org.apache.nifi.authorization.AuthorizerConfigurationContext Java Examples
The following examples show how to use
org.apache.nifi.authorization.AuthorizerConfigurationContext.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestRangerNiFiAuthorizer.java From nifi with Apache License 2.0 | 6 votes |
|
private AuthorizerConfigurationContext createMockConfigContext() {
AuthorizerConfigurationContext configurationContext = Mockito.mock(AuthorizerConfigurationContext.class);
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SECURITY_PATH_PROP)))
.thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-security.xml"));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_AUDIT_PATH_PROP)))
.thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-audit.xml"));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_APP_ID_PROP)))
.thenReturn(new MockPropertyValue(appId));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SERVICE_TYPE_PROP)))
.thenReturn(new MockPropertyValue(serviceType));
return configurationContext;
}
Example #2
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testSearchGroupsWithNameAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
assertNotNull(admins);
assertFalse(admins.getUsers().isEmpty());
assertEquals(1, admins.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "cn=User 1,ou=users,o=nifi".equals(user.getIdentity())).count());
}
Example #3
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testSearchGroupsWithNoNameAndUserIdentityUidAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
final Group admins = groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).findFirst().orElse(null);
assertNotNull(admins);
assertFalse(admins.getUsers().isEmpty());
assertEquals(1, admins.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user1".equals(user.getIdentity())).count());
}
Example #4
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testSearchGroupsWithNameAndUserIdentityCnAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
assertNotNull(admins);
assertFalse(admins.getUsers().isEmpty());
assertEquals(1, admins.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "User 1".equals(user.getIdentity())).count());
}
Example #5
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testSearchUsersWithGroupingAndGroupName() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(8, ldapUserGroupProvider.getUsers().size());
assertEquals(2, ldapUserGroupProvider.getGroups().size());
final UserAndGroups userAndGroups = ldapUserGroupProvider.getUserAndGroups("user4");
assertNotNull(userAndGroups.getUser());
assertEquals(1, userAndGroups.getGroups().size());
assertEquals("team1", userAndGroups.getGroups().iterator().next().getName());
}
Example #6
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testSearchUsersWithGroupingNoGroupName() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(8, ldapUserGroupProvider.getUsers().size());
assertEquals(3, ldapUserGroupProvider.getGroups().size());
final UserAndGroups user4AndGroups = ldapUserGroupProvider.getUserAndGroups("user4");
assertNotNull(user4AndGroups.getUser());
assertEquals(1, user4AndGroups.getGroups().size());
assertEquals("cn=team1,ou=groups,o=nifi", user4AndGroups.getGroups().iterator().next().getName());
final UserAndGroups user7AndGroups = ldapUserGroupProvider.getUserAndGroups("user7");
assertNotNull(user7AndGroups.getUser());
assertEquals(1, user7AndGroups.getGroups().size());
assertEquals("cn=team2,ou=groups,o=nifi", user7AndGroups.getGroups().iterator().next().getName());
final UserAndGroups user8AndGroups = ldapUserGroupProvider.getUserAndGroups("user8");
assertNotNull(user8AndGroups.getUser());
assertEquals(1, user8AndGroups.getGroups().size());
assertEquals("cn=Team2,ou=groups,o=nifi", user8AndGroups.getGroups().iterator().next().getName());
}
Example #7
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testUserIdentityMapping() throws Exception {
final Properties props = new Properties();
props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),o=(.*?)$");
props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");
final NiFiProperties properties = getNiFiProperties(props);
ldapUserGroupProvider.setNiFiProperties(properties);
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(uid=user1)", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(1, ldapUserGroupProvider.getUsers().size());
assertNotNull(ldapUserGroupProvider.getUserByIdentity("User 1,ou=users"));
}
Example #8
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testUserIdentityMappingWithTransforms() throws Exception {
final Properties props = new Properties();
props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");
props.setProperty("nifi.security.identity.mapping.transform.dn1", "UPPER");
final NiFiProperties properties = getNiFiProperties(props);
ldapUserGroupProvider.setNiFiProperties(properties);
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(uid=user1)", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(1, ldapUserGroupProvider.getUsers().size());
assertNotNull(ldapUserGroupProvider.getUserByIdentity("USER 1"));
}
Example #9
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testUserIdentityAndGroupMappingWithTransforms() throws Exception {
