You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Bryan Bende (JIRA)" <ji...@apache.org> on 2016/11/08 19:39:58 UTC

[jira] [Assigned] (NIFI-3001) The authorizers.xml file should be parsed for new users/node identities even if users.xml already exists.

     [ https://issues.apache.org/jira/browse/NIFI-3001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bryan Bende reassigned NIFI-3001:
---------------------------------

    Assignee: Bryan Bende

> The authorizers.xml file should be parsed for new users/node identities even if users.xml already exists.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-3001
>                 URL: https://issues.apache.org/jira/browse/NIFI-3001
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.0.0
>            Reporter: Matthew Clarke
>            Assignee: Bryan Bende
>
> The intent of having an users.xml and authorizations.xml file is so that the users.xml file can be used/copied to multiple systems for reuse. 
> The problem is when standing up a new system/cluster with a pre-populated users.xml file, NiFi does not update it on startup. A new system is very likely to have new node identities defined in the authorizers.xml file that will not exist in the ported users.xml file.
> My thought is that on every startup NiFi should parse the "node identities" from the authorizers.xml file and add them if missing to the users.xml file and grant those added users to the /proxy resource in the authorizations.xml.  This reduces complications users can experience when adding additional nodes to a pre-existing cluster.
> The "Initial admin" and "legacy authorized-users.xml" settings in the authorizers.xml file should only ever be parsed once and only if a authorizations.xml file does not exist.   If the authorizations.xml file does not exist, these users should be added to the existing users.xml file (or create one if does not exist) and granted the initial admin related policy resources in the authorizations.xml file.  By setting it up this way if an "admin" is removed from the UI at some later time a restart of NiFi will not result in that user being added back in to the existing authorizations.xml or users.xml.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)