPortDTO);
|
final PortEntity entity = serviceFacade.updateOutputPort(revision, requestPortDTO);
|
||||||
populateRemainingOutputPortEntityContent(entity);
|
populateRemainingOutputPortEntityContent(entity);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -224,30 +220,29 @@ public class OutputPortResource extends ApplicationResource {
|
||||||
* Removes the specified output port.
|
* Removes the specified output port.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
||||||
* @param id The id of the output port to remove.
|
* @param id The id of the output port to remove.
|
||||||
* @return A outputPortEntity.
|
* @return A outputPortEntity.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes an output port",
|
value = "Deletes an output port",
|
||||||
response = PortEntity.class,
|
response = PortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /output-ports/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeOutputPort(
|
public Response removeOutputPort(
|
||||||
|
@ -275,22 +270,23 @@ public class OutputPortResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable outputPort = lookup.getOutputPort(id);
|
final Authorizable outputPort = lookup.getOutputPort(id);
|
||||||
outputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
outputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteOutputPort(id),
|
() -> serviceFacade.verifyDeleteOutputPort(id),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the specified output port
|
// delete the specified output port
|
||||||
final PortEntity entity = serviceFacade.deleteOutputPort(revision, id);
|
final PortEntity entity = serviceFacade.deleteOutputPort(revision, id);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -66,8 +66,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/processors")
|
@Path("/processors")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/processors",
|
value = "/processors",
|
||||||
description = "Endpoint for managing a Processor."
|
description = "Endpoint for managing a Processor."
|
||||||
)
|
)
|
||||||
public class ProcessorResource extends ApplicationResource {
|
public class ProcessorResource extends ApplicationResource {
|
||||||
private NiFiServiceFacade serviceFacade;
|
private NiFiServiceFacade serviceFacade;
|
||||||
|
@ -144,23 +144,20 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}")
|
@Path("/{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a processor",
|
value = "Gets a processor",
|
||||||
response = ProcessorEntity.class,
|
response = ProcessorEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /processors/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getProcessor(
|
public Response getProcessor(
|
||||||
|
@ -168,7 +165,7 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
value = "The processor id.",
|
value = "The processor id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) throws InterruptedException {
|
@PathParam("id") final String id) throws InterruptedException {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.GET);
|
return replicate(HttpMethod.GET);
|
||||||
|
@ -191,7 +188,7 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Returns the descriptor for the specified property.
|
* Returns the descriptor for the specified property.
|
||||||
*
|
*
|
||||||
* @param id The id of the processor
|
* @param id The id of the processor
|
||||||
* @param propertyName The property
|
* @param propertyName The property
|
||||||
* @return a propertyDescriptorEntity
|
* @return a propertyDescriptorEntity
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
|
@ -200,23 +197,20 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}/descriptors")
|
@Path("/{id}/descriptors")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the descriptor for a processor property",
|
value = "Gets the descriptor for a processor property",
|
||||||
response = PropertyDescriptorEntity.class,
|
response = PropertyDescriptorEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /processors/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getPropertyDescriptor(
|
public Response getPropertyDescriptor(
|
||||||
|
@ -234,7 +228,7 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
value = "The property name.",
|
value = "The property name.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@QueryParam("propertyName") final String propertyName) throws InterruptedException {
|
@QueryParam("propertyName") final String propertyName) throws InterruptedException {
|
||||||
|
|
||||||
// ensure the property name is specified
|
// ensure the property name is specified
|
||||||
if (propertyName == null) {
|
if (propertyName == null) {
|
||||||
|
@ -273,29 +267,28 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}/state")
|
@Path("/{id}/state")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the state for a processor",
|
value = "Gets the state for a processor",
|
||||||
response = ComponentStateDTO.class,
|
response = ComponentStateDTO.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /processors/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getState(
|
public Response getState(
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The processor id.",
|
value = "The processor id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) throws InterruptedException {
|
@PathParam("id") final String id) throws InterruptedException {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.GET);
|
return replicate(HttpMethod.GET);
|
||||||
|
@ -322,7 +315,7 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
* Clears the state for a processor.
|
* Clears the state for a processor.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest servlet request
|
* @param httpServletRequest servlet request
|
||||||
* @param id The id of the processor
|
* @param id The id of the processor
|
||||||
* @return a componentStateEntity
|
* @return a componentStateEntity
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
*/
|
*/
|
||||||
|
@ -330,30 +323,29 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/state/clear-requests")
|
@Path("{id}/state/clear-requests")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Clears the state for a processor",
|
value = "Clears the state for a processor",
|
||||||
response = ComponentStateDTO.class,
|
response = ComponentStateDTO.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /processors/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response clearState(
|
public Response clearState(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The processor id.",
|
value = "The processor id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) throws InterruptedException {
|
@PathParam("id") final String id) throws InterruptedException {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.POST);
|
return replicate(HttpMethod.POST);
|
||||||
|
@ -386,8 +378,8 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
* Updates the specified processor with the specified values.
|
* Updates the specified processor with the specified values.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the processor to update.
|
* @param id The id of the processor to update.
|
||||||
* @param processorEntity A processorEntity.
|
* @param processorEntity A processorEntity.
|
||||||
* @return A processorEntity.
|
* @return A processorEntity.
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
*/
|
*/
|
||||||
|
@ -395,21 +387,20 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}")
|
@Path("/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a processor",
|
value = "Updates a processor",
|
||||||
response = ProcessorEntity.class,
|
response = ProcessorEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /processors/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateProcessor(
|
public Response updateProcessor(
|
||||||
|
@ -422,7 +413,7 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The processor configuration details.",
|
value = "The processor configuration details.",
|
||||||
required = true
|
required = true
|
||||||
) final ProcessorEntity processorEntity) throws InterruptedException {
|
) final ProcessorEntity processorEntity) throws InterruptedException {
|
||||||
|
|
||||||
if (processorEntity == null || processorEntity.getComponent() == null) {
|
if (processorEntity == null || processorEntity.getComponent() == null) {
|
||||||
throw new IllegalArgumentException("Processor details must be specified.");
|
throw new IllegalArgumentException("Processor details must be specified.");
|
||||||
|
@ -446,20 +437,20 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(processorEntity, id);
|
final Revision revision = getRevision(processorEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getProcessor(id);
|
Authorizable authorizable = lookup.getProcessor(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateProcessor(requestProcessorDTO),
|
() -> serviceFacade.verifyUpdateProcessor(requestProcessorDTO),
|
||||||
() -> {
|
() -> {
|
||||||
// update the processor
|
// update the processor
|
||||||
final ProcessorEntity entity = serviceFacade.updateProcessor(revision, requestProcessorDTO);
|
final ProcessorEntity entity = serviceFacade.updateProcessor(revision, requestProcessorDTO);
|
||||||
populateRemainingProcessorEntityContent(entity);
|
populateRemainingProcessorEntityContent(entity);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -467,9 +458,9 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
* Removes the specified processor.
|
* Removes the specified processor.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
||||||
* @param id The id of the processor to remove.
|
* @param id The id of the processor to remove.
|
||||||
* @return A processorEntity.
|
* @return A processorEntity.
|
||||||
* @throws InterruptedException if interrupted
|
* @throws InterruptedException if interrupted
|
||||||
*/
|
*/
|
||||||
|
@ -477,21 +468,20 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/{id}")
|
@Path("/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a processor",
|
value = "Deletes a processor",
|
||||||
response = ProcessorEntity.class,
|
response = ProcessorEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /processors/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response deleteProcessor(
|
public Response deleteProcessor(
|
||||||
|
@ -510,7 +500,7 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
value = "The processor id.",
|
value = "The processor id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) throws InterruptedException {
|
@PathParam("id") final String id) throws InterruptedException {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.DELETE);
|
return replicate(HttpMethod.DELETE);
|
||||||
|
@ -518,24 +508,25 @@ public class ProcessorResource extends ApplicationResource {
|
||||||
|
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable processor = lookup.getProcessor(id);
|
final Authorizable processor = lookup.getProcessor(id);
|
||||||
processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteProcessor(id),
|
() -> serviceFacade.verifyDeleteProcessor(id),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the processor
|
// delete the processor
|
||||||
final ProcessorEntity entity = serviceFacade.deleteProcessor(revision, id);
|
final ProcessorEntity entity = serviceFacade.deleteProcessor(revision, id);
|
||||||
|
|
||||||
// generate the response
|
// generate the response
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,9 +27,7 @@ import org.apache.nifi.controller.repository.claim.ContentDirection;
|
||||||
import org.apache.nifi.stream.io.StreamUtils;
|
import org.apache.nifi.stream.io.StreamUtils;
|
||||||
import org.apache.nifi.web.DownloadableContent;
|
import org.apache.nifi.web.DownloadableContent;
|
||||||
import org.apache.nifi.web.NiFiServiceFacade;
|
import org.apache.nifi.web.NiFiServiceFacade;
|
||||||
import org.apache.nifi.web.api.dto.provenance.ProvenanceDTO;
|
|
||||||
import org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO;
|
import org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO;
|
||||||
import org.apache.nifi.web.api.dto.provenance.lineage.LineageDTO;
|
|
||||||
import org.apache.nifi.web.api.entity.ProvenanceEventEntity;
|
import org.apache.nifi.web.api.entity.ProvenanceEventEntity;
|
||||||
import org.apache.nifi.web.api.entity.SubmitReplayRequestEntity;
|
import org.apache.nifi.web.api.entity.SubmitReplayRequestEntity;
|
||||||
import org.apache.nifi.web.api.request.LongParameter;
|
import org.apache.nifi.web.api.request.LongParameter;
|
||||||
|
@ -59,54 +57,37 @@ import java.net.URI;
|
||||||
*/
|
*/
|
||||||
@Path("/provenance-events")
|
@Path("/provenance-events")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/provenance-events",
|
value = "/provenance-events",
|
||||||
description = "Endpoint for accessing data flow provenance."
|
description = "Endpoint for accessing data flow provenance."
|
||||||
)
|
)
|
||||||
public class ProvenanceEventResource extends ApplicationResource {
|
public class ProvenanceEventResource extends ApplicationResource {
|
||||||
|
|
||||||
private NiFiServiceFacade serviceFacade;
|
private NiFiServiceFacade serviceFacade;
|
||||||
|
|
||||||
/**
|
|
||||||
* Populates the uri for the specified provenance.
|
|
||||||
*/
|
|
||||||
private ProvenanceDTO populateRemainingProvenanceContent(ProvenanceDTO provenance) {
|
|
||||||
provenance.setUri(generateResourceUri("provenance", provenance.getId()));
|
|
||||||
return provenance;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Populates the uri for the specified lineage.
|
|
||||||
*/
|
|
||||||
private LineageDTO populateRemainingLineageContent(LineageDTO lineage) {
|
|
||||||
lineage.setUri(generateResourceUri("provenance", "lineage", lineage.getId()));
|
|
||||||
return lineage;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the content for the input of the specified event.