final Properties props = new Properties();
props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");
props.setProperty("nifi.security.identity.mapping.transform.dn1", "UPPER");
props.setProperty("nifi.security.group.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
props.setProperty("nifi.security.group.mapping.value.dn1", "$1");
props.setProperty("nifi.security.group.mapping.transform.dn1", "UPPER");
final NiFiProperties properties = getNiFiProperties(props);
ldapUserGroupProvider.setNiFiProperties(properties);
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(uid=user1)", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(cn=admins)", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(1, ldapUserGroupProvider.getUsers().size());
assertNotNull(ldapUserGroupProvider.getUserByIdentity("USER 1"));
assertEquals(1, ldapUserGroupProvider.getGroups().size());
assertEquals("ADMINS", ldapUserGroupProvider.getGroups().iterator().next().getName());
}
Example #10
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testReferencedGroupWithoutDefiningReferencedAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(1, groups.size());
final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team3);
assertTrue(team3.getUsers().isEmpty());
}
Example #11
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testReferencedGroupUsingReferencedAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
when(configurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room because groupOfNames requires a member
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(1, groups.size());
final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team3);
assertEquals(1, team3.getUsers().size());
assertEquals(1, team3.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user9".equals(user.getIdentity())).count());
}
Example #12
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testReferencedUserWithoutDefiningReferencedAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(1, groups.size());
final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team3);
assertTrue(team3.getUsers().isEmpty());
}
Example #13
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testSearchUsersAndGroupsMembershipThroughGroupsCaseInsensitive() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY)).thenReturn(new StandardPropertyValue("false", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(8, ldapUserGroupProvider.getUsers().size());
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
final Group team4 = groups.stream().filter(group -> "team4".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team4);
assertEquals(2, team4.getUsers().size());
assertEquals(1, team4.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user1".equals(user.getIdentity())).count());
assertEquals(1, team4.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user2".equals(user.getIdentity())).count());
}
Example #14
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testSearchUsersAndGroupsMembershipThroughGroupsCaseSensitive() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(8, ldapUserGroupProvider.getUsers().size());
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
final Group team4 = groups.stream().filter(group -> "team4".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team4);
assertEquals(1, team4.getUsers().size());
assertEquals(1, team4.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user1".equals(user.getIdentity())).count());
}
Example #15
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testReferencedUserUsingReferencedAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("sn", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
// does not need to be the same as user id attr
when(configurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(1, groups.size());
final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team3);
assertEquals(1, team3.getUsers().size());
assertEquals(1, team3.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "User9".equals(user.getIdentity())).count());
}
Example #16
| Source File: LdapUserGroupProvider.java From nifi with Apache License 2.0 | 6 votes |
|
private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();
try {
TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
} catch (TlsException e) {
logger.error("Encountered an error configuring TLS for LDAP user group provider: {}", e.getLocalizedMessage());
throw new ProviderCreationException("Error configuring TLS for LDAP user group provider", e);
}
}
Example #17
| Source File: TestRangerNiFiAuthorizer.java From localization_nifi with Apache License 2.0 | 6 votes |
|
private AuthorizerConfigurationContext createMockConfigContext() {
AuthorizerConfigurationContext configurationContext = Mockito.mock(AuthorizerConfigurationContext.class);
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SECURITY_PATH_PROP)))
.thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-security.xml"));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_AUDIT_PATH_PROP)))
.thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-audit.xml"));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_APP_ID_PROP)))
