You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Nissim Shiman (Jira)" <ji...@apache.org> on 2023/05/19 17:16:00 UTC
[jira] [Updated] (NIFI-11109) flow.json/xml modified when using registry client while missing nifi-flow-registry-client-nar
[ https://issues.apache.org/jira/browse/NIFI-11109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nissim Shiman updated NIFI-11109:
---------------------------------
Description:
If nifi is set to use a registry client and nifi-flow-registry-client-nar is removed from lib, the next nifi restart will result in the registry's class name (in flow.xml.gz/flow.json.gz) to be modified from org.apache.nifi.registry.flow.NifiRegistryFlowRegistryClient
to
NifiRegistryFlowRegistryClient.
The url property will also be encrypted.
When the nifi-flow-registry-client-nar is returned to lib, and nifi is restarted, these changes remain and registry is unreachable using this registry client.
-Also, if the nar removed was nifi-standard-services-api-nar, then besides the above behavior, processors under version control via this registry client may also have their dynamic properties encrypted. These properties remain encrypted even after nifi-standard-services-api-nar is returned to lib and nifi is restarted.-
-This is seen with a dynamic property added to GenerateFlowFile (when GenericFlowFile is part of a PG under registry version control).-
-These are edge cases as admins should be very careful about removing nars from lib, but it would be good if protections were added to protect flow.xml/json from modifications in these situations.-
was:
If nifi is set to use a registry client and nifi-flow-registry-client-nar is removed from lib, the next nifi restart will result in the registry's class name (in flow.xml.gz/flow.json.gz) to be modified from org.apache.nifi.registry.flow.NifiRegistryFlowRegistryClient
to
NifiRegistryFlowRegistryClient.
The url property will also be encrypted.
When the nifi-flow-registry-client-nar is returned to lib, and nifi is restarted, these changes remain and registry is unreachable using this registry client.
Also, if the nar removed was nifi-standard-services-api-nar, then besides the above behavior, processors under version control via this registry client may also have their dynamic properties encrypted. These properties remain encrypted even after nifi-standard-services-api-nar is returned to lib and nifi is restarted.
This is seen with a dynamic property added to GenerateFlowFile (when GenericFlowFile is part of a PG under registry version control).
These are edge cases as admins should be very careful about removing nars from lib, but it would be good if protections were added to protect flow.xml/json from modifications in these situations.
> flow.json/xml modified when using registry client while missing nifi-flow-registry-client-nar
> ---------------------------------------------------------------------------------------------
>
> Key: NIFI-11109
> URL: https://issues.apache.org/jira/browse/NIFI-11109
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.19.1
> Reporter: Nissim Shiman
> Assignee: Nissim Shiman
> Priority: Major
>
> If nifi is set to use a registry client and nifi-flow-registry-client-nar is removed from lib, the next nifi restart will result in the registry's class name (in flow.xml.gz/flow.json.gz) to be modified from org.apache.nifi.registry.flow.NifiRegistryFlowRegistryClient
> to
> NifiRegistryFlowRegistryClient.
> The url property will also be encrypted.
> When the nifi-flow-registry-client-nar is returned to lib, and nifi is restarted, these changes remain and registry is unreachable using this registry client.
> -Also, if the nar removed was nifi-standard-services-api-nar, then besides the above behavior, processors under version control via this registry client may also have their dynamic properties encrypted. These properties remain encrypted even after nifi-standard-services-api-nar is returned to lib and nifi is restarted.-
> -This is seen with a dynamic property added to GenerateFlowFile (when GenericFlowFile is part of a PG under registry version control).-
> -These are edge cases as admins should be very careful about removing nars from lib, but it would be good if protections were added to protect flow.xml/json from modifications in these situations.-
--
This message was sent by Atlassian Jira
(v8.20.10#820010)