|
* Gets the content for the input of the specified event.
|
||||||
*
|
*
|
||||||
* @param clusterNodeId The id of the node within the cluster this content is on. Required if clustered.
|
* @param clusterNodeId The id of the node within the cluster this content is on. Required if clustered.
|
||||||
* @param id The id of the provenance event associated with this content.
|
* @param id The id of the provenance event associated with this content.
|
||||||
* @return The content stream
|
* @return The content stream
|
||||||
*/
|
*/
|
||||||
@GET
|
@GET
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.WILDCARD)
|
@Produces(MediaType.WILDCARD)
|
||||||
@Path("{id}/content/input")
|
@Path("{id}/content/input")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the input content for a provenance event",
|
value = "Gets the input content for a provenance event",
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read Component Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getInputContent(
|
public Response getInputContent(
|
||||||
|
@ -169,27 +150,26 @@ public class ProvenanceEventResource extends ApplicationResource {
|
||||||
* Gets the content for the output of the specified event.
|
* Gets the content for the output of the specified event.
|
||||||
*
|
*
|
||||||
* @param clusterNodeId The id of the node within the cluster this content is on. Required if clustered.
|
* @param clusterNodeId The id of the node within the cluster this content is on. Required if clustered.
|
||||||
* @param id The id of the provenance event associated with this content.
|
* @param id The id of the provenance event associated with this content.
|
||||||
* @return The content stream
|
* @return The content stream
|
||||||
*/
|
*/
|
||||||
@GET
|
@GET
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.WILDCARD)
|
@Produces(MediaType.WILDCARD)
|
||||||
@Path("{id}/content/output")
|
@Path("{id}/content/output")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the output content for a provenance event",
|
value = "Gets the output content for a provenance event",
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read Component Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getOutputContent(
|
public Response getOutputContent(
|
||||||
|
@ -251,7 +231,7 @@ public class ProvenanceEventResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Gets the details for a provenance event.
|
* Gets the details for a provenance event.
|
||||||
*
|
*
|
||||||
* @param id The id of the event
|
* @param id The id of the event
|
||||||
* @param clusterNodeId The id of node in the cluster that the event/flowfile originated from. This is only required when clustered.
|
* @param clusterNodeId The id of node in the cluster that the event/flowfile originated from. This is only required when clustered.
|
||||||
* @return A provenanceEventEntity
|
* @return A provenanceEventEntity
|
||||||
*/
|
*/
|
||||||
|
@ -259,21 +239,20 @@ public class ProvenanceEventResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a provenance event",
|
value = "Gets a provenance event",
|
||||||
response = ProvenanceEventEntity.class,
|
response = ProvenanceEventEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read Component Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getProvenanceEvent(
|
public Response getProvenanceEvent(
|
||||||
|
@ -283,7 +262,7 @@ public class ProvenanceEventResource extends ApplicationResource {
|
||||||
)
|
)
|
||||||
@QueryParam("clusterNodeId") final String clusterNodeId,
|
@QueryParam("clusterNodeId") final String clusterNodeId,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The provenence event id.",
|
value = "The provenance event id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final LongParameter id) {
|
@PathParam("id") final LongParameter id) {
|
||||||
|
@ -318,7 +297,7 @@ public class ProvenanceEventResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Creates a new replay request for the content associated with the specified provenance event id.
|
* Creates a new replay request for the content associated with the specified provenance event id.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param replayRequestEntity The replay request
|
* @param replayRequestEntity The replay request
|
||||||
* @return A provenanceEventEntity
|
* @return A provenanceEventEntity
|
||||||
*/
|
*/
|
||||||
|
@ -326,12 +305,12 @@ public class ProvenanceEventResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("replays")
|
@Path("replays")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE') and hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Replays content from a provenance event",
|
value = "Replays content from a provenance event",
|
||||||
response = ProvenanceEventEntity.class,
|
response = ProvenanceEventEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance and Data Flow Manager", type = "ROLE_PROVENANCE and ROLE_DFM")
|
@Authorization(value = "Read Component Data - /data/{component-type}/{uuid}", type = ""),
|
||||||
|
@Authorization(value = "Write Component Data - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
|
|
@ -66,8 +66,8 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
@Path("/provenance")
|
@Path("/provenance")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/provenance",
|
value = "/provenance",
|
||||||
description = "Endpoint for accessing data flow provenance."
|
description = "Endpoint for accessing data flow provenance."
|
||||||
)
|
)
|
||||||
public class ProvenanceResource extends ApplicationResource {
|
public class ProvenanceResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -93,7 +93,7 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
private void authorizeProvenanceRequest() {
|
private void authorizeProvenanceRequest() {
|
||||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||||
|
|
||||||
final Map<String,String> userContext;
|
final Map<String, String> userContext;
|
||||||
if (!StringUtils.isBlank(user.getClientAddress())) {
|
if (!StringUtils.isBlank(user.getClientAddress())) {
|
||||||
userContext = new HashMap<>();
|
userContext = new HashMap<>();
|
||||||
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
||||||
|
@ -102,13 +102,13 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
||||||
.resource(ResourceFactory.getProvenanceResource())
|
.resource(ResourceFactory.getProvenanceResource())
|
||||||
.identity(user.getIdentity())
|
.identity(user.getIdentity())
|
||||||
.anonymous(user.isAnonymous())
|
.anonymous(user.isAnonymous())
|
||||||
.accessAttempt(true)
|
.accessAttempt(true)
|
||||||
.action(RequestAction.READ)
|
.action(RequestAction.READ)
|
||||||
.userContext(userContext)
|
.userContext(userContext)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
final AuthorizationResult result = authorizer.authorize(request);
|
final AuthorizationResult result = authorizer.authorize(request);
|
||||||
if (!Result.Approved.equals(result.getResult())) {
|
if (!Result.Approved.equals(result.getResult())) {
|
||||||
|
@ -126,20 +126,19 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("search-options")
|
@Path("search-options")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the searchable attributes for provenance events",
|
value = "Gets the searchable attributes for provenance events",
|
||||||
response = ProvenanceOptionsEntity.class,
|
response = ProvenanceOptionsEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read - /provenance", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getSearchOptions() {
|
public Response getSearchOptions() {
|
||||||
|
@ -165,14 +164,13 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
* Creates provenance using the specified query criteria.
|
* Creates provenance using the specified query criteria.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param provenanceEntity A provenanceEntity
|
* @param provenanceEntity A provenanceEntity
|
||||||
* @return A provenanceEntity
|
* @return A provenanceEntity
|
||||||
*/
|
*/
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("") // necessary due to bug in swagger
|
@Path("") // necessary due to bug in swagger
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Submits a provenance query",
|
value = "Submits a provenance query",
|
||||||
notes = "Provenance queries may be long running so this endpoint submits a request. The response will include the "
|
notes = "Provenance queries may be long running so this endpoint submits a request. The response will include the "
|
||||||
|
@ -181,15 +179,16 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
+ "should be deleted by the client who originally submitted it.",
|
+ "should be deleted by the client who originally submitted it.",
|
||||||
response = ProvenanceEntity.class,
|
response = ProvenanceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read - /provenance", type = ""),
|
||||||
|
@Authorization(value = "Read - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response submitProvenanceRequest(
|
public Response submitProvenanceRequest(
|
||||||
|
@ -260,7 +259,7 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Gets the provenance with the specified id.
|
* Gets the provenance with the specified id.
|
||||||
*
|
*
|
||||||
* @param id The id of the provenance
|
* @param id The id of the provenance
|
||||||
* @param clusterNodeId The id of node in the cluster to search. This is optional and only relevant when clustered. If clustered and it is not specified the entire cluster is searched.
|
* @param clusterNodeId The id of node in the cluster to search. This is optional and only relevant when clustered. If clustered and it is not specified the entire cluster is searched.
|
||||||
* @return A provenanceEntity
|
* @return A provenanceEntity
|
||||||
*/
|
*/
|
||||||
|
@ -268,21 +267,21 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a provenance query",
|
value = "Gets a provenance query",
|
||||||
response = ProvenanceEntity.class,
|
response = ProvenanceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read - /provenance", type = ""),
|
||||||
|
@Authorization(value = "Read - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getProvenance(
|
public Response getProvenance(
|
||||||
|
@ -327,29 +326,28 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
* Deletes the provenance with the specified id.
|
* Deletes the provenance with the specified id.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the provenance
|
* @param id The id of the provenance
|
||||||
* @param clusterNodeId The id of node in the cluster to search. This is optional and only relevant when clustered. If clustered and it is not specified the entire cluster is searched.
|
* @param clusterNodeId The id of node in the cluster to search. This is optional and only relevant when clustered. If clustered and it is not specified the entire cluster is searched.
|
||||||
* @return A provenanceEntity
|
* @return A provenanceEntity
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a provenance query",
|
value = "Deletes a provenance query",
|
||||||
response = ProvenanceEntity.class,
|
response = ProvenanceEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read - /provenance", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response deleteProvenance(
|
public Response deleteProvenance(
|
||||||
|
@ -396,21 +394,20 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Submits a lineage request based on an event or a flowfile uuid.
|
* Submits a lineage request based on an event or a flowfile uuid.
|
||||||
*
|
* <p>
|
||||||
* When querying for the lineage of an event you must specify the eventId and the eventDirection. The eventDirection must be 'parents' or 'children' and specifies whether we are going up or down
|
* When querying for the lineage of an event you must specify the eventId and the eventDirection. The eventDirection must be 'parents' or 'children' and specifies whether we are going up or down
|
||||||
* the flowfile ancestry. The uuid cannot be specified in these cases.
|
* the flowfile ancestry. The uuid cannot be specified in these cases.
|
||||||
*
|
* <p>
|
||||||
* When querying for the lineage of a flowfile you must specify the uuid. The eventId and eventDirection cannot be specified in this case.
|
* When querying for the lineage of a flowfile you must specify the uuid. The eventId and eventDirection cannot be specified in this case.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param lineageEntity A lineageEntity
|
* @param lineageEntity A lineageEntity
|
||||||
* @return A lineageEntity
|
* @return A lineageEntity
|
||||||
*/
|
*/
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("lineage")
|
@Path("lineage")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Submits a lineage query",
|
value = "Submits a lineage query",
|
||||||
notes = "Lineage queries may be long running so this endpoint submits a request. The response will include the "
|
notes = "Lineage queries may be long running so this endpoint submits a request. The response will include the "
|
||||||
|
@ -419,16 +416,17 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
+ "should be deleted by the client who originally submitted it.",
|
+ "should be deleted by the client who originally submitted it.",
|
||||||
response = LineageEntity.class,
|
response = LineageEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read - /provenance", type = ""),
|
||||||
|
@Authorization(value = "Read - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response submitLineageRequest(
|
public Response submitLineageRequest(
|
||||||
|
@ -505,28 +503,28 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
* Gets the lineage with the specified id.
