(nifi) branch main updated: NIFI-12599 Added READ_FILESYSTEM Permissions to Lookup Services

Fri, 12 Jan 2024 12:54:15 -0800 

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new f95dde1630 NIFI-12599 Added READ_FILESYSTEM Permissions to Lookup 
Services
f95dde1630 is described below

commit f95dde16309b9a521bbadb4db639519410bc80e2
Author: Pierre Villard <pierre.villard...@gmail.com>
AuthorDate: Thu Jan 11 22:27:22 2024 +0400

    NIFI-12599 Added READ_FILESYSTEM Permissions to Lookup Services
    
    This closes #8236
    
    Signed-off-by: David Handermann <exceptionfact...@apache.org>
---
 .../java/org/apache/nifi/lookup/CSVRecordLookupService.java   | 10 ++++++++++
 .../org/apache/nifi/lookup/PropertiesFileLookupService.java   | 11 ++++++++++-
 .../org/apache/nifi/lookup/SimpleCsvFileLookupService.java    | 11 +++++++++++
 .../java/org/apache/nifi/lookup/XMLFileLookupService.java     | 10 ++++++++++
 4 files changed, 41 insertions(+), 1 deletion(-)

diff --git 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java
 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java
index 2b8bff90c5..4166c30a3e 100644
--- 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java
+++ 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java
@@ -34,11 +34,14 @@ import java.util.stream.Stream;
 import org.apache.commons.csv.CSVParser;
 import org.apache.commons.csv.CSVRecord;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.annotation.behavior.Restricted;
+import org.apache.nifi.annotation.behavior.Restriction;
 import org.apache.nifi.annotation.documentation.CapabilityDescription;
 import org.apache.nifi.annotation.documentation.Tags;
 import org.apache.nifi.annotation.lifecycle.OnDisabled;
 import org.apache.nifi.annotation.lifecycle.OnEnabled;
 import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.RequiredPermission;
 import org.apache.nifi.controller.ConfigurationContext;
 import org.apache.nifi.logging.ComponentLog;
 import org.apache.nifi.reporting.InitializationException;
@@ -55,6 +58,13 @@ import org.apache.nifi.serialization.record.RecordSchema;
         "the columns are returned as a Record. All returned fields will be 
strings. The first line of the csv file " +
         "is considered as header."
 )
+@Restricted(
+        restrictions = {
+                @Restriction(
+                        requiredPermission = 
RequiredPermission.READ_FILESYSTEM,
+                        explanation = "Provides operator the ability to read 
from any file that NiFi has access to.")
+        }
+)
 public class CSVRecordLookupService extends AbstractCSVLookupService 
implements RecordLookupService {
 
     private static final Set<String> REQUIRED_KEYS = 
Collections.unmodifiableSet(Stream.of(KEY).collect(Collectors.toSet()));
diff --git 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java
 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java
index 7d78cfd527..628059661f 100644
--- 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java
+++ 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java
@@ -17,13 +17,22 @@
 package org.apache.nifi.lookup;
 
 import org.apache.commons.configuration2.PropertiesConfiguration;
-
+import org.apache.nifi.annotation.behavior.Restricted;
+import org.apache.nifi.annotation.behavior.Restriction;
 import org.apache.nifi.annotation.documentation.CapabilityDescription;
 import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.components.RequiredPermission;
 import org.apache.nifi.lookup.configuration2.CommonsConfigurationLookupService;
 
 @Tags({"lookup", "cache", "enrich", "join", "properties", "reloadable", "key", 
"value"})
 @CapabilityDescription("A reloadable properties file-based lookup service")
+@Restricted(
+        restrictions = {
+                @Restriction(
+                        requiredPermission = 
RequiredPermission.READ_FILESYSTEM,
+                        explanation = "Provides operator the ability to read 
from any file that NiFi has access to.")
+        }
+)
 public class PropertiesFileLookupService extends 
CommonsConfigurationLookupService<PropertiesConfiguration> {
 
 }
diff --git 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java
 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java
index 453d12576f..08d5a3bac7 100644
--- 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java
+++ 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java
@@ -31,11 +31,14 @@ import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import org.apache.commons.csv.CSVRecord;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.annotation.behavior.Restricted;
+import org.apache.nifi.annotation.behavior.Restriction;
 import org.apache.nifi.annotation.documentation.CapabilityDescription;
 import org.apache.nifi.annotation.documentation.Tags;
 import org.apache.nifi.annotation.lifecycle.OnDisabled;
 import org.apache.nifi.annotation.lifecycle.OnEnabled;
 import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.RequiredPermission;
 import org.apache.nifi.controller.ConfigurationContext;
 import org.apache.nifi.controller.ControllerServiceInitializationContext;
 import org.apache.nifi.expression.ExpressionLanguageScope;
@@ -46,6 +49,13 @@ import org.apache.nifi.reporting.InitializationException;
 @Tags({"lookup", "cache", "enrich", "join", "csv", "reloadable", "key", 
"value"})
 @CapabilityDescription("A reloadable CSV file-based lookup service. The first 
line of the csv file is considered as " +
         "header.")
+@Restricted(
+        restrictions = {
+                @Restriction(
+                        requiredPermission = 
RequiredPermission.READ_FILESYSTEM,
+                        explanation = "Provides operator the ability to read 
from any file that NiFi has access to.")
+        }
+)
 public class SimpleCsvFileLookupService extends AbstractCSVLookupService 
implements StringLookupService {
 
     private static final Set<String> REQUIRED_KEYS = 
Collections.unmodifiableSet(Stream.of(KEY).collect(Collectors.toSet()));
@@ -109,6 +119,7 @@ public class SimpleCsvFileLookupService extends 
AbstractCSVLookupService impleme
         properties.add(LOOKUP_VALUE_COLUMN);
     }
 
+    @Override
     @OnEnabled
     public void onEnabled(final ConfigurationContext context) throws 
IOException, InitializationException {
         super.onEnabled(context);
diff --git 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java
 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java
index aaeb8f21c9..b0c2698838 100644
--- 
a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java
+++ 
b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java
@@ -16,8 +16,11 @@
  */
 package org.apache.nifi.lookup;
 
+import org.apache.nifi.annotation.behavior.Restricted;
+import org.apache.nifi.annotation.behavior.Restriction;
 import org.apache.nifi.annotation.documentation.CapabilityDescription;
 import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.components.RequiredPermission;
 import org.apache.nifi.lookup.configuration2.CommonsConfigurationLookupService;
 import org.apache.nifi.lookup.configuration2.SafeXMLConfiguration;
 
@@ -28,6 +31,13 @@ import 
org.apache.nifi.lookup.configuration2.SafeXMLConfiguration;
         " Example XML configuration file and how to access specific 
configuration can be found at" +
         " 
http://commons.apache.org/proper/commons-configuration/userguide/howto_hierarchical.html.";
 +
         " External entity processing is disabled.")
+@Restricted(
+        restrictions = {
+                @Restriction(
+                        requiredPermission = 
RequiredPermission.READ_FILESYSTEM,
+                        explanation = "Provides operator the ability to read 
from any file that NiFi has access to.")
+        }
+)
 public class XMLFileLookupService extends 
CommonsConfigurationLookupService<SafeXMLConfiguration> {
 
 }

Reply via email to