.thenReturn(new MockPropertyValue(appId));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SERVICE_TYPE_PROP)))
.thenReturn(new MockPropertyValue(serviceType));
return configurationContext;
}
Example #18
| Source File: ManagedRangerAuthorizerTest.java From nifi with Apache License 2.0 | 6 votes |
|
private ManagedRangerAuthorizer getStandardManagedAuthorizer(final UserGroupProvider userGroupProvider) {
final ManagedRangerAuthorizer managedAuthorizer = new ManagedRangerAuthorizer();
final AuthorizerConfigurationContext configurationContext = mock(AuthorizerConfigurationContext.class);
when(configurationContext.getProperty(eq("User Group Provider"))).thenReturn(new MockPropertyValue("user-group-provider", null));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SECURITY_PATH_PROP))).thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-security.xml"));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_AUDIT_PATH_PROP))).thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-audit.xml"));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_APP_ID_PROP))).thenReturn(new MockPropertyValue(appId));
when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SERVICE_TYPE_PROP))).thenReturn(new MockPropertyValue(serviceType));
final UserGroupProviderLookup userGroupProviderLookup = mock(UserGroupProviderLookup.class);
when(userGroupProviderLookup.getUserGroupProvider("user-group-provider")).thenReturn(userGroupProvider);
final AuthorizerInitializationContext initializationContext = mock(AuthorizerInitializationContext.class);
when(initializationContext.getUserGroupProviderLookup()).thenReturn(userGroupProviderLookup);
managedAuthorizer.initialize(initializationContext);
managedAuthorizer.onConfigured(configurationContext);
return managedAuthorizer;
}
Example #19
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testSearchUsersObjectSearchScope() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
when(configurationContext.getProperty(PROP_USER_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.OBJECT.name(), null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertTrue(ldapUserGroupProvider.getUsers().isEmpty());
assertTrue(ldapUserGroupProvider.getGroups().isEmpty());
}
Example #20
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testSearchUsersSubtreeSearchScope() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("o=nifi", null);
when(configurationContext.getProperty(PROP_USER_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.SUBTREE.name(), null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(9, ldapUserGroupProvider.getUsers().size());
assertTrue(ldapUserGroupProvider.getGroups().isEmpty());
}
Example #21
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testSearchGroupsSubtreeSearchScope() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, "o=nifi");
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.SUBTREE.name(), null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(5, ldapUserGroupProvider.getGroups().size());
}
Example #22
| Source File: RangerNiFiAuthorizer.java From localization_nifi with Apache License 2.0 | 5 votes |
|
private String getConfigValue(final AuthorizerConfigurationContext context, final String name, final String defaultValue) {
final PropertyValue configValue = context.getProperty(name);
String retValue = defaultValue;
if (configValue != null && !StringUtils.isBlank(configValue.getValue())) {
retValue = configValue.getValue();
}
return retValue;
}
Example #23
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testSearchGroupsWithFilter() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(cn=admins)", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(1, groups.size());
assertEquals(1, groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).count());
}
Example #24
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testSearchUsersAndGroupsNoMembership() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(8, ldapUserGroupProvider.getUsers().size());
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
groups.forEach(group -> assertTrue(group.getUsers().isEmpty()));
}
Example #25
| Source File: ManagedRangerAuthorizer.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
public AccessPolicyProvider getAccessPolicyProvider() {
return new AccessPolicyProvider() {
@Override
public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
return nifiPlugin.getAccessPolicies();
}
@Override
public AccessPolicy getAccessPolicy(String identifier) throws AuthorizationAccessException {
return nifiPlugin.getAccessPolicy(identifier);
}
@Override
public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) throws AuthorizationAccessException {
return nifiPlugin.getAccessPolicy(resourceIdentifier, action);
}
@Override
public UserGroupProvider getUserGroupProvider() {
return userGroupProvider;
}
@Override
public void initialize(AccessPolicyProviderInitializationContext initializationContext) throws AuthorizerCreationException {
}
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
}
@Override
public void preDestruction() throws AuthorizerDestructionException {
}
};
}
Example #26
| Source File: ManagedRangerAuthorizer.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
