/**
   * Generates an audit record for the creation of a controller service.
   *
   * @param controllerService service
   * @param operation operation
   * @param actionDetails details
   * @return action
   */
  private Action generateAuditRecord(
      ControllerServiceNode controllerService, Operation operation, ActionDetails actionDetails) {
    FlowChangeAction action = null;

    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();

    // ensure the user was found
    if (user != null) {
      // create the controller service details
      FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
      serviceDetails.setType(
          controllerService.getControllerServiceImplementation().getClass().getSimpleName());

      // create the controller service action for adding this controller service
      action = new FlowChangeAction();
      action.setUserIdentity(user.getDn());
      action.setUserName(user.getUserName());
      action.setOperation(operation);
      action.setTimestamp(new Date());
      action.setSourceId(controllerService.getIdentifier());
      action.setSourceName(controllerService.getName());
      action.setSourceType(Component.ControllerService);
      action.setComponentDetails(serviceDetails);

      if (actionDetails != null) {
        action.setActionDetails(actionDetails);
      }
    }

    return action;
  }
Esempio n. 2
0
  @Override
  public void doFilter(
      final ServletRequest req, final ServletResponse resp, final FilterChain filterChain)
      throws IOException, ServletException {

    final HttpServletRequest request = (HttpServletRequest) req;

    // only log http requests has https requests are logged elsewhere
    if ("http".equalsIgnoreCase(request.getScheme())) {
      final NiFiUser user = NiFiUserUtils.getNiFiUser();

      // get the user details for the log message
      String identity = "<no user found>";
      if (user != null) {
        identity = user.getIdentity();
      }

      // log the request attempt - response details will be logged later
      logger.info(
          String.format(
              "Attempting request for (%s) %s %s (source ip: %s)",
              identity,
              request.getMethod(),
              request.getRequestURL().toString(),
              request.getRemoteAddr()));
    }

    // continue the filter chain
    filterChain.doFilter(req, resp);
  }
  /**
   * Gets the update actions for all specified referencing components.
   *
   * @param user user
   * @param actions actions
   * @param visitedServices services
   * @param referencingComponents components
   */
  private void getUpdateActionsForReferencingComponents(
      final NiFiUser user,
      final Collection<Action> actions,
      final Collection<String> visitedServices,
      final Set<ConfiguredComponent> referencingComponents) {
    // consider each component updates
    for (final ConfiguredComponent component : referencingComponents) {
      if (component instanceof ProcessorNode) {
        final ProcessorNode processor = ((ProcessorNode) component);

        // create the processor details
        FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails();
        processorDetails.setType(processor.getProcessor().getClass().getSimpleName());

        // create a processor action
        FlowChangeAction processorAction = new FlowChangeAction();
        processorAction.setUserIdentity(user.getDn());
        processorAction.setUserName(user.getUserName());
        processorAction.setTimestamp(new Date());
        processorAction.setSourceId(processor.getIdentifier());
        processorAction.setSourceName(processor.getName());
        processorAction.setSourceType(Component.Processor);
        processorAction.setComponentDetails(processorDetails);
        processorAction.setOperation(
            ScheduledState.RUNNING.equals(processor.getScheduledState())
                ? Operation.Start
                : Operation.Stop);
        actions.add(processorAction);
      } else if (component instanceof ReportingTask) {
        final ReportingTaskNode reportingTask = ((ReportingTaskNode) component);

        // create the reporting task details
        FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails();
        processorDetails.setType(reportingTask.getReportingTask().getClass().getSimpleName());

        // create a reporting task action
        FlowChangeAction reportingTaskAction = new FlowChangeAction();
        reportingTaskAction.setUserIdentity(user.getDn());
        reportingTaskAction.setUserName(user.getUserName());
        reportingTaskAction.setTimestamp(new Date());
        reportingTaskAction.setSourceId(reportingTask.getIdentifier());
        reportingTaskAction.setSourceName(reportingTask.getName());
        reportingTaskAction.setSourceType(Component.ReportingTask);
        reportingTaskAction.setComponentDetails(processorDetails);
        reportingTaskAction.setOperation(
            ScheduledState.RUNNING.equals(reportingTask.getScheduledState())
                ? Operation.Start
                : Operation.Stop);
        actions.add(reportingTaskAction);
      } else if (component instanceof ControllerServiceNode) {
        final ControllerServiceNode controllerService = ((ControllerServiceNode) component);

        // create the controller service details
        FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
        serviceDetails.setType(
            controllerService.getControllerServiceImplementation().getClass().getSimpleName());

        // create a controller service action
        FlowChangeAction serviceAction = new FlowChangeAction();
        serviceAction.setUserIdentity(user.getDn());
        serviceAction.setUserName(user.getUserName());
        serviceAction.setTimestamp(new Date());
        serviceAction.setSourceId(controllerService.getIdentifier());
        serviceAction.setSourceName(controllerService.getName());
        serviceAction.setSourceType(Component.ControllerService);
        serviceAction.setComponentDetails(serviceDetails);
        serviceAction.setOperation(
            isDisabled(controllerService) ? Operation.Disable : Operation.Enable);
        actions.add(serviceAction);

