Skip to content

Commit 529e926

Browse files
adwk67adwk67
committed
wip: replaceWithRootGroupId
1 parent 05872f3 commit 529e926

File tree

1 file changed

+37
-41
lines changed

1 file changed

+37
-41
lines changed

nifi/stackable/patches/2.4.0/0005-replace-process-groups-root-with-root-ID.patch

Lines changed: 37 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1,65 +1,61 @@
1-
From 7bae76c6e7361356fdab4886bf078b0c4fbbce51 Mon Sep 17 00:00:00 2001
1+
From 7d3774380339871ab4890b898eb35e4a8d4fc995 Mon Sep 17 00:00:00 2001
22
From: Andrew Kenworthy <andrew.kenworthy@stackable.tech>
33
Date: Fri, 10 Oct 2025 15:28:56 +0200
44
Subject: replace process groups root with root ID
55

66
---
7-
.../FileAccessPolicyProvider.java | 30 +++++++++++++++++--
8-
1 file changed, 28 insertions(+), 2 deletions(-)
7+
.../FileAccessPolicyProvider.java | 24 +++++++++++++++++++
8+
.../nifi/controller/StandardFlowService.java | 5 ++++
9+
2 files changed, 29 insertions(+)
910

1011
diff --git a/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java b/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
11-
index 5363bb5619..2951e6899a 100644
12+
index 5363bb5619..ca9758f32c 100644
1213
--- a/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
1314
+++ b/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
14-
@@ -568,8 +568,8 @@ public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvide
15-
final boolean hasInitialAdminIdentity = (initialAdminIdentity != null && !StringUtils.isBlank(initialAdminIdentity));
16-
17-
// if we are starting fresh then we might need to populate an initial admin or convert legacy users
18-
+ parseFlow();
19-
if (emptyAuthorizations) {
20-
- parseFlow();
21-
22-
if (hasInitialAdminIdentity) {
23-
logger.info("Populating authorizations for Initial Admin: {}", initialAdminIdentity);
24-
@@ -581,7 +581,12 @@ public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvide
25-
// save any changes that were made and repopulate the holder
26-
saveAndRefreshHolder(authorizations);
27-
} else {
28-
- this.authorizationsHolder.set(authorizationsHolder);
29-
+ if (isUpdatedRootInAccessPolicy(authorizations)) {
30-
+ // only do this if we have actually changed something
31-
+ saveAndRefreshHolder(authorizations);
32-
+ } else {
33-
+ this.authorizationsHolder.set(authorizationsHolder);
34-
+ }
35-
}
36-
}
37-
38-
@@ -744,6 +749,27 @@ public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvide
15+
@@ -744,6 +744,30 @@ public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvide
3916
}
4017
}
4118

4219
+ /**
4320
+ * Replaces process group root references with the process group ID.
4421
+ * Relevant when a static authorizations file is provided, which can
4522
+ * then use "root" as a placeholder.
46-
+ *
47-
+ * @param authorizations the Authorizations instance to edit the policies in
4823
+ */
49-
+ private boolean isUpdatedRootInAccessPolicy(final Authorizations authorizations) {
50-
+ boolean authorizationsChanged = false;
51-
+ for (Policy policy: authorizations.getPolicies().getPolicy()) {
52-
+ String resource = policy.getResource();
53-
+ String processGroupRoot = ResourceType.ProcessGroup.getValue() + "/root";
54-
+ if (resource.endsWith(processGroupRoot)) {
55-
+ int pos = resource.indexOf(processGroupRoot);
56-
+ policy.setResource(resource.substring(0, pos) + ResourceType.ProcessGroup.getValue() + "/" + rootGroupId);
57-
+ authorizationsChanged = true;
24+
+ public void replaceWithRootGroupId() throws JAXBException {
25+
+ if (rootGroupId != null) {
26+
+ Authorizations authorizations = this.authorizationsHolder.get().getAuthorizations();
27+
+ boolean authorizationsChanged = false;
28+
+ for (Policy policy: authorizations.getPolicies().getPolicy()) {
29+
+ String resource = policy.getResource();
30+
+ String processGroupRoot = ResourceType.ProcessGroup.getValue() + "/root";
31+
+ if (resource.endsWith(processGroupRoot)) {
32+
+ int pos = resource.indexOf(processGroupRoot);
33+
+ policy.setResource(resource.substring(0, pos) + ResourceType.ProcessGroup.getValue() + "/" + rootGroupId);
34+
+ authorizationsChanged = true;
35+
+ }
36+
+ }
37+
+ if (authorizationsChanged) {
38+
+ saveAuthorizations(authorizations);
5839
+ }
5940
+ }
60-
+ return authorizationsChanged;
6141
+ }
6242
+
6343
/**
6444
* Creates and adds an access policy for the given resource, group identity, and actions to the specified authorizations.
6545
*
46+
diff --git a/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/StandardFlowService.java b/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/StandardFlowService.java
47+
index 09f4d38f77..dad44540de 100644
48+
--- a/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/StandardFlowService.java
49+
+++ b/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/StandardFlowService.java
50+
@@ -933,6 +933,11 @@ public class StandardFlowService implements FlowService, ProtocolHandler {
51+
// start the processors as indicated by the dataflow
52+
controller.onFlowInitialized(autoResumeState);
53+
54+
+ // this should be done once the flow has been initialized
55+
+ if (this.authorizer instanceof org.apache.nifi.authorization.FileAccessPolicyProvider) {
56+
+ ((org.apache.nifi.authorization.FileAccessPolicyProvider) this.authorizer).replaceWithRootGroupId();
57+
+ }
58+
+
59+
loadSnippets(dataFlow.getSnippets());
60+
61+
controller.startHeartbeating();

0 commit comments

Comments
 (0)