nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (NIFI-4255) Add support for providing ACLs for paths in Zookeeper Migration tool
Date Mon, 14 Aug 2017 14:45:00 GMT


ASF GitHub Bot commented on NIFI-4255:

Github user YolandaMDavis commented on a diff in the pull request:
    --- Diff: nifi-toolkit/nifi-toolkit-zookeeper-migrator/src/main/java/org/apache/nifi/toolkit/zkmigrator/
    @@ -269,15 +269,23 @@ private String ensureNodeExists(ZooKeeper zooKeeper, String path,
CreateMode cre
    -    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode destinationAuthMode)
    -        // For the NiFi use case, all nodes will be migrated to CREATOR_ALL_ACL
    +    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode destinationAuthMode,
boolean useExistingACL) {
    +        // If useExistingACL is false, for the NiFi use cases, all nodes will be migrated
             final DataStatAclNode migratedNode = new DataStatAclNode(node.getPath(), node.getData(),
    -                destinationAuthMode.equals(AuthMode.OPEN) ? ZooDefs.Ids.OPEN_ACL_UNSAFE
    +                determineNodeACL(node,destinationAuthMode,useExistingACL),
   "transformed original node {} to {}", node, migratedNode);
             return migratedNode;
    +    private List<ACL> determineNodeACL(DataStatAclNode node, AuthMode destinationAuthMode,
boolean useExistingACL){
    --- End diff --
    @jtstorck Rather than have a separate stage I ended up combining this with the previous
method.  Didn't really see the value of me having it separated out in the first place . 

> Add support for providing ACLs for paths in Zookeeper Migration tool
> --------------------------------------------------------------------
>                 Key: NIFI-4255
>                 URL:
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.3.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
> Currently in the Zookeeper migration utility there is support for applying acls when
importing zookeeper data (Znodes).  However this support only applies default ACLs values
(either Open or Creator specific), and the value used depends on if security is enabled or
disabled in the destination Zookeeper instance. This may become problematic if the user/identity
used to import zookeeper data does not align with the users/identities that require read/modify
rights on the imported Znodes. This also doesn't provide users flexibility in defining specific
rights or applying additional authorizations on paths.
> Enhancing the existing utility to support providing ACL information would offer users
more flexibility in defining permissions and authentication schemes on znodes. 

This message was sent by Atlassian JIRA

View raw message