|
* Gets the lineage with the specified id.
|
||||||
*
|
*
|
||||||
* @param clusterNodeId The id of node in the cluster that the event/flowfile originated from. This is only required when clustered.
|
* @param clusterNodeId The id of node in the cluster that the event/flowfile originated from. This is only required when clustered.
|
||||||
* @param id The id of the lineage
|
* @param id The id of the lineage
|
||||||
* @return A lineageEntity
|
* @return A lineageEntity
|
||||||
*/
|
*/
|
||||||
@GET
|
@GET
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("lineage/{id}")
|
@Path("lineage/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a lineage query",
|
value = "Gets a lineage query",
|
||||||
response = LineageEntity.class,
|
response = LineageEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read - /provenance", type = ""),
|
||||||
|
@Authorization(value = "Read - /data/{component-type}/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getLineage(
|
public Response getLineage(
|
||||||
|
@ -565,29 +563,28 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
* Deletes the lineage with the specified id.
|
* Deletes the lineage with the specified id.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param clusterNodeId The id of node in the cluster that the event/flowfile originated from. This is only required when clustered.
|
* @param clusterNodeId The id of node in the cluster that the event/flowfile originated from. This is only required when clustered.
|
||||||
* @param id The id of the lineage
|
* @param id The id of the lineage
|
||||||
* @return A lineageEntity
|
* @return A lineageEntity
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("lineage/{id}")
|
@Path("lineage/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a lineage query",
|
value = "Deletes a lineage query",
|
||||||
response = LineageEntity.class,
|
response = LineageEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Provenance", type = "ROLE_PROVENANCE")
|
@Authorization(value = "Read - /provenance", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response deleteLineage(
|
public Response deleteLineage(
|
||||||
|
@ -627,6 +624,7 @@ public class ProvenanceResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,8 +59,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/remote-process-groups")
|
@Path("/remote-process-groups")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/remote-process-groups",
|
value = "/remote-process-groups",
|
||||||
description = "Endpoint for managing a Remote Process Group."
|
description = "Endpoint for managing a Remote Process Group."
|
||||||
)
|
)
|
||||||
public class RemoteProcessGroupResource extends ApplicationResource {
|
public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -101,23 +101,20 @@ public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a remote process group",
|
value = "Gets a remote process group",
|
||||||
response = RemoteProcessGroupEntity.class,
|
response = RemoteProcessGroupEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /remote-process-groups/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getRemoteProcessGroup(
|
public Response getRemoteProcessGroup(
|
||||||
|
@ -148,30 +145,29 @@ public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
* Removes the specified remote process group.
|
* Removes the specified remote process group.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
* @param version The revision is used to verify the client is working with the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
|
||||||
* @param id The id of the remote process group to be removed.
|
* @param id The id of the remote process group to be removed.
|
||||||
* @return A remoteProcessGroupEntity.
|
* @return A remoteProcessGroupEntity.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a remote process group",
|
value = "Deletes a remote process group",
|
||||||
response = RemoteProcessGroupEntity.class,
|
response = RemoteProcessGroupEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /remote-process-groups/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeRemoteProcessGroup(
|
public Response removeRemoteProcessGroup(
|
||||||
|
@ -199,49 +195,48 @@ public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id);
|
final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id);
|
||||||
remoteProcessGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
remoteProcessGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteRemoteProcessGroup(id),
|
() -> serviceFacade.verifyDeleteRemoteProcessGroup(id),
|
||||||
() -> {
|
() -> {
|
||||||
final RemoteProcessGroupEntity entity = serviceFacade.deleteRemoteProcessGroup(revision, id);
|
final RemoteProcessGroupEntity entity = serviceFacade.deleteRemoteProcessGroup(revision, id);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Updates the specified remote process group input port.
|
* Updates the specified remote process group input port.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the remote process group to update.
|
* @param id The id of the remote process group to update.
|
||||||
* @param portId The id of the input port to update.
|
* @param portId The id of the input port to update.
|
||||||
* @param remoteProcessGroupPortEntity The remoteProcessGroupPortEntity
|
* @param remoteProcessGroupPortEntity The remoteProcessGroupPortEntity
|
||||||
*
|
|
||||||
* @return A remoteProcessGroupPortEntity
|
* @return A remoteProcessGroupPortEntity
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/input-ports/{port-id}")
|
@Path("{id}/input-ports/{port-id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a remote port",
|
value = "Updates a remote port",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = RemoteProcessGroupPortEntity.class,
|
response = RemoteProcessGroupPortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /remote-process-groups/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateRemoteProcessGroupInputPort(
|
public Response updateRemoteProcessGroupInputPort(
|
||||||
|
@ -277,59 +272,58 @@ public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
|
|
||||||
final Revision revision = getRevision(remoteProcessGroupPortEntity, id);
|
final Revision revision = getRevision(remoteProcessGroupPortEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable remoteProcessGroupInputPort = lookup.getRemoteProcessGroupInputPort(id, portId);
|
final Authorizable remoteProcessGroupInputPort = lookup.getRemoteProcessGroupInputPort(id, portId);
|
||||||
remoteProcessGroupInputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
remoteProcessGroupInputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateRemoteProcessGroupInputPort(id, requestRemoteProcessGroupPort),
|
() -> serviceFacade.verifyUpdateRemoteProcessGroupInputPort(id, requestRemoteProcessGroupPort),
|
||||||
() -> {
|
() -> {
|
||||||
// update the specified remote process group
|
// update the specified remote process group
|
||||||
final RemoteProcessGroupPortEntity controllerResponse = serviceFacade.updateRemoteProcessGroupInputPort(revision, id, requestRemoteProcessGroupPort);
|
final RemoteProcessGroupPortEntity controllerResponse = serviceFacade.updateRemoteProcessGroupInputPort(revision, id, requestRemoteProcessGroupPort);
|
||||||
|
|
||||||
// get the updated revision
|
// get the updated revision
|
||||||
final RevisionDTO updatedRevision = controllerResponse.getRevision();
|
final RevisionDTO updatedRevision = controllerResponse.getRevision();
|
||||||
|
|
||||||
// build the response entity
|
// build the response entity
|
||||||
final RemoteProcessGroupPortEntity entity = new RemoteProcessGroupPortEntity();
|
final RemoteProcessGroupPortEntity entity = new RemoteProcessGroupPortEntity();
|
||||||
entity.setRevision(updatedRevision);
|
entity.setRevision(updatedRevision);
|
||||||
entity.setRemoteProcessGroupPort(controllerResponse.getRemoteProcessGroupPort());
|
entity.setRemoteProcessGroupPort(controllerResponse.getRemoteProcessGroupPort());
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Updates the specified remote process group output port.
|
* Updates the specified remote process group output port.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the remote process group to update.
|
* @param id The id of the remote process group to update.
|
||||||
* @param portId The id of the output port to update.
|
* @param portId The id of the output port to update.
|
||||||
* @param remoteProcessGroupPortEntity The remoteProcessGroupPortEntity
|
* @param remoteProcessGroupPortEntity The remoteProcessGroupPortEntity
|
||||||
*
|
|
||||||
* @return A remoteProcessGroupPortEntity
|
* @return A remoteProcessGroupPortEntity
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/output-ports/{port-id}")
|
@Path("{id}/output-ports/{port-id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a remote port",
|
value = "Updates a remote port",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = RemoteProcessGroupPortEntity.class,
|
response = RemoteProcessGroupPortEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /remote-process-groups/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateRemoteProcessGroupOutputPort(
|
public Response updateRemoteProcessGroupOutputPort(
|
||||||
|
@ -366,35 +360,35 @@ public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(remoteProcessGroupPortEntity, id);
|
final Revision revision = getRevision(remoteProcessGroupPortEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable remoteProcessGroupOutputPort = lookup.getRemoteProcessGroupOutputPort(id, portId);
|
final Authorizable remoteProcessGroupOutputPort = lookup.getRemoteProcessGroupOutputPort(id, portId);
|
||||||
remoteProcessGroupOutputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
remoteProcessGroupOutputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateRemoteProcessGroupOutputPort(id, requestRemoteProcessGroupPort),
|
() -> serviceFacade.verifyUpdateRemoteProcessGroupOutputPort(id, requestRemoteProcessGroupPort),
|
||||||
() -> {
|
() -> {
|
||||||
// update the specified remote process group
|
// update the specified remote process group
|
||||||
final RemoteProcessGroupPortEntity controllerResponse = serviceFacade.updateRemoteProcessGroupOutputPort(revision, id, requestRemoteProcessGroupPort);
|
final RemoteProcessGroupPortEntity controllerResponse = serviceFacade.updateRemoteProcessGroupOutputPort(revision, id, requestRemoteProcessGroupPort);
|
||||||
|
|
||||||
// get the updated revision
|
// get the updated revision
|
||||||
final RevisionDTO updatedRevision = controllerResponse.getRevision();
|
final RevisionDTO updatedRevision = controllerResponse.getRevision();
|
||||||
|
|
||||||
// build the response entity
|
// build the response entity
|
||||||
RemoteProcessGroupPortEntity entity = new RemoteProcessGroupPortEntity();
|
RemoteProcessGroupPortEntity entity = new RemoteProcessGroupPortEntity();
|
||||||
entity.setRevision(updatedRevision);
|
entity.setRevision(updatedRevision);
|
||||||
entity.setRemoteProcessGroupPort(controllerResponse.getRemoteProcessGroupPort());
|
entity.setRemoteProcessGroupPort(controllerResponse.getRemoteProcessGroupPort());
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Updates the specified remote process group.
|
* Updates the specified remote process group.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the remote process group to update.
|
* @param id The id of the remote process group to update.
|
||||||
* @param remoteProcessGroupEntity A remoteProcessGroupEntity.
|
* @param remoteProcessGroupEntity A remoteProcessGroupEntity.
|
||||||
* @return A remoteProcessGroupEntity.
|
* @return A remoteProcessGroupEntity.
|
||||||
*/
|
*/
|
||||||
|
@ -402,21 +396,20 @@ public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a remote process group",
|
value = "Updates a remote process group",
|
||||||
response = RemoteProcessGroupEntity.class,
|
response = RemoteProcessGroupEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /remote-process-groups/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateRemoteProcessGroup(
|
public Response updateRemoteProcessGroup(
|
||||||
|
@ -446,56 +439,57 @@ public class RemoteProcessGroupResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(remoteProcessGroupEntity, id);
|
final Revision revision = getRevision(remoteProcessGroupEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getRemoteProcessGroup(id);
|
Authorizable authorizable = lookup.getRemoteProcessGroup(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateRemoteProcessGroup(requestRemoteProcessGroup),
|
() -> serviceFacade.verifyUpdateRemoteProcessGroup(requestRemoteProcessGroup),
|
||||||
() -> {
|
() -> {
|
||||||
// if the target uri is set we have to verify it here - we don't support updating the target uri on
|
// if the target uri is set we have to verify it here - we don't support updating the target uri on
|
||||||
// an existing remote process group, however if the remote process group is being created with an id
|
// an existing remote process group, however if the remote process group is being created with an id
|
||||||
// as is the case in clustered mode we need to verify the remote process group. treat this request as
|
// as is the case in clustered mode we need to verify the remote process group. treat this request as
|
||||||
// though its a new remote process group.
