You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by mcgilman <gi...@git.apache.org> on 2016/04/01 19:30:26 UTC
[GitHub] nifi pull request: NIFI-1552: Define Authorizer API
GitHub user mcgilman opened a pull request:
https://github.com/apache/nifi/pull/318
NIFI-1552: Define Authorizer API
- Introducing the Authorizer API and additional components necessary for discovery and creation of configured instances.
- Minor refactoring of existing Authority Provider API code/configuration to avoid some xsd naming conflicts. These components will be removed in NIFI-1551.
- Introducing a number of the resource definitions that the Authorizer will make access decisions on. This list is likely not finalized may see some changes in NIFI-1554.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mcgilman/nifi NIFI-1552
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/318.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #318
----
commit 16f31853eb8a6d0ca41e3737a95ed352f06d17d8
Author: Matt Gilman <ma...@gmail.com>
Date: 2016-04-01T17:28:41Z
NIFI-1552:
- Introducing the Authorizer API and additional components necessary for discovery and creation of configured instances.
- Minor refactoring of existing Authority Provider API code/configuration to avoid some xsd naming conflicts. These components will be removed in NIFI-1551.
- Introducing a number of the resource definitions that the Authorizer will make access decisions on. This list is likely not finalized may see some changes in NIFI-1554.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi pull request: NIFI-1552: Define Authorizer API
Posted by markap14 <gi...@git.apache.org>.
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/318#discussion_r58252888
--- Diff: nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java ---
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Represents an authorization request for a given user/entity performing an action against a resource within some context.
+ */
+public class AuthorizationRequest {
+
+ private final Resource resource;
+ private final String identity;
+ private final RequestAction action;
+ private final Map<String, String> context;
+ private final Map<String, String> eventAttributes;
+
+ public AuthorizationRequest(final Builder builder) {
+ Objects.requireNonNull(builder.resource, "The resource is required when creating an authorization request");
+ Objects.requireNonNull(builder.identity, "The identity of the user is required when creating an authorization request");
+ Objects.requireNonNull(builder.action, "The action is required when creating an authorization request");
+
+ this.resource = builder.resource;
+ this.identity = builder.identity;
+ this.action = builder.action;
+ this.context = builder.context;
--- End diff --
These maps should probably be wrapped in Unmodifiable Maps, since they will be returned below in the getters
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi pull request: NIFI-1552: Define Authorizer API
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/nifi/pull/318
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi pull request: NIFI-1552: Define Authorizer API
Posted by markap14 <gi...@git.apache.org>.
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/318#discussion_r58251303
--- Diff: nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java ---
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Represents an authorization request for a given user/entity performing an action against a resource within some context.
+ */
+public class AuthorizationRequest {
+
+ private final Resource resource;
+ private final String identity;
+ private final RequestAction action;
+ private final Map<String, String> context;
+ private final Map<String, String> eventAttributes;
+
+ public AuthorizationRequest(final Builder builder) {
--- End diff --
This should probably be private?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi pull request: NIFI-1552: Define Authorizer API
Posted by markap14 <gi...@git.apache.org>.
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/318#discussion_r58253202
--- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorizerConfigurationContext.java ---
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import java.util.Collections;
+import java.util.Map;
+
+/**
+ *
+ */
+public class StandardAuthorizerConfigurationContext implements AuthorizerConfigurationContext {
+
+ private final String identifier;
+ private final Map<String, String> properties;
+
+ public StandardAuthorizerConfigurationContext(String identifier, Map<String, String> properties) {
+ this.identifier = identifier;
+ this.properties = properties;
--- End diff --
This should probably be a copy of the map stored here, no? May also make sense to do something like:
this.properties = Collections.unmodifiableMap(new HashMap<>(properties));
This way, we don't have to create a new Map object each time that getProperties() is called.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi pull request: NIFI-1552: Define Authorizer API
Posted by markap14 <gi...@git.apache.org>.
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/318#discussion_r58252574
--- Diff: nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java ---
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Represents an authorization request for a given user/entity performing an action against a resource within some context.
+ */
+public class AuthorizationRequest {
+
+ private final Resource resource;
+ private final String identity;
+ private final RequestAction action;
+ private final Map<String, String> context;
+ private final Map<String, String> eventAttributes;
+
+ public AuthorizationRequest(final Builder builder) {
+ Objects.requireNonNull(builder.resource, "The resource is required when creating an authorization request");
+ Objects.requireNonNull(builder.identity, "The identity of the user is required when creating an authorization request");
+ Objects.requireNonNull(builder.action, "The action is required when creating an authorization request");
+
+ this.resource = builder.resource;
+ this.identity = builder.identity;
+ this.action = builder.action;
+ this.context = builder.context;
+ this.eventAttributes = builder.eventAttributes;
+ }
+
+ /**
+ * The Resource being authorized. Not null.
+ *
+ * @return The resource
+ */
+ public Resource getResource() {
+ return resource;
+ }
+
+ /**
+ * The identity accessing the Resource. Not null.
+ *
+ * @return The identity
+ */
+ public String getIdentity() {
+ return identity;
+ }
+
+ /**
+ * The action being taken against the Resource. Not null.
+ *
+ * @return The action
+ */
+ public RequestAction getAction() {
+ return action;
+ }
+
+ /**
+ * The context of the user request to make additional access decisions. May be null.
+ *
+ * @return The context of the user request
+ */
+ public Map<String, String> getContext() {
+ return context;
+ }
+
+ /**
+ * The event attributes to make additional access decisions for provenance events. May be null.
+ *
+ * @return The event attributes
+ */
+ public Map<String, String> getEventAttributes() {
+ return eventAttributes;
+ }
+
+ /**
+ * AuthorizationRequest builder.
+ */
+ public static final class Builder {
+
+ private Resource resource;
+ private String identity;
+ private RequestAction action;
+ private Map<String, String> context;
+ private Map<String, String> eventAttributes;
+
+ public Builder resource(final Resource resource) {
+ this.resource = resource;
+ return this;
+ }
+
+ public Builder identity(final String identity) {
+ this.identity = identity;
+ return this;
+ }
+
+ public Builder action(final RequestAction action) {
+ this.action = action;
+ return this;
+ }
+
+ public Builder context(final Map<String, String> context) {
+ this.context = context;
--- End diff --
Should we be making copies of these Maps, rather than using the provided map as passed in?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---