@Test
public void testTerminateQueueCannotDeleteDirectory() throws IOException {
String queueName = "queueCannotDelete";
File queueDir = new File("target", queueName);
ReportExporter exporter = mock(ReportExporter.class);
BatchProcessorConfig config = mock(BatchProcessorConfig.class);
when(config.getDataDirectory()).thenReturn("target");
when(config.getQueueSize()).thenReturn(5);
FileUtil.deleteDirectory(queueDir);
queueFactory = new QueueFactory(config, exporter);
Set<PosixFilePermission> permissions = new HashSet<>();
permissions.add(PosixFilePermission.OWNER_READ);
queueFactory.create(queueName);
assertTrue(queueDir.exists());
Files.setPosixFilePermissions(queueDir.toPath(), permissions);
try {
queueFactory.terminate(queueName);
fail("Expected IllegalStateException");
} catch (IllegalStateException e) {
assertTrue(true);
}
permissions = new HashSet<>();
permissions.add(PosixFilePermission.OWNER_WRITE);
permissions.add(PosixFilePermission.OWNER_READ);
permissions.add(PosixFilePermission.OWNER_EXECUTE);
Files.setPosixFilePermissions(queueDir.toPath(), permissions);
FileUtil.deleteDirectory(queueDir);
}
private synchronized void saveProperties(final Properties nifiProps, final Logger logger)
throws IOException {
final File statusFile = getStatusFile(logger);
if (statusFile.exists() && !statusFile.delete()) {
logger.warn("Failed to delete {}", statusFile);
}
if (!statusFile.createNewFile()) {
throw new IOException("Failed to create file " + statusFile);
}
try {
final Set<PosixFilePermission> perms = new HashSet<>();
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
Files.setPosixFilePermissions(statusFile.toPath(), perms);
} catch (final Exception e) {
logger.warn(
"Failed to set permissions so that only the owner can read status file {}; "
+ "this may allows others to have access to the key needed to communicate with NiFi. "
+ "Permissions should be changed so that only the owner can read this file",
statusFile);
}
try (final FileOutputStream fos = new FileOutputStream(statusFile)) {
nifiProps.store(fos, null);
fos.getFD().sync();
}
logger.debug("Saved Properties {} to {}", new Object[] {nifiProps, statusFile});
}
@Override
public void setBlobAccess(String container, String name, BlobAccess access) {
Path path = new File(buildPathStartingFromBaseDir(container, name)).toPath();
if (isWindows()) {
try {
if (access == BlobAccess.PRIVATE) {
setPrivate(path);
} else {
setPublic(path);
}
} catch (IOException e) {
throw new RuntimeException(e);
}
} else {
Set<PosixFilePermission> permissions;
try {
permissions = getPosixFilePermissions(path);
if (access == BlobAccess.PRIVATE) {
permissions.remove(PosixFilePermission.OTHERS_READ);
} else if (access == BlobAccess.PUBLIC_READ) {
permissions.add(PosixFilePermission.OTHERS_READ);
}
setPosixFilePermissions(path, permissions);
} catch (IOException ioe) {
throw Throwables.propagate(ioe);
}
}
}
private void disableLogFileAccess() throws IOException {
logFile.createNewFile();
logFile.deleteOnExit();
Path path = Paths.get(logFile.toURI());
Set<PosixFilePermission> permissions = Collections.emptySet();
try {
Files.setPosixFilePermissions(path, permissions);
} catch (UnsupportedOperationException e) {
path.toFile().setReadOnly();
}
}
private void createTmpFile(Path filePath, String content, String exceptionPrefix) {
try (BufferedWriter out = Files.newBufferedWriter(filePath, Charset.defaultCharset())) {
Set<PosixFilePermission> permissions = new HashSet<>();
permissions.add(PosixFilePermission.OWNER_READ);
permissions.add(PosixFilePermission.OWNER_WRITE);
Files.setPosixFilePermissions(filePath, permissions);
out.write(content);
} catch (Exception e) {
throw SyssvcException.syssvcExceptions.localRepoError(exceptionPrefix + e);
}
}
// "randomize" the file attributes of the given file.
