nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Hernandez <daniel.hernan...@civitaslearning.com>
Subject Re: Policies for root Process Group.
Date Mon, 26 Feb 2018 20:26:31 GMT
Hi Matt,

Thanks for your answer.

Do you know if there is a way to preconfigure this value when running
Nifi's Docker image? I am making the calls from an integration test that
runs a docker container with the Nifi server. I already check and the value
under <rootGroup><id> in the flow.xml.gz file changes everytime I deploy
the container, I guess it is created at startup.  Is it possible that I can
change my docker image to get a fix root group value?

Thanks,

Daniel

On Mon, Feb 26, 2018 at 11:35 AM, Daniel Hernandez <
daniel.hernandez@civitaslearning.com> wrote:

> Hi,
>
> I am currently working on calling the Nifi REST API to get the 'root'
> process group and setting it as parent for a new process-group.
>
> However I am getting the next messages:
>
> Attempting GET request to: JerseyWebTarget { https://127.0.0.1:8443/nifi-
> api/process-groups/root }
> 2018-02-26 11:06:55.341 DEBUG ???? --- [           main]
> c.c.p.n.c.i.b.BootApiClient              :
> 2018-02-26 11:06:55.341 DEBUG ???? --- [           main]
> c.c.p.n.c.i.b.BootApiClient              : Received 403 response from GET
> to JerseyWebTarget { https://127.0.0.1:8443/nifi-api/process-groups/root }
>
> com.civitaslearning.platform.nifi.client.invoker.boot.exception.NifiForbiddenException:
> No applicable policies could be found. Contact the system administrator.
>
> This is the content of my authorizations.xml file:
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>
> <authorizations>
>
>     <policies>
>
>         <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f"
> resource="/flow" action="R">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515"
> resource="/restricted-components" action="W">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7"
> resource="/tenants" action="R">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5"
> resource="/tenants" action="W">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212"
> resource="/policies" action="R">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d"
> resource="/policies" action="W">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03"
> resource="/controller" action="R">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf"
> resource="/controller" action="W">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="d2f2019f-0161-1000-201a-94a51ee94006"
> resource="/process-groups/root" action="R">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>         <policy identifier="d2f20292-0161-1000-e8d2-a8f874682f68"
> resource="/process-groups/root" action="W">
>
>             <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>
>         </policy>
>
>     </policies>
>
> </authorizations>
>
> And this is the content of authorizations.xml
>
> <authorizers>
>
> <accessPolicyProvider>
>
>         <identifier>file-access-policy-provider</identifier>
>
>         <class>org.apache.nifi.authorization.FileAccessPolicyProvider</
> class>
>
>         <property name="User Group Provider">file-user-group-
> provider</property>
>
>         <property name="Authorizations File">./conf/authorizations.
> xml</property>
>
>         <property name="Initial Admin Identity">CN=civitas,
> OU=ApacheNifi</property>
>
>         <property name="Legacy Authorized Users File"></property>
>
>
>         <property name="Node Identity 1"></property>
>
>     </accessPolicyProvider>
>
> <authorizer>
>
>         <identifier>managed-authorizer</identifier>
>
>         <class>org.apache.nifi.authorization.StandardManagedAuthorizer</
> class>
>
>         <property name="Access Policy Provider">file-access-policy-
> provider</property>
>
>     </authorizer>
>
> </authorizers>
>
>
> And users.xml
>
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>
> <tenants>
>
>     <groups/>
>
>     <users>
>
>         <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"
> identity="CN=civitas, OU=ApacheNifi"/>
>
>     </users>
>
> </tenants>
>
> I already create a policy using the same user cert so I guess the DN is
> valid.
> Am I defining the policy or making the call in a wrong way?
>
> Thanks in advance,
>
> Daniel Hernandez
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message