nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Hernandez <daniel.hernan...@civitaslearning.com>
Subject Policies for root Process Group.
Date Mon, 26 Feb 2018 16:35:58 GMT
Hi,

I am currently working on calling the Nifi REST API to get the 'root'
process group and setting it as parent for a new process-group.

However I am getting the next messages:

Attempting GET request to: JerseyWebTarget {
https://127.0.0.1:8443/nifi-api/process-groups/root }
2018-02-26 11:06:55.341 DEBUG ???? --- [           main]
c.c.p.n.c.i.b.BootApiClient              :
2018-02-26 11:06:55.341 DEBUG ???? --- [           main]
c.c.p.n.c.i.b.BootApiClient              : Received 403 response from GET
to JerseyWebTarget { https://127.0.0.1:8443/nifi-api/process-groups/root }

com.civitaslearning.platform.nifi.client.invoker.boot.exception.NifiForbiddenException:
No applicable policies could be found. Contact the system administrator.

This is the content of my authorizations.xml file:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<authorizations>

    <policies>

        <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f"
resource="/flow" action="R">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515"
resource="/restricted-components" action="W">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7"
resource="/tenants" action="R">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5"
resource="/tenants" action="W">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212"
resource="/policies" action="R">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d"
resource="/policies" action="W">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03"
resource="/controller" action="R">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf"
resource="/controller" action="W">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="d2f2019f-0161-1000-201a-94a51ee94006"
resource="/process-groups/root" action="R">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

        <policy identifier="d2f20292-0161-1000-e8d2-a8f874682f68"
resource="/process-groups/root" action="W">

            <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>

        </policy>

    </policies>

</authorizations>

And this is the content of authorizations.xml

<authorizers>

<accessPolicyProvider>

        <identifier>file-access-policy-provider</identifier>


<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>

        <property name="User Group
Provider">file-user-group-provider</property>

        <property name="Authorizations
File">./conf/authorizations.xml</property>

        <property name="Initial Admin Identity">CN=civitas,
OU=ApacheNifi</property>

        <property name="Legacy Authorized Users File"></property>


        <property name="Node Identity 1"></property>

    </accessPolicyProvider>

<authorizer>

        <identifier>managed-authorizer</identifier>


<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>

        <property name="Access Policy
Provider">file-access-policy-provider</property>

    </authorizer>

</authorizers>


And users.xml


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<tenants>

    <groups/>

    <users>

        <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"
identity="CN=civitas, OU=ApacheNifi"/>

    </users>

</tenants>

I already create a policy using the same user cert so I guess the DN is
valid.
Am I defining the policy or making the call in a wrong way?

Thanks in advance,

Daniel Hernandez

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message