apache · exceptionfactory · Jun 13, 2022
diff --git a/...k/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/NssShellCommands.java b/...k/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/NssShellCommands.java
@@ -45,40 +45,6 @@ public String getGroupMembers(String groupName) {
         return String.format("getent group %s | cut -f 4 -d ':'", groupName);
     }
 
-    /**
-     * Gets the command for reading a single user by id.
-     *
-     * When executed, this command should output a single line, in the format used by `getUsersList`.
-     *
-     * @param userId name of user.
-     * @return Shell command string that will read a single user.
-     */
-    @Override
-    public String getUserById(String userId) {
-        return String.format("getent passwd %s | cut -f 1,3,4 -d ':'", userId);
-    }
-
-    /**
-     * This method reuses `getUserById` because the getent command is the same for
-     * both uid and username.
-     *
-     * @param userName name of user.
-     * @return Shell command string that will read a single user.
-     */
-    public String getUserByName(String userName) {
-        return getUserById(userName);
-    }
-
-    /**
-     * This method supports gid or group name because getent does.
-     *
-     * @param groupId name of group.
-     * @return Shell command string that will read a single group.
-     */
-    public String getGroupById(String groupId) {
-        return String.format("getent group %s | cut -f 1,3,4 -d ':'", groupId);
-    }
-
     /**
      * This gives exit code 0 on all tested distributions.
      *

diff --git a/...k/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/OsxShellCommands.java b/...k/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/OsxShellCommands.java
@@ -47,32 +47,6 @@ public String getGroupMembers(String groupName) {
         return String.format("dscl . -read /Groups/%s GroupMembership | cut -f 2- -d ' ' | sed 's/\\ /,/g'", groupName);
     }
 
-    /**
-     * @param userId name of user.
-     * @return Shell command string that will read a single user.
-     */
-    @Override
-    public String getUserById(String userId) {
-        return String.format("id -P %s | cut -f 1,3,4 -d ':'", userId);
-    }
-
-    /**
-     * @param userName name of user.
-     * @return Shell command string that will read a single user.
-     */
-    public String getUserByName(String userName) {
-        return getUserById(userName); // 'id' command works for both uid/username
-    }
-
-    /**
-     * @param groupId name of group.
-     * @return Shell command string that will read a single group.
-     */
-    public String getGroupById(String groupId) {
-        return String.format(" dscl . -read /Groups/`dscl . -search /Groups gid %s | head -n 1 | cut -f 1` RecordName PrimaryGroupID | awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;} " +
-                             "/RecordName: / {name = $2;i = 1;}/PrimaryGroupID: / {gid = $2;}; {if (i==1) {print name,gid,\"\"}}'", groupId);
-    }
-
     /**
      * @return Shell command string that will exit normally (0) on a suitable system.
      */

diff --git a/...ifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/RemoteShellCommands.java b/...ifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/RemoteShellCommands.java
@@ -56,18 +56,6 @@ public String getGroupMembers(String groupName) {
         return String.format(remoteCommand, innerProvider.getGroupMembers(groupName), privateKeyPath, remotePort, remoteHost);
     }
 
-    public String getUserById(String userId) {
-        return String.format(remoteCommand, innerProvider.getUserById(userId), privateKeyPath, remotePort, remoteHost);
-    }
-
-    public String getUserByName(String userName) {
-        return String.format(remoteCommand, innerProvider.getUserByName(userName), privateKeyPath, remotePort, remoteHost);
-    }
-
-    public String getGroupById(String groupId) {
-        return String.format(remoteCommand, innerProvider.getGroupById(groupId), privateKeyPath, remotePort, remoteHost);
-    }
-
     public String getSystemCheck() {
         return String.format(remoteCommand, innerProvider.getSystemCheck(), privateKeyPath, remotePort, remoteHost);
     }

diff --git a/...i-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellCommandsProvider.java b/...i-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellCommandsProvider.java
@@ -55,39 +55,6 @@ interface ShellCommandsProvider {
      */
     String getGroupMembers(String groupName);
 
