You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2022/06/13 21:39:01 UTC
[nifi] branch main updated: NIFI-10114 This closes #6122. Removed Single Refresh from ShellUserGroupProvider
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new f91d877043 NIFI-10114 This closes #6122. Removed Single Refresh from ShellUserGroupProvider
f91d877043 is described below
commit f91d877043e894d22a75ecc19c496796c38e67e1
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Jun 13 14:25:41 2022 -0500
NIFI-10114 This closes #6122. Removed Single Refresh from ShellUserGroupProvider
Signed-off-by: Joe Witt <jo...@apache.org>
---
.../nifi/authorization/NssShellCommands.java | 34 ---------
.../nifi/authorization/OsxShellCommands.java | 26 -------
.../nifi/authorization/RemoteShellCommands.java | 12 ----
.../nifi/authorization/ShellCommandsProvider.java | 33 ---------
.../nifi/authorization/ShellUserGroupProvider.java | 81 +---------------------
.../nifi/authorization/util/ShellRunner.java | 4 --
.../authorization/ShellUserGroupProviderIT.java | 2 +-
.../authorization/shell/NssShellCommands.java | 34 ---------
.../authorization/shell/OsxShellCommands.java | 26 -------
.../authorization/shell/RemoteShellCommands.java | 73 -------------------
.../authorization/shell/ShellCommandsProvider.java | 33 ---------
.../security/authorization/shell/ShellRunner.java | 4 --
.../shell/ShellUserGroupProvider.java | 78 +--------------------
13 files changed, 5 insertions(+), 435 deletions(-)
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/NssShellCommands.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/NssShellCommands.java
index 4339907624..c5c3f61ef9 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/NssShellCommands.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/NssShellCommands.java
@@ -45,40 +45,6 @@ class NssShellCommands implements ShellCommandsProvider {
return String.format("getent group %s | cut -f 4 -d ':'", groupName);
}
- /**
- * Gets the command for reading a single user by id.
- *
- * When executed, this command should output a single line, in the format used by `getUsersList`.
- *
- * @param userId name of user.
- * @return Shell command string that will read a single user.
- */
- @Override
- public String getUserById(String userId) {
- return String.format("getent passwd %s | cut -f 1,3,4 -d ':'", userId);
- }
-
- /**
- * This method reuses `getUserById` because the getent command is the same for
- * both uid and username.
- *
- * @param userName name of user.
- * @return Shell command string that will read a single user.
- */
- public String getUserByName(String userName) {
- return getUserById(userName);
- }
-
- /**
- * This method supports gid or group name because getent does.
- *
- * @param groupId name of group.
- * @return Shell command string that will read a single group.
- */
- public String getGroupById(String groupId) {
- return String.format("getent group %s | cut -f 1,3,4 -d ':'", groupId);
- }
-
/**
* This gives exit code 0 on all tested distributions.
*
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/OsxShellCommands.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/OsxShellCommands.java
index 85dca066c2..90f405f428 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/OsxShellCommands.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/OsxShellCommands.java
@@ -47,32 +47,6 @@ class OsxShellCommands implements ShellCommandsProvider {
return String.format("dscl . -read /Groups/%s GroupMembership | cut -f 2- -d ' ' | sed 's/\\ /,/g'", groupName);
}
- /**
- * @param userId name of user.
- * @return Shell command string that will read a single user.
- */
- @Override
- public String getUserById(String userId) {
- return String.format("id -P %s | cut -f 1,3,4 -d ':'", userId);
- }
-
- /**
- * @param userName name of user.
- * @return Shell command string that will read a single user.
- */
- public String getUserByName(String userName) {
- return getUserById(userName); // 'id' command works for both uid/username
- }
-
- /**
- * @param groupId name of group.
- * @return Shell command string that will read a single group.
- */
- public String getGroupById(String groupId) {
- return String.format(" dscl . -read /Groups/`dscl . -search /Groups gid %s | head -n 1 | cut -f 1` RecordName PrimaryGroupID | awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;} " +
- "/RecordName: / {name = $2;i = 1;}/PrimaryGroupID: / {gid = $2;}; {if (i==1) {print name,gid,\"\"}}'", groupId);
- }
-
/**
* @return Shell command string that will exit normally (0) on a suitable system.
