/** * Retrieves the specified access policy. * * @return An accessPolicyEntity. */ @GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{action}/{resource: .+}") // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets an access policy", response = AccessPolicyEntity.class, authorizations = { @Authorization(value = "Read Only", type = "ROLE_MONITOR"), @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), @Authorization(value = "Administrator", type = "ROLE_ADMIN") }) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response getAccessPolicyForResource( @ApiParam(value = "The request action.", allowableValues = "read, write", required = true) @PathParam("action") final String action, @ApiParam(value = "The resource of the policy.", required = true) @PathParam("resource") String rawResource) { // parse the action and resource type final RequestAction requestAction = RequestAction.valueOfValue(action); final String resource = "/" + rawResource; if (isReplicateRequest()) { return replicate(HttpMethod.GET); } // authorize access serviceFacade.authorizeAccess( lookup -> { final Authorizable accessPolicy = lookup.getAccessPolicyByResource(resource); accessPolicy.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the access policy final AccessPolicyEntity entity = serviceFacade.getAccessPolicy(requestAction, resource); populateRemainingAccessPolicyEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); }
/** * Removes the specified template. * * @param httpServletRequest request * @param id The id of the template to remove. * @return A templateEntity. */ @DELETE @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") @ApiOperation( value = "Deletes a template", response = TemplateEntity.class, authorizations = {@Authorization(value = "Write - /templates/{uuid}", type = "")}) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response removeTemplate( @Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The template id.", required = true) @PathParam("id") final String id) { if (isReplicateRequest()) { return replicate(HttpMethod.DELETE); } final TemplateEntity requestTemplateEntity = new TemplateEntity(); requestTemplateEntity.setId(id); return withWriteLock( serviceFacade, requestTemplateEntity, lookup -> { final Authorizable template = lookup.getTemplate(id); template.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, (templateEntity) -> { // delete the specified template serviceFacade.deleteTemplate(templateEntity.getId()); // build the response entity final TemplateEntity entity = new TemplateEntity(); return clusterContext(generateOkResponse(entity)).build(); }); }
/** * Retrieves the specified output port. * * @param id The id of the output port to retrieve * @return A outputPortEntity. */ @GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") @ApiOperation( value = "Gets an output port", response = PortEntity.class, authorizations = {@Authorization(value = "Read - /output-ports/{uuid}", type = "")}) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response getOutputPort( @ApiParam(value = "The output port id.", required = true) @PathParam("id") final String id) { if (isReplicateRequest()) { return replicate(HttpMethod.GET); } // authorize access serviceFacade.authorizeAccess( lookup -> { final Authorizable outputPort = lookup.getOutputPort(id); outputPort.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the port final PortEntity entity = serviceFacade.getOutputPort(id); populateRemainingOutputPortEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); }
/** * Retrieves the specified template. * * @param id The id of the template to retrieve * @return A templateEntity. */ @GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_XML) @Path("{id}/download") @ApiOperation( value = "Exports a template", response = TemplateDTO.class, authorizations = {@Authorization(value = "Read - /templates/{uuid}", type = "")}) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response exportTemplate( @ApiParam(value = "The template id.", required = true) @PathParam("id") final String id) { if (isReplicateRequest()) { return replicate(HttpMethod.GET); } // authorize access serviceFacade.authorizeAccess( lookup -> { final Authorizable template = lookup.getTemplate(id); template.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the template final TemplateDTO template = serviceFacade.exportTemplate(id); // prune the template id template.setId(null); // determine the name of the attachement - possible issues with spaces in file names String attachmentName = template.getName(); if (StringUtils.isBlank(attachmentName)) { attachmentName = "template"; } else { attachmentName = attachmentName.replaceAll("\\s", "_"); } // generate the response /* * Here instead of relying on default JAXB marshalling we are simply * serializing template to String (formatted, indented etc) and sending * it as part of the response. */ String serializedTemplate = new String(TemplateSerializer.serialize(template), StandardCharsets.UTF_8); return generateOkResponse(serializedTemplate) .header( "Content-Disposition", String.format("attachment; filename=\"%s.xml\"", attachmentName)) .build(); }
/** * Removes the specified access policy. * * @param httpServletRequest request * @param version The revision is used to verify the client is working with the latest version of * the flow. * @param clientId Optional client id. If the client id is not specified, a new one will be * generated. This value (whether specified or generated) is included in the response. * @param id The id of the access policy to remove. * @return A entity containing the client id and an updated revision. */ @DELETE @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Deletes an access policy", response = AccessPolicyEntity.class, authorizations = {@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")}) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response removeAccessPolicy( @Context final HttpServletRequest httpServletRequest, @ApiParam( value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam( value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id) { if (isReplicateRequest()) { return replicate(HttpMethod.DELETE); } // handle expects request (usually from the cluster manager) final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id); return withWriteLock( serviceFacade, revision, lookup -> { final Authorizable accessPolicy = lookup.getAccessPolicyById(id); accessPolicy.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> {}, () -> { // delete the specified access policy final AccessPolicyEntity entity = serviceFacade.deleteAccessPolicy(revision, id); return clusterContext(generateOkResponse(entity)).build(); }); }
