You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by kd...@apache.org on 2018/10/03 15:12:37 UTC
nifi git commit: NIFI-5656 Handly empty "Node Group" property in
FileAccessPolicyProvider consistently, add some logs to help with debugging,
add test for the invalid group name and for the empty case.
Repository: nifi
Updated Branches:
refs/heads/master b4c8e0179 -> de685a7a7
NIFI-5656 Handly empty "Node Group" property in FileAccessPolicyProvider consistently, add some logs to help with debugging, add test for the invalid group name and for the empty case.
This closes #3043.
Signed-off-by: Kevin Doran <kd...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/de685a7a
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/de685a7a
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/de685a7a
Branch: refs/heads/master
Commit: de685a7a741888c6ffd6468d89b536276975934c
Parents: b4c8e01
Author: pepov <pe...@gmail.com>
Authored: Tue Oct 2 15:21:36 2018 +0200
Committer: Kevin Doran <kd...@apache.org>
Committed: Wed Oct 3 11:12:19 2018 -0400
----------------------------------------------------------------------
.../authorization/FileAccessPolicyProvider.java | 21 +++++++----
.../FileAccessPolicyProviderTest.java | 39 +++++++++++++++++++-
.../src/main/resources/conf/authorizers.xml | 2 +
3 files changed, 53 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/de685a7a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
index b1a6f91..3174e34 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
@@ -232,16 +232,21 @@ public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvide
nodeGroupIdentifier = null;
if (nodeGroupName != null) {
- for (Group group : userGroupProvider.getGroups()) {
- if (group.getName().equals(nodeGroupName)) {
- nodeGroupIdentifier = group.getIdentifier();
- break;
+ if (!StringUtils.isBlank(nodeGroupName)) {
+ logger.debug("Trying to load node group '{}' from the underlying userGroupProvider", nodeGroupName);
+ for (Group group : userGroupProvider.getGroups()) {
+ if (group.getName().equals(nodeGroupName)) {
+ nodeGroupIdentifier = group.getIdentifier();
+ break;
+ }
}
- }
- if (nodeGroupIdentifier == null) {
- throw new AuthorizerCreationException(String.format(
+ if (nodeGroupIdentifier == null) {
+ throw new AuthorizerCreationException(String.format(
"Authorizations node group '%s' could not be found", nodeGroupName));
+ }
+ } else {
+ logger.debug("Empty node group name provided");
}
}
@@ -633,6 +638,7 @@ public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvide
if (node == null) {
throw new AuthorizerCreationException("Unable to locate node " + nodeIdentity + " to seed policies.");
}
+ logger.debug("Populating default authorizations for node '{}' ({})", node.getIdentity(), node.getIdentifier());
// grant access to the proxy resource
addUserToAccessPolicy(authorizations, ResourceType.Proxy.getValue(), node.getIdentifier(), WRITE_CODE);
@@ -645,6 +651,7 @@ public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvide
// authorize dynamic nodes (node group)
if (nodeGroupIdentifier != null) {
+ logger.debug("Populating default authorizations for group '{}' ({})", userGroupProvider.getGroup(nodeGroupIdentifier).getName(), nodeGroupIdentifier);
addGroupToAccessPolicy(authorizations, ResourceType.Proxy.getValue(), nodeGroupIdentifier, WRITE_CODE);
if (rootGroupId != null) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/de685a7a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAccessPolicyProviderTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAccessPolicyProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAccessPolicyProviderTest.java
index d02ada7..f13f7f1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAccessPolicyProviderTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAccessPolicyProviderTest.java
@@ -767,8 +767,8 @@ public class FileAccessPolicyProviderTest {
userGroupProvider.onConfigured(configurationContext);
accessPolicyProvider.onConfigured(configurationContext);
- User nodeUser1 = userGroupProvider.getUserByIdentity(nodeIdentity1);
- User nodeUser2 = userGroupProvider.getUserByIdentity(nodeIdentity2);
+ assertNotNull(userGroupProvider.getUserByIdentity(nodeIdentity1));
+ assertNotNull(userGroupProvider.getUserByIdentity(nodeIdentity2));
AccessPolicy proxyWritePolicy = accessPolicyProvider.getAccessPolicy(ResourceType.Proxy.getValue(), RequestAction.WRITE);
@@ -777,6 +777,41 @@ public class FileAccessPolicyProviderTest {
}
@Test
+ public void testOnConfiguredWhenNodeGroupEmpty() throws Exception {
+ final String adminIdentity = "admin-user";
+ final String nodeGroupIdentifier = "cluster-nodes";
+
+ when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY)))
+ .thenReturn(new StandardPropertyValue(adminIdentity, null));
+ when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_NODE_GROUP_NAME)))
+ .thenReturn(new StandardPropertyValue("", null));
+
+ writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
+ writeFile(primaryTenants, TENANTS_FOR_ADMIN_AND_NODE_GROUP);
+
+ userGroupProvider.onConfigured(configurationContext);
+ accessPolicyProvider.onConfigured(configurationContext);
+
+ assertNull(accessPolicyProvider.getAccessPolicy(ResourceType.Proxy.getValue(), RequestAction.WRITE));
+ }
+
+ @Test(expected = AuthorizerCreationException.class)
+ public void testOnConfiguredWhenNodeGroupDoesNotExist() throws Exception {
+ final String adminIdentity = "admin-user";
+
+ when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY)))
+ .thenReturn(new StandardPropertyValue(adminIdentity, null));
+ when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_NODE_GROUP_NAME)))
+ .thenReturn(new StandardPropertyValue("nonexistent", null));
+
+ writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
+ writeFile(primaryTenants, TENANTS_FOR_ADMIN_AND_NODE_GROUP);
+
+ userGroupProvider.onConfigured(configurationContext);
+ accessPolicyProvider.onConfigured(configurationContext);
+ }
+
+ @Test
public void testOnConfiguredWhenTenantsAndAuthorizationsFileDoesNotExist() {
userGroupProvider.onConfigured(configurationContext);
accessPolicyProvider.onConfigured(configurationContext);
http://git-wip-us.apache.org/repos/asf/nifi/blob/de685a7a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
index b57239a..d6d3c45 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
@@ -241,6 +241,8 @@
- Node Group - The name of a group containing NiFi cluster nodes. The typical use for this is when nodes are dynamically
added/removed from the cluster.
+
+ NOTE: The group must exist before starting NiFi.
-->
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>