static void randomizeAttributes(Path file) throws IOException {
String os = System.getProperty("os.name");
boolean isWindows = os.startsWith("Windows");
boolean isUnix = os.equals("SunOS") || os.equals("Linux");
boolean isDirectory = isDirectory(file, NOFOLLOW_LINKS);
if (isUnix) {
Set<PosixFilePermission> perms = getPosixFilePermissions(file, NOFOLLOW_LINKS);
PosixFilePermission[] toChange = {
PosixFilePermission.GROUP_READ,
PosixFilePermission.GROUP_WRITE,
PosixFilePermission.GROUP_EXECUTE,
PosixFilePermission.OTHERS_READ,
PosixFilePermission.OTHERS_WRITE,
PosixFilePermission.OTHERS_EXECUTE
};
for (PosixFilePermission perm : toChange) {
if (heads()) {
perms.add(perm);
} else {
perms.remove(perm);
}
}
setPosixFilePermissions(file, perms);
}
if (isWindows) {
DosFileAttributeView view =
getFileAttributeView(file, DosFileAttributeView.class, NOFOLLOW_LINKS);
// only set or unset the hidden attribute
view.setHidden(heads());
}
boolean addUserDefinedFileAttributes =
heads() && getFileStore(file).supportsFileAttributeView("xattr");
// remove this when copying a direcory copies its named streams
if (isWindows && isDirectory) addUserDefinedFileAttributes = false;
if (addUserDefinedFileAttributes) {
UserDefinedFileAttributeView view =
getFileAttributeView(file, UserDefinedFileAttributeView.class);
int n = rand.nextInt(16);
while (n > 0) {
byte[] value = new byte[1 + rand.nextInt(100)];
view.write("user." + Integer.toString(n), ByteBuffer.wrap(value));
n--;
}
}
}
/**
* Makes home folder and the configuration file readable and writable only to the owner.
*
* @param cs the <tt>ConfigurationService</tt> instance to check for home folder and configuration
* file.
*/
private static void fixPermissions(ConfigurationService cs) {
if (!OSUtils.IS_LINUX && !OSUtils.IS_MAC) return;
try {
// let's check config file and config folder
File homeFolder = new File(cs.getScHomeDirLocation(), cs.getScHomeDirName());
Set<PosixFilePermission> perms =
new HashSet<PosixFilePermission>() {
{
add(PosixFilePermission.OWNER_READ);
add(PosixFilePermission.OWNER_WRITE);
add(PosixFilePermission.OWNER_EXECUTE);
}
};
Files.setPosixFilePermissions(Paths.get(homeFolder.getAbsolutePath()), perms);
String fileName = cs.getConfigurationFilename();
if (fileName != null) {
File cf = new File(homeFolder, fileName);
if (cf.exists()) {
perms =
new HashSet<PosixFilePermission>() {
{
add(PosixFilePermission.OWNER_READ);
add(PosixFilePermission.OWNER_WRITE);
}
};
Files.setPosixFilePermissions(Paths.get(cf.getAbsolutePath()), perms);
}
}
} catch (Throwable t) {
logger.error("Error creating c lib instance for fixing file permissions", t);
if (t instanceof InterruptedException) Thread.currentThread().interrupt();
else if (t instanceof ThreadDeath) throw (ThreadDeath) t;
}
}
public void write(String dir, InputStream inputStream, String fileName) {
try {
File file = new File(dir + "/" + fileName);
file.deleteOnExit();
FileOutputStream outputStream = new FileOutputStream(file);
copy(inputStream, outputStream);
closeQuietly(inputStream);
closeQuietly(outputStream);
Set<PosixFilePermission> perms = new HashSet<>();
perms.add(OWNER_READ);
perms.add(OWNER_WRITE);
perms.add(OWNER_EXECUTE);
setPosixFilePermissions(file.toPath(), perms);
} catch (IOException e) {
// TODO:: throw an appropriate exception
}
}
@Override
public OutputStream receiveUpload(String fileName, String mimeType) {
FileOutputStream outStream = null;
try {
File file = keyService.addFile(username, keyNameField.getValue(), fileName);
outStream = new FileOutputStream(file);
/** SSH requires that key files only have read-write permissions for OWNER */
Set<PosixFilePermission> permissions = new HashSet<PosixFilePermission>();
permissions.add(PosixFilePermission.OWNER_READ);
permissions.add(PosixFilePermission.OWNER_WRITE);
Files.setPosixFilePermissions(file.toPath(), permissions);
} catch (IOException e) {
LOG.error("Error while setting key file permissions.", e);
}
return outStream;
}
public int execute(String[] args, @Nullable Path workingDir) throws IOException {
if (!Files.isExecutable(file)) {
Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_EXECUTE);
Files.setPosixFilePermissions(file, perms);
}
ExecuteWatchdog watchdog = new ExecuteWatchdog(TIMEOUT);
CommandLine cmd = new CommandLine(file.toFile());
cmd.addArguments(args);
DefaultExecutor exec = new DefaultExecutor();
exec.setWatchdog(watchdog);
exec.setStreamHandler(createStreamHandler());
exec.setExitValues(null);
if (workingDir != null) {
exec.setWorkingDirectory(workingDir.toFile());
}
in.close();
LOG.info("Executing: {}", cmd.toString());
return exec.execute(cmd);
}
/*
* Make file non-readable by modifying its permissions.
* If file supports "posix" attributes, then modify it.
* Otherwise check for "acl" attributes.