|
// though its a new remote process group.
|
||||||
if (requestRemoteProcessGroup.getTargetUri() != null) {
|
if (requestRemoteProcessGroup.getTargetUri() != null) {
|
||||||
// parse the uri
|
// parse the uri
|
||||||
final URI uri;
|
final URI uri;
|
||||||
try {
|
try {
|
||||||
uri = URI.create(requestRemoteProcessGroup.getTargetUri());
|
uri = URI.create(requestRemoteProcessGroup.getTargetUri());
|
||||||
} catch (final IllegalArgumentException e) {
|
} catch (final IllegalArgumentException e) {
|
||||||
throw new IllegalArgumentException("The specified remote process group URL is malformed: " + requestRemoteProcessGroup.getTargetUri());
|
throw new IllegalArgumentException("The specified remote process group URL is malformed: " + requestRemoteProcessGroup.getTargetUri());
|
||||||
|
}
|
||||||
|
|
||||||
|
// validate each part of the uri
|
||||||
|
if (uri.getScheme() == null || uri.getHost() == null) {
|
||||||
|
throw new IllegalArgumentException("The specified remote process group URL is malformed: " + requestRemoteProcessGroup.getTargetUri());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!(uri.getScheme().equalsIgnoreCase("http") || uri.getScheme().equalsIgnoreCase("https"))) {
|
||||||
|
throw new IllegalArgumentException("The specified remote process group URL is invalid because it is not http or https: " + requestRemoteProcessGroup.getTargetUri());
|
||||||
|
}
|
||||||
|
|
||||||
|
// normalize the uri to the other controller
|
||||||
|
String controllerUri = uri.toString();
|
||||||
|
if (controllerUri.endsWith("/")) {
|
||||||
|
controllerUri = StringUtils.substringBeforeLast(controllerUri, "/");
|
||||||
|
}
|
||||||
|
|
||||||
|
// update with the normalized uri
|
||||||
|
requestRemoteProcessGroup.setTargetUri(controllerUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate each part of the uri
|
// update the specified remote process group
|
||||||
if (uri.getScheme() == null || uri.getHost() == null) {
|
final RemoteProcessGroupEntity entity = serviceFacade.updateRemoteProcessGroup(revision, requestRemoteProcessGroup);
|
||||||
throw new IllegalArgumentException("The specified remote process group URL is malformed: " + requestRemoteProcessGroup.getTargetUri());
|
populateRemainingRemoteProcessGroupEntityContent(entity);
|
||||||
}
|
|
||||||
|
|
||||||
if (!(uri.getScheme().equalsIgnoreCase("http") || uri.getScheme().equalsIgnoreCase("https"))) {
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
throw new IllegalArgumentException("The specified remote process group URL is invalid because it is not http or https: " + requestRemoteProcessGroup.getTargetUri());
|
|
||||||
}
|
|
||||||
|
|
||||||
// normalize the uri to the other controller
|
|
||||||
String controllerUri = uri.toString();
|
|
||||||
if (controllerUri.endsWith("/")) {
|
|
||||||
controllerUri = StringUtils.substringBeforeLast(controllerUri, "/");
|
|
||||||
}
|
|
||||||
|
|
||||||
// update with the normalized uri
|
|
||||||
requestRemoteProcessGroup.setTargetUri(controllerUri);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// update the specified remote process group
|
|
||||||
final RemoteProcessGroupEntity entity = serviceFacade.updateRemoteProcessGroup(revision, requestRemoteProcessGroup);
|
|
||||||
populateRemainingRemoteProcessGroupEntityContent(entity);
|
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
|
||||||
}
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,8 +65,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/reporting-tasks")
|
@Path("/reporting-tasks")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/reporting-tasks",
|
value = "/reporting-tasks",
|
||||||
description = "Endpoint for managing a Reporting Task."
|
description = "Endpoint for managing a Reporting Task."
|
||||||
)
|
)
|
||||||
public class ReportingTaskResource extends ApplicationResource {
|
public class ReportingTaskResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -135,23 +135,20 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a reporting task",
|
value = "Gets a reporting task",
|
||||||
response = ReportingTaskEntity.class,
|
response = ReportingTaskEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /reporting-tasks/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getReportingTask(
|
public Response getReportingTask(
|
||||||
|
@ -181,7 +178,7 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Returns the descriptor for the specified property.
|
* Returns the descriptor for the specified property.
|
||||||
*
|
*
|
||||||
* @param id The id of the reporting task.
|
* @param id The id of the reporting task.
|
||||||
* @param propertyName The property
|
* @param propertyName The property
|
||||||
* @return a propertyDescriptorEntity
|
* @return a propertyDescriptorEntity
|
||||||
*/
|
*/
|
||||||
|
@ -189,23 +186,20 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/descriptors")
|
@Path("{id}/descriptors")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a reporting task property descriptor",
|
value = "Gets a reporting task property descriptor",
|
||||||
response = PropertyDescriptorEntity.class,
|
response = PropertyDescriptorEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /reporting-tasks/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getPropertyDescriptor(
|
public Response getPropertyDescriptor(
|
||||||
|
@ -256,29 +250,28 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/state")
|
@Path("{id}/state")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the state for a reporting task",
|
value = "Gets the state for a reporting task",
|
||||||
response = ComponentStateDTO.class,
|
response = ComponentStateDTO.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /reporting-tasks/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getState(
|
public Response getState(
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The reporting task id.",
|
value = "The reporting task id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) {
|
@PathParam("id") final String id) {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.GET);
|
return replicate(HttpMethod.GET);
|
||||||
|
@ -305,37 +298,36 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
* Clears the state for a reporting task.
|
* Clears the state for a reporting task.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest servlet request
|
* @param httpServletRequest servlet request
|
||||||
* @param id The id of the reporting task
|
* @param id The id of the reporting task
|
||||||
* @return a componentStateEntity
|
* @return a componentStateEntity
|
||||||
*/
|
*/
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}/state/clear-requests")
|
@Path("{id}/state/clear-requests")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Clears the state for a reporting task",
|
value = "Clears the state for a reporting task",
|
||||||
response = ComponentStateDTO.class,
|
response = ComponentStateDTO.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /reporting-tasks/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response clearState(
|
public Response clearState(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The reporting task id.",
|
value = "The reporting task id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String id) {
|
@PathParam("id") final String id) {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.POST);
|
return replicate(HttpMethod.POST);
|
||||||
|
@ -367,8 +359,8 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
/**
|
/**
|
||||||
* Updates the specified a Reporting Task.
|
* Updates the specified a Reporting Task.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the reporting task to update.
|
* @param id The id of the reporting task to update.
|
||||||
* @param reportingTaskEntity A reportingTaskEntity.
|
* @param reportingTaskEntity A reportingTaskEntity.
|
||||||
* @return A reportingTaskEntity.
|
* @return A reportingTaskEntity.
|
||||||
*/
|
*/
|
||||||
|
@ -376,21 +368,20 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a reporting task",
|
value = "Updates a reporting task",
|
||||||
response = ReportingTaskEntity.class,
|
response = ReportingTaskEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /reporting-tasks/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateReportingTask(
|
public Response updateReportingTask(
|
||||||
|
@ -427,20 +418,20 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = getRevision(reportingTaskEntity, id);
|
final Revision revision = getRevision(reportingTaskEntity, id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
Authorizable authorizable = lookup.getReportingTask(id);
|
Authorizable authorizable = lookup.getReportingTask(id);
|
||||||
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateReportingTask(requestReportingTaskDTO),
|
() -> serviceFacade.verifyUpdateReportingTask(requestReportingTaskDTO),
|
||||||
() -> {
|
() -> {
|
||||||
// update the reporting task
|
// update the reporting task
|
||||||
final ReportingTaskEntity entity = serviceFacade.updateReportingTask(revision, requestReportingTaskDTO);
|
final ReportingTaskEntity entity = serviceFacade.updateReportingTask(revision, requestReportingTaskDTO);
|
||||||
populateRemainingReportingTaskEntityContent(entity);
|
populateRemainingReportingTaskEntityContent(entity);
|
||||||
|
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -448,33 +439,32 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
* Removes the specified reporting task.
|
* Removes the specified reporting task.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param version The revision is used to verify the client is working with
|
* @param version The revision is used to verify the client is working with
|
||||||
* the latest version of the flow.
|
* the latest version of the flow.
|
||||||
* @param clientId Optional client id. If the client id is not specified, a
|
* @param clientId Optional client id. If the client id is not specified, a
|
||||||
* new one will be generated. This value (whether specified or generated) is
|
* new one will be generated. This value (whether specified or generated) is
|
||||||
* included in the response.
|
* included in the response.
|
||||||
* @param id The id of the reporting task to remove.
|
* @param id The id of the reporting task to remove.
|
||||||
* @return A entity containing the client id and an updated revision.
|
* @return A entity containing the client id and an updated revision.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a reporting task",
|
value = "Deletes a reporting task",
|
||||||
response = ReportingTaskEntity.class,
|
response = ReportingTaskEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /reporting-tasks/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeReportingTask(
|
public Response removeReportingTask(
|
||||||
|
@ -502,22 +492,23 @@ public class ReportingTaskResource extends ApplicationResource {
|
||||||
// handle expects request (usually from the cluster manager)
|
// handle expects request (usually from the cluster manager)
|
||||||
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable reportingTask = lookup.getReportingTask(id);
|
final Authorizable reportingTask = lookup.getReportingTask(id);
|
||||||
reportingTask.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
reportingTask.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteReportingTask(id),
|
() -> serviceFacade.verifyDeleteReportingTask(id),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the specified reporting task
|
// delete the specified reporting task
|
||||||
final ReportingTaskEntity entity = serviceFacade.deleteReportingTask(revision, id);
|
final ReportingTaskEntity entity = serviceFacade.deleteReportingTask(revision, id);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,18 +16,11 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.web.api;
|
package org.apache.nifi.web.api;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import com.wordnik.swagger.annotations.Api;
|
||||||
import java.util.List;
|
import com.wordnik.swagger.annotations.ApiOperation;
|
||||||
import java.util.Map;
|
import com.wordnik.swagger.annotations.ApiResponse;
|
||||||
|
import com.wordnik.swagger.annotations.ApiResponses;
|
||||||
import javax.ws.rs.Consumes;
|
import com.wordnik.swagger.annotations.Authorization;
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.HttpMethod;
|
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.nifi.authorization.AccessDeniedException;
|
import org.apache.nifi.authorization.AccessDeniedException;
|
||||||
import org.apache.nifi.authorization.AuthorizationRequest;
|
import org.apache.nifi.authorization.AuthorizationRequest;
|
||||||
|
@ -43,19 +36,24 @@ import org.apache.nifi.web.NiFiServiceFacade;
|
||||||
import org.apache.nifi.web.api.dto.ResourceDTO;
|
import org.apache.nifi.web.api.dto.ResourceDTO;
|
||||||
import org.apache.nifi.web.api.entity.ResourcesEntity;
|
import org.apache.nifi.web.api.entity.ResourcesEntity;
|
||||||
|
|
||||||
import com.wordnik.swagger.annotations.Api;
|
import javax.ws.rs.Consumes;
|
||||||
import com.wordnik.swagger.annotations.ApiOperation;
|
import javax.ws.rs.GET;
|
||||||
import com.wordnik.swagger.annotations.ApiResponse;
|
import javax.ws.rs.HttpMethod;
|
||||||
import com.wordnik.swagger.annotations.ApiResponses;
|
import javax.ws.rs.Path;
|
||||||
import com.wordnik.swagger.annotations.Authorization;
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* RESTful endpoint for retrieving system diagnostics.
