nipyapi icon indicating copy to clipboard operation
nipyapi copied to clipboard

Published 20 hours ago verified publisher icon Chaffelson

Adding users to a group

Open jamessevener opened this issue 5 years ago • 10 comments

  • Nipyapi version: 0.14
  • NiFi version: 1.9.2
  • NiFi-Registry version: N/A
  • Python version: 3.7.4
  • Operating System: Win10

Description

I want to be able to add a user to an existing group When I try and added a user to an existing group using create_service_user_group I get a 'User/user group already exists' error. This happens regardless of strict=True|False

Urgency

This isn't a huge issue, but could be based on automation workflows.

jamessevener avatar Jan 17 '20 19:01 jamessevener

Hello, I think you shoud do :

First suggestion : (if the user exist)

nipyapi.security.get_service_user(identifier, identifier_type='identity', service='nifi') after you add this user to create_service_user_group as list like that [usr]

Second suggestion : (if the user does not exit):

you shoud create one by user = nipyapi.security.create_service_user(identity, service='nifi', strict=True), after you pass this user to your creation

hamzabekkouri avatar Jan 17 '20 23:01 hamzabekkouri

@hamzabekkouri Have you tried that? Because I get errors that the group already exists.

jamessevener avatar Jan 20 '20 18:01 jamessevener

HELLO @jamessevener , yes I tried to do it, is worked for me, if it already exist you should get this info as UserEntity or UserGroupEntity

hamzabekkouri avatar Jan 27 '20 10:01 hamzabekkouri

Yes, that is correct. The issue is ADDING a user to an existing group.

On Mon, Jan 27, 2020, 5:21 AM Hamzabekkouri [email protected] wrote:

HELLO @jamessevener https://github.com/jamessevener , yes I tried to do it, is worked for me, if it already exist you should get this info as UserEntity or UserGroupEntity

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Chaffelson/nipyapi/issues/171?email_source=notifications&email_token=ABAJ5VRVHZ3H7YUADA4HZODQ72YT7A5CNFSM4KINHSWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJ67Y4Q#issuecomment-578681970, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABAJ5VQOGGLCUTDUJJMLM2LQ72YT7ANCNFSM4KINHSWA .

jamessevener avatar Jan 27 '20 10:01 jamessevener

Any resolution to this? Is this feature (Adding user to existing User Group) possible with nipyapi?

group07e avatar May 04 '20 15:05 group07e

The following example is a workaround for adding a user to an existing group using the low level swagger client.

WARNINIG: Nipyapi objects have a number of properties associated with them and you should review the contents of a object before attempting to modify it directly; or alternatively review their models (ex: UserGroupEntity, UserGroupDTO) Example:

# Get the GroupEntity
mygroup = nipyapi.security.get_service_user_group('mygroupname') 
# Get the UserEntity
myuser = nipyapi.security.get_service_user('myusername')
# Search TenantEntities for target
tenants = getattr(nipyapi, 'nifi').TenantsApi().search_tenants(q='myusername')
# Go through found tenants and find our user
for tenant_user in tenants.users:
    if tenant.id == myuser.id:
        # Append TenantEntity of user to group
        mygroup.component.users.append(tenant)
# Update the group
getattr(nipyapi, 'nifi').TenantsApi().update_user_group(mygroup.id, mygroup)

Explanation:

In this example you will notice that the mygroup object houses a property called component (as do many objects) which contains its UserGroupDTO which itself contains a property called users. This contains a list of TenantEntity's which generally correspond to UserEntity's or UserGroupEntity's.

Knowing this we can use the search_tenants function in the swagger client to get the user as an TenantEntity rather than as UserEntity. It should be noted that this function can only use the identity (username), not an id, and is greedy. It also returns a object that contains entries for UserGroups and UserEntitys (ex: {'user_groups': [], 'users': []}).

Since we want the users TenantEntity object we loop through the user results of the Tenant search and append them to the GroupEntity's list of associated users. The check between id is not necessary but should help with matching confidence.

Finally once the GroupEntity is updated we can use the low level swagger function update_user_group to apply the changes to the group.

Notes:

  • Much of this approach can be applied to other objects like UserEntitys, Policies, Flows, templates, and others; though it should noted that for policies there is a wrapper function for updating (nipyapi.security.update_access_policy)

  • Since the swagger client is auto generated you will also be able to correlate many of its functions directly to the Nifi Rest API documentation.

The above was executed using the following versions:

  • NiFi 1.11.0
  • nipyapi 0.14.3
  • Python 3.6.8

Amorik avatar May 05 '20 17:05 Amorik

Thanks. I was thinking of any such workaround, but was not able to convert UserEntity to TenantEntity. Thanks a lot. It worked like a charm. I was missing Search-tenant part.

group07e avatar May 05 '20 18:05 group07e

And the interesting thing is nipyapi/registry/api/get_user will return user object but nipyapi/nifi/api/get_user will return userEntity object, hence all the problem. We need to do additional work to prune UserEntity to TenanatEntity

group07e avatar May 05 '20 18:05 group07e

Any update here or potentially other workarounds? We are looking to automate the addition of new users to existing groups that have the policies defined. Tried @Amorik's suggested workaround but getting 400 errors using Python 3.7.9, Nifi 1.11, NiPyAPI 0.15.0:

HTTP response headers: HTTPHeaderDict({'Content-Length': '584', 'X-XSS-Protection': '1; mode=block', 'Content-Security-Policy': "frame-ancestors 'self'", 'Strict-Transport-Security': 'max-age=31540000', 'Vary': 'Accept-Encoding', 'Server': 'Jetty(9.4.19.v20190610)', 'Date': 'Mon, 07 Dec 2020 18:18:52 GMT', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'text/plain'}) HTTP response body: Unrecognized field "userGroups" (class org.apache.nifi.web.api.entity.TenantEntity), not marked as ignorable (8 known properties: "permissions", "disconnectedNodeAcknowledged", "position", "revision", "uri", "component", "id", "bulletins"]) at [Source: (org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream); line: 1, column: 127] (through reference chain: org.apache.nifi.web.api.entity.UserGroupEntity["component"]->org.apache.nifi.web.api.dto.UserGroupDTO["users"]->java.util.HashSet[0]->org.apache.nifi.web.api.entity.TenantEntity["userGroups"])

kevin-eder avatar Dec 07 '20 18:12 kevin-eder

If someone could write a failing test using the nipyapi testing code ( which tests against docker containers ) then I would take a look. Write the test and attach it to this issue ( it could then be added with the fix to the test suite )

ottobackwards avatar Dec 07 '20 19:12 ottobackwards