NIFI-2237: - Updating Rest Endpoint documentation specifically regarding access policies. - Ensuring the resource listing is accurate. - Removing unnecessary code.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/9338f102 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/9338f102 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/9338f102 Branch: refs/heads/master Commit: 9338f102cbfa681525cbf806ae71481944ac3516 Parents: fca59ff Author: Matt Gilman <matt.c.gil...@gmail.com> Authored: Tue Aug 2 11:35:44 2016 -0400 Committer: Matt Gilman <matt.c.gil...@gmail.com> Committed: Wed Aug 3 16:18:30 2016 -0400 ---------------------------------------------------------------------- .../authorization/resource/ResourceFactory.java | 210 ---- .../nifi/web/api/AccessPolicyResource.java | 32 +- .../org/apache/nifi/web/api/AccessResource.java | 44 +- .../nifi/web/api/ApplicationResource.java | 30 +- .../apache/nifi/web/api/ConnectionResource.java | 176 ++- .../apache/nifi/web/api/ControllerResource.java | 173 ++- .../nifi/web/api/ControllerServiceResource.java | 288 +++-- .../apache/nifi/web/api/CountersResource.java | 16 +- .../nifi/web/api/DataTransferResource.java | 70 +- .../nifi/web/api/FlowFileQueueResource.java | 274 +++-- .../org/apache/nifi/web/api/FlowResource.java | 1078 ++++++++---------- .../org/apache/nifi/web/api/FunnelResource.java | 112 +- .../apache/nifi/web/api/InputPortResource.java | 118 +- .../org/apache/nifi/web/api/LabelResource.java | 106 +- .../apache/nifi/web/api/OutputPortResource.java | 106 +- .../nifi/web/api/ProcessGroupResource.java | 1077 +++++++++-------- .../apache/nifi/web/api/ProcessorResource.java | 211 ++-- .../nifi/web/api/ProvenanceEventResource.java | 75 +- .../apache/nifi/web/api/ProvenanceResource.java | 132 ++- .../web/api/RemoteProcessGroupResource.java | 288 +++-- .../nifi/web/api/ReportingTaskResource.java | 205 ++-- .../apache/nifi/web/api/ResourceResource.java | 63 +- .../apache/nifi/web/api/SiteToSiteResource.java | 46 +- .../apache/nifi/web/api/SnippetResource.java | 238 ++-- .../nifi/web/api/SystemDiagnosticsResource.java | 40 +- .../apache/nifi/web/api/TemplateResource.java | 97 +- .../apache/nifi/web/api/TenantsResource.java | 58 +- .../config/InvalidRevisionExceptionMapper.java | 12 +- .../nifi/web/controller/ControllerFacade.java | 72 +- 29 files changed, 2466 insertions(+), 2981 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java index 426e7fd..25f5ec3 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java @@ -34,30 +34,6 @@ public final class ResourceFactory { } }; - private final static Resource CONTROLLER_SERVICE_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.ControllerService.getValue(); - } - - @Override - public String getName() { - return "Controller Service"; - } - }; - - private final static Resource FUNNEL_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.Funnel.getValue(); - } - - @Override - public String getName() { - return "Funnel"; - } - }; - private final static Resource FLOW_RESOURCE = new Resource() { @Override public String getIdentifier() { @@ -70,42 +46,6 @@ public final class ResourceFactory { } }; - private final static Resource INPUT_PORT_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.InputPort.getValue(); - } - - @Override - public String getName() { - return "Input Port"; - } - }; - - private final static Resource LABEL_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.Label.getValue(); - } - - @Override - public String getName() { - return "Label"; - } - }; - - private final static Resource OUTPUT_PORT_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.OutputPort.getValue(); - } - - @Override - public String getName() { - return "Output Port"; - } - }; - private final static Resource POLICY_RESOURCE = new Resource() { @Override public String getIdentifier() { @@ -118,30 +58,6 @@ public final class ResourceFactory { } }; - private final static Resource PROCESSOR_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.Processor.getValue(); - } - - @Override - public String getName() { - return "Processor"; - } - }; - - private final static Resource PROCESS_GROUP_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.ProcessGroup.getValue(); - } - - @Override - public String getName() { - return "Process Group"; - } - }; - private final static Resource COUNTERS_RESOURCE = new Resource() { @Override public String getIdentifier() { @@ -190,30 +106,6 @@ public final class ResourceFactory { } }; - private final static Resource REMOTE_PROCESS_GROUP_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.RemoteProcessGroup.getValue(); - } - - @Override - public String getName() { - return "Remote Process Group"; - } - }; - - private final static Resource REPORTING_TASK_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.ReportingTask.getValue(); - } - - @Override - public String getName() { - return "Reporting Task"; - } - }; - private final static Resource RESOURCE_RESOURCE = new Resource() { @Override public String getIdentifier() { @@ -250,18 +142,6 @@ public final class ResourceFactory { } }; - private final static Resource TEMPLATE_RESOURCE = new Resource() { - @Override - public String getIdentifier() { - return ResourceType.Template.getValue(); - } - - @Override - public String getName() { - return "Template"; - } - }; - private final static Resource TENANT_RESOURCE = new Resource() { @Override public String getIdentifier() { @@ -297,24 +177,6 @@ public final class ResourceFactory { } /** - * Gets the Resource for accessing Controller Services. - * - * @return The resource for accessing Controller Services - */ - public static Resource getControllerServiceResource() { - return CONTROLLER_SERVICE_RESOURCE; - } - - /** - * Gets the Resource for accessing Funnels. - * - * @return The resource for accessing Funnels. - */ - public static Resource getFunnelResource() { - return FUNNEL_RESOURCE; - } - - /** * Gets the Resource for accessing the NiFi flow. This includes the data flow structure, component status, search results, and banner/about text. * * @return The NiFi resource @@ -324,51 +186,6 @@ public final class ResourceFactory { } /** - * Gets the Resource for accessing Input Ports. - * - * @return The resource for accessing Input Ports - */ - public static Resource getInputPortResource() { - return INPUT_PORT_RESOURCE; - } - - /** - * Gets the Resource for accessing Labels. - * - * @return The resource for accessing Labels - */ - public static Resource getLabelResource() { - return LABEL_RESOURCE; - } - - /** - * Gets the Resource for accessing Output Ports. - * - * @return The resource for accessing Output Ports - */ - public static Resource getOutputPortResource() { - return OUTPUT_PORT_RESOURCE; - } - - /** - * Gets the Resource for accessing Processors. - * - * @return The resource for accessing Processors - */ - public static Resource getProcessorResource() { - return PROCESSOR_RESOURCE; - } - - /** - * Gets the Resource for accessing Process Groups. - * - * @return The resource for accessing Process Groups - */ - public static Resource getProcessGroupResource() { - return PROCESS_GROUP_RESOURCE; - } - - /** * Gets the Resource for accessing the Counters.. * * @return The resource for accessing the Controller @@ -397,24 +214,6 @@ public final class ResourceFactory { } /** - * Gets the Resource for accessing Remote Process Groups. - * - * @return The resource accessing Remote Process Groups - */ - public static Resource getRemoteProcessGroupResource() { - return REMOTE_PROCESS_GROUP_RESOURCE; - } - - /** - * Gets the Resource for accessing Reporting Tasks. - * - * @return The resource for accessing Reporting Tasks - */ - public static Resource getReportingTaskResource() { - return REPORTING_TASK_RESOURCE; - } - - /** * Gets the Resource for detailing all available NiFi Resources. * * @return The Resource resource @@ -443,15 +242,6 @@ public final class ResourceFactory { } /** - * Gets the Resource for accessing Templates. - * - * @return The Resource for accessing Tempaltes - */ - public static Resource getTemplateResource() { - return TEMPLATE_RESOURCE; - } - - /** * Gets the Resource for accessing Tenants which includes creating, modifying, and deleting Users and UserGroups. * * @return The Resource for accessing Tenants http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java index 54f98f1..9bfcbc0 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java @@ -102,14 +102,18 @@ public class AccessPolicyResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{action}/{resource: .