[
https://issues.apache.org/jira/browse/NIFI-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15308733#comment-15308733
]
ASF GitHub Bot commented on NIFI-1916:
--------------------------------------
Github user jtstorck commented on a diff in the pull request:
https://github.com/apache/nifi/pull/473#discussion_r65270822
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
---
@@ -127,153 +145,766 @@ public void onConfigured(final
AuthorizerConfigurationContext configurationConte
}
}
- final PropertyValue rawReloadInterval =
configurationContext.getProperty("Reload Interval");
+ // load the authorizations
+ load();
+
+ // if there are no users or policies then see if an initial
admin was provided
+ if (allUsers.get().isEmpty() && allPolicies.get().isEmpty()) {
+ final PropertyValue initialAdminIdentity =
configurationContext.getProperty("Initial Admin Identity");
+ if (initialAdminIdentity != null &&
!StringUtils.isBlank(initialAdminIdentity.getValue())) {
+ populateInitialAdmin(initialAdminIdentity.getValue());
+ }
+ }
+
+ // if we've copied the authorizations file to a restore
directory synchronize it
+ if (restoreAuthorizationsFile != null) {
+ FileUtils.copyFile(authorizationsFile,
restoreAuthorizationsFile, false, false, logger);
+ }
+
+ logger.info(String.format("Authorizations file loaded at %s",
new Date().toString()));
+
+ } catch (IOException | AuthorizerCreationException | JAXBException
| IllegalStateException e) {
+ throw new AuthorizerCreationException(e);
+ }
+ }
+
+ /**
+ * Reloads the authorized users file.
+ *
+ * @throws JAXBException Unable to reload the authorized
users file
+ * @throws IOException Unable to sync file with restore
+ * @throws IllegalStateException Unable to sync file with restore
+ */
+ private void load() throws JAXBException, IOException,
IllegalStateException {
+ // attempt to unmarshal
+ final Unmarshaller unmarshaller =
JAXB_CONTEXT.createUnmarshaller();
+ unmarshaller.setSchema(schema);
+ final JAXBElement<Authorizations> element =
unmarshaller.unmarshal(new StreamSource(authorizationsFile),
Authorizations.class);
+
+ final Authorizations authorizations = element.getValue();
+
+ if (authorizations.getUsers() == null) {
+ authorizations.setUsers(new Users());
+ }
+ if (authorizations.getGroups() == null) {
+ authorizations.setGroups(new Groups());
+ }
+ if (authorizations.getPolicies() == null) {
+ authorizations.setPolicies(new Policies());
+ }
+
+ this.authorizations.set(authorizations);
+ load(authorizations);
+ }
+
+ /**
+ * Loads the internal data structures from the given Authorizations.
+ *
+ * @param authorizations the Authorizations to populate from
+ */
+ private void load(final Authorizations authorizations) {
+ // load all users
+ final Users users = authorizations.getUsers();
+ final Set<User> allUsers =
Collections.unmodifiableSet(createUsers(users));
+
+ // load all groups
+ final Groups groups = authorizations.getGroups();
+ final Set<Group> allGroups =
Collections.unmodifiableSet(createGroups(groups, users));
+
+ // load all access policies
+ final Policies policies = authorizations.getPolicies();
+ final Set<AccessPolicy> allPolicies =
Collections.unmodifiableSet(createAccessPolicies(policies));
+
+ // create a convenience map to retrieve a user by id
+ final Map<String, User> userByIdMap =
Collections.unmodifiableMap(createUserByIdMap(allUsers));
+
+ // create a convenience map to retrieve a user by identity
+ final Map<String, User> userByIdentityMap =
Collections.unmodifiableMap(createUserByIdentityMap(allUsers));
+
+ // create a convenience map to retrieve a group by id
+ final Map<String, Group> groupByIdMap =
Collections.unmodifiableMap(createGroupByIdMap(allGroups));
+
+ // create a convenience map from resource id to policies
+ final Map<String, Set<AccessPolicy>> resourcePolicies =
Collections.unmodifiableMap(createResourcePolicyMap(allPolicies));
--- End diff --
Based on the other names of the maps here, do you think
policiesByResourceId is a more descriptive/accurate name for `resourcePolicies`?
> Make File Based Authorizer implement new User, Group, Policy API
> ----------------------------------------------------------------
>
> Key: NIFI-1916
> URL: https://issues.apache.org/jira/browse/NIFI-1916
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Fix For: 1.0.0
>
>
> This ticket is a sub-task of NIFI-1550 which is the larger effort to refactor
> NiFi's authorization API.
> This ticket specifically is to update the FileAuthorizer introduced on
> master, to now extend from AbstractPolicyBasedAuthorizer and implement all of
> the CRUD operations for Users, Groups, and Policies.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