*/
private static void makeFileNonReadable(String file) throws IOException {
Path filePath = Paths.get(file);
Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews();
if (supportedAttr.contains("posix")) {
Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----"));
} else if (supportedAttr.contains("acl")) {
UserPrincipal fileOwner = Files.getOwner(filePath);
AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class);
AclEntry entry =
AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(fileOwner)
.setPermissions(AclEntryPermission.READ_DATA)
.build();
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
}
}
public void setAttrs(FileAttrs attrs) throws IOException {
UserPrincipal posixOwner;
GroupPrincipal posixGroup;
Set<PosixFilePermission> posixPerms;
UserPrincipalLookupService lookup;
if (System.getProperty("os.name").startsWith("Windows")) {
Files.setAttribute(this.path.toPath(), "dos:archive", attrs.getDosArchive());
Files.setAttribute(this.path.toPath(), "dos:hidden", attrs.getDosHidden());
Files.setAttribute(this.path.toPath(), "dos:readonly", attrs.getDosReadonly());
Files.setAttribute(this.path.toPath(), "dos:system", attrs.getDosSystem());
} else {
lookup = this.path.toPath().getFileSystem().getUserPrincipalLookupService();
posixOwner = lookup.lookupPrincipalByName(attrs.getPosixOwner());
posixGroup = lookup.lookupPrincipalByGroupName(attrs.getPosixGroup());
posixPerms = PosixFilePermissions.fromString(attrs.getPosixPermission());
Files.setOwner(this.path.toPath(), posixOwner);
Files.getFileAttributeView(this.path.toPath(), PosixFileAttributeView.class)
.setGroup(posixGroup);
Files.setPosixFilePermissions(this.path.toPath(), posixPerms);
}
}
protected void doExecute() throws Exception {
startupRepositories = nonNullList(startupRepositories);
bootRepositories = nonNullList(bootRepositories);
installedRepositories = nonNullList(installedRepositories);
startupBundles = nonNullList(startupBundles);
bootBundles = nonNullList(bootBundles);
installedBundles = nonNullList(installedBundles);
blacklistedBundles = nonNullList(blacklistedBundles);
startupFeatures = nonNullList(startupFeatures);
bootFeatures = nonNullList(bootFeatures);
installedFeatures = nonNullList(installedFeatures);
blacklistedFeatures = nonNullList(blacklistedFeatures);
startupProfiles = nonNullList(startupProfiles);
bootProfiles = nonNullList(bootProfiles);
installedProfiles = nonNullList(installedProfiles);
blacklistedProfiles = nonNullList(blacklistedProfiles);
if (!startupProfiles.isEmpty() || !bootProfiles.isEmpty() || !installedProfiles.isEmpty()) {
if (profilesUri == null) {
throw new IllegalArgumentException("profilesDirectory must be specified");
}
}
if (featureRepositories != null && !featureRepositories.isEmpty()) {
getLog()
.warn(
"Use of featureRepositories is deprecated, use startupRepositories, bootRepositories or installedRepositories instead");
startupRepositories.addAll(featureRepositories);
bootRepositories.addAll(featureRepositories);
installedRepositories.addAll(featureRepositories);
}
StringBuilder remote = new StringBuilder();
for (Object obj : project.getRemoteProjectRepositories()) {
if (remote.length() > 0) {
remote.append(",");
}
remote.append(invoke(obj, "getUrl"));
remote.append("@id=").append(invoke(obj, "getId"));
if (!((Boolean) invoke(getPolicy(obj, false), "isEnabled"))) {
remote.append("@noreleases");
}
if ((Boolean) invoke(getPolicy(obj, true), "isEnabled")) {
remote.append("@snapshots");
}
}
getLog().info("Using repositories: " + remote.toString());
Builder builder = Builder.newInstance();
builder.offline(mavenSession.isOffline());
builder.localRepository(localRepo.getBasedir());
builder.mavenRepositories(remote.toString());
builder.javase(javase);
// Set up blacklisted items
builder.blacklistBundles(blacklistedBundles);
builder.blacklistFeatures(blacklistedFeatures);
builder.blacklistProfiles(blacklistedProfiles);
builder.blacklistPolicy(blacklistPolicy);
if (propertyFileEdits != null) {
File file = new File(propertyFileEdits);
if (file.exists()) {
KarafPropertyEdits edits;
try (InputStream editsStream = new FileInputStream(propertyFileEdits)) {
KarafPropertyInstructionsModelStaxReader kipmsr =
new KarafPropertyInstructionsModelStaxReader();
edits = kipmsr.read(editsStream, true);
}
