org.apache.nifi.authorization.AuthorizerConfigurationContext Java Examples

The following examples show how to use org.apache.nifi.authorization.AuthorizerConfigurationContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestRangerNiFiAuthorizer.java    From nifi with Apache License 2.0 6 votes vote down vote up
private AuthorizerConfigurationContext createMockConfigContext() {
    AuthorizerConfigurationContext configurationContext = Mockito.mock(AuthorizerConfigurationContext.class);

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SECURITY_PATH_PROP)))
            .thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-security.xml"));

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_AUDIT_PATH_PROP)))
            .thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-audit.xml"));

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_APP_ID_PROP)))
            .thenReturn(new MockPropertyValue(appId));

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SERVICE_TYPE_PROP)))
            .thenReturn(new MockPropertyValue(serviceType));

    return configurationContext;
}
 
Example #2
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testSearchGroupsWithNameAttribute() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());

    final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(admins);
    assertFalse(admins.getUsers().isEmpty());
    assertEquals(1, admins.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
                    user -> "cn=User 1,ou=users,o=nifi".equals(user.getIdentity())).count());
}
 
Example #3
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testSearchGroupsWithNoNameAndUserIdentityUidAttribute() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());

    final Group admins = groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(admins);
    assertFalse(admins.getUsers().isEmpty());
    assertEquals(1, admins.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user1".equals(user.getIdentity())).count());
}
 
Example #4
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testSearchGroupsWithNameAndUserIdentityCnAttribute() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());

    final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(admins);
    assertFalse(admins.getUsers().isEmpty());
    assertEquals(1, admins.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "User 1".equals(user.getIdentity())).count());
}
 
Example #5
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testSearchUsersWithGroupingAndGroupName() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(8, ldapUserGroupProvider.getUsers().size());
    assertEquals(2, ldapUserGroupProvider.getGroups().size());

    final UserAndGroups userAndGroups = ldapUserGroupProvider.getUserAndGroups("user4");
    assertNotNull(userAndGroups.getUser());
    assertEquals(1, userAndGroups.getGroups().size());
    assertEquals("team1", userAndGroups.getGroups().iterator().next().getName());
}
 
Example #6
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testSearchUsersWithGroupingNoGroupName() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(8, ldapUserGroupProvider.getUsers().size());
    assertEquals(3, ldapUserGroupProvider.getGroups().size());

    final UserAndGroups user4AndGroups = ldapUserGroupProvider.getUserAndGroups("user4");
    assertNotNull(user4AndGroups.getUser());
    assertEquals(1, user4AndGroups.getGroups().size());
    assertEquals("cn=team1,ou=groups,o=nifi", user4AndGroups.getGroups().iterator().next().getName());

    final UserAndGroups user7AndGroups = ldapUserGroupProvider.getUserAndGroups("user7");
    assertNotNull(user7AndGroups.getUser());
    assertEquals(1, user7AndGroups.getGroups().size());
    assertEquals("cn=team2,ou=groups,o=nifi", user7AndGroups.getGroups().iterator().next().getName());

    final UserAndGroups user8AndGroups = ldapUserGroupProvider.getUserAndGroups("user8");
    assertNotNull(user8AndGroups.getUser());
    assertEquals(1, user8AndGroups.getGroups().size());
    assertEquals("cn=Team2,ou=groups,o=nifi", user8AndGroups.getGroups().iterator().next().getName());
}
 
Example #7
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testUserIdentityMapping() throws Exception {
    final Properties props = new Properties();
    props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),o=(.*?)$");
    props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");

    final NiFiProperties properties = getNiFiProperties(props);
    ldapUserGroupProvider.setNiFiProperties(properties);

    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
    when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(uid=user1)", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(1, ldapUserGroupProvider.getUsers().size());
    assertNotNull(ldapUserGroupProvider.getUserByIdentity("User 1,ou=users"));
}
 
Example #8
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testUserIdentityMappingWithTransforms() throws Exception {
    final Properties props = new Properties();
    props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
    props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");
    props.setProperty("nifi.security.identity.mapping.transform.dn1", "UPPER");

    final NiFiProperties properties = getNiFiProperties(props);
    ldapUserGroupProvider.setNiFiProperties(properties);

    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
    when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(uid=user1)", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(1, ldapUserGroupProvider.getUsers().size());
    assertNotNull(ldapUserGroupProvider.getUserByIdentity("USER 1"));
}
 
