You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/12/01 20:49:00 UTC

[jira] [Commented] (NIFIREG-60) Add support for configuring NiFi Identities in FileAccessPolicyProvider

    [ https://issues.apache.org/jira/browse/NIFIREG-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274952#comment-16274952 ] 

ASF GitHub Bot commented on NIFIREG-60:
---------------------------------------

Github user bbende commented on a diff in the pull request:

    https://github.com/apache/nifi-registry/pull/45#discussion_r154445195
  
    --- Diff: nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/file/FileAccessPolicyProvider.java ---
    @@ -517,28 +522,22 @@ private void populateInitialAdmin(final Authorizations authorizations) {
             }
         }
     
    -//    /**
    -//     * Creates a user for each node and gives the nodes write permission to /proxy.
    -//     *
    -//     * @param authorizations the overall authorizations
    -//     */
    -//    private void populateNodes(Authorizations authorizations) {
    -//        for (String nodeIdentity : nodeIdentities) {
    -//            final User node = userGroupProvider.getUserByIdentity(nodeIdentity);
    -//            if (node == null) {
    -//                throw new AuthorizerCreationException("Unable to locate node " + nodeIdentity + " to seed policies.");
    -//            }
    -//
    -//            // grant access to the proxy resource
    -//            addUserToAccessPolicy(authorizations, ResourceType.Proxy.getValue(), node.getIdentifier(), WRITE_CODE);
    -//
    -//            // grant the user read/write access data of the root group
    -//            if (rootGroupId != null) {
    -//                addUserToAccessPolicy(authorizations, ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + rootGroupId, node.getIdentifier(), READ_CODE);
    -//                addUserToAccessPolicy(authorizations, ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + rootGroupId, node.getIdentifier(), WRITE_CODE);
    -//            }
    -//        }
    -//    }
    +    /**
    +     * Creates a user for each NiFi client and gives each one write permission to /proxy.
    +     *
    +     * @param authorizations the overall authorizations
    +     */
    +    private void populateNodes(Authorizations authorizations) {
    --- End diff --
    
    Looks like this needs to get called from the load method similar to populateInitialAdmin


> Add support for configuring NiFi Identities in FileAccessPolicyProvider
> -----------------------------------------------------------------------
>
>                 Key: NIFIREG-60
>                 URL: https://issues.apache.org/jira/browse/NIFIREG-60
>             Project: NiFi Registry
>          Issue Type: New Feature
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>
> Similar to how in NiFi a user is to configure Node Identities in authorizers.xml to enable clustered NiFi nodes to be initialized as proxies for other users, NiFi Registry should allow for NiFi clients identities to be initialized as authorized proxies for end users, via a similar configuration scheme.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)