Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-3121 Remove read permissions on proxy resource for Node Identities. This closes #1368

This commit is contained in:
Pierre Villard 2016-12-29 14:12:20 +01:00 committed by Matt Gilman
parent 5af6eb17b0
commit da5aafdf3f
No known key found for this signature in database
GPG Key ID: DF61EC19432AEE37
3 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
View File

@ -359,7 +359,6 @@ public class FileAuthorizer extends AbstractPolicyBasedAuthorizer {
final org.apache.nifi.authorization.file.tenants.generated.User jaxbNodeUser = getOrCreateUser(tenants, nodeIdentity);
// grant access to the proxy resource
addAccessPolicy(authorizations, ResourceType.Proxy.getValue(), jaxbNodeUser.getIdentifier(), READ_CODE);
addAccessPolicy(authorizations, ResourceType.Proxy.getValue(), jaxbNodeUser.getIdentifier(), WRITE_CODE);
// grant the user read/write access data of the root group

1
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/RoleAccessPolicy.java
View File

@ -94,7 +94,6 @@ public final class RoleAccessPolicy {
roleAccessPolicies.put(Role.ROLE_ADMIN, Collections.unmodifiableSet(adminPolicies));
final Set<RoleAccessPolicy> proxyPolicies = new HashSet<>();
proxyPolicies.add(new RoleAccessPolicy(ResourceType.Proxy.getValue(), READ_ACTION));
proxyPolicies.add(new RoleAccessPolicy(ResourceType.Proxy.getValue(), WRITE_ACTION));
if (rootGroupId != null) {
proxyPolicies.add(new RoleAccessPolicy(ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + rootGroupId, READ_ACTION));

12
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
View File

@ -347,7 +347,7 @@ public class FileAuthorizerTest {
assertEquals(2, user5Policies.size());
assertTrue(user5Policies.containsKey(ResourceType.Proxy.getValue()));
assertEquals(2, user5Policies.get(ResourceType.Proxy.getValue()).size());
assertEquals(1, user5Policies.get(ResourceType.Proxy.getValue()).size());
assertTrue(user5Policies.get(ResourceType.Proxy.getValue()).contains(RequestAction.WRITE));
// verify user6's policies
@ -652,13 +652,8 @@ public class FileAuthorizerTest {
User nodeUser2 = authorizer.getUserByIdentity(nodeIdentity2);
assertNotNull(nodeUser2);
AccessPolicy proxyReadPolicy = authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(), RequestAction.READ);
AccessPolicy proxyWritePolicy = authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(), RequestAction.WRITE);
assertNotNull(proxyReadPolicy);
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser1.getIdentifier()));
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser2.getIdentifier()));
assertNotNull(proxyWritePolicy);
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser1.getIdentifier()));
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser2.getIdentifier()));
@ -695,13 +690,8 @@ public class FileAuthorizerTest {
User nodeUser2 = authorizer.getUserByIdentity(nodeIdentity2);
assertNotNull(nodeUser2);
AccessPolicy proxyReadPolicy = authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(), RequestAction.READ);
AccessPolicy proxyWritePolicy = authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(), RequestAction.WRITE);
assertNotNull(proxyReadPolicy);
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser1.getIdentifier()));
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser2.getIdentifier()));
assertNotNull(proxyWritePolicy);
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser1.getIdentifier()));
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser2.getIdentifier()));