+}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( - value = "Gets an access policy", + value = "Gets an access policy for the specified action and resource", + notes = "Will return the effective policy if no component specific policy exists for the specified action and resource. " + + "Must have Read permissions to the policy with the desired action and resource. Permissions for the policy that is " + + "returned will be indicated in the response. This means the client could be authorized to get the policy for a " + + "given component but the effective policy may be inherited from an ancestor Process Group. If the client does not " + + "have permissions to that policy, the response will not include the policy and the permissions in the response " + + "will be marked accordingly. If the client does not have permissions to the policy of the desired action and resource " + + "a 403 response will be returned.", response = AccessPolicyEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /policies/{resource}", type = "") } ) @ApiResponses( @@ -172,12 +176,11 @@ public class AccessPolicyResource extends ApplicationResource { @POST @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Creates an access policy", response = AccessPolicyEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /policies/{resource}", type = "") } ) @ApiResponses( @@ -263,14 +266,11 @@ public class AccessPolicyResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets an access policy", response = AccessPolicyEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /policies/{resource}", type = "") } ) @ApiResponses( @@ -300,7 +300,7 @@ public class AccessPolicyResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { - Authorizable authorizable = lookup.getAccessPolicyById(id); + Authorizable authorizable = lookup.getAccessPolicyById(id); authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); @@ -323,12 +323,11 @@ public class AccessPolicyResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Updates a access policy", response = AccessPolicyEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /policies/{resource}", type = "") } ) @ApiResponses( @@ -382,7 +381,7 @@ public class AccessPolicyResource extends ApplicationResource { serviceFacade, revision, lookup -> { - Authorizable authorizable = lookup.getAccessPolicyById(id); + Authorizable authorizable = lookup.getAccessPolicyById(id); authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, @@ -412,12 +411,11 @@ public class AccessPolicyResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Deletes an access policy", response = AccessPolicyEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /policies/{resource}", type = "") } ) @ApiResponses( http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java index 6f79a23..5657fdb 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java @@ -29,13 +29,6 @@ import org.apache.nifi.authentication.LoginIdentityProvider; import org.apache.nifi.authentication.exception.IdentityAccessException; import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException; import org.apache.nifi.authorization.AccessDeniedException; -import org.apache.nifi.authorization.AuthorizationRequest; -import org.apache.nifi.authorization.AuthorizationResult; -import org.apache.nifi.authorization.AuthorizationResult.Result; -import org.apache.nifi.authorization.Authorizer; -import org.apache.nifi.authorization.RequestAction; -import org.apache.nifi.authorization.UserContextKeys; -import org.apache.nifi.authorization.resource.ResourceFactory; import org.apache.nifi.authorization.user.NiFiUser; import org.apache.nifi.authorization.user.NiFiUserDetails; import org.apache.nifi.authorization.user.NiFiUserUtils; @@ -78,8 +71,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.net.URI; import java.security.cert.X509Certificate; -import java.util.HashMap; -import java.util.Map; import java.util.concurrent.TimeUnit; /** @@ -87,8 +78,8 @@ import java.util.concurrent.TimeUnit; */ @Path("/access") @Api( - value = "/access", - description = "Endpoints for obtaining an access token or checking access status." + value = "/access", + description = "Endpoints for obtaining an access token or checking access status." ) public class AccessResource extends ApplicationResource { @@ -105,33 +96,6 @@ public class AccessResource extends ApplicationResource { private KerberosService kerberosService; - private Authorizer authorizer; - - /** - * Authorizes access to the flow. - */ - private boolean hasFlowAccess(final NiFiUser user) { - final Map<String,String> userContext; - if (!StringUtils.isBlank(user.getClientAddress())) { - userContext = new HashMap<>(); - userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress()); - } else { - userContext = null; - } - - final AuthorizationRequest request = new AuthorizationRequest.Builder() - .resource(ResourceFactory.getFlowResource()) - .identity(user.getIdentity()) - .anonymous(user.isAnonymous()) - .accessAttempt(true) - .action(RequestAction.READ) - .userContext(userContext) - .build(); - - final AuthorizationResult result = authorizer.authorize(request); - return Result.Approved.equals(result.getResult()); - } - /** * Retrieves the access configuration for this NiFi. * @@ -173,6 +137,7 @@ public class AccessResource