*/
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/RemoteShellCommands.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/RemoteShellCommands.java
index 3c26ba71b7..9a6d7fd11a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/RemoteShellCommands.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/RemoteShellCommands.java
@@ -56,18 +56,6 @@ class RemoteShellCommands implements ShellCommandsProvider {
return String.format(remoteCommand, innerProvider.getGroupMembers(groupName), privateKeyPath, remotePort, remoteHost);
}
- public String getUserById(String userId) {
- return String.format(remoteCommand, innerProvider.getUserById(userId), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getUserByName(String userName) {
- return String.format(remoteCommand, innerProvider.getUserByName(userName), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getGroupById(String groupId) {
- return String.format(remoteCommand, innerProvider.getGroupById(groupId), privateKeyPath, remotePort, remoteHost);
- }
-
public String getSystemCheck() {
return String.format(remoteCommand, innerProvider.getSystemCheck(), privateKeyPath, remotePort, remoteHost);
}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellCommandsProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellCommandsProvider.java
index 14c7de4dbc..2879057e2c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellCommandsProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellCommandsProvider.java
@@ -55,39 +55,6 @@ interface ShellCommandsProvider {
*/
String getGroupMembers(String groupName);
- /**
- * Gets the command for reading a single user by id. Implementations may return null if reading a single
- * user by id is not supported.
- *
- * When executed, this command should output a single line, in the format used by `getUsersList`.
- *
- * @param userId name of user.
- * @return Shell command string that will read a single user.
- */
- String getUserById(String userId);
-
- /**
- * Gets the command for reading a single user. Implementations may return null if reading a single user by
- * username is not supported.
- *
- * When executed, this command should output a single line, in the format used by `getUsersList`.
- *
- * @param userName name of user.
- * @return Shell command string that will read a single user.
- */
- String getUserByName(String userName);
-
- /**
- * Gets the command for reading a single group. Implementations may return null if reading a single group
- * by name is not supported.
- *
- * When executed, this command should output a single line, in the format used by `getGroupsList`.
- *
- * @param groupId name of group.
- * @return Shell command string that will read a single group.
- */
- String getGroupById(String groupId);
-
/**
* Gets the command for checking the suitability of the host system.
*
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellUserGroupProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellUserGroupProvider.java
index e8e793c325..928734da9e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellUserGroupProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellUserGroupProvider.java
@@ -133,11 +133,6 @@ public class ShellUserGroupProvider implements UserGroupProvider {
user = usersByName.get(identity);
}
- if (user == null) {
- refreshOneUser(selectedShellCommands.getUserByName(identity), "Get Single User by Name");
- user = usersByName.get(identity);
- }
-
if (user == null) {
logger.debug("getUser (by name) user not found: " + identity);
} else {
@@ -175,11 +170,6 @@ public class ShellUserGroupProvider implements UserGroupProvider {
group = groupsById.get(identifier);
}
- if (group == null) {
- refreshOneGroup(selectedShellCommands.getGroupById(identifier), "Get Single Group by Id");
- group = groupsById.get(identifier);
- }
-
if (group == null) {
logger.debug("getGroup (by id) group not found: " + identifier);
} else {
@@ -279,7 +269,7 @@ public class ShellUserGroupProvider implements UserGroupProvider {
// Our next init step is to run the system check from that command set to determine if the other commands
// will work on this host or not.
try {
- shellRunner.runShell(commands.getSystemCheck());
+ shellRunner.runShell(commands.getSystemCheck(), "Supported System Check");
} catch (final Exception e) {
logger.error("initialize exception: " + e + " system check command: " + commands.getSystemCheck());
throw new AuthorizerCreationException(SYS_CHECK_ERROR, e);
@@ -412,73 +402,6 @@ public class ShellUserGroupProvider implements UserGroupProvider {
selectedShellCommands = commandsProvider;
}
- /**
- * Refresh a single user.
- *
- * @param command Shell command to read a single user. Pre-formatted by caller.
- * @param description Shell command description.
- */
- private void refreshOneUser(String command, String description) {
- if (command != null) {
- Map<String, User> idToUser = new HashMap<>();
- Map<String, User> usernameToUser = new HashMap<>();
- Map<String, User> gidToUser = new HashMap<>();
- List<String> userLines;
-
- try {
- userLines = shellRunner.runShell(command, description);
- rebuildUsers(userLines, idToUser, usernameToUser, gidToUser);
- } catch (final IOException ioexc) {
- logger.error("refreshOneUser shell exception: " + ioexc);
- }
-
- if (idToUser.size() > 0) {
- synchronized (usersById) {
- usersById.putAll(idToUser);
- }
- }
-
- if (usernameToUser.size() > 0) {
- synchronized (usersByName) {
- usersByName.putAll(usernameToUser);
- }
- }
- } else {
- logger.info("Get Single User not supported on this system.");
- }
- }
-
- /**
- * Refresh a single group.
