Commit Graph

42 Commits

Author SHA1 Message Date
Matt Gilman 6bc6f955c0 NIFI-4059:
- Introducing the LdapUserGroupProvider.
- Updating documentation accordingly.
- Moving the IdentityMapping utilities so they were accessible.

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #1923.
2017-06-19 19:25:33 +02:00
Matt Gilman 4ed7511bee
NIFI-3653: - Introducing UserGroup and Policy provider interfaces.
- Introducing FileUserGroupProvider and FileAccessPolicyProvider.
- Refactoring FileAuthorizer to utilize the file based implementations.
- Introducing the StandardManagedAuthorizer.
- Decorating the configured ManagedAuthorizer to ensure integrity checks are still performed.
- Loading user groups if possible to use during access decisions.
- Merging responses for requests for AccessPolicies, Users, and UserGroups.
- Adding unit tests as appropriate.
- Adding methods to the User, Group, and AccessPolicy builder that more easily supports generating UUIDs.
- Fixing typo when seeding policies during startup.
- Fixing type in documentation and error messages.

This closes #1897.

Signed-off-by: Bryan Bende <bbende@apache.org>
2017-06-09 13:54:10 -04:00
Matt Gilman cc741d2be6
NIFI-3997:
- Bumping to next minor version.
2017-06-08 15:22:51 -04:00
Matt Gilman 6ee12e9b47
NIFI-3997-RC1prepare for next development iteration 2017-06-05 11:07:43 -04:00
Matt Gilman ddb73612bd
NIFI-3997-RC1prepare release nifi-1.3.0-RC1 2017-06-05 11:07:28 -04:00
Bryan Bende 3af53419af
NIFI-3770-RC2 prepare for next development iteration 2017-05-05 20:50:28 -04:00
Bryan Bende 3a605af8e0
NIFI-3770-RC2 prepare release nifi-1.2.0-RC2 2017-05-05 20:50:14 -04:00
Yolanda M. Davis 55b8c7ddad
NIFI-3695
- added proxy dn flag to support providing authorized username for secured environments
- addressed pr comments including fix to ensure proxy info added when getting cluster info, showing cleaner error messaging  and improving help text. Also fixed potential issue with versioning comparison (mismatched lengths)
- Printing response body when requests fails.
- This closes #1697
2017-04-27 12:42:12 -04:00
Yolanda M. Davis c0f0462e8b
NIFI-3695 - created the nifi admin toolkit which includes shell scripts and classes to support notification and basic node management in standalone and clustered nifi.
This closes #1669.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-04-24 23:08:37 -07:00
Matt Gilman 7e1ecad738
NIFI-3706: - Removing non-existent resource when converting a legacy authorized users file.
This closes #1673.

Signed-off-by: Bryan Bende <bbende@apache.org>
2017-04-18 09:46:21 -04:00
James Wing f9b5bcf7bb NIFI-2907 Fix Flow Schema Validation Errors
This closes #1587.
2017-03-28 10:53:16 -04:00
Pierre Villard da5aafdf3f
NIFI-3121 Remove read permissions on proxy resource for Node Identities. This closes #1368 2017-02-07 17:01:51 -05:00
Matt Gilman b1c9f0e764
NIFI-2695: - Providing more granular and meaningful authorization error messages.
This closes #1309.

Signed-off-by: Bryan Bende <bbende@apache.org>
2017-01-04 13:06:19 -05:00
joewitt 92f17a995b NIFI-3100-rc2 prepare for next development iteration 2016-11-25 23:49:27 -05:00
joewitt 5536f690a8 NIFI-3100-rc2 prepare release nifi-1.1.0-RC2 2016-11-25 23:49:13 -05:00
Matt Gilman 7f5eabd603
NIFI-3050: Implemented access control logic for restricted components.
- Addressing comments from PR.
- Adding restricted tags to relevant components.
- Showing a restricted icon overlay on the processor node on the canvas. (+1 squashed commit)
Squashed commits:
[f487682] NIFI-3050:
- Introducing a Restricted annotation for components that require elevated privileges to use.
- Updating the new Processor, Controller Service, and Reporting Task dialogs to include these details and prevent unauthorized selection.
- Including the Restricted description in the generated component documentation.
- Updating processor access control integration test to verify restricted component creation.
- Updating the developer, user, and admin guide to include the restricted component policy.

