You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/01/05 18:23:00 UTC
[jira] [Commented] (NIFI-4740) Composite UserGroupProviders don't
consider all providers when looking up users and groups
[ https://issues.apache.org/jira/browse/NIFI-4740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16313597#comment-16313597 ]
ASF GitHub Bot commented on NIFI-4740:
--------------------------------------
GitHub user kevdoran opened a pull request:
https://github.com/apache/nifi/pull/2378
NIFI-4740 Fix User Group Data Integrity Checks
Removes user existence check from FileUserGroupProvider when
group is created or updated. Replaces it with check in the
Authorizer Decorator class created by Authorizer Factory, so
that all providers are used.
Also fixes bug when searching for group membership by user
that returns results across all providers.
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [ ] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [ ] Has your PR been rebased against the latest commit within the target branch (typically master)?
- [ ] Is your initial contribution a single, squashed commit?
### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/kevdoran/nifi NIFI-4740
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2378.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2378
----
commit ec9cf7d33a7f0fcdac7e9c32759119f7660dcc82
Author: Kevin Doran <kd...@...>
Date: 2018-01-05T17:29:24Z
NIFI-4740 Fix User Group Data Integrity Checks
Removes user existence check from FileUserGroupProvider when
group is created or updated. Replaces it with check in the
Authorizer Decorator class created by Authorizer Factory, so
that all providers are used.
Also fixes bug when searching for group membership by user
that returns results across all providers.
----
> Composite UserGroupProviders don't consider all providers when looking up users and groups
> ------------------------------------------------------------------------------------------
>
> Key: NIFI-4740
> URL: https://issues.apache.org/jira/browse/NIFI-4740
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Extensions
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> In FileUserGroupProvider, when a new group is created, all the users in the group are checked to ensure they are known to the FileUserGroupProvider prior to creating the group.
> This check should be removed, and an integrity check should be placed in the entity managing all user group providers (eg, CompositeUserGroupProvider and CompositeConfigurableUserGroupProvider).
> Also, when loading a user identity, all UserGroupProviders should be considered for finding groups the user to which the user belongs.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)