You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/11/04 17:11:00 UTC

[jira] [Commented] (NIFI-10228) FlowParser is using incorrect identifier for process group

    [ https://issues.apache.org/jira/browse/NIFI-10228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17629122#comment-17629122 ] 

ASF subversion and git services commented on NIFI-10228:
--------------------------------------------------------

Commit 61e1a37d2ef5cf6c9cba33b6c3f2d203d5b7e42c in nifi's branch refs/heads/main from Mark Bean
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=61e1a37d2e ]

NIFI-10228: parse json flow using instanceIdentifier as the UUID

Signed-off-by: Matthew Burgess <ma...@apache.org>

This closes #6217


> FlowParser is using incorrect identifier for process group
> ----------------------------------------------------------
>
>                 Key: NIFI-10228
>                 URL: https://issues.apache.org/jira/browse/NIFI-10228
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.16.3
>            Reporter: Mark Bean
>            Priority: Major
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> When starting NiFi for the first time using the managed-authorizer, NiFi will put the Initial Admin Identity in certain Access Policies. However, it only does this for Global Access Policies, and does not add this user to any Component Access Policies, e.g. 'view/modify the component'. 
>  
> This has been frustrating, but as I understand it is unavoidable because the UUID of the root process group has not yet been created (there is no flow.xml.gz) at the time the policies are generated.
>  
> However, I found that if a flow.xml.gz existed without a corresponding authorizations.xml or users.xml, then the startup process would in fact create the Component Access Policies and add the admin user to them.
>  
> Now, with the introduction of flow.json.gz, the root process group has both  "identifier" and "instanceIdentifier" properties. The Component Access Policies created on startup as described above reference the "identifier" UUID, but the UI indicates the "instanceIdentifier" is the proper UUID for the root process group. Therefore, the Component Access Policies are ineffective as they reference an incorrect UUID value.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)