You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Bryan Bende (JIRA)" <ji...@apache.org> on 2016/07/19 13:42:20 UTC

[jira] [Created] (NIFI-2315) Allow ZK ACL to be configurable for clustering z-nodes

Bryan Bende created NIFI-2315:
---------------------------------

             Summary: Allow ZK ACL to be configurable for clustering z-nodes
                 Key: NIFI-2315
                 URL: https://issues.apache.org/jira/browse/NIFI-2315
             Project: Apache NiFi
          Issue Type: Improvement
    Affects Versions: 1.0.0
            Reporter: Bryan Bende
            Assignee: Mark Payne
            Priority: Minor
             Fix For: 1.1.0


In the state-management.xml file we provide a configurable property for the ZK ACL and we said:

"Access Control - Specifies which Access Controls will be applied to the ZooKeeper ZNodes that are created by this State Provider. This value must be set to one of:
                            - Open  : ZNodes will be open to any ZooKeeper client.
                            - CreatorOnly  : ZNodes will be accessible only by the creator. The creator will have full access to create children, read, write, delete, and administer the ZNodes.
                                             This option is available only if access to ZooKeeper is secured via Kerberos or if a Username and Password are set."

We don't have any corresponding ACL property for clustering, we only specify the following in nifi.properties:

nifi.zookeeper.connect.string=${nifi.zookeeper.connect.string}
nifi.zookeeper.connect.timeout=${nifi.zookeeper.connect.timeout}
nifi.zookeeper.session.timeout=${nifi.zookeeper.session.timeout}
nifi.zookeeper.root.node=${nifi.zookeeper.root.node}

We would want to set both the CreatorOnly when securing the connection with Kerberos.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)