-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIFI-1916 Updating FileAuthorizer to extend AbstractPolicyBasedAuthor… #473
Conversation
…izer and adding intial loading of data users, groups, and policies - Implementing CRUD operations and unit tests for Users - Implementing CRUD operations and unit tests for Groups - Implementing CRUD operations and unit tests for AccessPolicies - Adding support for seeding with an initial admin user - Fixing delete for user and group so it removes references from policies - Adding example to authorizations.xml
@@ -28,15 +28,15 @@ | |||
|
|||
private final String identifier; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bbende @mcgilman We discussed adding a description field to AccessPolicy and Group. I created the following JIRA ticket for that effort: https://issues.apache.org/jira/browse/NIFI-1949
@bbende Just realized that we'll need to introduce some thread safety here. The RevisionManager in the web tier will handle locking during the User/Group/Policy CRUD operations. However, authorization could (will) be happening at the same time out of band of these CRUD operations. The previous implementation of the FileAuthorizer was able to leverage a single AtomicReference to ensure thread safety. But given how the AbstractPolicyBasedAuthorizer calls into the FileAuthorizer I think we may need additional measures to ensure a consistent view of the policies during an authorization call. |
…nverting to the new format, and providing the AuthorizationConfigurationContext with access to the root process group id
@mcgilman updated the PR to address the thread-safety, a summary of the changes...
|
@bbende The updates for ensuring thread-safe access looks good as do the converting of existing authorized-users.xml. +1 Merging to master. |
…izer and adding intial loading of data users, groups, and policies - Implementing CRUD operations and unit tests for Users - Implementing CRUD operations and unit tests for Groups - Implementing CRUD operations and unit tests for AccessPolicies - Adding support for seeding with an initial admin user - Fixing delete for user and group so it removes references from policies - Adding example to authorizations.xml - Adding back the old users schema in preparation for auto-converting to the new format, and providing the AuthorizationConfigurationContext with access to the root process group id - Refactoring some of the FileAuthorizer to ensure thread safety - Adding /groups to policies created for initial admin - This closes apache#473
…izer and adding intial loading of data users, groups, and policies - Implementing CRUD operations and unit tests for Users - Implementing CRUD operations and unit tests for Groups - Implementing CRUD operations and unit tests for AccessPolicies - Adding support for seeding with an initial admin user - Fixing delete for user and group so it removes references from policies - Adding example to authorizations.xml - Adding back the old users schema in preparation for auto-converting to the new format, and providing the AuthorizationConfigurationContext with access to the root process group id - Refactoring some of the FileAuthorizer to ensure thread safety - Adding /groups to policies created for initial admin - This closes apache#473
…izer and adding intial loading of data users, groups, and policies