[jira] [Commented] (NIFI-375) New user role: Operator who can start and stop components

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16612588#comment-16612588
 ] 

ASF GitHub Bot commented on NIFI-375:
-------------------------------------

Github user mcgilman commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2990#discussion_r217134368
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
 ---
    @@ -741,6 +743,88 @@ public Response removeControllerService(
             );
         }
     
    +    /**
    +     * Updates the operational status for the specified controller service 
with the specified values.
    +     *
    +     * @param httpServletRequest      request
    +     * @param id                      The id of the controller service to 
update.
    +     * @param requestRunStatus    A runStatusEntity.
    +     * @return A controllerServiceEntity.
    +     */
    +    @PUT
    +    @Consumes(MediaType.APPLICATION_JSON)
    +    @Produces(MediaType.APPLICATION_JSON)
    +    @Path("{id}/run-status")
    +    @ApiOperation(
    +            value = "Updates run status of a controller service",
    +            response = ControllerServiceEntity.class,
    +            authorizations = {
    +                    @Authorization(value = "Write - 
/controller-services/{uuid} or /operation/controller-services/{uuid}")
    +            }
    +    )
    +    @ApiResponses(
    +            value = {
    +                    @ApiResponse(code = 400, message = "NiFi was unable to 
complete the request because it was invalid. The request should not be retried 
without modification."),
    +                    @ApiResponse(code = 401, message = "Client could not 
be authenticated."),
    +                    @ApiResponse(code = 403, message = "Client is not 
authorized to make this request."),
    +                    @ApiResponse(code = 404, message = "The specified 
resource could not be found."),
    +                    @ApiResponse(code = 409, message = "The request was 
valid but NiFi was not in the appropriate state to process it. Retrying the 
same request later may be successful.")
    +            }
    +    )
    +    public Response updateRunStatus(
    +            @Context HttpServletRequest httpServletRequest,
    +            @ApiParam(
    +                    value = "The controller service id.",
    +                    required = true
    +            )
    +            @PathParam("id") final String id,
    +            @ApiParam(
    +                    value = "The controller service run status.",
    +                    required = true
    +            ) final ControllerServiceRunStatusEntity requestRunStatus) {
    +
    +        if (requestRunStatus == null) {
    +            throw new IllegalArgumentException("Controller service run 
status must be specified.");
    +        }
    +
    +        if (requestRunStatus.getRevision() == null) {
    +            throw new IllegalArgumentException("Revision must be 
specified.");
    +        }
    +
    +        requestRunStatus.validateState();
    +
    +        if (isReplicateRequest()) {
    +            return replicate(HttpMethod.PUT, requestRunStatus);
    +        }  else if (isDisconnectedFromCluster()) {
    +            
verifyDisconnectedNodeModification(requestRunStatus.isDisconnectedNodeAcknowledged());
    +        }
    +
    +        // handle expects request (usually from the cluster manager)
    +        final Revision requestRevision = 
getRevision(requestRunStatus.getRevision(), id);
    +        // Create DTO to verify if it can be updated.
    +        final ControllerServiceDTO controllerServiceDTO = new 
ControllerServiceDTO();
    +        controllerServiceDTO.setId(id);
    +        controllerServiceDTO.setState(requestRunStatus.getState());
    +        return withWriteLock(
    +                serviceFacade,
    +                requestRunStatus,
    +                requestRevision,
    +                lookup -> {
    +                    // authorize the service
    +                    final Authorizable authorizable = 
lookup.getControllerService(id).getAuthorizable();
    +                    OperationAuthorizable.authorize(authorizable, 
authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    +                },
    +                () -> 
serviceFacade.verifyUpdateControllerService(controllerServiceDTO),
    +                (revision, runStatusEntity) -> {
    +                    // update the controller service
    +                    final ControllerServiceEntity entity = 
serviceFacade.updateControllerService(revision, controllerServiceDTO);
    --- End diff --
    
    We need to recreate this `controllerServiceDTO` using the `runStatusEntity` 
due to how we authorize/cache requests during our two phase commit.


> New user role: Operator who can start and stop components
> ---------------------------------------------------------
>
>                 Key: NIFI-375
>                 URL: https://issues.apache.org/jira/browse/NIFI-375
>             Project: Apache NiFi
>          Issue Type: New Feature
>          Components: Core Framework
>            Reporter: Daniel Ueberfluss
>            Assignee: Koji Kawamura
>            Priority: Major
>
> Would like to have a user role that allows a user to stop/start processors 
> but perform no other changes to the dataflow.
> This would allow users to address simple problems without providing full 
> access to modifying a data flow. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)