extends ApplicationResource { @Path("") @ApiOperation( value = "Gets the status the client's access", + notes = NON_GUARANTEED_ENDPOINT, response = AccessStatusEntity.class ) @ApiResponses( @@ -507,9 +472,6 @@ public class AccessResource extends ApplicationResource { } // setters - public void setAuthorizer(Authorizer authorizer) { - this.authorizer = authorizer; - } public void setLoginIdentityProvider(LoginIdentityProvider loginIdentityProvider) { this.loginIdentityProvider = loginIdentityProvider; http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java index 2c5b43e..1701764 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java @@ -95,6 +95,8 @@ public abstract class ApplicationResource { public static final String PROXY_PORT_HTTP_HEADER = "X-ProxyPort"; public static final String PROXY_CONTEXT_PATH_HTTP_HEADER = "X-ProxyContextPath"; + protected static final String NON_GUARANTEED_ENDPOINT = "Note: This endpoint is subject to change as the NiFi and it's REST API evolve."; + private static final Logger logger = LoggerFactory.getLogger(ApplicationResource.class); public static final String NODEWISE = "false"; @@ -459,7 +461,7 @@ public abstract class ApplicationResource { final NiFiUser user = NiFiUserUtils.getNiFiUser(); return withWriteLock(serviceFacade, authorizer, verifier, action, - () -> serviceFacade.verifyRevision(revision, user)); + () -> serviceFacade.verifyRevision(revision, user)); } /** @@ -476,23 +478,23 @@ public abstract class ApplicationResource { final Runnable verifier, final Supplier<Response> action) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); return withWriteLock(serviceFacade, authorizer, verifier, action, - () -> serviceFacade.verifyRevisions(revisions, user)); + () -> serviceFacade.verifyRevisions(revisions, user)); } /** * Executes an action through the service facade using the specified revision. * - * @param serviceFacade service facade - * @param authorizer authorizer - * @param verifier verifier - * @param action the action to execute + * @param serviceFacade service facade + * @param authorizer authorizer + * @param verifier verifier + * @param action the action to execute * @param verifyRevision a callback that will claim the necessary revisions for the operation * @return the response */ private Response withWriteLock( final NiFiServiceFacade serviceFacade, final AuthorizeAccess authorizer, final Runnable verifier, final Supplier<Response> action, - final Runnable verifyRevision) { + final Runnable verifyRevision) { final boolean validationPhase = isValidationPhase(httpServletRequest); if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) { @@ -570,7 +572,7 @@ public abstract class ApplicationResource { } else { headers.put(RequestReplicator.REPLICATION_TARGET_NODE_UUID_HEADER, nodeId.getId()); return requestReplicator.replicate(Collections.singleton(getClusterCoordinatorNode()), method, - path, entity, headers, false, true).awaitMergedResponse().getResponse(); + path, entity, headers, false, true).awaitMergedResponse().getResponse(); } } catch (final InterruptedException ie) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Request to " + method + " " + path + " was interrupted").type("text/plain").build(); @@ -663,8 +665,8 @@ public abstract class ApplicationResource { * used will be those provided by the {@link #getHeaders()} method. The URI that will be used will be * that provided by the {@link #getAbsolutePath()} method * - * @param method the HTTP method to use - * @param entity the entity to replicate + * @param method the HTTP method to use + * @param entity the entity to replicate * @param headersToOverride the headers to override * @return the response from the request * @see #replicateNodeResponse(String, Object, Map) @@ -683,12 +685,10 @@ public abstract class ApplicationResource { * that provided by the {@link #getAbsolutePath()} method. This method returns the NodeResponse, * rather than a Response object. * - * @param method the HTTP method to use - * @param entity the entity to replicate + * @param method the HTTP method to use + * @param entity the entity to replicate * @param headersToOverride the headers to override - * * @return the response from the request - * * @throws InterruptedException if interrupted while replicating the request * @see #replicate(String, Object, Map) */ @@ -851,7 +851,7 @@ public abstract class ApplicationResource { } public Response handshakeExceptionResponse(HandshakeException e) { - if(logger.isDebugEnabled()){ + if (logger.isDebugEnabled()) { logger.debug("Handshake failed, {}", e.getMessage()); } ResponseCode handshakeRes = e.getResponseCode(); http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java index 06bba2a..f7fdadf 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java @@ -32,8 +32,6 @@ import org.apache.nifi.connectable.Connectable; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; import org.apache.nifi.web.api.dto.ConnectionDTO; -import org.apache.nifi.web.api.dto.FlowFileSummaryDTO; -import org.apache.nifi.web.api.dto.ListingRequestDTO; import org.apache.nifi.web.api.entity.ConnectionEntity; import org.apache.nifi.web.api.request.ClientIdParameter; import org.apache.nifi.web.api.request.LongParameter; @@ -59,8 +57,8 @@ import java.util.Set; */ @Path("/connections") @Api( - value = "/connections", - description = "Endpoint for managing a Connection." + value = "/connections", + description = "Endpoint for managing a Connection." ) public class ConnectionResource extends ApplicationResource { @@ -87,43 +85,11 @@ public class ConnectionResource extends ApplicationResource { * @return dto */ public ConnectionEntity populateRemainingConnectionEntityContent(ConnectionEntity connectionEntity) { - connectionEntity.setUri(generateResourceUri("connections", connectionEntity.getId())); + connectionEntity.setUri(generateResourceUri("connections", connectionEntity.getId())); return connectionEntity; } /** - * Populate the URIs for the specified flowfile listing. - * - * @param connectionId connection - * @param flowFileListing flowfile listing - * @return dto - */ - public ListingRequestDTO populateRemainingFlowFileListingContent(final String connectionId, final ListingRequestDTO flowFileListing) { - // uri of the listing - flowFileListing.setUri(generateResourceUri("connections", connectionId, "listing-requests", flowFileListing.getId())); - - // uri of each flowfile - if (flowFileListing.getFlowFileSummaries() != null) { - for (final FlowFileSummaryDTO flowFile : flowFileListing.getFlowFileSummaries()) { - populateRemainingFlowFileContent(connectionId, flowFile); - } - } - return flowFileListing; - } - - /** - * Populate the URIs for the specified flowfile. - * - * @param connectionId the connection id - * @param flowFile the flowfile - * @return the dto - */ - public FlowFileSummaryDTO populateRemainingFlowFileContent(final String connectionId, final FlowFileSummaryDTO flowFile) { - flowFile.setUri(generateResourceUri("connections", connectionId, "flowfiles", flowFile.getUuid())); - return flowFile; - } - - /** * Retrieves the specified connection. * * @param id The id of the connection. @@ -134,23 +100,21 @@ public class ConnectionResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("/{id}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets a connection", response = ConnectionEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read Source - /{component-type}/{uuid}", type = ""), + @Authorization(value = "Read Destination - /{component-type}/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response getConnection( @@ -158,7 +122,7 @@ public class ConnectionResource extends ApplicationResource { value = "The connection id.", required = true ) - @PathParam("id") final String id) throws InterruptedException { + @PathParam("id") final String id) throws InterruptedException { if (isReplicateRequest()) { return replicate(HttpMethod.GET); @@ -183,8 +147,8 @@ public class ConnectionResource extends ApplicationResource { * Updates the specified connection. * * @param httpServletRequest request - * @param id The id of the connection. - * @param connectionEntity A connectionEntity. + * @param id The id of the connection. + * @param connectionEntity A connectionEntity. * @return A connectionEntity. * @throws InterruptedException if interrupted */ @@ -192,21 +156,23 @@ public class ConnectionResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("/{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Updates a connection", response = ConnectionEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write Source - /{component-type}/{uuid}", type = ""), + @Authorization(value = "Write Destination - /{component-type}/{uuid}", type = ""), + @Authorization(value = "Write New Destination - /{component-type}/{uuid} - if updating Destination", type = ""), + @Authorization(value = "Write Process Group - /process-groups/{uuid} - if updating Destination", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response updateConnection( @@ -219,7 +185,7 @@ public class ConnectionResource extends ApplicationResource { @ApiParam( value = "The connection configuration details.", required = true - ) final ConnectionEntity connectionEntity) throws InterruptedException { + ) final ConnectionEntity connectionEntity) throws InterruptedException { if (connectionEntity == null || connectionEntity.getComponent() == null) { throw new IllegalArgumentException("Connection details must be specified."); @@ -247,41 +213,41 @@ public class ConnectionResource extends ApplicationResource { final Revision revision = getRevision(connectionEntity, id); return withWriteLock( - serviceFacade, - revision, - lookup -> { - // verifies write access to this connection (this checks the current source and destination) - ConnectionAuthorizable connAuth = lookup.getConnection(id); - connAuth.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); + serviceFacade, + revision, + lookup -> { + // verifies write access to this connection (this checks the current source and destination) + ConnectionAuthorizable connAuth = lookup.getConnection(id); + connAuth.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); - // if a destination has been specified and is different - final Connectable currentDestination = connAuth.getDestination(); - if (connection.getDestination() != null && currentDestination.getIdentifier().equals(connection.getDestination().getId())) { - // verify access of the new destination (current destination was already authorized as part of the connection check) - final Authorizable newDestinationAuthorizable = lookup.getConnectable(connection.getDestination().getId()); - newDestinationAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); + // if a destination has been specified and is different + final Connectable currentDestination = connAuth.getDestination(); + if (connection.getDestination() != null && currentDestination.getIdentifier().equals(connection.getDestination().getId())) { + // verify access of the new destination (current destination was already authorized as part of the connection check) + final Authorizable newDestinationAuthorizable = lookup.getConnectable(connection.getDestination().getId()); + newDestinationAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); - // verify access of the parent group (this is the same check that is performed when creating the connection) - connAuth.getParentGroup().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); - } - }, - () -> serviceFacade.verifyUpdateConnection(connection), - () -> { - final ConnectionEntity entity = serviceFacade.updateConnection(revision, connection); - populateRemainingConnectionEntityContent(entity); + // verify access of the parent group (this is the same check that is performed when creating the connection) + connAuth.getParentGroup().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); + } + }, + () -> serviceFacade.verifyUpdateConnection(connection), + () -> { + final ConnectionEntity entity = serviceFacade.updateConnection(revision, connection); + populateRemainingConnectionEntityContent(entity); - // generate the response - return clusterContext(generateOkResponse(entity)).build(); - }); + // generate the response + return clusterContext(generateOkResponse(entity)).build(); + }); } /** * Removes the specified connection. * * @param httpServletRequest request - * @param version The revision is used to verify the client is working with the latest version of the flow. - * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response. - * @param id The id of the connection. + * @param version The revision is used to verify the client is working with the latest version of the flow. + * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response. + * @param id The id of the connection. * @return An Entity containing the client id and an updated revision. * @throws InterruptedException if interrupted */ @@ -289,21 +255,21 @@ public class ConnectionResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("/{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Deletes a connection", response = ConnectionEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write Source - /{component-type}/{uuid}", type = ""), + @Authorization(value = "Write Destination - /{component-type}/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response deleteConnection( @@ -322,7 +288,7 @@ public class ConnectionResource extends ApplicationResource { value = "The connection id.", required = true ) - @PathParam("id") final String id) throws InterruptedException { + @PathParam("id") final String id) throws InterruptedException { if (isReplicateRequest()) { return replicate(HttpMethod.DELETE); @@ -334,21 +300,21 @@ public class ConnectionResource extends ApplicationResource { // get the current user return