-    /**
-     * Gets the command for reading a single user by id.  Implementations may return null if reading a single
-     * user by id is not supported.
-     *
-     * When executed, this command should output a single line, in the format used by `getUsersList`.
-     *
-     * @param userId name of user.
-     * @return Shell command string that will read a single user.
-     */
-    String getUserById(String userId);
-
-    /**
-     * Gets the command for reading a single user.  Implementations may return null if reading a single user by
-     * username is not supported.
-     *
-     * When executed, this command should output a single line, in the format used by `getUsersList`.
-     *
-     * @param userName name of user.
-     * @return Shell command string that will read a single user.
-     */
-    String getUserByName(String userName);
-
-    /**
-     * Gets the command for reading a single group.  Implementations may return null if reading a single group
-     * by name is not supported.
-     *
-     * When executed, this command should output a single line, in the format used by `getGroupsList`.
-     *
-     * @param groupId name of group.
-     * @return Shell command string that will read a single group.
-     */
-    String getGroupById(String groupId);
-
     /**
      * Gets the command for checking the suitability of the host system.
      *

diff --git a/...-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellUserGroupProvider.java b/...-shell-authorizer/src/main/java/org/apache/nifi/authorization/ShellUserGroupProvider.java
@@ -133,11 +133,6 @@ public User getUserByIdentity(String identity) throws AuthorizationAccessExcepti
             user = usersByName.get(identity);
         }
 
-        if (user == null) {
-            refreshOneUser(selectedShellCommands.getUserByName(identity), "Get Single User by Name");
-            user = usersByName.get(identity);
-        }
-
         if (user == null) {
             logger.debug("getUser (by name) user not found: " + identity);
         } else {
@@ -175,11 +170,6 @@ public Group getGroup(String identifier) throws AuthorizationAccessException {
             group = groupsById.get(identifier);
         }
 
-        if (group == null) {
-            refreshOneGroup(selectedShellCommands.getGroupById(identifier), "Get Single Group by Id");
-            group = groupsById.get(identifier);
-        }
-
         if (group == null) {
             logger.debug("getGroup (by id) group not found: " + identifier);
         } else {
@@ -279,7 +269,7 @@ public void onConfigured(AuthorizerConfigurationContext configurationContext) th
         // Our next init step is to run the system check from that command set to determine if the other commands
         // will work on this host or not.
         try {
-            shellRunner.runShell(commands.getSystemCheck());
+            shellRunner.runShell(commands.getSystemCheck(), "Supported System Check");
         } catch (final Exception e) {
             logger.error("initialize exception: " + e + " system check command: " + commands.getSystemCheck());
             throw new AuthorizerCreationException(SYS_CHECK_ERROR, e);
@@ -412,73 +402,6 @@ public void setCommandsProvider(ShellCommandsProvider commandsProvider) {
         selectedShellCommands = commandsProvider;
     }
 
-    /**
-     * Refresh a single user.
-     *
-     * @param command     Shell command to read a single user.  Pre-formatted by caller.
-     * @param description Shell command description.
-     */
-    private void refreshOneUser(String command, String description) {
-        if (command != null) {
-            Map<String, User> idToUser = new HashMap<>();
-            Map<String, User> usernameToUser = new HashMap<>();
-            Map<String, User> gidToUser = new HashMap<>();
-            List<String> userLines;
-
-            try {
-                userLines = shellRunner.runShell(command, description);
-                rebuildUsers(userLines, idToUser, usernameToUser, gidToUser);
-            } catch (final IOException ioexc) {
-                logger.error("refreshOneUser shell exception: " + ioexc);
-            }
-
-            if (idToUser.size() > 0) {
-                synchronized (usersById) {
-                    usersById.putAll(idToUser);
-                }
-            }
-
-            if (usernameToUser.size() > 0) {
-                synchronized (usersByName) {
-                    usersByName.putAll(usernameToUser);
-                }
-            }
-        } else {
-            logger.info("Get Single User not supported on this system.");
-        }
-    }
-
-    /**
-     * Refresh a single group.
-     *
-     * @param command     Shell command to read a single group.  Pre-formatted by caller.
-     * @param description Shell command description.
-     */
-    private void refreshOneGroup(String command, String description) {
-        if (command != null) {
-            Map<String, Group> gidToGroup = new HashMap<>();
-            List<String> groupLines;
-
-            try {
-                groupLines = shellRunner.runShell(command, description);
-                rebuildGroups(groupLines, gidToGroup);
-            } catch (final IOException ioexc) {
-                logger.error("refreshOneGroup shell exception: " + ioexc);
-            }
-
-            if (gidToGroup.size() > 0) {
-                synchronized (groupsById) {
-                    groupsById.putAll(gidToGroup);
-                }
-                synchronized (groupsByName) {
-                    gidToGroup.values().forEach(g -> groupsByName.put(g.getName(), g));
-                }
-            }
-        } else {
-            logger.info("Get Single Group not supported on this system.");
-        }
-    }
-
     /**
      * This is our entry point for user and group refresh.  This method runs the top-level
      * `getUserList()` and `getGroupsList()` shell commands, then passes those results to the
@@ -614,7 +537,7 @@ private void rebuildGroups(List<String> groupLines, Map<String, Group> groupsByI
 
                 try {
                     String groupMembersCommand = selectedShellCommands.getGroupMembers(groupName);
-                    List<String> memberLines = shellRunner.runShell(groupMembersCommand);
+                    List<String> memberLines = shellRunner.runShell(groupMembersCommand, "Get Group Members");
                     // Use the first line only, and log if the line count isn't exactly one:
                     if (!memberLines.isEmpty()) {
                         String memberLine = memberLines.get(0);

diff --git a/...k/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/util/ShellRunner.java b/...k/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/util/ShellRunner.java
@@ -52,10 +52,6 @@ public Thread newThread(final Runnable r) {
         });
     }
 
-    public List<String> runShell(String command) throws IOException {
-        return runShell(command, "<unknown>");
-    }
-
     public List<String> runShell(String command, String description) throws IOException {
         final ProcessBuilder builder = new ProcessBuilder(SHELL, OPTS, command);
         builder.redirectErrorStream(true);

diff --git a/...hell-authorizer/src/test/java/org/apache/nifi/authorization/ShellUserGroupProviderIT.java b/...hell-authorizer/src/test/java/org/apache/nifi/authorization/ShellUserGroupProviderIT.java
@@ -101,7 +101,7 @@ public static void setupOnce() throws IOException {
         try {
             // NB: this command is a bit perplexing: it works without prompt from the shell, but hangs
             // here without the pipe from `yes`:
-            shellRunner.runShell("yes | ssh-keygen -C '' -N '' -t rsa -f " + sshPrivKeyFile);
+            shellRunner.runShell("yes | ssh-keygen -C '' -N '' -t rsa -f " + sshPrivKeyFile, "Setup");
         } catch (final IOException ioexc) {
             systemCheckFailed = true;
             logger.error("setupOnce() exception: " + ioexc + "; tests cannot run on this system.");

diff --git a/...src/main/java/org/apache/nifi/registry/security/authorization/shell/NssShellCommands.java b/...src/main/java/org/apache/nifi/registry/security/authorization/shell/NssShellCommands.java
@@ -44,40 +44,6 @@ public String getGroupMembers(String groupName) {
         return String.format("getent group %s | cut -f 4 -d ':'", groupName);
     }
 
-    /**
-     * Gets the command for reading a single user by id.
-     *
-     * When executed, this command should output a single line, in the format used by `getUsersList`.
-     *
-     * @param userId name of user.
-     * @return Shell command string that will read a single user.
-     */
-    @Override
-    public String getUserById(String userId) {
-        return String.format("getent passwd %s | cut -f 1,3,4 -d ':'", userId);
-    }
-
-    /**
-     * This method reuses `getUserById` because the getent command is the same for
-     * both uid and username.
-     *
-     * @param userName name of user.
-     * @return Shell command string that will read a single user.
-     */
-    public String getUserByName(String userName) {
-        return getUserById(userName);
-    }
-
-    /**
-     * This method supports gid or group name because getent does.
-     *
-     * @param groupId name of group.
-     * @return Shell command string that will read a single group.
-     */
-    public String getGroupById(String groupId) {
-        return String.format("getent group %s | cut -f 1,3,4 -d ':'", groupId);
-    }
-
     /**
      * This gives exit code 0 on all tested distributions.
      *

diff --git a/...src/main/java/org/apache/nifi/registry/security/authorization/shell/OsxShellCommands.java b/...src/main/java/org/apache/nifi/registry/security/authorization/shell/OsxShellCommands.java
@@ -46,32 +46,6 @@ public String getGroupMembers(String groupName) {
         return String.format("dscl . -read /Groups/%s GroupMembership | cut -f 2- -d ' ' | sed 's/\\ /,/g'", groupName);
     }
 
-    /**
-     * @param userId name of user.
-     * @return Shell command string that will read a single user.
-     */
-    @Override
-    public String getUserById(String userId) {
-        return String.format("id -P %s | cut -f 1,3,4 -d ':'", userId);
-    }
-
-    /**
-     * @param userName name of user.
-     * @return Shell command string that will read a single user.
-     */
-    public String getUserByName(String userName) {
-        return getUserById(userName); // 'id' command works for both uid/username
-    }
-
-    /**
-     * @param groupId name of group.
-     * @return Shell command string that will read a single group.
-     */
-    public String getGroupById(String groupId) {
-        return String.format(" dscl . -read /Groups/`dscl . -search /Groups gid %s | head -n 1 | cut -f 1` RecordName PrimaryGroupID | awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;} " +
-                "/RecordName: / {name = $2;i = 1;}/PrimaryGroupID: / {gid = $2;}; {if (i==1) {print name,gid,\"\"}}'", groupId);
-    }
-
     /**
      * @return Shell command string that will exit normally (0) on a suitable system.
      */