builder.propertyEdits(edits);
}
}
Map<String, String> urls = new HashMap<>();
List<Artifact> artifacts = new ArrayList<>(project.getAttachedArtifacts());
artifacts.add(project.getArtifact());
for (Artifact artifact : artifacts) {
if (artifact.getFile() != null && artifact.getFile().exists()) {
String mvnUrl =
"mvn:"
+ artifact.getGroupId()
+ "/"
+ artifact.getArtifactId()
+ "/"
+ artifact.getVersion();
String type = artifact.getType();
if ("bundle".equals(type)) {
type = "jar";
}
if (!"jar".equals(type) || artifact.getClassifier() != null) {
mvnUrl += "/" + type;
if (artifact.getClassifier() != null) {
mvnUrl += "/" + artifact.getClassifier();
}
}
urls.put(mvnUrl, artifact.getFile().toURI().toString());
}
}
if (translatedUrls != null) {
urls.putAll(translatedUrls);
}
builder.translatedUrls(urls);
// creating system directory
getLog().info("Creating work directory");
builder.homeDirectory(workDirectory.toPath());
IoUtils.deleteRecursive(workDirectory);
workDirectory.mkdirs();
List<String> startupKars = new ArrayList<>();
List<String> bootKars = new ArrayList<>();
List<String> installedKars = new ArrayList<>();
// Loading kars and features repositories
getLog().info("Loading kar and features repositories dependencies");
for (Artifact artifact : project.getDependencyArtifacts()) {
Builder.Stage stage;
switch (artifact.getScope()) {
case "compile":
stage = Builder.Stage.Startup;
break;
case "runtime":
stage = Builder.Stage.Boot;
break;
case "provided":
stage = Builder.Stage.Installed;
break;
default:
continue;
}
if ("kar".equals(artifact.getType())) {
String uri = artifactToMvn(artifact);
switch (stage) {
case Startup:
startupKars.add(uri);
break;
case Boot:
bootKars.add(uri);
break;
case Installed:
installedKars.add(uri);
break;
}
} else if ("features".equals(artifact.getClassifier())) {
String uri = artifactToMvn(artifact);
switch (stage) {
case Startup:
startupRepositories.add(uri);
break;
case Boot:
bootRepositories.add(uri);
break;
case Installed:
installedRepositories.add(uri);
break;
}
} else if ("jar".equals(artifact.getType()) || "bundle".equals(artifact.getType())) {
String uri = artifactToMvn(artifact);
switch (stage) {
case Startup:
startupBundles.add(uri);
break;
case Boot:
bootBundles.add(uri);
break;
case Installed:
installedBundles.add(uri);
break;
}
}
}
builder
.karafVersion(karafVersion)
.useReferenceUrls(useReferenceUrls)
.defaultAddAll(installAllFeaturesByDefault)
.ignoreDependencyFlag(ignoreDependencyFlag);
if (profilesUri != null) {
builder.profilesUris(profilesUri);
}
if (libraries != null) {
builder.libraries(libraries.toArray(new String[libraries.size()]));
}
// Startup
builder
.defaultStage(Builder.Stage.Startup)
.kars(toArray(startupKars))
.repositories(
startupFeatures.isEmpty() && startupProfiles.isEmpty() && installAllFeaturesByDefault,
toArray(startupRepositories))
.features(toArray(startupFeatures))
.bundles(toArray(startupBundles))
.profiles(toArray(startupProfiles));
// Boot
builder
.defaultStage(Builder.Stage.Boot)
.kars(toArray(bootKars))
.repositories(
bootFeatures.isEmpty() && bootProfiles.isEmpty() && installAllFeaturesByDefault,
toArray(bootRepositories))
.features(toArray(bootFeatures))
.bundles(toArray(bootBundles))
.profiles(toArray(bootProfiles));
// Installed
builder
.defaultStage(Builder.Stage.Installed)
.kars(toArray(installedKars))
.repositories(
installedFeatures.isEmpty()
&& installedProfiles.isEmpty()
&& installAllFeaturesByDefault,
toArray(installedRepositories))
.features(toArray(installedFeatures))
.bundles(toArray(installedBundles))
.profiles(toArray(installedProfiles));
// Generate the assembly
builder.generateAssembly();
// Include project classes content
if (includeBuildOutputDirectory)
IoUtils.copyDirectory(new File(project.getBuild().getOutputDirectory()), workDirectory);
// Overwrite assembly dir contents
if (sourceDirectory.exists()) IoUtils.copyDirectory(sourceDirectory, workDirectory);
// Chmod the bin/* scripts
File[] files = new File(workDirectory, "bin").listFiles();
if (files != null) {
for (File file : files) {
if (!file.getName().endsWith(".bat")) {
try {
Files.setPosixFilePermissions(
file.toPath(), PosixFilePermissions.fromString("rwxr-xr-x"));
} catch (Throwable ignore) {
// we tried our best, perhaps the OS does not support posix file perms.
}
}
}
}
}