        // need to consider components referencing this controller service (transitive)
        if (!visitedServices.contains(controllerService.getIdentifier())) {
          getUpdateActionsForReferencingComponents(
              user,
              actions,
              visitedServices,
              controllerService.getReferences().getReferencingComponents());
        }
      }
    }
  }
  /**
   * Audits the configuration of a single controller service.
   *
   * @param proceedingJoinPoint join point
   * @param controllerServiceDTO dto
   * @param controllerServiceDAO dao
   * @return object
   * @throws Throwable ex
   */
  @Around(
      "within(org.apache.nifi.web.dao.ControllerServiceDAO+) && "
          + "execution(org.apache.nifi.controller.service.ControllerServiceNode updateControllerService(org.apache.nifi.web.api.dto.ControllerServiceDTO)) && "
          + "args(controllerServiceDTO) && "
          + "target(controllerServiceDAO)")
  public Object updateControllerServiceAdvice(
      ProceedingJoinPoint proceedingJoinPoint,
      ControllerServiceDTO controllerServiceDTO,
      ControllerServiceDAO controllerServiceDAO)
      throws Throwable {
    // determine the initial values for each property/setting thats changing
    ControllerServiceNode controllerService =
        controllerServiceDAO.getControllerService(controllerServiceDTO.getId());
    final Map<String, String> values =
        extractConfiguredPropertyValues(controllerService, controllerServiceDTO);
    final boolean isDisabled = isDisabled(controllerService);

    // update the controller service state
    final ControllerServiceNode updatedControllerService =
        (ControllerServiceNode) proceedingJoinPoint.proceed();

    // if no exceptions were thrown, add the controller service action...
    controllerService =
        controllerServiceDAO.getControllerService(updatedControllerService.getIdentifier());

    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();

    // ensure the user was found
    if (user != null) {
      // determine the updated values
      Map<String, String> updatedValues =
          extractConfiguredPropertyValues(controllerService, controllerServiceDTO);

      // create the controller service details
      FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
      serviceDetails.setType(
          controllerService.getControllerServiceImplementation().getClass().getSimpleName());

      // create a controller service action
      Date actionTimestamp = new Date();
      Collection<Action> actions = new ArrayList<>();

      // go through each updated value
      for (String property : updatedValues.keySet()) {
        String newValue = updatedValues.get(property);
        String oldValue = values.get(property);
        Operation operation = null;

        // determine the type of operation
        if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
          operation = Operation.Configure;
        }

        // create a configuration action accordingly
        if (operation != null) {
          // clear the value if this property is sensitive
          final PropertyDescriptor propertyDescriptor =
              controllerService
                  .getControllerServiceImplementation()
                  .getPropertyDescriptor(property);
          if (propertyDescriptor != null && propertyDescriptor.isSensitive()) {
            if (newValue != null) {
              newValue = "********";
            }
            if (oldValue != null) {
              oldValue = "********";
            }
          } else if (ANNOTATION_DATA.equals(property)) {
            if (newValue != null) {
              newValue = "<annotation data not shown>";
            }
            if (oldValue != null) {
              oldValue = "<annotation data not shown>";
            }
          }

          final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
          actionDetails.setName(property);
          actionDetails.setValue(newValue);
          actionDetails.setPreviousValue(oldValue);

          // create a configuration action
          FlowChangeAction configurationAction = new FlowChangeAction();
          configurationAction.setUserIdentity(user.getDn());
          configurationAction.setUserName(user.getUserName());
          configurationAction.setOperation(operation);
          configurationAction.setTimestamp(actionTimestamp);
          configurationAction.setSourceId(controllerService.getIdentifier());
          configurationAction.setSourceName(controllerService.getName());
          configurationAction.setSourceType(Component.ControllerService);
          configurationAction.setComponentDetails(serviceDetails);
          configurationAction.setActionDetails(actionDetails);
          actions.add(configurationAction);
        }
      }

      // determine the new executing state
      final boolean updateIsDisabled = isDisabled(updatedControllerService);

      // determine if the running state has changed and its not disabled
      if (isDisabled != updateIsDisabled) {
        // create a controller service action
        FlowChangeAction serviceAction = new FlowChangeAction();
        serviceAction.setUserIdentity(user.getDn());
        serviceAction.setUserName(user.getUserName());
        serviceAction.setTimestamp(new Date());
        serviceAction.setSourceId(controllerService.getIdentifier());
        serviceAction.setSourceName(controllerService.getName());
        serviceAction.setSourceType(Component.ControllerService);
        serviceAction.setComponentDetails(serviceDetails);

        // set the operation accordingly
        if (updateIsDisabled) {
          serviceAction.setOperation(Operation.Disable);
        } else {
          serviceAction.setOperation(Operation.Enable);
        }
        actions.add(serviceAction);
      }

      // ensure there are actions to record
      if (!actions.isEmpty()) {
        // save the actions
        saveActions(actions, logger);
      }
    }

    return updatedControllerService;
  }