Mark, I think you have a couple options. First, just to provide a little more detail for the basics of NiFi clustering with regards to users/groups/policies. If you want to support _configurable_ users/groups/policies in NiFi UI then consistency is required. For instance, if an admin wants to update a user/group/policies then all nodes must have that same user/group/policies. This consistency is enforced when a node joins a cluster by invoking inheritFingerprint(...). This is essentially the same for all components in the dataflow as well.
Option 1 - Externalize user/group/policy management (which sounds like what you're trying background thread). From a NiFi perspective, you can still have users/groups/policies in the NiFi UI but they will not be editable. When merging node responses to return to the UI only an intersection is returned. Additionally, access decisions are performed considering the responses of all nodes (via a two phase commit). Option 2 - Leave user/group/policy management in NiFi. However, use the results of your background thread only within authorize(...) calls in your Authorizer. These results are supplemental to the policies that are managed in NiFi. In this scenario, the users/groups/policies remain consistent and access decisions are accurate even if one of the nodes receives an update in your background thread before the others. Matt On Tue, Aug 29, 2017 at 8:08 AM, Mark Bean <mark.o.b...@gmail.com> wrote: > Is there a way to get access to Cluster configuration state? Specifically, > can a Node determine which Node - or simply "itself" - is the Cluster > Coordinator or the Primary Node? > > Use case: I have a custom authorizer which includes a background thread to > re-authorize users and policies in case a user's credentials have changed. > This thread can potentially change authorizations.xml and users.xml files > which are kept in sync with ZooKeeper. I do not want each Node to execute > the process making the same changes. It would be desirable to execute this > process on only one Node (Coordinator or Primary) and let ZooKeeper > coordinate the changes across the Cluster. > > Thanks, > Mark >