- *
- * @param command Shell command to read a single group. Pre-formatted by caller.
- * @param description Shell command description.
- */
- private void refreshOneGroup(String command, String description) {
- if (command != null) {
- Map<String, Group> gidToGroup = new HashMap<>();
- List<String> groupLines;
-
- try {
- groupLines = shellRunner.runShell(command, description);
- rebuildGroups(groupLines, gidToGroup);
- } catch (final IOException ioexc) {
- logger.error("refreshOneGroup shell exception: " + ioexc);
- }
-
- if (gidToGroup.size() > 0) {
- synchronized (groupsById) {
- groupsById.putAll(gidToGroup);
- }
- synchronized (groupsByName) {
- gidToGroup.values().forEach(g -> groupsByName.put(g.getName(), g));
- }
- }
- } else {
- logger.info("Get Single Group not supported on this system.");
- }
- }
-
/**
* This is our entry point for user and group refresh. This method runs the top-level
* `getUserList()` and `getGroupsList()` shell commands, then passes those results to the
@@ -614,7 +537,7 @@ public class ShellUserGroupProvider implements UserGroupProvider {
try {
String groupMembersCommand = selectedShellCommands.getGroupMembers(groupName);
- List<String> memberLines = shellRunner.runShell(groupMembersCommand);
+ List<String> memberLines = shellRunner.runShell(groupMembersCommand, "Get Group Members");
// Use the first line only, and log if the line count isn't exactly one:
if (!memberLines.isEmpty()) {
String memberLine = memberLines.get(0);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/util/ShellRunner.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/util/ShellRunner.java
index 819640de76..46f7154466 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/util/ShellRunner.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/util/ShellRunner.java
@@ -52,10 +52,6 @@ public class ShellRunner {
});
}
- public List<String> runShell(String command) throws IOException {
- return runShell(command, "<unknown>");
- }
-
public List<String> runShell(String command, String description) throws IOException {
final ProcessBuilder builder = new ProcessBuilder(SHELL, OPTS, command);
builder.redirectErrorStream(true);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/test/java/org/apache/nifi/authorization/ShellUserGroupProviderIT.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/test/java/org/apache/nifi/authorization/ShellUserGroupProviderIT.java
index cc7f0c4ba1..57ace6dd3e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/test/java/org/apache/nifi/authorization/ShellUserGroupProviderIT.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/test/java/org/apache/nifi/authorization/ShellUserGroupProviderIT.java
@@ -101,7 +101,7 @@ public class ShellUserGroupProviderIT {
try {
// NB: this command is a bit perplexing: it works without prompt from the shell, but hangs
// here without the pipe from `yes`:
- shellRunner.runShell("yes | ssh-keygen -C '' -N '' -t rsa -f " + sshPrivKeyFile);
+ shellRunner.runShell("yes | ssh-keygen -C '' -N '' -t rsa -f " + sshPrivKeyFile, "Setup");
} catch (final IOException ioexc) {
systemCheckFailed = true;
logger.error("setupOnce() exception: " + ioexc + "; tests cannot run on this system.");
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/NssShellCommands.java b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/NssShellCommands.java
index eef58b0558..0d49a6e0a0 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/NssShellCommands.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/NssShellCommands.java
@@ -44,40 +44,6 @@ class NssShellCommands implements ShellCommandsProvider {
return String.format("getent group %s | cut -f 4 -d ':'", groupName);
}
- /**
- * Gets the command for reading a single user by id.
- *
- * When executed, this command should output a single line, in the format used by `getUsersList`.
- *
- * @param userId name of user.
- * @return Shell command string that will read a single user.
- */
- @Override
- public String getUserById(String userId) {
- return String.format("getent passwd %s | cut -f 1,3,4 -d ':'", userId);
- }
-
- /**
- * This method reuses `getUserById` because the getent command is the same for
- * both uid and username.
- *
- * @param userName name of user.
- * @return Shell command string that will read a single user.
- */
- public String getUserByName(String userName) {
- return getUserById(userName);
- }
-
- /**
- * This method supports gid or group name because getent does.
- *
- * @param groupId name of group.
- * @return Shell command string that will read a single group.
- */
- public String getGroupById(String groupId) {
- return String.format("getent group %s | cut -f 1,3,4 -d ':'", groupId);
- }
-
/**
* This gives exit code 0 on all tested distributions.
