[GitHub] nifi pull request #2965: NIFI-5542 Added support for node groups to FileAcce...

Mon, 27 Aug 2018 06:38:44 -0700 

Github user achristianson commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2965#discussion_r212977830
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java
 ---
    @@ -604,12 +610,26 @@ private void populateInitialAdmin(final 
Authorizations authorizations) {
          * @param authorizations the overall authorizations
          */
         private void populateNodes(Authorizations authorizations) {
    +        // authorize static nodes
    +        authorizeNodeIdentities(authorizations, nodeIdentities);
    +
    +        // authorize dynamic nodes (node group)
    +        if (nodeGroupName != null) {
    +            Group nodeGroup = userGroupProvider.getGroup(nodeGroupName);
    +            if (nodeGroup == null) {
    +                throw new AuthorizerCreationException("Unable to locate 
node group " + nodeGroupName + " to seed policies.");
    +            }
    +            Set<String> nodeGroupUserIdentities = nodeGroup.getUsers();
    +            authorizeNodeIdentities(authorizations, 
nodeGroupUserIdentities);
    --- End diff --
    
    Hmm, good point. It depends on how/when the FileAccessPolicyProvider is 
called. Looking into it...


---

Reply via email to