[
https://issues.apache.org/jira/browse/NIFI-1884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293765#comment-15293765
]
ASF GitHub Bot commented on NIFI-1884:
--------------------------------------
Github user bbende commented on a diff in the pull request:
https://github.com/apache/nifi/pull/452#discussion_r64076734
--- Diff:
nifi-api/src/main/java/org/apache/nifi/authorization/AccessPolicy.java ---
@@ -0,0 +1,291 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * Defines a policy for a set of entities to perform a set of actions on a
given resource.
+ */
+public class AccessPolicy {
+
+ private final String identifier;
+
+ private final Resource resource;
+
+ private final Set<String> entities;
+
+ private final Set<RequestAction> actions;
+
+ private AccessPolicy(final AccessPolicyBuilder builder) {
+ this.identifier = builder.identifier;
+ this.resource = builder.resource;
+
+ Set<String> entities = new HashSet<>();
+ if (builder.entities != null) {
+ entities.addAll(builder.entities);
+ }
+ this.entities = Collections.unmodifiableSet(entities);
+
+ Set<RequestAction> actions = new HashSet<>();
+ if (builder.actions != null) {
+ actions.addAll(builder.actions);
+ }
+ this.actions = Collections.unmodifiableSet(actions);
+
+ if (this.identifier == null || this.identifier.trim().isEmpty()) {
+ throw new IllegalArgumentException("Identifier can not be null
or empty");
+ }
+
+ if (this.resource == null) {
+ throw new IllegalArgumentException("Resource can not be null");
+ }
+
+ if (this.entities == null || this.entities.isEmpty()) {
+ throw new IllegalArgumentException("Entities can not be null
or empty");
+ }
+
+ if (this.actions == null || this.actions.isEmpty()) {
+ throw new IllegalArgumentException("Actions can not be null or
empty");
+ }
+ }
+
+ /**
+ * @return the identifier for this policy
+ */
+ public String getIdentifier() {
+ return identifier;
+ }
+
+ /**
+ * @return the resource for this policy
+ */
+ public Resource getResource() {
+ return resource;
+ }
+
+ /**
+ * @return an unmodifiable set of entity ids for this policy
+ */
+ public Set<String> getEntities() {
+ return entities;
+ }
+
+ /**
+ * @return an unmodifiable set of actions for this policy
+ */
+ public Set<RequestAction> getActions() {
+ return actions;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == null) {
+ return false;
+ }
+ if (getClass() != obj.getClass()) {
+ return false;
+ }
+
+ final AccessPolicy other = (AccessPolicy) obj;
+ return Objects.equals(this.identifier, other.identifier);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hashCode(this.identifier);
+ }
+
+ @Override
+ public String toString() {
+ return String.format("identifier[%s], resource[%s], entityId[%s],
action[%s]",
+ getIdentifier(), getResource().getIdentifier(),
getEntities(), getActions(), ", ");
+ }
+
+ /**
+ * Builder for Access Policies.
+ */
+ public static class AccessPolicyBuilder {
+
+ private String identifier;
+ private Resource resource;
+ private Set<String> entities = new HashSet<>();
+ private Set<RequestAction> actions = new HashSet<>();
+ private final boolean fromPolicy;
+
+ /**
+ * Default constructor for building a new AccessPolicy.
+ */
+ public AccessPolicyBuilder() {
+ this.fromPolicy = false;
+ }
+
+ /**
+ * Initializes the builder with the state of the provided policy.
When using this constructor
+ * the identifier field of the builder can not be changed and will
result in an IllegalStateException
+ * if attempting to do so.
+ *
+ * @param other the existing access policy to initialize from
+ */
+ public AccessPolicyBuilder(final AccessPolicy other) {
+ if (other == null) {
+ throw new IllegalArgumentException("Can not initialize
builder with a null access policy");
+ }
+
+ this.identifier = other.getIdentifier();
+ this.resource = other.getResource();
+ this.entities.clear();
+ this.entities.addAll(other.getEntities());
+ this.actions.clear();
+ this.actions.addAll(other.getActions());
+ this.fromPolicy = true;
+ }
+
+ /**
+ * Sets the identifier of the builder.
+ *
+ * @param identifier the identifier to set
+ * @return the builder
+ * @throws IllegalStateException if this method is called when
this builder was constructed from an existing Policy
+ */
+ public AccessPolicyBuilder identifier(final String identifier) {
+ if (fromPolicy) {
+ throw new IllegalStateException(
+ "Identifier can not be changed when initialized
from an existing policy");
+ }
+
+ this.identifier = identifier;
+ return this;
+ }
+
+ /**
+ * Sets the resource of the builder.
+ *
+ * @param resource the resource to set
+ * @return the builder
+ */
+ public AccessPolicyBuilder resource(final Resource resource) {
+ this.resource = resource;
+ return this;
+ }
+
+ /**
+ * Adds all the entities from the provided set to the builder's
set of entities.
+ *
+ * @param entities the entities to add
+ * @return the builder
+ */
+ public AccessPolicyBuilder addEntities(final Set<String> entities)
{
--- End diff --
We probably could do that... personally I like being able to say
addEntity("a").addEntity("b") rather than creating a set of 2 elements, but
I'm sure theres some utility that returns a set from var args and could make it
just as easy.
Since the methods are already there I would opt to leave them unless you
felt really strongly about it.
> Add User & Group API
> --------------------
>
> Key: NIFI-1884
> URL: https://issues.apache.org/jira/browse/NIFI-1884
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Minor
> Fix For: 1.0.0
>
>
> Define the API for managing users, groups, and policies.
> This is to advance the work described in this feature proposal:
> https://cwiki.apache.org/confluence/display/NIFI/Support+Authorizer+API
> The parent JIRA for all authorization work is NIFI-1550.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