|
* RESTful endpoint for retrieving system diagnostics.
|
||||||
*/
|
*/
|
||||||
@Path("/resources")
|
@Path("/resources")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/resources",
|
value = "/resources",
|
||||||
description = "Provides the resources in this NiFi that can have access/authorization policies."
|
description = "Provides the resources in this NiFi that can have access/authorization policies."
|
||||||
)
|
)
|
||||||
public class ResourceResource extends ApplicationResource {
|
public class ResourceResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -65,7 +63,7 @@ public class ResourceResource extends ApplicationResource {
|
||||||
private void authorizeResource() {
|
private void authorizeResource() {
|
||||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||||
|
|
||||||
final Map<String,String> userContext;
|
final Map<String, String> userContext;
|
||||||
if (!StringUtils.isBlank(user.getClientAddress())) {
|
if (!StringUtils.isBlank(user.getClientAddress())) {
|
||||||
userContext = new HashMap<>();
|
userContext = new HashMap<>();
|
||||||
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
||||||
|
@ -74,13 +72,13 @@ public class ResourceResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
||||||
.resource(ResourceFactory.getResourceResource())
|
.resource(ResourceFactory.getResourceResource())
|
||||||
.identity(user.getIdentity())
|
.identity(user.getIdentity())
|
||||||
.anonymous(user.isAnonymous())
|
.anonymous(user.isAnonymous())
|
||||||
.accessAttempt(true)
|
.accessAttempt(true)
|
||||||
.action(RequestAction.READ)
|
.action(RequestAction.READ)
|
||||||
.userContext(userContext)
|
.userContext(userContext)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
final AuthorizationResult result = authorizer.authorize(request);
|
final AuthorizationResult result = authorizer.authorize(request);
|
||||||
if (!Result.Approved.equals(result.getResult())) {
|
if (!Result.Approved.equals(result.getResult())) {
|
||||||
|
@ -97,20 +95,17 @@ public class ResourceResource extends ApplicationResource {
|
||||||
@GET
|
@GET
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the available resources that support access/authorization policies",
|
value = "Gets the available resources that support access/authorization policies",
|
||||||
response = ResourcesEntity.class,
|
response = ResourcesEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /resources", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),}
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),}
|
||||||
)
|
)
|
||||||
public Response getResources() {
|
public Response getResources() {
|
||||||
|
|
||||||
|
@ -120,7 +115,6 @@ public class ResourceResource extends ApplicationResource {
|
||||||
return replicate(HttpMethod.GET);
|
return replicate(HttpMethod.GET);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO - if unsecure, return no resources?
|
|
||||||
final List<ResourceDTO> resources = serviceFacade.getResources();
|
final List<ResourceDTO> resources = serviceFacade.getResources();
|
||||||
|
|
||||||
// create the response
|
// create the response
|
||||||
|
@ -132,6 +126,7 @@ public class ResourceResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,6 +34,11 @@ import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import com.wordnik.swagger.annotations.Api;
|
||||||
|
import com.wordnik.swagger.annotations.ApiOperation;
|
||||||
|
import com.wordnik.swagger.annotations.ApiResponse;
|
||||||
|
import com.wordnik.swagger.annotations.ApiResponses;
|
||||||
|
import com.wordnik.swagger.annotations.Authorization;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.nifi.authorization.AccessDeniedException;
|
import org.apache.nifi.authorization.AccessDeniedException;
|
||||||
import org.apache.nifi.authorization.AuthorizationRequest;
|
import org.apache.nifi.authorization.AuthorizationRequest;
|
||||||
|
@ -60,11 +65,20 @@ import org.apache.nifi.web.api.entity.PeersEntity;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import com.wordnik.swagger.annotations.Api;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import com.wordnik.swagger.annotations.ApiOperation;
|
import javax.ws.rs.Consumes;
|
||||||
import com.wordnik.swagger.annotations.ApiResponse;
|
import javax.ws.rs.GET;
|
||||||
import com.wordnik.swagger.annotations.ApiResponses;
|
import javax.ws.rs.HttpMethod;
|
||||||
import com.wordnik.swagger.annotations.Authorization;
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import static org.apache.commons.lang3.StringUtils.isEmpty;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* RESTful endpoint for managing a SiteToSite connection.
|
* RESTful endpoint for managing a SiteToSite connection.
|
||||||
|
@ -81,8 +95,6 @@ public class SiteToSiteResource extends ApplicationResource {
|
||||||
private NiFiServiceFacade serviceFacade;
|
private NiFiServiceFacade serviceFacade;
|
||||||
private ClusterCoordinator clusterCoordinator;
|
private ClusterCoordinator clusterCoordinator;
|
||||||
private Authorizer authorizer;
|
private Authorizer authorizer;
|
||||||
public static final String CHECK_SUM = "checksum";
|
|
||||||
public static final String RESPONSE_CODE = "responseCode";
|
|
||||||
|
|
||||||
private final ResponseCreator responseCreator = new ResponseCreator();
|
private final ResponseCreator responseCreator = new ResponseCreator();
|
||||||
private final VersionNegotiator transportProtocolVersionNegotiator = new TransportProtocolVersionNegotiator(1);
|
private final VersionNegotiator transportProtocolVersionNegotiator = new TransportProtocolVersionNegotiator(1);
|
||||||
|
@ -90,7 +102,7 @@ public class SiteToSiteResource extends ApplicationResource {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authorizes access to Site To Site details.
|
* Authorizes access to Site To Site details.
|
||||||
*
|
* <p>
|
||||||
* Note: Protected for testing purposes
|
* Note: Protected for testing purposes
|
||||||
*/
|
*/
|
||||||
protected void authorizeSiteToSite() {
|
protected void authorizeSiteToSite() {
|
||||||
|
@ -119,18 +131,19 @@ public class SiteToSiteResource extends ApplicationResource {
|
||||||
@GET
|
@GET
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_NIFI')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Returns the details about this NiFi necessary to communicate via site to site",
|
value = "Returns the details about this NiFi necessary to communicate via site to site",
|
||||||
response = ControllerEntity.class,
|
response = ControllerEntity.class,
|
||||||
authorizations = @Authorization(value = "NiFi", type = "ROLE_NIFI")
|
authorizations = {
|
||||||
|
@Authorization(value = "Read - /site-to-site", type = "")
|
||||||
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response getSiteToSiteDetails(@Context HttpServletRequest req) {
|
public Response getSiteToSiteDetails(@Context HttpServletRequest req) {
|
||||||
|
@ -174,7 +187,9 @@ public class SiteToSiteResource extends ApplicationResource {
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Returns the available Peers and its status of this NiFi",
|
value = "Returns the available Peers and its status of this NiFi",
|
||||||
response = PeersEntity.class,
|
response = PeersEntity.class,
|
||||||
authorizations = @Authorization(value = "NiFi", type = "ROLE_NIFI")
|
authorizations = {
|
||||||
|
@Authorization(value = "Read - /site-to-site", type = "")
|
||||||
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
|
@ -246,6 +261,7 @@ public class SiteToSiteResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(final NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(final NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,9 +16,20 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.web.api;
|
package org.apache.nifi.web.api;
|
||||||
|
|
||||||
import java.net.URI;
|
import com.wordnik.swagger.annotations.Api;
|
||||||
import java.util.Set;
|
import com.wordnik.swagger.annotations.ApiOperation;
|
||||||
import java.util.stream.Collectors;
|
import com.wordnik.swagger.annotations.ApiParam;
|
||||||
|
import com.wordnik.swagger.annotations.ApiResponse;
|
||||||
|
import com.wordnik.swagger.annotations.ApiResponses;
|
||||||
|
import com.wordnik.swagger.annotations.Authorization;
|
||||||
|
import org.apache.nifi.authorization.Authorizer;
|
||||||
|
import org.apache.nifi.authorization.RequestAction;
|
||||||
|
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
||||||
|
import org.apache.nifi.controller.Snippet;
|
||||||
|
import org.apache.nifi.web.NiFiServiceFacade;
|
||||||
|
import org.apache.nifi.web.Revision;
|
||||||
|
import org.apache.nifi.web.api.dto.SnippetDTO;
|
||||||
|
import org.apache.nifi.web.api.entity.SnippetEntity;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -32,30 +43,17 @@ import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
import java.net.URI;
|
||||||
import org.apache.nifi.authorization.Authorizer;
|
import java.util.Set;
|
||||||
import org.apache.nifi.authorization.RequestAction;
|
import java.util.stream.Collectors;
|
||||||
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
|
||||||
import org.apache.nifi.controller.Snippet;
|
|
||||||
import org.apache.nifi.web.NiFiServiceFacade;
|
|
||||||
import org.apache.nifi.web.Revision;
|
|
||||||
import org.apache.nifi.web.api.dto.SnippetDTO;
|
|
||||||
import org.apache.nifi.web.api.entity.SnippetEntity;
|
|
||||||
|
|
||||||
import com.wordnik.swagger.annotations.Api;
|
|
||||||
import com.wordnik.swagger.annotations.ApiOperation;
|
|
||||||
import com.wordnik.swagger.annotations.ApiParam;
|
|
||||||
import com.wordnik.swagger.annotations.ApiResponse;
|
|
||||||
import com.wordnik.swagger.annotations.ApiResponses;
|
|
||||||
import com.wordnik.swagger.annotations.Authorization;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* RESTful endpoint for querying dataflow snippets.
|
* RESTful endpoint for querying dataflow snippets.
|
||||||
*/
|
*/
|
||||||
@Path("/snippets")
|
@Path("/snippets")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/snippets",
|
value = "/snippets",
|
||||||
description = "Endpoint for accessing dataflow snippets."
|
description = "Endpoint for accessing dataflow snippets."