withWriteLock( - serviceFacade, - revision, - lookup -> { - // verifies write access to the source and destination - final Authorizable authorizable = lookup.getConnection(id).getAuthorizable(); - authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); - }, - () -> serviceFacade.verifyDeleteConnection(id), - () -> { - // delete the connection - final ConnectionEntity entity = serviceFacade.deleteConnection(revision, id); + serviceFacade, + revision, + lookup -> { + // verifies write access to the source and destination + final Authorizable authorizable = lookup.getConnection(id).getAuthorizable(); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); + }, + () -> serviceFacade.verifyDeleteConnection(id), + () -> { + // delete the connection + final ConnectionEntity entity = serviceFacade.deleteConnection(revision, id); - // generate the response - return clusterContext(generateOkResponse(entity)).build(); - } + // generate the response + return clusterContext(generateOkResponse(entity)).build(); + } ); } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java index 7a5dab7..e622b04 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java @@ -16,25 +16,13 @@ */ package org.apache.nifi.web.api; -import java.net.URI; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.HttpMethod; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; - +import com.sun.jersey.api.core.ResourceContext; +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiParam; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.AccessDeniedException; import org.apache.nifi.authorization.AuthorizationRequest; @@ -60,21 +48,31 @@ import org.apache.nifi.web.api.entity.NodeEntity; import org.apache.nifi.web.api.entity.ReportingTaskEntity; import org.apache.nifi.web.api.request.DateTimeParameter; -import com.sun.jersey.api.core.ResourceContext; -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiParam; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.net.URI; +import java.util.HashMap; +import java.util.Map; /** * RESTful endpoint for managing a Flow Controller. */ @Path("/controller") @Api( - value = "/controller", - description = "Provides realtime command and control of this NiFi instance" + value = "/controller", + description = "Provides realtime command and control of this NiFi instance" ) public class ControllerResource extends ApplicationResource { @@ -93,7 +91,7 @@ public class ControllerResource extends ApplicationResource { private void authorizeController(final RequestAction action) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); - final Map<String,String> userContext; + final Map<String, String> userContext; if (!StringUtils.isBlank(user.getClientAddress())) { userContext = new HashMap<>(); userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress()); @@ -126,23 +124,19 @@ public class ControllerResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("config") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_NIFI')") @ApiOperation( value = "Retrieves the configuration for this NiFi Controller", response = ControllerConfigurationEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN"), - @Authorization(value = "ROLE_NIFI", type = "ROLE_NIFI") + @Authorization(value = "Read - /controller", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response getControllerConfig() { @@ -161,27 +155,26 @@ public class ControllerResource extends ApplicationResource { * Update the configuration for this NiFi. * * @param httpServletRequest request - * @param configEntity A controllerConfigurationEntity. + * @param configEntity A controllerConfigurationEntity. * @return A controllerConfigurationEntity. */ @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("config") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Retrieves the configuration for this NiFi", response = ControllerConfigurationEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /controller", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response updateControllerConfig( @@ -225,7 +218,7 @@ public class ControllerResource extends ApplicationResource { /** * Creates a new Reporting Task. * - * @param httpServletRequest request + * @param httpServletRequest request * @param reportingTaskEntity A reportingTaskEntity. * @return A reportingTaskEntity. */ @@ -233,28 +226,27 @@ public class ControllerResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("reporting-tasks") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( - value = "Creates a new reporting task", - response = ReportingTaskEntity.class, - authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") - } + value = "Creates a new