[jira] [Commented] (NIFI-375) New user role: Operator who can start and stop components

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16612586#comment-16612586
 ] 

ASF GitHub Bot commented on NIFI-375:
-------------------------------------

Github user mcgilman commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2990#discussion_r217135735
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
 ---
    @@ -557,6 +750,90 @@ public Response updateRemoteProcessGroup(
             );
         }
     
    +    /**
    +     * Updates the operational status for the specified remote process 
group with the specified value.
    +     *
    +     * @param httpServletRequest       request
    +     * @param id                       The id of the remote process group 
to update.
    +     * @param requestRemotePortRunStatusEntity A remotePortRunStatusEntity.
    +     * @return A remoteProcessGroupEntity.
    +     */
    +    @PUT
    +    @Consumes(MediaType.APPLICATION_JSON)
    +    @Produces(MediaType.APPLICATION_JSON)
    +    @Path("{id}/run-status")
    +    @ApiOperation(
    +            value = "Updates run status of a remote process group",
    +            response = RemoteProcessGroupEntity.class,
    +            authorizations = {
    +                    @Authorization(value = "Write - 
/remote-process-groups/{uuid} or /operation/remote-process-groups/{uuid}")
    +            }
    +    )
    +    @ApiResponses(
    +            value = {
    +                    @ApiResponse(code = 400, message = "NiFi was unable to 
complete the request because it was invalid. The request should not be retried 
without modification."),
    +                    @ApiResponse(code = 401, message = "Client could not 
be authenticated."),
    +                    @ApiResponse(code = 403, message = "Client is not 
authorized to make this request."),
    +                    @ApiResponse(code = 404, message = "The specified 
resource could not be found."),
    +                    @ApiResponse(code = 409, message = "The request was 
valid but NiFi was not in the appropriate state to process it. Retrying the 
same request later may be successful.")
    +            }
    +    )
    +    public Response updateRemoteProcessGroupRunStatus(
    +            @Context HttpServletRequest httpServletRequest,
    +            @ApiParam(
    +                    value = "The remote process group id.",
    +                    required = true
    +            )
    +            @PathParam("id") String id,
    +            @ApiParam(
    +                    value = "The remote process group run status.",
    +                    required = true
    +            ) final RemotePortRunStatusEntity 
requestRemotePortRunStatusEntity) {
    +
    +        if (requestRemotePortRunStatusEntity == null) {
    +            throw new IllegalArgumentException("Remote process group run 
status must be specified.");
    +        }
    +
    +        if (requestRemotePortRunStatusEntity.getRevision() == null) {
    +            throw new IllegalArgumentException("Revision must be 
specified.");
    +        }
    +
    +        requestRemotePortRunStatusEntity.validateState();
    +
    +        if (isReplicateRequest()) {
    +            return replicate(HttpMethod.PUT, 
requestRemotePortRunStatusEntity);
    +        } else if (isDisconnectedFromCluster()) {
    +            
verifyDisconnectedNodeModification(requestRemotePortRunStatusEntity.isDisconnectedNodeAcknowledged());
    +        }
    +
    +        // handle expects request (usually from the cluster manager)
    +        final Revision requestRevision = 
getRevision(requestRemotePortRunStatusEntity.getRevision(), id);
    +        final RemoteProcessGroupDTO remoteProcessGroupDTO = new 
RemoteProcessGroupDTO();
    +        remoteProcessGroupDTO.setId(id);
    +        
remoteProcessGroupDTO.setTransmitting(shouldTransmit(requestRemotePortRunStatusEntity));
    +        return withWriteLock(
    +                serviceFacade,
    +                requestRemotePortRunStatusEntity,
    +                requestRevision,
    +                lookup -> {
    +                    Authorizable authorizable = 
lookup.getRemoteProcessGroup(id);
    +                    OperationAuthorizable.authorize(authorizable, 
authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    +                },
    +                () -> 
serviceFacade.verifyUpdateRemoteProcessGroup(remoteProcessGroupDTO),
    +                (revision, remoteProcessGroupEntity) -> {
    +                    // update the specified remote process group
    +                    final RemoteProcessGroupEntity entity = 
serviceFacade.updateRemoteProcessGroup(revision, remoteProcessGroupDTO);
    --- End diff --
    
    We need to recreate this `remoteProcessGroupDTO` using the 
`remoteProcessGroupEntity` due to how we authorize/cache requests during our 
two phase commit.


> New user role: Operator who can start and stop components
> ---------------------------------------------------------
>
>                 Key: NIFI-375
>                 URL: https://issues.apache.org/jira/browse/NIFI-375
>             Project: Apache NiFi
>          Issue Type: New Feature
>          Components: Core Framework
>            Reporter: Daniel Ueberfluss
>            Assignee: Koji Kawamura
>            Priority: Major
>
> Would like to have a user role that allows a user to stop/start processors 
> but perform no other changes to the dataflow.
> This would allow users to address simple problems without providing full 
> access to modifying a data flow. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)