/**
* Generates an audit record for the creation of a controller service.
*
* @param controllerService service
* @param operation operation
* @param actionDetails details
* @return action
*/
private Action generateAuditRecord(
ControllerServiceNode controllerService, Operation operation, ActionDetails actionDetails) {
FlowChangeAction action = null;
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// create the controller service details
FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
serviceDetails.setType(
controllerService.getControllerServiceImplementation().getClass().getSimpleName());
// create the controller service action for adding this controller service
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());
action.setSourceId(controllerService.getIdentifier());
action.setSourceName(controllerService.getName());
action.setSourceType(Component.ControllerService);
action.setComponentDetails(serviceDetails);
if (actionDetails != null) {
action.setActionDetails(actionDetails);
}
}
return action;
}
@Override
public void doFilter(
final ServletRequest req, final ServletResponse resp, final FilterChain filterChain)
throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) req;
// only log http requests has https requests are logged elsewhere
if ("http".equalsIgnoreCase(request.getScheme())) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// get the user details for the log message
String identity = "<no user found>";
if (user != null) {
identity = user.getIdentity();
}
// log the request attempt - response details will be logged later
logger.info(
String.format(
"Attempting request for (%s) %s %s (source ip: %s)",
identity,
request.getMethod(),
request.getRequestURL().toString(),
request.getRemoteAddr()));
}
// continue the filter chain
filterChain.doFilter(req, resp);
}
/**
* Gets the update actions for all specified referencing components.
*
* @param user user
* @param actions actions
* @param visitedServices services
* @param referencingComponents components
*/
private void getUpdateActionsForReferencingComponents(
final NiFiUser user,
final Collection<Action> actions,
final Collection<String> visitedServices,
final Set<ConfiguredComponent> referencingComponents) {
// consider each component updates
for (final ConfiguredComponent component : referencingComponents) {
if (component instanceof ProcessorNode) {
final ProcessorNode processor = ((ProcessorNode) component);
// create the processor details
FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails();
processorDetails.setType(processor.getProcessor().getClass().getSimpleName());
// create a processor action
FlowChangeAction processorAction = new FlowChangeAction();
processorAction.setUserIdentity(user.getDn());
processorAction.setUserName(user.getUserName());
processorAction.setTimestamp(new Date());
processorAction.setSourceId(processor.getIdentifier());
processorAction.setSourceName(processor.getName());
processorAction.setSourceType(Component.Processor);
processorAction.setComponentDetails(processorDetails);
processorAction.setOperation(
ScheduledState.RUNNING.equals(processor.getScheduledState())
? Operation.Start
: Operation.Stop);
actions.add(processorAction);
} else if (component instanceof ReportingTask) {
final ReportingTaskNode reportingTask = ((ReportingTaskNode) component);
// create the reporting task details
FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails();
processorDetails.setType(reportingTask.getReportingTask().getClass().getSimpleName());
// create a reporting task action
FlowChangeAction reportingTaskAction = new FlowChangeAction();
reportingTaskAction.setUserIdentity(user.getDn());
reportingTaskAction.setUserName(user.getUserName());
reportingTaskAction.setTimestamp(new Date());
reportingTaskAction.setSourceId(reportingTask.getIdentifier());
reportingTaskAction.setSourceName(reportingTask.getName());
reportingTaskAction.setSourceType(Component.ReportingTask);
reportingTaskAction.setComponentDetails(processorDetails);
reportingTaskAction.setOperation(
ScheduledState.RUNNING.equals(reportingTask.getScheduledState())
? Operation.Start
: Operation.Stop);
actions.add(reportingTaskAction);
} else if (component instanceof ControllerServiceNode) {
final ControllerServiceNode controllerService = ((ControllerServiceNode) component);
// create the controller service details
FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
serviceDetails.setType(
controllerService.getControllerServiceImplementation().getClass().getSimpleName());
// create a controller service action
FlowChangeAction serviceAction = new FlowChangeAction();
serviceAction.setUserIdentity(user.getDn());
serviceAction.setUserName(user.getUserName());
serviceAction.setTimestamp(new Date());
serviceAction.setSourceId(controllerService.getIdentifier());
serviceAction.setSourceName(controllerService.getName());
serviceAction.setSourceType(Component.ControllerService);
serviceAction.setComponentDetails(serviceDetails);
serviceAction.setOperation(
isDisabled(controllerService) ? Operation.Disable : Operation.Enable);
actions.add(serviceAction);
// need to consider components referencing this controller service (transitive)
if (!visitedServices.contains(controllerService.getIdentifier())) {
getUpdateActionsForReferencingComponents(
user,
actions,
visitedServices,
controllerService.getReferences().getReferencingComponents());
}
}
}
}
/**
* Audits the configuration of a single controller service.