Example #9
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testUserIdentityAndGroupMappingWithTransforms() throws Exception {
    final Properties props = new Properties();
    props.setProperty("nifi.security.identity.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
    props.setProperty("nifi.security.identity.mapping.value.dn1", "$1");
    props.setProperty("nifi.security.identity.mapping.transform.dn1", "UPPER");
    props.setProperty("nifi.security.group.mapping.pattern.dn1", "^cn=(.*?),ou=(.*?),o=(.*?)$");
    props.setProperty("nifi.security.group.mapping.value.dn1", "$1");
    props.setProperty("nifi.security.group.mapping.transform.dn1", "UPPER");

    final NiFiProperties properties = getNiFiProperties(props);
    ldapUserGroupProvider.setNiFiProperties(properties);

    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(uid=user1)", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(cn=admins)", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(1, ldapUserGroupProvider.getUsers().size());
    assertNotNull(ldapUserGroupProvider.getUserByIdentity("USER 1"));

    assertEquals(1, ldapUserGroupProvider.getGroups().size());
    assertEquals("ADMINS", ldapUserGroupProvider.getGroups().iterator().next().getName());
}
 
Example #10
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testReferencedGroupWithoutDefiningReferencedAttribute() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
    when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(1, groups.size());

    final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team3);
    assertTrue(team3.getUsers().isEmpty());
}
 
Example #11
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testReferencedGroupUsingReferencedAttribute() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
    when(configurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room because groupOfNames requires a member
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(1, groups.size());

    final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team3);
    assertEquals(1, team3.getUsers().size());
    assertEquals(1, team3.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user9".equals(user.getIdentity())).count());
}
 
Example #12
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testReferencedUserWithoutDefiningReferencedAttribute() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(1, groups.size());

    final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team3);
    assertTrue(team3.getUsers().isEmpty());
}
 
Example #13
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testSearchUsersAndGroupsMembershipThroughGroupsCaseInsensitive() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY)).thenReturn(new StandardPropertyValue("false", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(8, ldapUserGroupProvider.getUsers().size());

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());

    final Group team4 = groups.stream().filter(group -> "team4".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team4);
    assertEquals(2, team4.getUsers().size());
    assertEquals(1, team4.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user1".equals(user.getIdentity())).count());
    assertEquals(1, team4.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user2".equals(user.getIdentity())).count());
}
 
Example #14
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testSearchUsersAndGroupsMembershipThroughGroupsCaseSensitive() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(8, ldapUserGroupProvider.getUsers().size());

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());

    final Group team4 = groups.stream().filter(group -> "team4".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team4);
    assertEquals(1, team4.getUsers().size());
    assertEquals(1, team4.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user1".equals(user.getIdentity())).count());
}
 
Example #15
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testReferencedUserUsingReferencedAttribute() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("sn", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room", null, ParameterLookup.EMPTY)); // using room due to reqs of groupOfNames
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of member
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    // does not need to be the same as user id attr
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(1, groups.size());

    final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team3);
    assertEquals(1, team3.getUsers().size());
    assertEquals(1, team3.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "User9".equals(user.getIdentity())).count());
}
 
Example #16
Source File: LdapUserGroupProvider.java    From nifi with Apache License 2.0 6 votes vote down vote up
private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();

    try {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
        ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
        return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
    } catch (TlsException e) {
        logger.error("Encountered an error configuring TLS for LDAP user group provider: {}", e.getLocalizedMessage());
        throw new ProviderCreationException("Error configuring TLS for LDAP user group provider", e);
    }
}
 
Example #17
Source File: TestRangerNiFiAuthorizer.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
private AuthorizerConfigurationContext createMockConfigContext() {
    AuthorizerConfigurationContext configurationContext = Mockito.mock(AuthorizerConfigurationContext.class);

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SECURITY_PATH_PROP)))
            .thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-security.xml"));

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_AUDIT_PATH_PROP)))
            .thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-audit.xml"));

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_APP_ID_PROP)))
            .thenReturn(new MockPropertyValue(appId));