|
||||||
)
|
)
|
||||||
public class SnippetResource extends ApplicationResource {
|
public class SnippetResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -95,38 +93,35 @@ public class SnippetResource extends ApplicationResource {
|
||||||
* Creates a snippet based off the specified configuration.
|
* Creates a snippet based off the specified configuration.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param snippetEntity A snippetEntity
|
* @param snippetEntity A snippetEntity
|
||||||
* @return A snippetEntity
|
* @return A snippetEntity
|
||||||
*/
|
*/
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Creates a snippet",
|
value = "Creates a snippet",
|
||||||
response = SnippetEntity.class,
|
response = SnippetEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /{component-type}/{uuid} - For each component in the Snippet", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
}
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response createSnippet(
|
public Response createSnippet(
|
||||||
@Context HttpServletRequest httpServletRequest,
|
@Context HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The snippet configuration details.",
|
value = "The snippet configuration details.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
final SnippetEntity snippetEntity) {
|
final SnippetEntity snippetEntity) {
|
||||||
|
|
||||||
if (snippetEntity == null || snippetEntity.getSnippet() == null) {
|
if (snippetEntity == null || snippetEntity.getSnippet() == null) {
|
||||||
throw new IllegalArgumentException("Snippet details must be specified.");
|
throw new IllegalArgumentException("Snippet details must be specified.");
|
||||||
|
@ -165,46 +160,45 @@ public class SnippetResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Updates the specified snippet. The contents of the snippet (component
|
* Move's the components in this Snippet into a new Process Group.
|
||||||
* ids) cannot be updated once the snippet is created.
|
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param snippetId The id of the snippet.
|
* @param snippetId The id of the snippet.
|
||||||
* @param snippetEntity A snippetEntity
|
* @param snippetEntity A snippetEntity
|
||||||
* @return A snippetEntity
|
* @return A snippetEntity
|
||||||
*/
|
*/
|
||||||
@PUT
|
@PUT
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a snippet",
|
value = "Move's the components in this Snippet into a new Process Group and drops the snippet",
|
||||||
response = SnippetEntity.class,
|
response = SnippetEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write Process Group - /process-groups/{uuid}", type = ""),
|
||||||
}
|
@Authorization(value = "Write - /{component-type}/{uuid} - For each component in the Snippet", type = "")
|
||||||
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response updateSnippet(
|
public Response updateSnippet(
|
||||||
@Context HttpServletRequest httpServletRequest,
|
@Context HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The snippet id.",
|
value = "The snippet id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") String snippetId,
|
@PathParam("id") String snippetId,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The snippet configuration details.",
|
value = "The snippet configuration details.",
|
||||||
required = true
|
required = true
|
||||||
) final SnippetEntity snippetEntity) {
|
) final SnippetEntity snippetEntity) {
|
||||||
|
|
||||||
if (snippetEntity == null || snippetEntity.getSnippet() == null) {
|
if (snippetEntity == null || snippetEntity.getSnippet() == null) {
|
||||||
throw new IllegalArgumentException("Snippet details must be specified.");
|
throw new IllegalArgumentException("Snippet details must be specified.");
|
||||||
|
@ -214,7 +208,7 @@ public class SnippetResource extends ApplicationResource {
|
||||||
final SnippetDTO requestSnippetDTO = snippetEntity.getSnippet();
|
final SnippetDTO requestSnippetDTO = snippetEntity.getSnippet();
|
||||||
if (!snippetId.equals(requestSnippetDTO.getId())) {
|
if (!snippetId.equals(requestSnippetDTO.getId())) {
|
||||||
throw new IllegalArgumentException(String.format("The snippet id (%s) in the request body does not equal the "
|
throw new IllegalArgumentException(String.format("The snippet id (%s) in the request body does not equal the "
|
||||||
+ "snippet id of the requested resource (%s).", requestSnippetDTO.getId(), snippetId));
|
+ "snippet id of the requested resource (%s).", requestSnippetDTO.getId(), snippetId));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
|
@ -224,25 +218,25 @@ public class SnippetResource extends ApplicationResource {
|
||||||
// get the revision from this snippet
|
// get the revision from this snippet
|
||||||
final Set<Revision> revisions = serviceFacade.getRevisionsFromSnippet(snippetId);
|
final Set<Revision> revisions = serviceFacade.getRevisionsFromSnippet(snippetId);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revisions,
|
revisions,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
// ensure write access to the target process group
|
// ensure write access to the target process group
|
||||||
if (requestSnippetDTO.getParentGroupId() != null) {
|
if (requestSnippetDTO.getParentGroupId() != null) {
|
||||||
lookup.getProcessGroup(requestSnippetDTO.getParentGroupId()).authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
lookup.getProcessGroup(requestSnippetDTO.getParentGroupId()).authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
// ensure read permission to every component in the snippet
|
// ensure write permission to every component in the snippet
|
||||||
final Snippet snippet = lookup.getSnippet(snippetId);
|
final Snippet snippet = lookup.getSnippet(snippetId);
|
||||||
authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE);
|
authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE);
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyUpdateSnippet(requestSnippetDTO, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())),
|
() -> serviceFacade.verifyUpdateSnippet(requestSnippetDTO, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())),
|
||||||
() -> {
|
() -> {
|
||||||
// update the snippet
|
// update the snippet
|
||||||
final SnippetEntity entity = serviceFacade.updateSnippet(revisions, snippetEntity.getSnippet());
|
final SnippetEntity entity = serviceFacade.updateSnippet(revisions, snippetEntity.getSnippet());
|
||||||
populateRemainingSnippetEntityContent(entity);
|
populateRemainingSnippetEntityContent(entity);
|
||||||
return clusterContext(generateOkResponse(entity)).build();
|
return clusterContext(generateOkResponse(entity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -250,37 +244,36 @@ public class SnippetResource extends ApplicationResource {
|
||||||
* Removes the specified snippet.
|
* Removes the specified snippet.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param snippetId The id of the snippet to remove.
|
* @param snippetId The id of the snippet to remove.
|
||||||
* @return A entity containing the client id and an updated revision.
|
* @return A entity containing the client id and an updated revision.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes the components in a snippet and drops the snippet",
|
value = "Deletes the components in a snippet and drops the snippet",
|
||||||
response = SnippetEntity.class,
|
response = SnippetEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /{component-type}/{uuid} - For each component in the Snippet", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response deleteSnippet(
|
public Response deleteSnippet(
|
||||||
@Context final HttpServletRequest httpServletRequest,
|
@Context final HttpServletRequest httpServletRequest,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The snippet id.",
|
value = "The snippet id.",
|
||||||
required = true
|
required = true
|
||||||
)
|
)
|
||||||
@PathParam("id") final String snippetId) {
|
@PathParam("id") final String snippetId) {
|
||||||
|
|
||||||
if (isReplicateRequest()) {
|
if (isReplicateRequest()) {
|
||||||
return replicate(HttpMethod.DELETE);
|
return replicate(HttpMethod.DELETE);
|
||||||
|
@ -289,23 +282,24 @@ public class SnippetResource extends ApplicationResource {
|
||||||
// get the revision from this snippet
|
// get the revision from this snippet
|
||||||
final Set<Revision> revisions = serviceFacade.getRevisionsFromSnippet(snippetId);
|
final Set<Revision> revisions = serviceFacade.getRevisionsFromSnippet(snippetId);
|
||||||
return withWriteLock(
|
return withWriteLock(
|
||||||
serviceFacade,
|
serviceFacade,
|
||||||
revisions,
|
revisions,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
// ensure read permission to every component in the snippet
|
// ensure read permission to every component in the snippet
|
||||||
final Snippet snippet = lookup.getSnippet(snippetId);
|
final Snippet snippet = lookup.getSnippet(snippetId);
|
||||||
authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE);
|
authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE);
|
||||||
},
|
},
|
||||||
() -> serviceFacade.verifyDeleteSnippet(snippetId, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())),
|
() -> serviceFacade.verifyDeleteSnippet(snippetId, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())),
|
||||||
() -> {
|
() -> {
|
||||||
// delete the specified snippet
|
// delete the specified snippet
|
||||||
final SnippetEntity snippetEntity = serviceFacade.deleteSnippet(revisions, snippetId);
|
final SnippetEntity snippetEntity = serviceFacade.deleteSnippet(revisions, snippetId);
|
||||||
return clusterContext(generateOkResponse(snippetEntity)).build();
|
return clusterContext(generateOkResponse(snippetEntity)).build();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* setters */
|
/* setters */
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,8 +58,8 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Path("/system-diagnostics")
|
@Path("/system-diagnostics")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/system-diagnostics",
|
value = "/system-diagnostics",
|
||||||
description = "Endpoint for accessing system diagnostics."
|
description = "Endpoint for accessing system diagnostics."