This closes #1247.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-11-21 12:07:48 -08:00
Andre F de Miranda 446cd44702 NIFI-2816 - Clean typos across the code
This closes #1057.
2016-09-26 17:47:31 +02:00
Joseph Percivall 1fe18a1567 NIFI-2676-rc1 prepare for next development iteration 2016-08-26 11:40:58 -04:00
Joseph Percivall 74d5224783 NIFI-2676-rc1 prepare release nifi-1.0.0-RC1 2016-08-26 11:40:44 -04:00
joewitt 7d7401add4 NIFI-2574 Changed NiFiProperties to avoid static initializer and updated all references to it. 2016-08-17 00:10:07 -07:00
Bryan Bende 698cde69ba NIFI-2453 Making FileAuthorizer perform initial seeding when users and groups are already present
Signed-off-by: Yolanda M. Davis <ymdavis@apache.org>

This closes #772
2016-08-03 11:59:03 -04:00
joewitt 05a99a93cb NIFI-2208 This closes #754. refactored as per comments on JIRA. Reduced API expsosure and tightened lifecycle management. 2016-08-01 14:17:26 -04:00
Yolanda M. Davis 8412d2662a NIFI-2208 - initial commit Custom Property Expression Language support with Variable Registry, includes bug fix for NIFI-2057
This closes #529

Signed-off-by: jpercivall <joepercivall@yahoo.com>
2016-07-29 17:10:20 -04:00
Bryan Bende 5e4ba04589 NIFI-2390 Separating of users and groups from authorizations.xml into separate file. This closes #735 2016-07-28 16:41:52 -04:00
Bryan Bende dedd4fcda1 NIFI-2403
- Ensuring uniqueness on user identities and group names
- Ensure errors when updating a group are displayed.
- This closes #724
2016-07-28 08:45:47 -04:00
Bryan Bende c3b4872b55 NIFI-2389 Refactoring identity mapping and applying it to FileAuthorizer for initial admin, cluster nodes, and legacy authorized users. This closes #719 2016-07-26 15:24:50 -04:00
Matt Gilman 69586d8bd0 NIFI-2346:
- Introducing data resource for authorizing provenance events and queue listing.
- Authorizing entire proxy chain for data resource and data transfer resource.
NIFI-2338:
- Ensuring that replay authorization only happens once.

- Allowing users with access to policies for a component to be able to access all policies for that component.
-- Includes the component, data, data transfers, and policies.
- Fixing drop request completion to update the correct queued field.
- Fixing access control check for listing and emptying queues.
- Reseting selected policy when re-opening the policy management page.
- Fixing button/link visibility for available actions in policy management page.
- Fixing policy issues with policy removal when the underlying component is deleted.
- Updating file authorizer seeding to grant data access to node's in the cluster.

