Repository: nifi Updated Branches: refs/heads/master 01adb050f -> 5e4ba0458
http://git-wip-us.apache.org/repos/asf/nifi/blob/5e4ba045/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java index 0958b27..03a62d7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java @@ -56,33 +56,67 @@ public class FileAuthorizerTest { "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + "<authorizations/>"; + private static final String EMPTY_TENANTS_CONCISE = + "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + + "<tenants/>"; + private static final String EMPTY_AUTHORIZATIONS = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + "<authorizations>" + "</authorizations>"; + private static final String EMPTY_TENANTS = + "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + + "<tenants>" + + "</tenants>"; + private static final String BAD_SCHEMA_AUTHORIZATIONS = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + "<authorization>" + "</authorization>"; + private static final String BAD_SCHEMA_TENANTS = + "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + + "<tenant>" + + "</tenant>"; + private static final String SIMPLE_AUTHORIZATION_BY_USER = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + "<authorizations>" + + " <policies>" + + " <policy identifier=\"policy-1\" resource=\"/flow\" action=\"R\">" + + " <user identifier=\"user-1\" />" + + " </policy>" + + " </policies>" + + "</authorizations>"; + + private static final String SIMPLE_TENANTS_BY_USER = + "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + + "<tenants>" + " <users>" + " <user identifier=\"user-1\" identity=\"user-1\"/>" + " <user identifier=\"user-2\" identity=\"user-2\"/>" + " </users>" + + "</tenants>"; + + private static final String AUTHORIZATIONS = + "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + + "<authorizations>" + " <policies>" + " <policy identifier=\"policy-1\" resource=\"/flow\" action=\"R\">" + - " <user identifier=\"user-1\" />" + + " <group identifier=\"group-1\" />" + + " <group identifier=\"group-2\" />" + + " <user identifier=\"user-1\" />" + + " </policy>" + + " <policy identifier=\"policy-2\" resource=\"/flow\" action=\"W\">" + + " <user identifier=\"user-2\" />" + " </policy>" + " </policies>" + "</authorizations>"; - private static final String AUTHORIZATIONS = + private static final String TENANTS = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + - "<authorizations>" + + "<tenants>" + " <groups>" + " <group identifier=\"group-1\" name=\"group-1\">" + " <user identifier=\"user-1\" />" + @@ -95,25 +129,17 @@ public class FileAuthorizerTest { " <user identifier=\"user-1\" identity=\"user-1\" />" + " <user identifier=\"user-2\" identity=\"user-2\" />" + " </users>" + - " <policies>" + - " <policy identifier=\"policy-1\" resource=\"/flow\" action=\"R\">" + - " <group identifier=\"group-1\" />" + - " <group identifier=\"group-2\" />" + - " <user identifier=\"user-1\" />" + - " </policy>" + - " <policy identifier=\"policy-2\" resource=\"/flow\" action=\"W\">" + - " <user identifier=\"user-2\" />" + - " </policy>" + - " </policies>" + - "</authorizations>"; + "</tenants>"; // This is the root group id from the flow.xml.gz in src/test/resources private static final String ROOT_GROUP_ID = "e530e14c-adcf-41c2-b5d6-d9a59ba8765c"; private NiFiProperties properties; private FileAuthorizer authorizer; - private File primary; - private File restore; + private File primaryAuthorizations; + private File primaryTenants; + private File restoreAuthorizations; + private File restoreTenants; private File flow; private File flowNoPorts; private File flowWithDns; @@ -123,12 +149,20 @@ public class FileAuthorizerTest { @Before public void setup() throws IOException { // primary authorizations - primary = new File("target/primary/authorizations.xml"); - FileUtils.ensureDirectoryExistAndCanAccess(primary.getParentFile()); + primaryAuthorizations = new File("target/authorizations/authorizations.xml"); + FileUtils.ensureDirectoryExistAndCanAccess(primaryAuthorizations.getParentFile()); + + // primary tenants + primaryTenants = new File("target/authorizations/users.xml"); + FileUtils.ensureDirectoryExistAndCanAccess(primaryTenants.getParentFile()); + + // restore authorizations + restoreAuthorizations = new File("target/restore/authorizations.xml"); + FileUtils.ensureDirectoryExistAndCanAccess(restoreAuthorizations.getParentFile()); // restore authorizations - restore = new File("target/restore/authorizations.xml"); - FileUtils.ensureDirectoryExistAndCanAccess(restore.getParentFile()); + restoreTenants = new