|
||||||
)
|
)
|
||||||
public class SystemDiagnosticsResource extends ApplicationResource {
|
public class SystemDiagnosticsResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ public class SystemDiagnosticsResource extends ApplicationResource {
|
||||||
private void authorizeSystem() {
|
private void authorizeSystem() {
|
||||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||||
|
|
||||||
final Map<String,String> userContext;
|
final Map<String, String> userContext;
|
||||||
if (!StringUtils.isBlank(user.getClientAddress())) {
|
if (!StringUtils.isBlank(user.getClientAddress())) {
|
||||||
userContext = new HashMap<>();
|
userContext = new HashMap<>();
|
||||||
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
|
||||||
|
@ -78,13 +78,13 @@ public class SystemDiagnosticsResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
final AuthorizationRequest request = new AuthorizationRequest.Builder()
|
||||||
.resource(ResourceFactory.getSystemResource())
|
.resource(ResourceFactory.getSystemResource())
|
||||||
.identity(user.getIdentity())
|
.identity(user.getIdentity())
|
||||||
.anonymous(user.isAnonymous())
|
.anonymous(user.isAnonymous())
|
||||||
.accessAttempt(true)
|
.accessAttempt(true)
|
||||||
.action(RequestAction.READ)
|
.action(RequestAction.READ)
|
||||||
.userContext(userContext)
|
.userContext(userContext)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
final AuthorizationResult result = authorizer.authorize(request);
|
final AuthorizationResult result = authorizer.authorize(request);
|
||||||
if (!Result.Approved.equals(result.getResult())) {
|
if (!Result.Approved.equals(result.getResult())) {
|
||||||
|
@ -102,32 +102,29 @@ public class SystemDiagnosticsResource extends ApplicationResource {
|
||||||
@GET
|
@GET
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets the diagnostics for the system NiFi is running on",
|
value = "Gets the diagnostics for the system NiFi is running on",
|
||||||
response = SystemDiagnosticsEntity.class,
|
response = SystemDiagnosticsEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /system", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),}
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),}
|
||||||
)
|
)
|
||||||
public Response getSystemDiagnostics(
|
public Response getSystemDiagnostics(
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "Whether or not to include the breakdown per node. Optional, defaults to false",
|
value = "Whether or not to include the breakdown per node. Optional, defaults to false",
|
||||||
required = false
|
required = false
|
||||||
)
|
)
|
||||||
@QueryParam("nodewise") @DefaultValue(NODEWISE) final Boolean nodewise,
|
@QueryParam("nodewise") @DefaultValue(NODEWISE) final Boolean nodewise,
|
||||||
@ApiParam(
|
@ApiParam(
|
||||||
value = "The id of the node where to get the status.",
|
value = "The id of the node where to get the status.",
|
||||||
required = false
|
required = false
|
||||||
)
|
)
|
||||||
@QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
|
@QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
|
||||||
|
|
||||||
authorizeSystem();
|
authorizeSystem();
|
||||||
|
|
||||||
|
@ -174,6 +171,7 @@ public class SystemDiagnosticsResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,8 +16,21 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.web.api;
|
package org.apache.nifi.web.api;
|
||||||
|
|
||||||
import java.nio.charset.StandardCharsets;
|
import com.wordnik.swagger.annotations.Api;
|
||||||
import java.util.Set;
|
import com.wordnik.swagger.annotations.ApiOperation;
|
||||||
|
import com.wordnik.swagger.annotations.ApiParam;
|
||||||
|
import com.wordnik.swagger.annotations.ApiResponse;
|
||||||
|
import com.wordnik.swagger.annotations.ApiResponses;
|
||||||
|
import com.wordnik.swagger.annotations.Authorization;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
import org.apache.nifi.authorization.Authorizer;
|
||||||
|
import org.apache.nifi.authorization.RequestAction;
|
||||||
|
import org.apache.nifi.authorization.resource.Authorizable;
|
||||||
|
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
||||||
|
import org.apache.nifi.persistence.TemplateSerializer;
|
||||||
|
import org.apache.nifi.web.NiFiServiceFacade;
|
||||||
|
import org.apache.nifi.web.api.dto.TemplateDTO;
|
||||||
|
import org.apache.nifi.web.api.entity.TemplateEntity;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -30,31 +43,16 @@ import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import java.util.Set;
|
||||||
import org.apache.nifi.authorization.Authorizer;
|
|
||||||
import org.apache.nifi.authorization.RequestAction;
|
|
||||||
import org.apache.nifi.authorization.resource.Authorizable;
|
|
||||||
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
|
||||||
import org.apache.nifi.persistence.TemplateSerializer;
|
|
||||||
import org.apache.nifi.web.NiFiServiceFacade;
|
|
||||||
import org.apache.nifi.web.api.dto.TemplateDTO;
|
|
||||||
import org.apache.nifi.web.api.entity.TemplateEntity;
|
|
||||||
|
|
||||||
import com.wordnik.swagger.annotations.Api;
|
|
||||||
import com.wordnik.swagger.annotations.ApiOperation;
|
|
||||||
import com.wordnik.swagger.annotations.ApiParam;
|
|
||||||
import com.wordnik.swagger.annotations.ApiResponse;
|
|
||||||
import com.wordnik.swagger.annotations.ApiResponses;
|
|
||||||
import com.wordnik.swagger.annotations.Authorization;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* RESTful endpoint for managing a Template.
|
* RESTful endpoint for managing a Template.
|
||||||
*/
|
*/
|
||||||
@Path("/templates")
|
@Path("/templates")
|
||||||
@Api(
|
@Api(
|
||||||
value = "/templates",
|
value = "/templates",
|
||||||
description = "Endpoint for managing a Template."
|
description = "Endpoint for managing a Template."
|
||||||
)
|
)
|
||||||
public class TemplateResource extends ApplicationResource {
|
public class TemplateResource extends ApplicationResource {
|
||||||
|
|
||||||
|
@ -76,32 +74,6 @@ public class TemplateResource extends ApplicationResource {
|
||||||
return templateEntities;
|
return templateEntities;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Populate the uri's for the specified templates.
|
|
||||||
*
|
|
||||||
* @param templateEntity templates
|
|
||||||
* @return templates
|
|
||||||
*/
|
|
||||||
public TemplateEntity populateRemainingTemplateEntityContent(TemplateEntity templateEntity) {
|
|
||||||
if (templateEntity.getTemplate() != null) {
|
|
||||||
populateRemainingTemplateContent(templateEntity.getTemplate());
|
|
||||||
}
|
|
||||||
return templateEntity;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Populates the uri for the specified templates.
|
|
||||||
*
|
|
||||||
* @param templates templates
|
|
||||||
* @return templates
|
|
||||||
*/
|
|
||||||
public Set<TemplateDTO> populateRemainingTemplatesContent(Set<TemplateDTO> templates) {
|
|
||||||
for (TemplateDTO template : templates) {
|
|
||||||
populateRemainingTemplateContent(template);
|
|
||||||
}
|
|
||||||
return templates;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Populates the uri for the specified template.
|
* Populates the uri for the specified template.
|
||||||
*/
|
*/
|
||||||
|
@ -121,23 +93,20 @@ public class TemplateResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_XML)
|
@Produces(MediaType.APPLICATION_XML)
|
||||||
@Path("{id}/download")
|
@Path("{id}/download")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Exports a template",
|
value = "Exports a template",
|
||||||
response = TemplateDTO.class,
|
response = TemplateDTO.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /templates/{uuid}", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response exportTemplate(
|
public Response exportTemplate(
|
||||||
|
@ -185,28 +154,27 @@ public class TemplateResource extends ApplicationResource {
|
||||||
* Removes the specified template.
|
* Removes the specified template.
|
||||||
*
|
*
|
||||||
* @param httpServletRequest request
|
* @param httpServletRequest request
|
||||||
* @param id The id of the template to remove.
|
* @param id The id of the template to remove.
|
||||||
* @return A templateEntity.
|
* @return A templateEntity.
|
||||||
*/
|
*/
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a template",
|
value = "Deletes a template",
|
||||||
response = TemplateEntity.class,
|
response = TemplateEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /templates/{uuid}", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
value = {
|
value = {
|
||||||
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
|
||||||
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
@ApiResponse(code = 401, message = "Client could not be authenticated."),
|
||||||
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
|
||||||
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
@ApiResponse(code = 404, message = "The specified resource could not be found."),
|
||||||
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public Response removeTemplate(
|
public Response removeTemplate(
|
||||||
|
@ -242,6 +210,7 @@ public class TemplateResource extends ApplicationResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
// setters
|
// setters
|
||||||
|
|
||||||
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
public void setServiceFacade(NiFiServiceFacade serviceFacade) {
|
||||||
this.serviceFacade = serviceFacade;
|
this.serviceFacade = serviceFacade;
|
||||||
}
|
}
|
||||||
|
|
|
@ -122,12 +122,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("users")
|
@Path("users")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Creates a user",
|
value = "Creates a user",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserEntity.class,
|
response = UserEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /tenants", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -205,14 +205,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("users/{id}")
|
@Path("users/{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a user",
|
value = "Gets a user",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserEntity.class,
|
response = UserEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /tenants", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -262,14 +260,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("users")
|
@Path("users")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets all users",
|
value = "Gets all users",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UsersEntity.class,
|
response = UsersEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /tenants", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -322,12 +318,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("users/{id}")
|
@Path("users/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a user",
|
value = "Updates a user",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserEntity.class,
|
response = UserEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /tenants", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -411,12 +407,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("users/{id}")
|
@Path("users/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a user",
|
value = "Deletes a user",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserEntity.class,
|
response = UserEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /tenants", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -462,7 +458,7 @@ public class TenantsResource extends ApplicationResource {
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable tenants = lookup.getTenant();
|
final Authorizable tenants = lookup.getTenant();
|
||||||
tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
|
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
null,
|
null,
|
||||||
() -> {
|
() -> {
|
||||||
|
@ -508,12 +504,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("user-groups")
|
@Path("user-groups")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Creates a user group",
|
value = "Creates a user group",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserGroupEntity.class,
|
response = UserGroupEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /tenants", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -591,14 +587,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("user-groups/{id}")
|
@Path("user-groups/{id}")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets a user group",
|
value = "Gets a user group",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserGroupEntity.class,
|
response = UserGroupEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /tenants", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -648,14 +642,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("user-groups")
|
@Path("user-groups")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Gets all user groups",
|
value = "Gets all user groups",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserGroupsEntity.class,
|
response = UserGroupsEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /tenants", type = "")
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Administrator", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -707,12 +699,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("user-groups/{id}")
|
@Path("user-groups/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Updates a user group",
|
value = "Updates a user group",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserGroupEntity.class,
|
response = UserGroupEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /tenants", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -796,12 +788,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("user-groups/{id}")
|
@Path("user-groups/{id}")
|
||||||
// TODO - @PreAuthorize("hasRole('ROLE_DFM')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Deletes a user group",
|
value = "Deletes a user group",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = UserGroupEntity.class,
|
response = UserGroupEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
|
@Authorization(value = "Write - /tenants", type = "")
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
@ -847,7 +839,7 @@ public class TenantsResource extends ApplicationResource {
|
||||||
revision,
|
revision,
|
||||||
lookup -> {
|
lookup -> {
|
||||||
final Authorizable tenants = lookup.getTenant();
|
final Authorizable tenants = lookup.getTenant();
|
||||||
tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
|
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
|
||||||
},
|
},
|
||||||
null,
|
null,
|
||||||
() -> {
|
() -> {
|
||||||
|
@ -872,14 +864,12 @@ public class TenantsResource extends ApplicationResource {
|
||||||
@Consumes(MediaType.WILDCARD)
|
@Consumes(MediaType.WILDCARD)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("search-results")
|
@Path("search-results")
|
||||||
// TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
|
|
||||||
@ApiOperation(
|
@ApiOperation(
|
||||||
value = "Searches the cluster for a node with the specified address",
|
value = "Searches the cluster for a node with the specified address",
|
||||||
|
notes = NON_GUARANTEED_ENDPOINT,
|
||||||
response = ClusterSearchResultsEntity.class,
|
response = ClusterSearchResultsEntity.class,
|
||||||
authorizations = {
|
authorizations = {
|
||||||
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
|
@Authorization(value = "Read - /tenants", type = "")
|
||||||
@Authorization(value = "DFM", type = "ROLE_DFM"),
|
|
||||||
@Authorization(value = "Admin", type = "ROLE_ADMIN")
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ApiResponses(
|
@ApiResponses(
|
||||||
|
|
|
@ -16,14 +16,16 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.web.api.config;
|
package org.apache.nifi.web.api.config;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
import javax.ws.rs.ext.ExceptionMapper;
|
|
||||||
import javax.ws.rs.ext.Provider;
|
|
||||||
import org.apache.nifi.util.StringUtils;
|
import org.apache.nifi.util.StringUtils;
|
||||||
import org.apache.nifi.web.InvalidRevisionException;
|
import org.apache.nifi.web.InvalidRevisionException;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
import javax.ws.rs.ext.ExceptionMapper;
|
||||||
|
import javax.ws.rs.ext.Provider;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Maps invalid revision exceptions into client responses.