/** * Updates an access policy. * * @param httpServletRequest request * @param id The id of the access policy to update. * @param accessPolicyEntity An accessPolicyEntity. * @return An accessPolicyEntity. */ @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Updates a access policy", response = AccessPolicyEntity.class, authorizations = {@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")}) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response updateAccessPolicy( @Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The access policy configuration details.", required = true) final AccessPolicyEntity accessPolicyEntity) { if (accessPolicyEntity == null || accessPolicyEntity.getComponent() == null) { throw new IllegalArgumentException("Access policy details must be specified."); } if (accessPolicyEntity.getRevision() == null) { throw new IllegalArgumentException("Revision must be specified."); } // ensure the ids are the same final AccessPolicyDTO accessPolicyDTO = accessPolicyEntity.getComponent(); if (!id.equals(accessPolicyDTO.getId())) { throw new IllegalArgumentException( String.format( "The access policy id (%s) in the request body does not equal the " + "access policy id of the requested resource (%s).", accessPolicyDTO.getId(), id)); } if (isReplicateRequest()) { return replicate(HttpMethod.PUT, accessPolicyEntity); } // Extract the revision final Revision revision = getRevision(accessPolicyEntity, id); return withWriteLock( serviceFacade, revision, lookup -> { Authorizable authorizable = lookup.getAccessPolicyById(id); authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { // update the access policy final AccessPolicyEntity entity = serviceFacade.updateAccessPolicy(revision, accessPolicyDTO); populateRemainingAccessPolicyEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); }); }
/** * Creates a new access policy. * * @param httpServletRequest request * @param accessPolicyEntity An accessPolicyEntity. * @return An accessPolicyEntity. */ @POST @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Creates an access policy", response = AccessPolicyEntity.class, authorizations = {@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")}) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response createAccessPolicy( @Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy configuration details.", required = true) final AccessPolicyEntity accessPolicyEntity) { if (accessPolicyEntity == null || accessPolicyEntity.getComponent() == null) { throw new IllegalArgumentException("Access policy details must be specified."); } if (accessPolicyEntity.getRevision() == null || (accessPolicyEntity.getRevision().getVersion() == null || accessPolicyEntity.getRevision().getVersion() != 0)) { throw new IllegalArgumentException( "A revision of 0 must be specified when creating a new Policy."); } final AccessPolicyDTO requestAccessPolicy = accessPolicyEntity.getComponent(); if (requestAccessPolicy.getId() != null) { throw new IllegalArgumentException("Access policy ID cannot be specified."); } if (requestAccessPolicy.getResource() == null) { throw new IllegalArgumentException("Access policy resource must be specified."); } // ensure this is a valid action RequestAction.valueOfValue(requestAccessPolicy.getAction()); if (isReplicateRequest()) { return replicate(HttpMethod.POST, accessPolicyEntity); } // handle expects request (usually from the cluster manager) final boolean validationPhase = isValidationPhase(httpServletRequest); if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) { // authorize access serviceFacade.authorizeAccess( lookup -> { final Authorizable accessPolicies = lookup.getAccessPolicyByResource(requestAccessPolicy.getResource()); accessPolicies.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { return generateContinueResponse().build(); } // set the access policy id as appropriate requestAccessPolicy.setId(generateUuid()); // get revision from the config final RevisionDTO revisionDTO = accessPolicyEntity.getRevision(); Revision revision = new Revision( revisionDTO.getVersion(), revisionDTO.getClientId(), accessPolicyEntity.getComponent().getId()); // create the access policy and generate the json final AccessPolicyEntity entity = serviceFacade.createAccessPolicy(revision, accessPolicyEntity.getComponent()); populateRemainingAccessPolicyEntityContent(entity); // build the response return clusterContext(generateCreatedResponse(URI.create(entity.getUri()), entity)).build(); }
/** * Updates the specified output port. * * @param httpServletRequest request * @param id The id of the output port to update. * @param requestPortEntity A outputPortEntity. * @return A outputPortEntity. */ @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") @ApiOperation( value = "Updates an output port", response = PortEntity.class, authorizations = {@Authorization(value = "Write - /output-ports/{uuid}", type = "")}) @ApiResponses( value = { @ApiResponse( code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse( code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") }) public Response updateOutputPort( @Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The output port id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The output port configuration details.", required = true) final PortEntity requestPortEntity) { if (requestPortEntity == null || requestPortEntity.getComponent() == null) { throw new IllegalArgumentException("Output port details must be specified."); } if (requestPortEntity.getRevision() == null) { throw new IllegalArgumentException("Revision must be specified."); } // ensure the ids are the same PortDTO requestPortDTO = requestPortEntity.getComponent(); if (!id.equals(requestPortDTO.getId())) { throw new IllegalArgumentException( String.format( "The output port id (%s) in the request body does not equal the " + "output port id of the requested resource (%s).", requestPortDTO.getId(), id)); } final PositionDTO proposedPosition = requestPortDTO.getPosition(); if (proposedPosition != null) { if (proposedPosition.getX() == null || proposedPosition.getY() == null) { throw new IllegalArgumentException( "The x and y coordinate of the proposed position must be specified."); } } if (isReplicateRequest()) { return replicate(HttpMethod.PUT, requestPortEntity); } // handle expects request (usually from the cluster manager) final Revision requestRevision = getRevision(requestPortEntity, id); return withWriteLock( serviceFacade, requestPortEntity, requestRevision, lookup -> { Authorizable authorizable = lookup.getOutputPort(id); authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateOutputPort(requestPortDTO), (revision, portEntity) -> { final PortDTO portDTO = portEntity.getComponent(); // update the output port final PortEntity entity = serviceFacade.updateOutputPort(revision, portDTO); populateRemainingOutputPortEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); }); }