File("target/restore/users.xml"); + FileUtils.ensureDirectoryExistAndCanAccess(restoreTenants.getParentFile()); flow = new File("src/test/resources/flow.xml.gz"); FileUtils.ensureDirectoryExistAndCanAccess(flow.getParentFile()); @@ -140,11 +174,12 @@ public class FileAuthorizerTest { FileUtils.ensureDirectoryExistAndCanAccess(flowWithDns.getParentFile()); properties = mock(NiFiProperties.class); - when(properties.getRestoreDirectory()).thenReturn(restore.getParentFile()); + when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile()); when(properties.getFlowConfigurationFile()).thenReturn(flow); configurationContext = mock(AuthorizerConfigurationContext.class); - when(configurationContext.getProperty(Mockito.eq("Authorizations File"))).thenReturn(new StandardPropertyValue(primary.getPath(), null)); + when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_AUTHORIZATIONS_FILE))).thenReturn(new StandardPropertyValue(primaryAuthorizations.getPath(), null)); + when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_TENANTS_FILE))).thenReturn(new StandardPropertyValue(primaryTenants.getPath(), null)); authorizer = new FileAuthorizer(); authorizer.setNiFiProperties(properties); @@ -153,8 +188,10 @@ public class FileAuthorizerTest { @After public void cleanup() throws Exception { - deleteFile(primary); - deleteFile(restore); + deleteFile(primaryAuthorizations); + deleteFile(primaryTenants); + deleteFile(restoreAuthorizations); + deleteFile(restoreTenants); } @Test @@ -162,7 +199,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))) .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users-multirole.xml", null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); final Set<User> users = authorizer.getUsers(); @@ -180,13 +218,14 @@ public class FileAuthorizerTest { @Test public void testOnConfiguredWhenLegacyUsersFileProvidedAndFlowHasNoPorts() throws Exception { properties = mock(NiFiProperties.class); - when(properties.getRestoreDirectory()).thenReturn(restore.getParentFile()); + when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile()); when(properties.getFlowConfigurationFile()).thenReturn(flowNoPorts); when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))) .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users.xml", null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); boolean foundDataTransferPolicy = false; @@ -205,7 +244,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))) .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users.xml", null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); // verify all users got created correctly @@ -347,14 +387,15 @@ public class FileAuthorizerTest { props.setProperty("nifi.security.identity.mapping.value.dn1", "$1"); properties = getNiFiProperties(props); - when(properties.getRestoreDirectory()).thenReturn(restore.getParentFile()); + when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile()); when(properties.getFlowConfigurationFile()).thenReturn(flowWithDns); authorizer.setNiFiProperties(properties); when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))) .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users-with-dns.xml", null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); final User user1 = authorizer.getUserByIdentity("user1"); @@ -401,7 +442,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))) .thenReturn(new StandardPropertyValue("src/test/resources/does-not-exist.xml", null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); } @@ -415,13 +457,15 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE))) .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users.xml", null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); } @Test public void testOnConfiguredWhenInitialAdminNotProvided() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); final Set<User> users = authorizer.getUsers(); @@ -438,7 +482,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_INITIAL_ADMIN_IDENTITY))) .thenReturn(new StandardPropertyValue(adminIdentity, null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); final Set<User> users = authorizer.getUsers(); @@ -467,7 +512,7 @@ public class FileAuthorizerTest { public void testOnConfiguredWhenInitialAdminProvidedAndNoFlowExists() throws Exception { // setup NiFi properties to return a file that does not exist properties = mock(NiFiProperties.class); - when(properties.getRestoreDirectory()).thenReturn(restore.getParentFile()); + when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile()); when(properties.getFlowConfigurationFile()).thenReturn(new File("src/test/resources/does-not-exist.xml.gz")); authorizer.setNiFiProperties(properties); @@ -475,7 +520,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_INITIAL_ADMIN_IDENTITY))) .thenReturn(new StandardPropertyValue(adminIdentity, null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); final Set<User> users = authorizer.getUsers(); @@ -504,7 +550,7 @@ public class FileAuthorizerTest { public void testOnConfiguredWhenInitialAdminProvidedAndFlowIsNull() throws Exception { // setup NiFi properties to return a file that does not exist properties = mock(NiFiProperties.class); - when(properties.getRestoreDirectory()).thenReturn(restore.getParentFile()); + when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile()); when(properties.getFlowConfigurationFile()).thenReturn(null); authorizer.setNiFiProperties(properties); @@ -512,7 +558,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_INITIAL_ADMIN_IDENTITY))) .thenReturn(new StandardPropertyValue(adminIdentity, null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); final Set<User> users = authorizer.getUsers(); @@ -544,7 +591,7 @@ public class FileAuthorizerTest { props.setProperty("nifi.security.identity.mapping.value.dn1", "$1_$2_$3"); properties = getNiFiProperties(props); - when(properties.getRestoreDirectory()).thenReturn(restore.getParentFile()); + when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile()); when(properties.getFlowConfigurationFile()).thenReturn(flow); authorizer.setNiFiProperties(properties); @@ -552,7 +599,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_INITIAL_ADMIN_IDENTITY))) .thenReturn(new StandardPropertyValue(adminIdentity, null)); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); final Set<User> users = authorizer.getUsers(); @@ -578,7 +626,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperties()).thenReturn(props); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); User adminUser = authorizer.getUserByIdentity(adminIdentity); @@ -609,7 +658,7 @@ public class FileAuthorizerTest { props.setProperty("nifi.security.identity.mapping.value.dn1", "$1"); properties = getNiFiProperties(props); - when(properties.getRestoreDirectory()).thenReturn(restore.getParentFile()); + when(properties.getRestoreDirectory()).thenReturn(restoreAuthorizations.getParentFile()); when(properties.getFlowConfigurationFile()).thenReturn(flow); authorizer.setNiFiProperties(properties); @@ -626,7 +675,8 @@ public class FileAuthorizerTest { when(configurationContext.getProperties()).thenReturn(nodeProps); - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); User adminUser = authorizer.getUserByIdentity("user1"); @@ -639,42 +689,72 @@ public class FileAuthorizerTest { assertNotNull(nodeUser2); } + public void testOnConfiguredWhenTenantsAndAuthorizationsFileDoesNotExist() { + authorizer.onConfigured(configurationContext); + assertEquals(0, authorizer.getAccessPolicies().size()); + } + @Test - public void testOnConfiguredWhenAuthorizationsFileDoesNotExist() { + public void testOnConfiguredWhenAuthorizationsFileDoesNotExist() throws Exception { + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); + authorizer.onConfigured(configurationContext); + assertEquals(0, authorizer.getAccessPolicies().size()); + } + + @Test + public void testOnConfiguredWhenTenantsFileDoesNotExist() throws Exception { + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); authorizer.onConfigured(configurationContext); assertEquals(0, authorizer.getAccessPolicies().size()); } @Test public void testOnConfiguredWhenRestoreDoesNotExist() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(primaryTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); - assertEquals(primary.length(), restore.length()); + assertEquals(primaryAuthorizations.length(), restoreAuthorizations.length()); + assertEquals(primaryTenants.length(), restoreTenants.length()); } @Test(expected = AuthorizerCreationException.class) public void testOnConfiguredWhenPrimaryDoesNotExist() throws Exception { - writeAuthorizationsFile(restore, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(restoreAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + writeFile(restoreTenants, EMPTY_TENANTS_CONCISE); + authorizer.onConfigured(configurationContext); + } + + @Test(expected = AuthorizerCreationException.class) + public void testOnConfiguredWhenPrimaryAuthorizationsDifferentThanRestore() throws Exception { + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS); + writeFile(restoreAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE); + authorizer.onConfigured(configurationContext); + } + + @Test(expected = AuthorizerCreationException.class) + public void