*
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/OsxShellCommands.java b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/OsxShellCommands.java
index 059166235a..e4949ac2e5 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/OsxShellCommands.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/OsxShellCommands.java
@@ -46,32 +46,6 @@ class OsxShellCommands implements ShellCommandsProvider {
return String.format("dscl . -read /Groups/%s GroupMembership | cut -f 2- -d ' ' | sed 's/\\ /,/g'", groupName);
}
- /**
- * @param userId name of user.
- * @return Shell command string that will read a single user.
- */
- @Override
- public String getUserById(String userId) {
- return String.format("id -P %s | cut -f 1,3,4 -d ':'", userId);
- }
-
- /**
- * @param userName name of user.
- * @return Shell command string that will read a single user.
- */
- public String getUserByName(String userName) {
- return getUserById(userName); // 'id' command works for both uid/username
- }
-
- /**
- * @param groupId name of group.
- * @return Shell command string that will read a single group.
- */
- public String getGroupById(String groupId) {
- return String.format(" dscl . -read /Groups/`dscl . -search /Groups gid %s | head -n 1 | cut -f 1` RecordName PrimaryGroupID | awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;} " +
- "/RecordName: / {name = $2;i = 1;}/PrimaryGroupID: / {gid = $2;}; {if (i==1) {print name,gid,\"\"}}'", groupId);
- }
-
/**
* @return Shell command string that will exit normally (0) on a suitable system.
*/
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/RemoteShellCommands.java b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/RemoteShellCommands.java
deleted file mode 100644
index f622409bc7..0000000000
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/RemoteShellCommands.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.registry.security.authorization.shell;
-
-class RemoteShellCommands implements ShellCommandsProvider {
- // Carefully crafted command replacement string:
- private final static String remoteCommand = "ssh " +
- "-o 'StrictHostKeyChecking no' " +
- "-o 'PasswordAuthentication no' " +
- "-o \"RemoteCommand %s\" " +
- "-i %s -p %s -l root %s";
-
- private ShellCommandsProvider innerProvider;
- private String privateKeyPath;
- private String remoteHost;
- private Integer remotePort;
-
- private RemoteShellCommands() {
- }
-
- public static ShellCommandsProvider wrapOtherProvider(ShellCommandsProvider otherProvider, String keyPath, String host, Integer port) {
- RemoteShellCommands remote = new RemoteShellCommands();
-
- remote.innerProvider = otherProvider;
- remote.privateKeyPath = keyPath;
- remote.remoteHost = host;
- remote.remotePort = port;
-
- return remote;
- }
-
- public String getUsersList() {
- return String.format(remoteCommand, innerProvider.getUsersList(), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getGroupsList() {
- return String.format(remoteCommand, innerProvider.getGroupsList(), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getGroupMembers(String groupName) {
- return String.format(remoteCommand, innerProvider.getGroupMembers(groupName), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getUserById(String userId) {
- return String.format(remoteCommand, innerProvider.getUserById(userId), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getUserByName(String userName) {
- return String.format(remoteCommand, innerProvider.getUserByName(userName), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getGroupById(String groupId) {
- return String.format(remoteCommand, innerProvider.getGroupById(groupId), privateKeyPath, remotePort, remoteHost);
- }
-
- public String getSystemCheck() {
- return String.format(remoteCommand, innerProvider.getSystemCheck(), privateKeyPath, remotePort, remoteHost);
- }
-}
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellCommandsProvider.java b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellCommandsProvider.java
index ce3e6a4d38..1038358637 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellCommandsProvider.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellCommandsProvider.java
@@ -55,39 +55,6 @@ interface ShellCommandsProvider {
*/
String getGroupMembers(String groupName);
- /**
- * Gets the command for reading a single user by id. Implementations may return null if reading a single
- * user by id is not supported.
- *
- * When executed, this command should output a single line, in the format used by `getUsersList`.
- *
- * @param userId name of user.
- * @return Shell command string that will read a single user.
- */
- String getUserById(String userId);
-
- /**
- * Gets the command for reading a single user. Implementations may return null if reading a single user by
- * username is not supported.
- *
- * When executed, this command should output a single line, in the format used by `getUsersList`.
- *
- * @param userName name of user.
- * @return Shell command string that will read a single user.
- */
- String getUserByName(String userName);
-
- /**
- * Gets the command for reading a single group. Implementations may return null if reading a single group
- * by name is not supported.
- *
- * When executed, this command should output a single line, in the format used by `getGroupsList`.
- *
- * @param groupId name of group.
- * @return Shell command string that will read a single group.
- */
- String getGroupById(String groupId);
-
/**
* Gets the command for checking the suitability of the host system.
