@Tags({"Kerberos", "Keytab", "Principal", "Credentials", "Authentication", "Security"}) @Restricted(restrictions = { @Restriction(requiredPermission = RequiredPermission.ACCESS_KEYTAB, explanation = "Allows user to define a Keytab and principal that can then be used by other components.") }) public class KeytabCredentialsService extends AbstractControllerService implements KerberosCredentialsService {
private void writeRestriction(final Restriction restriction) throws IOException { writeStartElement("restriction"); final RequiredPermission permission = restriction.requiredPermission(); final String label = permission == null ? null : permission.getPermissionLabel(); writeTextElement("requiredPermission", label); writeTextElement("explanation", restriction.explanation()); writeEndElement(); }
public static Set<Authorizable> getRestrictedComponentsAuthorizable(final Class<?> configurableComponentClass) { final Set<Authorizable> authorizables = new HashSet<>(); final Restricted restricted = configurableComponentClass.getAnnotation(Restricted.class); if (restricted != null) { final Restriction[] restrictions = restricted.restrictions(); if (restrictions != null && restrictions.length > 0) { Arrays.stream(restrictions).forEach(restriction -> authorizables.add(getRestrictedComponentsAuthorizable(restriction.requiredPermission()))); } else { authorizables.add(getRestrictedComponentsAuthorizable()); } } return authorizables; }
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary code assuming all permissions that NiFi has.")
private Set<ExplicitRestrictionDTO> getExplicitRestrictions(final Class<?> cls) { final Restricted restricted = cls.getAnnotation(Restricted.class); if (restricted == null) { return null; } final Restriction[] restrictions = restricted.restrictions(); if (restrictions == null || restrictions.length == 0) { return null; } return Arrays.stream(restrictions).map(restriction -> { final RequiredPermissionDTO requiredPermission = new RequiredPermissionDTO(); requiredPermission.setId(restriction.requiredPermission().getPermissionIdentifier()); requiredPermission.setLabel(restriction.requiredPermission().getPermissionLabel()); final ExplicitRestrictionDTO usageRestriction = new ExplicitRestrictionDTO(); usageRestriction.setRequiredPermission(requiredPermission); usageRestriction.setExplanation(restriction.explanation()); return usageRestriction; }).collect(Collectors.toSet()); }
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary code assuming all permissions that NiFi has.")
writeSimpleElement(xmlStreamWriter, "td", restriction.requiredPermission().getPermissionLabel()); writeSimpleElement(xmlStreamWriter, "td", restriction.explanation()); xmlStreamWriter.writeEndElement();
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.READ_FILESYSTEM, explanation = "Provides operator the ability to read from any file that NiFi has access to."), @Restriction( requiredPermission = RequiredPermission.WRITE_FILESYSTEM, explanation = "Provides operator the ability to delete any file that NiFi has access to.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary code assuming all permissions that NiFi has.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXPORT_NIFI_DETAILS, explanation = "Provides operator the ability to send sensitive details contained in bulletin events to any external system.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary code assuming all permissions that NiFi has.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary Flume configurations assuming all permissions that NiFi has.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXPORT_NIFI_DETAILS, explanation = "Provides operator the ability to send sensitive details contained in Provenance events to any external system.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary Flume configurations assuming all permissions that NiFi has.")
@SupportsBatching @InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED) @Tags({"parquet", "hadoop", "HDFS", "get", "ingest", "fetch", "source", "record"}) @CapabilityDescription("Reads from a given Parquet file and writes records to the content of the flow file using " + "the selected record writer. The original Parquet file will remain unchanged, and the content of the flow file " + "will be replaced with records of the selected type. This processor can be used with ListHDFS or ListFile to obtain " + "a listing of files to fetch.") @WritesAttributes({ @WritesAttribute(attribute="fetch.failure.reason", description="When a FlowFile is routed to 'failure', this attribute is added " + "indicating why the file could not be fetched from the given filesystem."), @WritesAttribute(attribute = "record.count", description = "The number of records in the resulting flow file") }) @SeeAlso({PutParquet.class}) @Restricted(restrictions = { @Restriction( requiredPermission = RequiredPermission.READ_FILESYSTEM, explanation = "Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem.") }) public class FetchParquet extends AbstractFetchHDFSRecord { @Override public HDFSRecordReader createHDFSRecordReader(final ProcessContext context, final FlowFile flowFile, final Configuration conf, final Path path) throws IOException { final ParquetReader.Builder<GenericRecord> readerBuilder = AvroParquetReader.<GenericRecord>builder(path).withConf(conf); return new AvroParquetHDFSRecordReader(readerBuilder.build()); } }
@SeeAlso({PutHDFS.class, GetHDFS.class}) @Restricted(restrictions = { @Restriction( requiredPermission = RequiredPermission.READ_FILESYSTEM, explanation = "Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem."), @Restriction( requiredPermission = RequiredPermission.WRITE_FILESYSTEM, explanation = "Provides operator the ability to delete any file that NiFi has access to in HDFS or the local filesystem.")
@SeeAlso({PutHDFS.class, ListHDFS.class}) @Restricted(restrictions = { @Restriction( requiredPermission = RequiredPermission.READ_FILESYSTEM, explanation = "Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem."), @Restriction( requiredPermission = RequiredPermission.WRITE_FILESYSTEM, explanation = "Provides operator the ability to delete any file that NiFi has access to in HDFS or the local filesystem.")
@SeeAlso({ListHDFS.class, GetHDFS.class, PutHDFS.class}) @Restricted(restrictions = { @Restriction( requiredPermission = RequiredPermission.READ_FILESYSTEM, explanation = "Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary code assuming all permissions that NiFi has.")
@Restricted( restrictions = { @Restriction( requiredPermission = RequiredPermission.EXECUTE_CODE, explanation = "Provides operator the ability to execute arbitrary code assuming all permissions that NiFi has.")