|
* Maps invalid revision exceptions into client responses.
|
||||||
*/
|
*/
|
||||||
|
@ -35,13 +37,13 @@ public class InvalidRevisionExceptionMapper implements ExceptionMapper<InvalidRe
|
||||||
@Override
|
@Override
|
||||||
public Response toResponse(InvalidRevisionException exception) {
|
public Response toResponse(InvalidRevisionException exception) {
|
||||||
// log the error
|
// log the error
|
||||||
logger.info(String.format("%s. Returning %s response.", exception, Response.Status.CONFLICT));
|
logger.info(String.format("%s. Returning %s response.", exception, Status.BAD_REQUEST));
|
||||||
|
|
||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
logger.debug(StringUtils.EMPTY, exception);
|
logger.debug(StringUtils.EMPTY, exception);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.status(Response.Status.CONFLICT).entity(exception.getMessage()).type("text/plain").build();
|
return Response.status(Status.BAD_REQUEST).entity(exception.getMessage()).type("text/plain").build();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,7 +27,6 @@ import org.apache.nifi.authorization.RequestAction;
|
||||||
import org.apache.nifi.authorization.Resource;
|
import org.apache.nifi.authorization.Resource;
|
||||||
import org.apache.nifi.authorization.resource.Authorizable;
|
import org.apache.nifi.authorization.resource.Authorizable;
|
||||||
import org.apache.nifi.authorization.resource.ResourceFactory;
|
import org.apache.nifi.authorization.resource.ResourceFactory;
|
||||||
import org.apache.nifi.authorization.resource.ResourceType;
|
|
||||||
import org.apache.nifi.authorization.user.NiFiUser;
|
import org.apache.nifi.authorization.user.NiFiUser;
|
||||||
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
import org.apache.nifi.authorization.user.NiFiUserUtils;
|
||||||
import org.apache.nifi.cluster.coordination.ClusterCoordinator;
|
import org.apache.nifi.cluster.coordination.ClusterCoordinator;
|
||||||
|
@ -94,7 +93,6 @@ import org.apache.nifi.web.NiFiCoreException;
|
||||||
import org.apache.nifi.web.ResourceNotFoundException;
|
import org.apache.nifi.web.ResourceNotFoundException;
|
||||||
import org.apache.nifi.web.api.dto.DocumentedTypeDTO;
|
import org.apache.nifi.web.api.dto.DocumentedTypeDTO;
|
||||||
import org.apache.nifi.web.api.dto.DtoFactory;
|
import org.apache.nifi.web.api.dto.DtoFactory;
|
||||||
import org.apache.nifi.web.api.dto.TemplateDTO;
|
|
||||||
import org.apache.nifi.web.api.dto.provenance.AttributeDTO;
|
import org.apache.nifi.web.api.dto.provenance.AttributeDTO;
|
||||||
import org.apache.nifi.web.api.dto.provenance.ProvenanceDTO;
|
import org.apache.nifi.web.api.dto.provenance.ProvenanceDTO;
|
||||||
import org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO;
|
import org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO;
|
||||||
|
@ -131,6 +129,7 @@ import java.util.SortedSet;
|
||||||
import java.util.TimeZone;
|
import java.util.TimeZone;
|
||||||
import java.util.TreeSet;
|
import java.util.TreeSet;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
import java.util.function.Consumer;
|
||||||
|
|
||||||
import static org.apache.nifi.controller.FlowController.ROOT_GROUP_ID_ALIAS;
|
import static org.apache.nifi.controller.FlowController.ROOT_GROUP_ID_ALIAS;
|
||||||
|
|
||||||
|
@ -754,68 +753,97 @@ public class ControllerFacade implements Authorizable {
|
||||||
|
|
||||||
public List<Resource> getResources() {
|
public List<Resource> getResources() {
|
||||||
final List<Resource> resources = new ArrayList<>();
|
final List<Resource> resources = new ArrayList<>();
|
||||||
|
resources.add(ResourceFactory.getFlowResource());
|
||||||
resources.add(ResourceFactory.getSystemResource());
|
resources.add(ResourceFactory.getSystemResource());
|
||||||
resources.add(ResourceFactory.getControllerResource());
|
resources.add(ResourceFactory.getControllerResource());
|
||||||
resources.add(ResourceFactory.getFlowResource());
|
resources.add(ResourceFactory.getCountersResource());
|
||||||
resources.add(ResourceFactory.getProvenanceResource());
|
resources.add(ResourceFactory.getProvenanceResource());
|
||||||
|
resources.add(ResourceFactory.getPoliciesResource());
|
||||||
|
resources.add(ResourceFactory.getTenantResource());
|
||||||
resources.add(ResourceFactory.getProxyResource());
|
resources.add(ResourceFactory.getProxyResource());
|
||||||
resources.add(ResourceFactory.getResourceResource());
|
resources.add(ResourceFactory.getResourceResource());
|
||||||
|
resources.add(ResourceFactory.getSiteToSiteResource());
|
||||||
|
|
||||||
final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
|
final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
|
||||||
|
|
||||||
// add each processor
|
// add each processor
|
||||||
for (final ProcessorNode processor : root.findAllProcessors()) {
|
for (final ProcessorNode processor : root.findAllProcessors()) {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.Processor, processor.getIdentifier(), processor.getName()));
|
final Resource processorResource = processor.getResource();
|
||||||
resources.add(ResourceFactory.getDataResource(processor.getResource()));
|
resources.add(processorResource);
|
||||||
|
resources.add(ResourceFactory.getDataResource(processorResource));
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(processorResource));
|
||||||
}
|
}
|
||||||
|
|
||||||
// add each label
|
// add each label
|
||||||
for (final Label label : root.findAllLabels()) {
|
for (final Label label : root.findAllLabels()) {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.Label, label.getIdentifier(), label.getValue()));
|
final Resource labelResource = label.getResource();
|
||||||
|
resources.add(labelResource);
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(labelResource));
|
||||||
}
|
}
|
||||||
|
|
||||||
// add each process group
|
// add each process group
|
||||||
for (final ProcessGroup processGroup : root.findAllProcessGroups()) {
|
for (final ProcessGroup processGroup : root.findAllProcessGroups()) {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.ProcessGroup, processGroup.getIdentifier(), processGroup.getName()));
|
final Resource processGroupResource = processGroup.getResource();
|
||||||
resources.add(ResourceFactory.getDataResource(processGroup.getResource()));
|
resources.add(processGroupResource);
|
||||||
|
resources.add(ResourceFactory.getDataResource(processGroupResource));
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(processGroupResource));
|
||||||
}
|
}
|
||||||
|
|
||||||
// add each remote process group
|
// add each remote process group
|
||||||
for (final RemoteProcessGroup remoteProcessGroup : root.findAllRemoteProcessGroups()) {
|
for (final RemoteProcessGroup remoteProcessGroup : root.findAllRemoteProcessGroups()) {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.RemoteProcessGroup, remoteProcessGroup.getIdentifier(), remoteProcessGroup.getName()));
|
final Resource remoteProcessGroupResource = remoteProcessGroup.getResource();
|
||||||
resources.add(ResourceFactory.getDataResource(remoteProcessGroup.getResource()));
|
resources.add(remoteProcessGroupResource);
|
||||||
|
resources.add(ResourceFactory.getDataResource(remoteProcessGroupResource));
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(remoteProcessGroupResource));
|
||||||
}
|
}
|
||||||
|
|
||||||
// add each input port
|
// add each input port
|
||||||
for (final Port inputPort : root.findAllInputPorts()) {
|
for (final Port inputPort : root.findAllInputPorts()) {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.InputPort, inputPort.getIdentifier(), inputPort.getName()));
|
final Resource inputPortResource = inputPort.getResource();
|
||||||
resources.add(ResourceFactory.getDataResource(inputPort.getResource()));
|
resources.add(inputPortResource);
|
||||||
|
resources.add(ResourceFactory.getDataResource(inputPortResource));
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(inputPortResource));
|
||||||
|
if (inputPort instanceof RootGroupPort) {
|
||||||
|
resources.add(ResourceFactory.getDataTransferResource(inputPortResource));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// add each output port
|
// add each output port
|
||||||
for (final Port outputPort : root.findAllOutputPorts()) {
|
for (final Port outputPort : root.findAllOutputPorts()) {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.OutputPort, outputPort.getIdentifier(), outputPort.getName()));
|
final Resource outputPortResource = outputPort.getResource();
|
||||||
resources.add(ResourceFactory.getDataResource(outputPort.getResource()));
|
resources.add(outputPortResource);
|
||||||
|
resources.add(ResourceFactory.getDataResource(outputPortResource));
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(outputPortResource));
|
||||||
|
if (outputPort instanceof RootGroupPort) {
|
||||||
|
resources.add(ResourceFactory.getDataTransferResource(outputPortResource));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// add each controller service
|
// add each controller service
|
||||||
for (final ControllerServiceNode controllerService : flowController.getAllControllerServices()) {
|
final Consumer<ControllerServiceNode> csConsumer = controllerService -> {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.ControllerService, controllerService.getIdentifier(), controllerService.getName()));
|
final Resource controllerServiceResource = controllerService.getResource();
|
||||||
}
|
resources.add(controllerServiceResource);
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(controllerServiceResource));
|
||||||
|
};
|
||||||
|
|
||||||
|
flowController.getAllControllerServices().forEach(csConsumer);
|
||||||
|
root.findAllControllerServices().forEach(csConsumer);
|
||||||
|
|
||||||
|
|
||||||
// add each reporting task
|
// add each reporting task
|
||||||
for (final ReportingTaskNode reportingTask : flowController.getAllReportingTasks()) {
|
for (final ReportingTaskNode reportingTask : flowController.getAllReportingTasks()) {
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.ReportingTask, reportingTask.getIdentifier(), reportingTask.getName()));
|
final Resource reportingTaskResource = reportingTask.getResource();
|
||||||
|
resources.add(reportingTaskResource);
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(reportingTaskResource));
|
||||||
}
|
}
|
||||||
|
|
||||||
// add each template
|
// add each template
|
||||||
for (final Template template : root.findAllTemplates()) {
|
for (final Template template : root.findAllTemplates()) {
|
||||||
final TemplateDTO details = template.getDetails();
|
final Resource templateResource = template.getResource();
|
||||||
resources.add(ResourceFactory.getComponentResource(ResourceType.Template, details.getId(), details.getName()));
|
resources.add(templateResource);
|
||||||
|
resources.add(ResourceFactory.getPolicyResource(templateResource));
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO - need token resource?
|
|
||||||
// resources.add(ResourceFactory.getTokenResource());
|
|
||||||
return resources;
|
return resources;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue