Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NIFI-1916 Updating FileAuthorizer to extend AbstractPolicyBasedAuthor… #473

Closed
wants to merge 4 commits into from
Closed

NIFI-1916 Updating FileAuthorizer to extend AbstractPolicyBasedAuthor… #473

wants to merge 4 commits into from

Conversation

bbende
Copy link
Contributor

@bbende bbende commented May 27, 2016

…izer and adding intial loading of data users, groups, and policies

  • Implementing CRUD operations and unit tests for Users
  • Implementing CRUD operations and unit tests for Groups
  • Implementing CRUD operations and unit tests for AccessPolicies
  • Adding support for seeding with an initial admin user
  • Fixing delete for user and group so it removes references from policies
  • Adding example to authorizations.xml

@bbende
NIFI-1916 Updating FileAuthorizer to extend AbstractPolicyBasedAuthor…
8fd4811 
…izer and adding intial loading of data users, groups, and policies

- Implementing CRUD operations and unit tests for Users
- Implementing CRUD operations and unit tests for Groups
- Implementing CRUD operations and unit tests for AccessPolicies
- Adding support for seeding with an initial admin user
- Fixing delete for user and group so it removes references from policies
- Adding example to authorizations.xml
jtstorck
jtstorck reviewed May 31, 2016
View reviewed changes
nifi-api/src/main/java/org/apache/nifi/authorization/AccessPolicy.java
@@ -28,15 +28,15 @@

private final String identifier;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bbende @mcgilman We discussed adding a description field to AccessPolicy and Group. I created the following JIRA ticket for that effort: https://issues.apache.org/jira/browse/NIFI-1949

@mcgilman
Copy link
Contributor

mcgilman commented May 31, 2016
edited

@bbende Just realized that we'll need to introduce some thread safety here. The RevisionManager in the web tier will handle locking during the User/Group/Policy CRUD operations. However, authorization could (will) be happening at the same time out of band of these CRUD operations.

The previous implementation of the FileAuthorizer was able to leverage a single AtomicReference to ensure thread safety. But given how the AbstractPolicyBasedAuthorizer calls into the FileAuthorizer I think we may need additional measures to ensure a consistent view of the policies during an authorization call.

@bbende
NIFI-1916 Adding back the old users schema in preparation for auto-co…
2e6618f 
…nverting to the new format, and providing the AuthorizationConfigurationContext with access to the root process group id
@bbende
NIFI-1916 Refactoring some of the FileAuthorizer to ensure thread safety
d67ac7e
@bbende
Copy link
Contributor Author

bbende commented Jun 2, 2016

@mcgilman updated the PR to address the thread-safety, a summary of the changes...

  • Created a single data structure to encapsulate all data structures used by the FileAuthorizer so there can be a single AtomicReference
  • Added synchronization to add, update, delete methods to ensure only one thread can modify the internal Authorizations reference
  • Included changes to expose the root group id to the authorizer which will be needed to auto-convert old users files
  • Brought back the old users.xsd and generation of the jaxb object to prep for auto-converting old users files

@mcgilman
Copy link
Contributor

mcgilman commented Jun 3, 2016

@bbende The updates for ensuring thread-safe access looks good as do the converting of existing authorized-users.xml.

+1 Merging to master.

@asfgit asfgit closed this in 8d8a9cb Jun 3, 2016
PuspenduBanerjee pushed a commit to PuspenduBanerjee/nifi that referenced this pull request Jun 9, 2016
@bbende @PuspenduBanerjee
NIFI-1916 Updating FileAuthorizer to extend AbstractPolicyBasedAuthor…
1881eb6 
…izer and adding intial loading of data users, groups, and policies

- Implementing CRUD operations and unit tests for Users
- Implementing CRUD operations and unit tests for Groups
- Implementing CRUD operations and unit tests for AccessPolicies
- Adding support for seeding with an initial admin user
- Fixing delete for user and group so it removes references from policies
- Adding example to authorizations.xml
- Adding back the old users schema in preparation for auto-converting to the new format, and providing the AuthorizationConfigurationContext with access to the root process group id
- Refactoring some of the FileAuthorizer to ensure thread safety
- Adding /groups to policies created for initial admin
- This closes apache#473
mans2singh pushed a commit to mans2singh/nifi that referenced this pull request Jun 11, 2016
@bbende @mans2singh
NIFI-1916 Updating FileAuthorizer to extend AbstractPolicyBasedAuthor…
ad75abb 
…izer and adding intial loading of data users, groups, and policies

- Implementing CRUD operations and unit tests for Users
- Implementing CRUD operations and unit tests for Groups
- Implementing CRUD operations and unit tests for AccessPolicies
- Adding support for seeding with an initial admin user
- Fixing delete for user and group so it removes references from policies
- Adding example to authorizations.xml
- Adding back the old users schema in preparation for auto-converting to the new format, and providing the AuthorizationConfigurationContext with access to the root process group id
- Refactoring some of the FileAuthorizer to ensure thread safety
- Adding /groups to policies created for initial admin
- This closes apache#473
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@bbende @mcgilman @jtstorck