This is an automated email from the ASF dual-hosted git repository. exceptionfactory pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new f95dde1630 NIFI-12599 Added READ_FILESYSTEM Permissions to Lookup Services f95dde1630 is described below commit f95dde16309b9a521bbadb4db639519410bc80e2 Author: Pierre Villard <pierre.villard...@gmail.com> AuthorDate: Thu Jan 11 22:27:22 2024 +0400 NIFI-12599 Added READ_FILESYSTEM Permissions to Lookup Services This closes #8236 Signed-off-by: David Handermann <exceptionfact...@apache.org> --- .../java/org/apache/nifi/lookup/CSVRecordLookupService.java | 10 ++++++++++ .../org/apache/nifi/lookup/PropertiesFileLookupService.java | 11 ++++++++++- .../org/apache/nifi/lookup/SimpleCsvFileLookupService.java | 11 +++++++++++ .../java/org/apache/nifi/lookup/XMLFileLookupService.java | 10 ++++++++++ 4 files changed, 41 insertions(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java index 2b8bff90c5..4166c30a3e 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java +++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/CSVRecordLookupService.java @@ -34,11 +34,14 @@ import java.util.stream.Stream; import org.apache.commons.csv.CSVParser; import org.apache.commons.csv.CSVRecord; import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.annotation.behavior.Restricted; +import org.apache.nifi.annotation.behavior.Restriction; import org.apache.nifi.annotation.documentation.CapabilityDescription; import org.apache.nifi.annotation.documentation.Tags; import org.apache.nifi.annotation.lifecycle.OnDisabled; import org.apache.nifi.annotation.lifecycle.OnEnabled; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.RequiredPermission; import org.apache.nifi.controller.ConfigurationContext; import org.apache.nifi.logging.ComponentLog; import org.apache.nifi.reporting.InitializationException; @@ -55,6 +58,13 @@ import org.apache.nifi.serialization.record.RecordSchema; "the columns are returned as a Record. All returned fields will be strings. The first line of the csv file " + "is considered as header." ) +@Restricted( + restrictions = { + @Restriction( + requiredPermission = RequiredPermission.READ_FILESYSTEM, + explanation = "Provides operator the ability to read from any file that NiFi has access to.") + } +) public class CSVRecordLookupService extends AbstractCSVLookupService implements RecordLookupService { private static final Set<String> REQUIRED_KEYS = Collections.unmodifiableSet(Stream.of(KEY).collect(Collectors.toSet())); diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java index 7d78cfd527..628059661f 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java +++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/PropertiesFileLookupService.java @@ -17,13 +17,22 @@ package org.apache.nifi.lookup; import org.apache.commons.configuration2.PropertiesConfiguration; - +import org.apache.nifi.annotation.behavior.Restricted; +import org.apache.nifi.annotation.behavior.Restriction; import org.apache.nifi.annotation.documentation.CapabilityDescription; import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.components.RequiredPermission; import org.apache.nifi.lookup.configuration2.CommonsConfigurationLookupService; @Tags({"lookup", "cache", "enrich", "join", "properties", "reloadable", "key", "value"}) @CapabilityDescription("A reloadable properties file-based lookup service") +@Restricted( + restrictions = { + @Restriction( + requiredPermission = RequiredPermission.READ_FILESYSTEM, + explanation = "Provides operator the ability to read from any file that NiFi has access to.") + } +) public class PropertiesFileLookupService extends CommonsConfigurationLookupService<PropertiesConfiguration> { } diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java index 453d12576f..08d5a3bac7 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java +++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/SimpleCsvFileLookupService.java @@ -31,11 +31,14 @@ import java.util.stream.Collectors; import java.util.stream.Stream; import org.apache.commons.csv.CSVRecord; import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.annotation.behavior.Restricted; +import org.apache.nifi.annotation.behavior.Restriction; import org.apache.nifi.annotation.documentation.CapabilityDescription; import org.apache.nifi.annotation.documentation.Tags; import org.apache.nifi.annotation.lifecycle.OnDisabled; import org.apache.nifi.annotation.lifecycle.OnEnabled; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.RequiredPermission; import org.apache.nifi.controller.ConfigurationContext; import org.apache.nifi.controller.ControllerServiceInitializationContext; import org.apache.nifi.expression.ExpressionLanguageScope; @@ -46,6 +49,13 @@ import org.apache.nifi.reporting.InitializationException; @Tags({"lookup", "cache", "enrich", "join", "csv", "reloadable", "key", "value"}) @CapabilityDescription("A reloadable CSV file-based lookup service. The first line of the csv file is considered as " + "header.") +@Restricted( + restrictions = { + @Restriction( + requiredPermission = RequiredPermission.READ_FILESYSTEM, + explanation = "Provides operator the ability to read from any file that NiFi has access to.") + } +) public class SimpleCsvFileLookupService extends AbstractCSVLookupService implements StringLookupService { private static final Set<String> REQUIRED_KEYS = Collections.unmodifiableSet(Stream.of(KEY).collect(Collectors.toSet())); @@ -109,6 +119,7 @@ public class SimpleCsvFileLookupService extends AbstractCSVLookupService impleme properties.add(LOOKUP_VALUE_COLUMN); } + @Override @OnEnabled public void onEnabled(final ConfigurationContext context) throws IOException, InitializationException { super.onEnabled(context); diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java index aaeb8f21c9..b0c2698838 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java +++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/XMLFileLookupService.java @@ -16,8 +16,11 @@ */ package org.apache.nifi.lookup; +import org.apache.nifi.annotation.behavior.Restricted; +import org.apache.nifi.annotation.behavior.Restriction; import org.apache.nifi.annotation.documentation.CapabilityDescription; import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.components.RequiredPermission; import org.apache.nifi.lookup.configuration2.CommonsConfigurationLookupService; import org.apache.nifi.lookup.configuration2.SafeXMLConfiguration; @@ -28,6 +31,13 @@ import org.apache.nifi.lookup.configuration2.SafeXMLConfiguration; " Example XML configuration file and how to access specific configuration can be found at" + " http://commons.apache.org/proper/commons-configuration/userguide/howto_hierarchical.html." + " External entity processing is disabled.") +@Restricted( + restrictions = { + @Restriction( + requiredPermission = RequiredPermission.READ_FILESYSTEM, + explanation = "Provides operator the ability to read from any file that NiFi has access to.") + } +) public class XMLFileLookupService extends CommonsConfigurationLookupService<SafeXMLConfiguration> { }