    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SERVICE_TYPE_PROP)))
            .thenReturn(new MockPropertyValue(serviceType));

    return configurationContext;
}
 
Example #18
Source File: ManagedRangerAuthorizerTest.java    From nifi with Apache License 2.0 6 votes vote down vote up
private ManagedRangerAuthorizer getStandardManagedAuthorizer(final UserGroupProvider userGroupProvider) {
    final ManagedRangerAuthorizer managedAuthorizer = new ManagedRangerAuthorizer();

    final AuthorizerConfigurationContext configurationContext = mock(AuthorizerConfigurationContext.class);
    when(configurationContext.getProperty(eq("User Group Provider"))).thenReturn(new MockPropertyValue("user-group-provider", null));
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SECURITY_PATH_PROP))).thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-security.xml"));
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_AUDIT_PATH_PROP))).thenReturn(new MockPropertyValue("src/test/resources/ranger/ranger-nifi-audit.xml"));
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_APP_ID_PROP))).thenReturn(new MockPropertyValue(appId));
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_SERVICE_TYPE_PROP))).thenReturn(new MockPropertyValue(serviceType));

    final UserGroupProviderLookup userGroupProviderLookup = mock(UserGroupProviderLookup.class);
    when(userGroupProviderLookup.getUserGroupProvider("user-group-provider")).thenReturn(userGroupProvider);

    final AuthorizerInitializationContext initializationContext = mock(AuthorizerInitializationContext.class);
    when(initializationContext.getUserGroupProviderLookup()).thenReturn(userGroupProviderLookup);

    managedAuthorizer.initialize(initializationContext);
    managedAuthorizer.onConfigured(configurationContext);

    return managedAuthorizer;
}
 
Example #19
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testSearchUsersObjectSearchScope() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, null);
    when(configurationContext.getProperty(PROP_USER_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.OBJECT.name(), null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertTrue(ldapUserGroupProvider.getUsers().isEmpty());
    assertTrue(ldapUserGroupProvider.getGroups().isEmpty());
}
 
Example #20
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testSearchUsersSubtreeSearchScope() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("o=nifi", null);
    when(configurationContext.getProperty(PROP_USER_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.SUBTREE.name(), null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(9, ldapUserGroupProvider.getUsers().size());
    assertTrue(ldapUserGroupProvider.getGroups().isEmpty());
}
 
Example #21
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testSearchGroupsSubtreeSearchScope() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, "o=nifi");
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.SUBTREE.name(), null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(5, ldapUserGroupProvider.getGroups().size());
}
 
Example #22
Source File: RangerNiFiAuthorizer.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
private String getConfigValue(final AuthorizerConfigurationContext context, final String name, final String defaultValue) {
    final PropertyValue configValue = context.getProperty(name);

    String retValue = defaultValue;
    if (configValue != null && !StringUtils.isBlank(configValue.getValue())) {
        retValue = configValue.getValue();
    }

    return retValue;
}
 
Example #23
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testSearchGroupsWithFilter() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER)).thenReturn(new StandardPropertyValue("(cn=admins)", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(1, groups.size());
    assertEquals(1, groups.stream().filter(group -> "cn=admins,ou=groups,o=nifi".equals(group.getName())).count());
}
 
Example #24
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testSearchUsersAndGroupsNoMembership() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(8, ldapUserGroupProvider.getUsers().size());

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());
    groups.forEach(group -> assertTrue(group.getUsers().isEmpty()));
}
 
Example #25
Source File: ManagedRangerAuthorizer.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Override
public AccessPolicyProvider getAccessPolicyProvider() {
    return new AccessPolicyProvider() {
        @Override
        public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
            return nifiPlugin.getAccessPolicies();
        }

        @Override
        public AccessPolicy getAccessPolicy(String identifier) throws AuthorizationAccessException {
            return nifiPlugin.getAccessPolicy(identifier);
        }

        @Override
        public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) throws AuthorizationAccessException {
            return nifiPlugin.getAccessPolicy(resourceIdentifier, action);
        }

        @Override
        public UserGroupProvider getUserGroupProvider() {
            return userGroupProvider;
        }

        @Override
        public void initialize(AccessPolicyProviderInitializationContext initializationContext) throws AuthorizerCreationException {
        }

        @Override
        public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
        }

        @Override
        public void preDestruction() throws AuthorizerDestructionException {
        }
    };
}
 
Example #26
Source File: ManagedRangerAuthorizer.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
    final String userGroupProviderKey = configurationContext.getProperty("User Group Provider").getValue();
    userGroupProvider = userGroupProviderLookup.getUserGroupProvider(userGroupProviderKey);

    // ensure the desired access policy provider has a user group provider
    if (userGroupProvider == null) {
        throw new AuthorizerCreationException(String.format("Unable to locate configured User Group Provider: %s", userGroupProviderKey));
    }

    super.onConfigured(configurationContext);
}
 
Example #27
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testSearchUsersAndGroupsMembershipThroughUsers() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(8, ldapUserGroupProvider.getUsers().size());

