[jira] [Commented] (NIFI-375) New user role: Operator who can start and stop components

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16613060#comment-16613060
 ] 

ASF GitHub Bot commented on NIFI-375:
-------------------------------------

Github user ijokarumawak commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2990#discussion_r217269181
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
 ---
    @@ -741,6 +743,88 @@ public Response removeControllerService(
             );
         }
     
    +    /**
    +     * Updates the operational status for the specified controller service 
with the specified values.
    +     *
    +     * @param httpServletRequest      request
    +     * @param id                      The id of the controller service to 
update.
    +     * @param requestRunStatus    A runStatusEntity.
    +     * @return A controllerServiceEntity.
    +     */
    +    @PUT
    +    @Consumes(MediaType.APPLICATION_JSON)
    +    @Produces(MediaType.APPLICATION_JSON)
    +    @Path("{id}/run-status")
    +    @ApiOperation(
    +            value = "Updates run status of a controller service",
    +            response = ControllerServiceEntity.class,
    +            authorizations = {
    +                    @Authorization(value = "Write - 
/controller-services/{uuid} or /operation/controller-services/{uuid}")
    +            }
    +    )
    +    @ApiResponses(
    +            value = {
    +                    @ApiResponse(code = 400, message = "NiFi was unable to 
complete the request because it was invalid. The request should not be retried 
without modification."),
    +                    @ApiResponse(code = 401, message = "Client could not 
be authenticated."),
    +                    @ApiResponse(code = 403, message = "Client is not 
authorized to make this request."),
    +                    @ApiResponse(code = 404, message = "The specified 
resource could not be found."),
    +                    @ApiResponse(code = 409, message = "The request was 
valid but NiFi was not in the appropriate state to process it. Retrying the 
same request later may be successful.")
    +            }
    +    )
    +    public Response updateRunStatus(
    +            @Context HttpServletRequest httpServletRequest,
    +            @ApiParam(
    +                    value = "The controller service id.",
    +                    required = true
    +            )
    +            @PathParam("id") final String id,
    +            @ApiParam(
    +                    value = "The controller service run status.",
    +                    required = true
    +            ) final ControllerServiceRunStatusEntity requestRunStatus) {
    +
    +        if (requestRunStatus == null) {
    +            throw new IllegalArgumentException("Controller service run 
status must be specified.");
    +        }
    +
    +        if (requestRunStatus.getRevision() == null) {
    +            throw new IllegalArgumentException("Revision must be 
specified.");
    +        }
    +
    +        requestRunStatus.validateState();
    +
    +        if (isReplicateRequest()) {
    +            return replicate(HttpMethod.PUT, requestRunStatus);
    +        }  else if (isDisconnectedFromCluster()) {
    +            
verifyDisconnectedNodeModification(requestRunStatus.isDisconnectedNodeAcknowledged());
    +        }
    +
    +        // handle expects request (usually from the cluster manager)
    +        final Revision requestRevision = 
getRevision(requestRunStatus.getRevision(), id);
    +        // Create DTO to verify if it can be updated.
    +        final ControllerServiceDTO controllerServiceDTO = new 
ControllerServiceDTO();
    +        controllerServiceDTO.setId(id);
    +        controllerServiceDTO.setState(requestRunStatus.getState());
    +        return withWriteLock(
    +                serviceFacade,
    +                requestRunStatus,
    +                requestRevision,
    +                lookup -> {
    +                    // authorize the service
    +                    final Authorizable authorizable = 
lookup.getControllerService(id).getAuthorizable();
    +                    OperationAuthorizable.authorize(authorizable, 
authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    +                },
    +                () -> 
serviceFacade.verifyUpdateControllerService(controllerServiceDTO),
    +                (revision, runStatusEntity) -> {
    +                    // update the controller service
    +                    final ControllerServiceEntity entity = 
serviceFacade.updateControllerService(revision, controllerServiceDTO);
    --- End diff --
    
    To be honest, I don't fully understand how much this is going to be 
critical as the DTO and entity only have the desired state and guid, those are 
not changing during the two phase commit. I think I'm missing some scenario 
here. But I've modified the code to create DTO at each function that is passed 
to the `withWriteLock` method.


> New user role: Operator who can start and stop components
> ---------------------------------------------------------
>
>                 Key: NIFI-375
>                 URL: https://issues.apache.org/jira/browse/NIFI-375
>             Project: Apache NiFi
>          Issue Type: New Feature
>          Components: Core Framework
>            Reporter: Daniel Ueberfluss
>            Assignee: Koji Kawamura
>            Priority: Major
>
> Would like to have a user role that allows a user to stop/start processors 
> but perform no other changes to the dataflow.
> This would allow users to address simple problems without providing full 
> access to modifying a data flow. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)