You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/03/02 17:32:00 UTC

[jira] [Commented] (NIFI-9679) Add Permissions for Accessing Environment Credentials

    [ https://issues.apache.org/jira/browse/NIFI-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500302#comment-17500302 ] 

ASF subversion and git services commented on NIFI-9679:
-------------------------------------------------------

Commit fee7c16732983d1b7f185e23e63105d250bb87ae in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=fee7c16 ]

NIFI-9679 Added access-environment-credentials permission

- Applied new permission restrictions to AWSCredentialsProviderControllerService and GCPCredentialsControllerService

Signed-off-by: Joe Gresock <jg...@gmail.com>

This closes #5796.


> Add Permissions for Accessing Environment Credentials
> -----------------------------------------------------
>
>                 Key: NIFI-9679
>                 URL: https://issues.apache.org/jira/browse/NIFI-9679
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Multiple extension components support authenticated access to various service providers using a variety of authentication strategies. Supporting libraries often provide fallback strategies that can read credentials from system properties, environment variables, or default file locations.
> In some deployments, the fallback credentials may provide greater access to resources than would otherwise be supported through direct component configuration. Although a component may not be configured with explicit credentials, the component can access external service resources using fallback capabilities. In deployments with restricted access policies, the hosting server should be able to access these resources, but NiFi access should be limited.
> Introducing a new Required Permission and annotating applicable components will support fine-grained control over NiFi component access. Applicable components include processors supporting access to Amazon Web Services, Google Cloud Platform, and Microsoft Azure.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)