final String userGroupProviderKey = configurationContext.getProperty("User Group Provider").getValue();
userGroupProvider = userGroupProviderLookup.getUserGroupProvider(userGroupProviderKey);
// ensure the desired access policy provider has a user group provider
if (userGroupProvider == null) {
throw new AuthorizerCreationException(String.format("Unable to locate configured User Group Provider: %s", userGroupProviderKey));
}
super.onConfigured(configurationContext);
}
Example #27
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testSearchUsersAndGroupsMembershipThroughUsers() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(8, ldapUserGroupProvider.getUsers().size());
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
final Group team1 = groups.stream().filter(group -> "team1".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team1);
assertEquals(2, team1.getUsers().size());
assertEquals(2, team1.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user4".equals(user.getIdentity()) || "user5".equals(user.getIdentity())).count());
final Group team2 = groups.stream().filter(group -> "team2".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team2);
assertEquals(2, team2.getUsers().size());
assertEquals(2, team2.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user6".equals(user.getIdentity()) || "user7".equals(user.getIdentity())).count());
}
Example #28
| Source File: RangerNiFiAuthorizer.java From nifi with Apache License 2.0 | 5 votes |
|
private String getConfigValue(final AuthorizerConfigurationContext context, final String name, final String defaultValue) {
final PropertyValue configValue = context.getProperty(name);
String retValue = defaultValue;
if (configValue != null && !StringUtils.isBlank(configValue.getValue())) {
retValue = configValue.getValue();
}
return retValue;
}
Example #29
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
private AuthorizerConfigurationContext getBaseConfiguration(final String userSearchBase, final String groupSearchBase) {
final AuthorizerConfigurationContext configurationContext = mock(AuthorizerConfigurationContext.class);
when(configurationContext.getProperty(PROP_URL)).thenReturn(new StandardPropertyValue("ldap://127.0.0.1:" + getLdapServer().getPort(), null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_CONNECT_TIMEOUT)).thenReturn(new StandardPropertyValue("30 secs", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_READ_TIMEOUT)).thenReturn(new StandardPropertyValue("30 secs", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_REFERRAL_STRATEGY)).thenReturn(new StandardPropertyValue(ReferralStrategy.FOLLOW.name(), null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_PAGE_SIZE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_SYNC_INTERVAL)).thenReturn(new StandardPropertyValue("30 mins", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY)).thenReturn(new StandardPropertyValue("true", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_AUTHENTICATION_STRATEGY)).thenReturn(new StandardPropertyValue(LdapAuthenticationStrategy.SIMPLE.name(), null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_MANAGER_DN)).thenReturn(new StandardPropertyValue("uid=admin,ou=system", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_MANAGER_PASSWORD)).thenReturn(new StandardPropertyValue("secret", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_SEARCH_BASE)).thenReturn(new StandardPropertyValue(userSearchBase, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("person", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.ONE_LEVEL.name(), null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_SEARCH_BASE)).thenReturn(new StandardPropertyValue(groupSearchBase, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("groupOfNames", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.ONE_LEVEL.name(), null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
return configurationContext;
}
Example #30
| Source File: LdapUserGroupProviderTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testSearchUsersAndGroupsMembershipThroughUsersCaseInsensitive() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
when(configurationContext.getProperty(PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY)).thenReturn(new StandardPropertyValue("false", null, ParameterLookup.EMPTY));
ldapUserGroupProvider.onConfigured(configurationContext);
assertEquals(8, ldapUserGroupProvider.getUsers().size());
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(5, groups.size());
final Group team1 = groups.stream().filter(group -> "team1".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team1);
assertEquals(2, team1.getUsers().size());
assertEquals(2, team1.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user4".equals(user.getIdentity()) || "user5".equals(user.getIdentity())).count());
final Group team2 = groups.stream().filter(group -> "team2".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team2);
assertEquals(3, team2.getUsers().size());
assertEquals(3, team2.getUsers().stream().map(
userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
user -> "user6".equals(user.getIdentity()) || "user7".equals(user.getIdentity()) || "user8".equals(user.getIdentity())).count());
}
