nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (NIFI-4255) Add support for providing ACLs for paths in Zookeeper Migration tool
Date Sat, 12 Aug 2017 14:12:00 GMT


ASF GitHub Bot commented on NIFI-4255:

Github user jtstorck commented on a diff in the pull request:
    --- Diff: nifi-toolkit/nifi-toolkit-zookeeper-migrator/src/main/java/org/apache/nifi/toolkit/zkmigrator/
    @@ -269,15 +269,23 @@ private String ensureNodeExists(ZooKeeper zooKeeper, String path,
CreateMode cre
    -    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode destinationAuthMode)
    -        // For the NiFi use case, all nodes will be migrated to CREATOR_ALL_ACL
    +    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode destinationAuthMode,
boolean useExistingACL) {
    +        // If useExistingACL is false, for the NiFi use cases, all nodes will be migrated
             final DataStatAclNode migratedNode = new DataStatAclNode(node.getPath(), node.getData(),
    -                destinationAuthMode.equals(AuthMode.OPEN) ? ZooDefs.Ids.OPEN_ACL_UNSAFE
    +                determineNodeACL(node,destinationAuthMode,useExistingACL),
   "transformed original node {} to {}", node, migratedNode);
             return migratedNode;
    +    private List<ACL> determineNodeACL(DataStatAclNode node, AuthMode destinationAuthMode,
boolean useExistingACL){
    --- End diff --
    Rather than having this method get invoked from transformNode, can you do this as a stage
in the completable future before transformNode is invoked?  I'd like to keep all the method
coordination controlled by the CompletableFuture stages rather than having methods invoke
each other.

> Add support for providing ACLs for paths in Zookeeper Migration tool
> --------------------------------------------------------------------
>                 Key: NIFI-4255
>                 URL:
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.3.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
> Currently in the Zookeeper migration utility there is support for applying acls when
importing zookeeper data (Znodes).  However this support only applies default ACLs values
(either Open or Creator specific), and the value used depends on if security is enabled or
disabled in the destination Zookeeper instance. This may become problematic if the user/identity
used to import zookeeper data does not align with the users/identities that require read/modify
rights on the imported Znodes. This also doesn't provide users flexibility in defining specific
rights or applying additional authorizations on paths.
> Enhancing the existing utility to support providing ACL information would offer users
more flexibility in defining permissions and authentication schemes on znodes. 

This message was sent by Atlassian JIRA

View raw message