reporting task", + response = ReportingTaskEntity.class, + authorizations = { + @Authorization(value = "Write - /controller", type = "") + } ) @ApiResponses( - value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") - } + value = { + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + } ) public Response createReportingTask( - @Context final HttpServletRequest httpServletRequest, - @ApiParam( - value = "The reporting task configuration details.", - required = true - ) final ReportingTaskEntity reportingTaskEntity) { + @Context final HttpServletRequest httpServletRequest, + @ApiParam( + value = "The reporting task configuration details.", + required = true + ) final ReportingTaskEntity reportingTaskEntity) { if (reportingTaskEntity == null || reportingTaskEntity.getComponent() == null) { throw new IllegalArgumentException("Reporting task details must be specified."); @@ -307,7 +299,7 @@ public class ControllerResource extends ApplicationResource { /** * Creates a new Controller Service. * - * @param httpServletRequest request + * @param httpServletRequest request * @param controllerServiceEntity A controllerServiceEntity. * @return A controllerServiceEntity. */ @@ -315,28 +307,27 @@ public class ControllerResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("controller-services") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( - value = "Creates a new controller service", - response = ControllerServiceEntity.class, - authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") - } + value = "Creates a new controller service", + response = ControllerServiceEntity.class, + authorizations = { + @Authorization(value = "Write - /controller", type = "") + } ) @ApiResponses( - value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") - } + value = { + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + } ) public Response createControllerService( - @Context final HttpServletRequest httpServletRequest, - @ApiParam( - value = "The controller service configuration details.", - required = true - ) final ControllerServiceEntity controllerServiceEntity) { + @Context final HttpServletRequest httpServletRequest, + @ApiParam( + value = "The controller service configuration details.", + required = true + ) final ControllerServiceEntity controllerServiceEntity) { if (controllerServiceEntity == null || controllerServiceEntity.getComponent() == null) { throw new IllegalArgumentException("Controller service details must be specified."); @@ -395,15 +386,12 @@ public class ControllerResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("cluster") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets the contents of the cluster", notes = "Returns the contents of the cluster including all nodes and their status.", response = ClusterEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "DFM", type = "ROLE_DFM"), - @Authorization(value = "Admin", type = "ROLE_ADMIN") + @Authorization(value = "Read - /controller", type = "") } ) @ApiResponses( @@ -447,14 +435,11 @@ public class ControllerResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("cluster/nodes/{id}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets a node in the cluster", response = NodeEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /controller", type = "") } ) @ApiResponses( @@ -494,7 +479,7 @@ public class ControllerResource extends ApplicationResource { /** * Updates the contents of the specified node in this NiFi cluster. * - * @param id The id of the node + * @param id The id of the node * @param nodeEntity A nodeEntity * @return A nodeEntity */ @@ -507,7 +492,7 @@ public class ControllerResource extends ApplicationResource { value = "Updates a node in the cluster", response = NodeEntity.class, authorizations = { - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Write - /controller", type = "") } ) @ApiResponses( @@ -573,12 +558,11 @@ public class ControllerResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("cluster/nodes/{id}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')") @ApiOperation( value = "Removes a node from the cluster", response = NodeEntity.class, authorizations = { - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Write - /controller", type = "") } ) @ApiResponses( @@ -631,12 +615,11 @@ public class ControllerResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("history") - // TODO - @PreAuthorize("hasRole('ROLE_ADMIN')") @ApiOperation( value = "Purges history", response = HistoryEntity.class, authorizations = { - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Write - /controller", type = "") } ) @ApiResponses(