You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/04/06 18:59:53 UTC
[GitHub] [nifi] mcgilman commented on a change in pull request #3891:
NIFI-6849: On startup,
NiFi should be more liberal about what it's willing to inherit from cluster
mcgilman commented on a change in pull request #3891: NIFI-6849: On startup, NiFi should be more liberal about what it's willing to inherit from cluster
URL: https://github.com/apache/nifi/pull/3891#discussion_r404300161
##########
File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
##########
@@ -380,24 +413,55 @@ public void setNiFiProperties(NiFiProperties properties) {
@Override
public synchronized void inheritFingerprint(String fingerprint) throws AuthorizationAccessException {
- parsePolicies(fingerprint).forEach(policy -> addAccessPolicy(policy));
+ final List<AccessPolicy> accessPolicies = parsePolicies(fingerprint);
+ inheritAccessPolicies(accessPolicies);
+ }
+
+ private synchronized void inheritAccessPolicies(final List<AccessPolicy> accessPolicies) {
+ addAccessPolicies(accessPolicies);
+ }
+
+ @Override
+ public synchronized void forciblyInheritFingerprint(final String fingerprint) throws AuthorizationAccessException {
+ final List<AccessPolicy> accessPolicies = parsePolicies(fingerprint);
+
+ if (isInheritable(accessPolicies)) {
+ logger.debug("Inheriting cluster's Access Policies");
+ inheritAccessPolicies(accessPolicies);
+ } else {
+ logger.info("Cannot directly inherit cluster's Access Policies. Will create backup of existing policies and replace with proposed policies");
+
+ try {
+ backupPolicies();
+ } catch (final JAXBException jaxb) {
+ throw new AuthorizationAccessException("Failed to backup existing policies so will not inherit any policies", jaxb);
+ }
+
+ purgePolicies(false);
+ addAccessPolicies(accessPolicies);
+ }
}
@Override
public void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException {
+ final List<AccessPolicy> accessPolicies;
try {
// ensure we can understand the proposed fingerprint
- parsePolicies(proposedFingerprint);
+ accessPolicies = parsePolicies(proposedFingerprint);
} catch (final AuthorizationAccessException e) {
throw new UninheritableAuthorizationsException("Unable to parse the proposed fingerprint: " + e);
}
// ensure we are in a proper state to inherit the fingerprint
- if (!getAccessPolicies().isEmpty()) {
+ if (!isInheritable(accessPolicies)) {
Review comment:
1) `accessPolicies` are not used in `isInheritable`.
2) Does it make sense to still have this check if we support force inheriting? Failing on parse makes sense but not sure about this one.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services