nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-1884) Add User & Group API
Date Fri, 20 May 2016 17:24:13 GMT

    [ https://issues.apache.org/jira/browse/NIFI-1884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293765#comment-15293765
] 

ASF GitHub Bot commented on NIFI-1884:
--------------------------------------

Github user bbende commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/452#discussion_r64076734
  
    --- Diff: nifi-api/src/main/java/org/apache/nifi/authorization/AccessPolicy.java ---
    @@ -0,0 +1,291 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.nifi.authorization;
    +
    +import java.util.Collections;
    +import java.util.HashSet;
    +import java.util.Objects;
    +import java.util.Set;
    +
    +/**
    + * Defines a policy for a set of entities to perform a set of actions on a given resource.
    + */
    +public class AccessPolicy {
    +
    +    private final String identifier;
    +
    +    private final Resource resource;
    +
    +    private final Set<String> entities;
    +
    +    private final Set<RequestAction> actions;
    +
    +    private AccessPolicy(final AccessPolicyBuilder builder) {
    +        this.identifier = builder.identifier;
    +        this.resource = builder.resource;
    +
    +        Set<String> entities = new HashSet<>();
    +        if (builder.entities != null) {
    +            entities.addAll(builder.entities);
    +        }
    +        this.entities = Collections.unmodifiableSet(entities);
    +
    +        Set<RequestAction> actions = new HashSet<>();
    +        if (builder.actions != null) {
    +            actions.addAll(builder.actions);
    +        }
    +        this.actions = Collections.unmodifiableSet(actions);
    +
    +        if (this.identifier == null || this.identifier.trim().isEmpty()) {
    +            throw new IllegalArgumentException("Identifier can not be null or empty");
    +        }
    +
    +        if (this.resource == null) {
    +            throw new IllegalArgumentException("Resource can not be null");
    +        }
    +
    +        if (this.entities == null || this.entities.isEmpty()) {
    +            throw new IllegalArgumentException("Entities can not be null or empty");
    +        }
    +
    +        if (this.actions == null || this.actions.isEmpty()) {
    +            throw new IllegalArgumentException("Actions can not be null or empty");
    +        }
    +    }
    +
    +    /**
    +     * @return the identifier for this policy
    +     */
    +    public String getIdentifier() {
    +        return identifier;
    +    }
    +
    +    /**
    +     * @return the resource for this policy
    +     */
    +    public Resource getResource() {
    +        return resource;
    +    }
    +
    +    /**
    +     * @return an unmodifiable set of entity ids for this policy
    +     */
    +    public Set<String> getEntities() {
    +        return entities;
    +    }
    +
    +    /**
    +     * @return an unmodifiable set of actions for this policy
    +     */
    +    public Set<RequestAction> getActions() {
    +        return actions;
    +    }
    +
    +    @Override
    +    public boolean equals(Object obj) {
    +        if (obj == null) {
    +            return false;
    +        }
    +        if (getClass() != obj.getClass()) {
    +            return false;
    +        }
    +
    +        final AccessPolicy other = (AccessPolicy) obj;
    +        return Objects.equals(this.identifier, other.identifier);
    +    }
    +
    +    @Override
    +    public int hashCode() {
    +        return Objects.hashCode(this.identifier);
    +    }
    +
    +    @Override
    +    public String toString() {
    +        return String.format("identifier[%s], resource[%s], entityId[%s], action[%s]",
    +                getIdentifier(), getResource().getIdentifier(), getEntities(), getActions(),
", ");
    +    }
    +
    +    /**
    +     * Builder for Access Policies.
    +     */
    +    public static class AccessPolicyBuilder {
    +
    +        private String identifier;
    +        private Resource resource;
    +        private Set<String> entities = new HashSet<>();
    +        private Set<RequestAction> actions = new HashSet<>();
    +        private final boolean fromPolicy;
    +
    +        /**
    +         * Default constructor for building a new AccessPolicy.
    +         */
    +        public AccessPolicyBuilder() {
    +            this.fromPolicy = false;
    +        }
    +
    +        /**
    +         * Initializes the builder with the state of the provided policy. When using
this constructor
    +         * the identifier field of the builder can not be changed and will result in
an IllegalStateException
    +         * if attempting to do so.
    +         *
    +         * @param other the existing access policy to initialize from
    +         */
    +        public AccessPolicyBuilder(final AccessPolicy other) {
    +            if (other == null) {
    +                throw new IllegalArgumentException("Can not initialize builder with a
null access policy");
    +            }
    +
    +            this.identifier = other.getIdentifier();
    +            this.resource = other.getResource();
    +            this.entities.clear();
    +            this.entities.addAll(other.getEntities());
    +            this.actions.clear();
    +            this.actions.addAll(other.getActions());
    +            this.fromPolicy = true;
    +        }
    +
    +        /**
    +         * Sets the identifier of the builder.
    +         *
    +         * @param identifier the identifier to set
    +         * @return the builder
    +         * @throws IllegalStateException if this method is called when this builder was
constructed from an existing Policy
    +         */
    +        public AccessPolicyBuilder identifier(final String identifier) {
    +            if (fromPolicy) {
    +                throw new IllegalStateException(
    +                        "Identifier can not be changed when initialized from an existing
policy");
    +            }
    +
    +            this.identifier = identifier;
    +            return this;
    +        }
    +
    +        /**
    +         * Sets the resource of the builder.
    +         *
    +         * @param resource the resource to set
    +         * @return the builder
    +         */
    +        public AccessPolicyBuilder resource(final Resource resource) {
    +            this.resource = resource;
    +            return this;
    +        }
    +
    +        /**
    +         * Adds all the entities from the provided set to the builder's set of entities.
    +         *
    +         * @param entities the entities to add
    +         * @return the builder
    +         */
    +        public AccessPolicyBuilder addEntities(final Set<String> entities) {
    --- End diff --
    
    We probably could do that... personally I like being able to say addEntity("a").addEntity("b")
 rather than creating a set of 2 elements, but I'm sure theres some utility that returns a
set from var args and could make it just as easy.
    
    Since the methods are already there I would opt to leave them unless you felt really strongly
about it.


> Add User & Group API
> --------------------
>
>                 Key: NIFI-1884
>                 URL: https://issues.apache.org/jira/browse/NIFI-1884
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Core Framework
>            Reporter: Bryan Bende
>            Assignee: Bryan Bende
>            Priority: Minor
>             Fix For: 1.0.0
>
>
> Define the API for  managing users, groups, and policies.
> This is to advance the work described in this feature proposal:
>  https://cwiki.apache.org/confluence/display/NIFI/Support+Authorizer+API
> The parent JIRA for all authorization work is NIFI-1550.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message