Github user jtstorck commented on a diff in the pull request:
https://github.com/apache/nifi/pull/473#discussion_r65270822
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
---
@@ -127,153 +145,766 @@ public void onConfigured(final
AuthorizerConfigurationContext configurationConte
}
}
- final PropertyValue rawReloadInterval =
configurationContext.getProperty("Reload Interval");
+ // load the authorizations
+ load();
+
+ // if there are no users or policies then see if an initial
admin was provided
+ if (allUsers.get().isEmpty() && allPolicies.get().isEmpty()) {
+ final PropertyValue initialAdminIdentity =
configurationContext.getProperty("Initial Admin Identity");
+ if (initialAdminIdentity != null &&
!StringUtils.isBlank(initialAdminIdentity.getValue())) {
+ populateInitialAdmin(initialAdminIdentity.getValue());
+ }
+ }
+
+ // if we've copied the authorizations file to a restore
directory synchronize it
+ if (restoreAuthorizationsFile != null) {
+ FileUtils.copyFile(authorizationsFile,
restoreAuthorizationsFile, false, false, logger);
+ }
+
+ logger.info(String.format("Authorizations file loaded at %s",
new Date().toString()));
+
+ } catch (IOException | AuthorizerCreationException | JAXBException
| IllegalStateException e) {
+ throw new AuthorizerCreationException(e);
+ }
+ }
+
+ /**
+ * Reloads the authorized users file.
+ *
+ * @throws JAXBException Unable to reload the authorized
users file
+ * @throws IOException Unable to sync file with restore
+ * @throws IllegalStateException Unable to sync file with restore
+ */
+ private void load() throws JAXBException, IOException,
IllegalStateException {
+ // attempt to unmarshal
+ final Unmarshaller unmarshaller =
JAXB_CONTEXT.createUnmarshaller();
+ unmarshaller.setSchema(schema);
+ final JAXBElement<Authorizations> element =
unmarshaller.unmarshal(new StreamSource(authorizationsFile),
Authorizations.class);
+
+ final Authorizations authorizations = element.getValue();
+
+ if (authorizations.getUsers() == null) {
+ authorizations.setUsers(new Users());
+ }
+ if (authorizations.getGroups() == null) {
+ authorizations.setGroups(new Groups());
+ }
+ if (authorizations.getPolicies() == null) {
+ authorizations.setPolicies(new Policies());
+ }
+
+ this.authorizations.set(authorizations);
+ load(authorizations);
+ }
+
+ /**
+ * Loads the internal data structures from the given Authorizations.
+ *
+ * @param authorizations the Authorizations to populate from
+ */
+ private void load(final Authorizations authorizations) {
+ // load all users
+ final Users users = authorizations.getUsers();
+ final Set<User> allUsers =
Collections.unmodifiableSet(createUsers(users));
+
+ // load all groups
+ final Groups groups = authorizations.getGroups();
+ final Set<Group> allGroups =
Collections.unmodifiableSet(createGroups(groups, users));
+
+ // load all access policies
+ final Policies policies = authorizations.getPolicies();
+ final Set<AccessPolicy> allPolicies =
Collections.unmodifiableSet(createAccessPolicies(policies));
+
+ // create a convenience map to retrieve a user by id
+ final Map<String, User> userByIdMap =
Collections.unmodifiableMap(createUserByIdMap(allUsers));
+
+ // create a convenience map to retrieve a user by identity
+ final Map<String, User> userByIdentityMap =
Collections.unmodifiableMap(createUserByIdentityMap(allUsers));
+
+ // create a convenience map to retrieve a group by id
+ final Map<String, Group> groupByIdMap =
Collections.unmodifiableMap(createGroupByIdMap(allGroups));
+
+ // create a convenience map from resource id to policies
+ final Map<String, Set<AccessPolicy>> resourcePolicies =
Collections.unmodifiableMap(createResourcePolicyMap(allPolicies));
--- End diff --
Based on the other names of the maps here, do you think
policiesByResourceId is a more descriptive/accurate name for `resourcePolicies`?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