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());

    final Group team1 = groups.stream().filter(group -> "team1".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team1);
    assertEquals(2, team1.getUsers().size());
    assertEquals(2, team1.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user4".equals(user.getIdentity()) || "user5".equals(user.getIdentity())).count());

    final Group team2 = groups.stream().filter(group -> "team2".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team2);
    assertEquals(2, team2.getUsers().size());
    assertEquals(2, team2.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user6".equals(user.getIdentity()) || "user7".equals(user.getIdentity())).count());
}
 
Example #28
Source File: RangerNiFiAuthorizer.java    From nifi with Apache License 2.0 5 votes vote down vote up
private String getConfigValue(final AuthorizerConfigurationContext context, final String name, final String defaultValue) {
    final PropertyValue configValue = context.getProperty(name);

    String retValue = defaultValue;
    if (configValue != null && !StringUtils.isBlank(configValue.getValue())) {
        retValue = configValue.getValue();
    }

    return retValue;
}
 
Example #29
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
private AuthorizerConfigurationContext getBaseConfiguration(final String userSearchBase, final String groupSearchBase) {
    final AuthorizerConfigurationContext configurationContext = mock(AuthorizerConfigurationContext.class);
    when(configurationContext.getProperty(PROP_URL)).thenReturn(new StandardPropertyValue("ldap://127.0.0.1:" + getLdapServer().getPort(), null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_CONNECT_TIMEOUT)).thenReturn(new StandardPropertyValue("30 secs", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_READ_TIMEOUT)).thenReturn(new StandardPropertyValue("30 secs", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_REFERRAL_STRATEGY)).thenReturn(new StandardPropertyValue(ReferralStrategy.FOLLOW.name(), null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_PAGE_SIZE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_SYNC_INTERVAL)).thenReturn(new StandardPropertyValue("30 mins", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY)).thenReturn(new StandardPropertyValue("true", null, ParameterLookup.EMPTY));

    when(configurationContext.getProperty(PROP_AUTHENTICATION_STRATEGY)).thenReturn(new StandardPropertyValue(LdapAuthenticationStrategy.SIMPLE.name(), null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_MANAGER_DN)).thenReturn(new StandardPropertyValue("uid=admin,ou=system", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_MANAGER_PASSWORD)).thenReturn(new StandardPropertyValue("secret", null, ParameterLookup.EMPTY));

    when(configurationContext.getProperty(PROP_USER_SEARCH_BASE)).thenReturn(new StandardPropertyValue(userSearchBase, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("person", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.ONE_LEVEL.name(), null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_SEARCH_FILTER)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));

    when(configurationContext.getProperty(PROP_GROUP_SEARCH_BASE)).thenReturn(new StandardPropertyValue(groupSearchBase, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("groupOfNames", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE)).thenReturn(new StandardPropertyValue(SearchScope.ONE_LEVEL.name(), null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE)).thenReturn(new StandardPropertyValue(null, null, ParameterLookup.EMPTY));

    return configurationContext;
}
 
Example #30
Source File: LdapUserGroupProviderTest.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testSearchUsersAndGroupsMembershipThroughUsersCaseInsensitive() throws Exception {
    final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(USER_SEARCH_BASE, GROUP_SEARCH_BASE);
    when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description", null, ParameterLookup.EMPTY)); // using description in lieu of memberof
    when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn", null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY)).thenReturn(new StandardPropertyValue("false", null, ParameterLookup.EMPTY));
    ldapUserGroupProvider.onConfigured(configurationContext);

    assertEquals(8, ldapUserGroupProvider.getUsers().size());

    final Set<Group> groups = ldapUserGroupProvider.getGroups();
    assertEquals(5, groups.size());

    final Group team1 = groups.stream().filter(group -> "team1".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team1);
    assertEquals(2, team1.getUsers().size());
    assertEquals(2, team1.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user4".equals(user.getIdentity()) || "user5".equals(user.getIdentity())).count());

    final Group team2 = groups.stream().filter(group -> "team2".equals(group.getName())).findFirst().orElse(null);
    assertNotNull(team2);
    assertEquals(3, team2.getUsers().size());
    assertEquals(3, team2.getUsers().stream().map(
            userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(
            user -> "user6".equals(user.getIdentity()) || "user7".equals(user.getIdentity()) || "user8".equals(user.getIdentity())).count());
}