nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (NIFI-4255) Add support for providing ACLs for paths in Zookeeper Migration tool
Date Wed, 23 Aug 2017 19:35:00 GMT


ASF GitHub Bot commented on NIFI-4255:

Github user jtstorck commented on the issue:
    +1 LGTM
    Made a few minor formatting changes, and moved the spock spec from src/test/java to src/test/groovy.
    To test this, I ran a KDC and ZK server in a docker container with two principals.  I
created a node using principal1 that was sasl-secured via principal1, and used the zk migrator
to export it to a json file.  Then, I manually modified the json file to change the ACL on
the node I created to set the owner to principal2.  I then used the zk migrator to send the
updated json to ZK, using the --ignore-source and --use-existing-acl options.  After attempting
to access the node as principal1 (which failed as expected), I was able to access the node
as princopal2 (as expected).

> Add support for providing ACLs for paths in Zookeeper Migration tool
> --------------------------------------------------------------------
>                 Key: NIFI-4255
>                 URL:
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.3.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
> Currently in the Zookeeper migration utility there is support for applying acls when
importing zookeeper data (Znodes).  However this support only applies default ACLs values
(either Open or Creator specific), and the value used depends on if security is enabled or
disabled in the destination Zookeeper instance. This may become problematic if the user/identity
used to import zookeeper data does not align with the users/identities that require read/modify
rights on the imported Znodes. This also doesn't provide users flexibility in defining specific
rights or applying additional authorizations on paths.
> Enhancing the existing utility to support providing ACL information would offer users
more flexibility in defining permissions and authentication schemes on znodes. 

This message was sent by Atlassian JIRA

View raw message