*
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellRunner.java b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellRunner.java
index de38b631f6..fc470605cc 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellRunner.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellRunner.java
@@ -52,10 +52,6 @@ public class ShellRunner {
});
}
- public List<String> runShell(String command) throws IOException {
- return runShell(command, "<unknown>");
- }
-
public List<String> runShell(String command, String description) throws IOException {
final ProcessBuilder builder = new ProcessBuilder(SHELL, OPTS, command);
builder.redirectErrorStream(true);
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellUserGroupProvider.java b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellUserGroupProvider.java
index 4e201d2fe3..152693ee71 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellUserGroupProvider.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/shell/ShellUserGroupProvider.java
@@ -135,11 +135,6 @@ public class ShellUserGroupProvider implements UserGroupProvider {
user = usersByName.get(identity);
}
- if (user == null) {
- refreshOneUser(selectedShellCommands.getUserByName(identity), "Get Single User by Name");
- user = usersByName.get(identity);
- }
-
if (user == null) {
logger.debug("getUser (by name) user not found: " + identity);
} else {
@@ -177,11 +172,6 @@ public class ShellUserGroupProvider implements UserGroupProvider {
group = groupsById.get(identifier);
}
- if (group == null) {
- refreshOneGroup(selectedShellCommands.getGroupById(identifier), "Get Single Group by Id");
- group = groupsById.get(identifier);
- }
-
if (group == null) {
logger.debug("getGroup (by id) group not found: " + identifier);
} else {
@@ -265,7 +255,7 @@ public class ShellUserGroupProvider implements UserGroupProvider {
// Our next init step is to run the system check from that command set to determine if the other commands
// will work on this host or not.
try {
- shellRunner.runShell(commands.getSystemCheck());
+ shellRunner.runShell(commands.getSystemCheck(), "Supported System Check");
} catch (final Exception e) {
logger.error("initialize exception: " + e + " system check command: " + commands.getSystemCheck());
throw new SecurityProviderCreationException(SYS_CHECK_ERROR, e);
@@ -395,70 +385,6 @@ public class ShellUserGroupProvider implements UserGroupProvider {
selectedShellCommands = commandsProvider;
}
- /**
- * Refresh a single user.
- *
- * @param command Shell command to read a single user. Pre-formatted by caller.
- * @param description Shell command description.
- */
- private void refreshOneUser(String command, String description) {
- if (command != null) {
- Map<String, User> idToUser = new HashMap<>();
- Map<String, User> usernameToUser = new HashMap<>();
- Map<String, User> gidToUser = new HashMap<>();
- List<String> userLines;
-
- try {
- userLines = shellRunner.runShell(command, description);
- rebuildUsers(userLines, idToUser, usernameToUser, gidToUser);
- } catch (final IOException ioexc) {
- logger.error("refreshOneUser shell exception: " + ioexc);
- }
-
- if (idToUser.size() > 0) {
- synchronized (usersById) {
- usersById.putAll(idToUser);
- }
- }
-
- if (usernameToUser.size() > 0) {
- synchronized (usersByName) {
- usersByName.putAll(usernameToUser);
- }
- }
- } else {
- logger.info("Get Single User not supported on this system.");
- }
- }
-
- /**
- * Refresh a single group.
- *
- * @param command Shell command to read a single group. Pre-formatted by caller.
- * @param description Shell command description.
- */
- private void refreshOneGroup(String command, String description) {
- if (command != null) {
- Map<String, Group> gidToGroup = new HashMap<>();
- List<String> groupLines;
-
- try {
- groupLines = shellRunner.runShell(command, description);
- rebuildGroups(groupLines, gidToGroup);
- } catch (final IOException ioexc) {
- logger.error("refreshOneGroup shell exception: " + ioexc);
- }
-
- if (gidToGroup.size() > 0) {
- synchronized (groupsById) {
- groupsById.putAll(gidToGroup);
- }
- }
- } else {
- logger.info("Get Single Group not supported on this system.");
- }
- }
-
/**
* This is our entry point for user and group refresh. This method runs the top-level
* `getUserList()` and `getGroupsList()` shell commands, then passes those results to the
@@ -588,7 +514,7 @@ public class ShellUserGroupProvider implements UserGroupProvider {
try {
String groupMembersCommand = selectedShellCommands.getGroupMembers(groupName);
- List<String> memberLines = shellRunner.runShell(groupMembersCommand);
+ List<String> memberLines = shellRunner.runShell(groupMembersCommand, "Get Group Members");
// Use the first line only, and log if the line count isn't exactly one:
if (!memberLines.isEmpty()) {
String memberLine = memberLines.get(0);