*
* @param proceedingJoinPoint join point
* @param controllerServiceDTO dto
* @param controllerServiceDAO dao
* @return object
* @throws Throwable ex
*/
@Around(
"within(org.apache.nifi.web.dao.ControllerServiceDAO+) && "
+ "execution(org.apache.nifi.controller.service.ControllerServiceNode updateControllerService(org.apache.nifi.web.api.dto.ControllerServiceDTO)) && "
+ "args(controllerServiceDTO) && "
+ "target(controllerServiceDAO)")
public Object updateControllerServiceAdvice(
ProceedingJoinPoint proceedingJoinPoint,
ControllerServiceDTO controllerServiceDTO,
ControllerServiceDAO controllerServiceDAO)
throws Throwable {
// determine the initial values for each property/setting thats changing
ControllerServiceNode controllerService =
controllerServiceDAO.getControllerService(controllerServiceDTO.getId());
final Map<String, String> values =
extractConfiguredPropertyValues(controllerService, controllerServiceDTO);
final boolean isDisabled = isDisabled(controllerService);
// update the controller service state
final ControllerServiceNode updatedControllerService =
(ControllerServiceNode) proceedingJoinPoint.proceed();
// if no exceptions were thrown, add the controller service action...
controllerService =
controllerServiceDAO.getControllerService(updatedControllerService.getIdentifier());
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// determine the updated values
Map<String, String> updatedValues =
extractConfiguredPropertyValues(controllerService, controllerServiceDTO);
// create the controller service details
FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
serviceDetails.setType(
controllerService.getControllerServiceImplementation().getClass().getSimpleName());
// create a controller service action
Date actionTimestamp = new Date();
Collection<Action> actions = new ArrayList<>();
// go through each updated value
for (String property : updatedValues.keySet()) {
String newValue = updatedValues.get(property);
String oldValue = values.get(property);
Operation operation = null;
// determine the type of operation
if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
operation = Operation.Configure;
}
// create a configuration action accordingly
if (operation != null) {
// clear the value if this property is sensitive
final PropertyDescriptor propertyDescriptor =
controllerService
.getControllerServiceImplementation()
.getPropertyDescriptor(property);
if (propertyDescriptor != null && propertyDescriptor.isSensitive()) {
if (newValue != null) {
newValue = "********";
}
if (oldValue != null) {
oldValue = "********";
}
} else if (ANNOTATION_DATA.equals(property)) {
if (newValue != null) {
newValue = "<annotation data not shown>";
}
if (oldValue != null) {
oldValue = "<annotation data not shown>";
}
}
final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
actionDetails.setName(property);
actionDetails.setValue(newValue);
actionDetails.setPreviousValue(oldValue);
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getDn());
configurationAction.setUserName(user.getUserName());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
configurationAction.setSourceId(controllerService.getIdentifier());
configurationAction.setSourceName(controllerService.getName());
configurationAction.setSourceType(Component.ControllerService);
configurationAction.setComponentDetails(serviceDetails);
configurationAction.setActionDetails(actionDetails);
actions.add(configurationAction);
}
}
// determine the new executing state
final boolean updateIsDisabled = isDisabled(updatedControllerService);
// determine if the running state has changed and its not disabled
if (isDisabled != updateIsDisabled) {
// create a controller service action
FlowChangeAction serviceAction = new FlowChangeAction();
serviceAction.setUserIdentity(user.getDn());
serviceAction.setUserName(user.getUserName());
serviceAction.setTimestamp(new Date());
serviceAction.setSourceId(controllerService.getIdentifier());
serviceAction.setSourceName(controllerService.getName());
serviceAction.setSourceType(Component.ControllerService);
serviceAction.setComponentDetails(serviceDetails);
// set the operation accordingly
if (updateIsDisabled) {
serviceAction.setOperation(Operation.Disable);
} else {
serviceAction.setOperation(Operation.Enable);
}
actions.add(serviceAction);
}
// ensure there are actions to record
if (!actions.isEmpty()) {
// save the actions
saveActions(actions, logger);
}
}
return updatedControllerService;
}