This closes #720.
2016-07-26 14:15:36 -04:00
Bryan Bende 3e9867d5da NIFI-1950 Updating FileAuthorizer to convert access controls from input and output ports during legacy conversion. This closes #702. 2016-07-25 12:37:26 -04:00
Aldrin Piri d1129706e2 NIFI-1896 This closes #650. Refactored nifi-api into nifi-framework-api and other locations. The nifi-api is specific to that which is needed for intended extension points. 2016-07-14 18:24:48 -04:00
Bryan Bende ba763b95e8 NIFI-2003 Creating abstract authentication provider and incorporating into existing providers
NIFI-2201 Add support for seeding cluster nodes in authorizations.xml
- Passing client address along in user context on authorization requests
- This closes #628
2016-07-12 11:20:29 -04:00
Bryan Bende c5889314ca NIFI-2171 Removing list of groups from User
- Making FileAuthorizer not update the resource or action when updating an AccessPolicy
- Adding corresponding READ policies during initial seeding and legacy conversions
- Adding checks to FileAuthorizer to ensure only one policy per resource-action
- Removing merging of policies on legacy conversion since we have one action per policy now
- This closes #608
2016-07-06 16:56:07 -04:00
Matt Gilman ce5330330a NIFI-1781:
- Updating UI according to permissions through out the application.
- Shuffling provenance events, template, and cluster search REST APIs according to resources being authorized.
- Moving template upload controls.
- Removing username where appropriate.
- Addressing issues when authorizing flow configuration actions.
- Code clean up.
2016-07-01 15:10:27 -04:00
Bryan Bende f43f47694c NIFI-2138 Making AccessPolicy have a single RequestAction. This closes #590 2016-06-28 16:32:27 -04:00
Bryan Bende 8c837ba1ea NIFI-2127 Adding support for managing the user-group relationship from the Group side. This closes #588 2016-06-28 14:25:38 -04:00
Jeff Storck 64719b6f9b NIFI-1952 Updated StandardPolicyBasedAuthorizerDAO to throw ResourceNotFoundExceptions when user/group/policy not found
Added spec for StandardPolicyBasedAuthorizerDAO
Added exception mapper for AuthorizationAccessException, added mapper to nifi-web-api-context.xml
Added rest endpoints to get all users and user groups
Merged UsersResource and UserGroupsResource into TenantsResource
This closes #582
2016-06-26 22:23:25 -04:00
Bryan Bende b911c9dbdf NIFI-1916 Improvements to FileAuthorizer to not parse flow when unncessary and to recreate missing authorizations.xml. This closes #581 2016-06-25 17:10:59 -04:00
Bryan Bende 679ad93f57 NIFI-1804 Adding ability for FileAuthorizer to automatically convert existing authorized-users.xml to new model
- Removing Resources class from file authorizer and updating ResourceType enum
- Updating ResourceFactory to be in sync with ResourceType enum and adding additional required permissions to the auto-conversion
- Adding root process group to the seeding of the initial admin
- Improvement so that users that are already part of a read-write policy, won't end up in a read policy for the same resource
- Removing rootGroupId from authorization context and auto-detecting it from the flow provided through nifi.properties
- This closes #507
2016-06-17 16:33:00 -04:00
Bryan Bende 8d8a9cba79 NIFI-1916 Updating FileAuthorizer to extend AbstractPolicyBasedAuthorizer and adding intial loading of data users, groups, and policies
- Implementing CRUD operations and unit tests for Users
- Implementing CRUD operations and unit tests for Groups
- Implementing CRUD operations and unit tests for AccessPolicies
- Adding support for seeding with an initial admin user
- Fixing delete for user and group so it removes references from policies
- Adding example to authorizations.xml
- Adding back the old users schema in preparation for auto-converting to the new format, and providing the AuthorizationConfigurationContext with access to the root process group id
- Refactoring some of the FileAuthorizer to ensure thread safety
- Adding /groups to policies created for initial admin
- This closes #473
2016-06-03 17:26:22 -04:00
Matt Gilman ff98d823e2 NIFI-1554:
- Populating component entities in the REST API to decouple key fields from the configuration DTOs.
- Added initial support for components in UI when access isn't allowed. Formal styling to come later.
2016-04-29 14:49:14 -04:00
Matt Gilman 8c09a5c8d2 NIFI-1783: - Addressing mistake in exmample XML. - Ensuring the configured Authorizer is loaded correctly.
This closes #363.

Signed-off-by: Bryan Bende <bbende@apache.org>
2016-04-19 09:53:26 -04:00
Matt Gilman 153f63ef43 NIFI-1551:
- Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer.
- Updating UI accordingly.
- Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
- This closes #359.
2016-04-15 16:03:00 -04:00
Matt Gilman 5de40ccec3 NIFI-1553:
- Implementing a file based authorizer.
- Providing an example authorizations files.
- Address comments from PR.
- This closes #330
2016-04-07 16:28:42 -04:00