testOnConfiguredWhenPrimaryTenantsDifferentThanRestore() throws Exception { + writeFile(primaryTenants, EMPTY_TENANTS); + writeFile(restoreTenants, EMPTY_TENANTS_CONCISE); authorizer.onConfigured(configurationContext); } @Test(expected = AuthorizerCreationException.class) - public void testOnConfiguredWhenPrimaryDifferentThanRestore() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS); - writeAuthorizationsFile(restore, EMPTY_AUTHORIZATIONS_CONCISE); + public void testOnConfiguredWithBadAuthorizationsSchema() throws Exception { + writeFile(primaryAuthorizations, BAD_SCHEMA_AUTHORIZATIONS); authorizer.onConfigured(configurationContext); } @Test(expected = AuthorizerCreationException.class) - public void testOnConfiguredWithBadSchema() throws Exception { - writeAuthorizationsFile(primary, BAD_SCHEMA_AUTHORIZATIONS); + public void testOnConfiguredWithBadTenantsSchema() throws Exception { + writeFile(primaryTenants, BAD_SCHEMA_TENANTS); authorizer.onConfigured(configurationContext); } @Test public void testAuthorizedUserAction() throws Exception { - writeAuthorizationsFile(primary, SIMPLE_AUTHORIZATION_BY_USER); + writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER); + writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER); authorizer.onConfigured(configurationContext); final AuthorizationRequest request = new AuthorizationRequest.Builder() @@ -691,7 +771,8 @@ public class FileAuthorizerTest { @Test public void testUnauthorizedUser() throws Exception { - writeAuthorizationsFile(primary, SIMPLE_AUTHORIZATION_BY_USER); + writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER); + writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER); authorizer.onConfigured(configurationContext); final AuthorizationRequest request = new AuthorizationRequest.Builder() @@ -708,7 +789,8 @@ public class FileAuthorizerTest { @Test public void testUnauthorizedAction() throws Exception { - writeAuthorizationsFile(primary, SIMPLE_AUTHORIZATION_BY_USER); + writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER); + writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER); authorizer.onConfigured(configurationContext); final AuthorizationRequest request = new AuthorizationRequest.Builder() @@ -725,7 +807,8 @@ public class FileAuthorizerTest { @Test public void testGetAllUsersGroupsPolicies() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); final Set<Group> groups = authorizer.getGroups(); @@ -798,7 +881,8 @@ public class FileAuthorizerTest { @Test public void testAddUser() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS); + writeFile(primaryTenants, EMPTY_TENANTS); authorizer.onConfigured(configurationContext); assertEquals(0, authorizer.getUsers().size()); @@ -818,7 +902,8 @@ public class FileAuthorizerTest { @Test public void testGetUserByIdentifierWhenFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -830,7 +915,8 @@ public class FileAuthorizerTest { @Test public void testGetUserByIdentifierWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -841,7 +927,8 @@ public class FileAuthorizerTest { @Test public void testGetUserByIdentityWhenFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -853,7 +940,8 @@ public class FileAuthorizerTest { @Test public void testGetUserByIdentityWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -864,7 +952,8 @@ public class FileAuthorizerTest { @Test public void testDeleteUser() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -891,7 +980,8 @@ public class FileAuthorizerTest { @Test public void testDeleteUserWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -906,7 +996,8 @@ public class FileAuthorizerTest { @Test public void testUpdateUserWhenFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -923,7 +1014,8 @@ public class FileAuthorizerTest { @Test public void testUpdateUserWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getUsers().size()); @@ -940,7 +1032,8 @@ public class FileAuthorizerTest { @Test public void testAddGroup() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS); + writeFile(primaryTenants, EMPTY_TENANTS); authorizer.onConfigured(configurationContext); assertEquals(0, authorizer.getGroups().size()); @@ -961,7 +1054,8 @@ public class FileAuthorizerTest { @Test public void testAddGroupWithUser() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getGroups().size()); @@ -984,7 +1078,8 @@ public class FileAuthorizerTest { @Test(expected = IllegalStateException.class) public void testAddGroupWhenUserDoesNotExist() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS); + writeFile(primaryTenants, EMPTY_TENANTS); authorizer.onConfigured(configurationContext); assertEquals(0, authorizer.getGroups().size()); @@ -999,7 +1094,8 @@ public class FileAuthorizerTest { @Test public void testGetGroupByIdentifierWhenFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getGroups().size()); @@ -1011,7 +1107,8 @@ public class FileAuthorizerTest { @Test public void testGetGroupByIdentifierWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getGroups().size()); @@ -1022,7 +1119,8 @@ public class FileAuthorizerTest { @Test public void testDeleteGroupWhenFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getGroups().size()); @@ -1051,7 +1149,8 @@ public class FileAuthorizerTest { @Test public void testDeleteGroupWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getGroups().size()); @@ -1067,7 +1166,8 @@ public class FileAuthorizerTest { @Test public void testUpdateGroupWhenFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getGroups().size()); @@ -1092,7 +1192,8 @@ public class FileAuthorizerTest { @Test public void testUpdateGroupWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getGroups().size()); @@ -1110,7 +1211,8 @@ public class FileAuthorizerTest { @Test public void testAddAccessPolicy() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS); + writeFile(primaryTenants, EMPTY_TENANTS); authorizer.onConfigured(configurationContext); assertEquals(0, authorizer.getAccessPolicies().size()); @@ -1152,7 +1254,8 @@ public class FileAuthorizerTest { @Test public void testAddAccessPolicyWithEmptyUsersAndGroups() throws Exception { - writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS); + writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS); + writeFile(primaryTenants, EMPTY_TENANTS); authorizer.onConfigured(configurationContext); assertEquals(0, authorizer.getAccessPolicies().size()); @@ -1175,7 +1278,8 @@ public class FileAuthorizerTest { @Test public void testGetAccessPolicy() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getAccessPolicies().size()); @@ -1196,7 +1300,8 @@ public class FileAuthorizerTest { @Test public void testGetAccessPolicyWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getAccessPolicies().size()); @@ -1206,7 +1311,8 @@ public class FileAuthorizerTest { @Test public void testUpdateAccessPolicy() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getAccessPolicies().size()); @@ -1234,7 +1340,8 @@ public class FileAuthorizerTest { @Test public void testUpdateAccessPolicyWhenResourceNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getAccessPolicies().size()); @@ -1252,7 +1359,8 @@ public class FileAuthorizerTest { @Test public void testDeleteAccessPolicy() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getAccessPolicies().size()); @@ -1275,7 +1383,8 @@ public class FileAuthorizerTest { @Test public void testDeleteAccessPolicyWhenNotFound() throws Exception { - writeAuthorizationsFile(primary, AUTHORIZATIONS); + writeFile(primaryAuthorizations, AUTHORIZATIONS); + writeFile(primaryTenants, TENANTS); authorizer.onConfigured(configurationContext); assertEquals(2, authorizer.getAccessPolicies().size()); @@ -1291,7 +1400,7 @@ public class FileAuthorizerTest { assertNull(deletedAccessPolicy); } - private static void writeAuthorizationsFile(final File file, final String content) throws Exception { + private static void writeFile(final File file, final String content) throws Exception { byte[] bytes = content.getBytes(StandardCharsets.UTF_8); try (final FileOutputStream fos = new FileOutputStream(file)) { fos.write(bytes); http://git-wip-us.apache.org/repos/asf/nifi/blob/5e4ba045/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml index cc1544d..46bf637 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml @@ -23,7 +23,9 @@ <!-- The FileAuthorizer is NiFi's provided authorizer and has the following properties: - - Authorizations File - The file where the FileAuthorizer will store authorizations. + - Authorizations File - The file where the FileAuthorizer will store policies. + + - Users File - The file where the FileAuthorizer will store users and groups. - Initial Admin Identity - The identity of an initial admin user that will be granted access to the UI and given the ability to create additional users, groups, and policies. The value of this property could be @@ -50,6 +52,7 @@ <identifier>file-provider</identifier> <class>org.apache.nifi.authorization.FileAuthorizer</class> <property name="Authorizations File">./conf/authorizations.xml</property> + <property name="Users File">./conf/users.xml</property> <property name="Initial Admin Identity"></property> <property name="Legacy Authorized Users File"></property>
