Daniel, What is your timeframe for needing this working? I ask because the contributors to NiPyApi are very close to a release which will provide by secured environment support, and wrappers to set this kind of policy via a Python Client SDK for NiFi. https://github.com/Chaffelson/nipyapi/tree/pr/43 is the branch this code is currently sitting on, I would draw your attention to the nipyapi.demo.secured_connection.py script which creates a secured Docker instance, and then we are putting access/policy tools into nipyapi.security.py, but you can also use the API commands directly via nipyapi.nifi.*, such as nipyapi.nifi.PolicyApi(). You can also get the root flow with: nipyapi.nifi.FlowApi().get_flow('root') as another example.
If you have specific requirements in this area please feel free to raise an issue on the repo and we'll see if we can assist you. Thanks, Dan. On Tue, Feb 27, 2018 at 2:46 PM Bryan Bende <[email protected]> wrote: > Making a call to "/process-groups/root" should retrieve the root > process group which should then have an id element. > > > On Mon, Feb 26, 2018 at 5:20 PM, Daniel Hernandez > <[email protected]> wrote: > > Thanks Matt, > > > > I get now what is the problem, in order to exhaust all my possibilities I > > may ask, is there a way using the API to get the root UUID from the > > flow.xml.gz file? Because I see the file there after running the tests. > > > > Thanks, > > > > > > On Mon, Feb 26, 2018 at 3:26 PM, Daniel Hernandez < > > [email protected]> wrote: > > > >> Hi Matt, > >> > >> Thanks for your answer. > >> > >> Do you know if there is a way to preconfigure this value when running > >> Nifi's Docker image? I am making the calls from an integration test that > >> runs a docker container with the Nifi server. I already check and the > value > >> under <rootGroup><id> in the flow.xml.gz file changes everytime I deploy > >> the container, I guess it is created at startup. Is it possible that I > can > >> change my docker image to get a fix root group value? > >> > >> Thanks, > >> > >> Daniel > >> > >> On Mon, Feb 26, 2018 at 11:35 AM, Daniel Hernandez <daniel.hernandez@ > >> civitaslearning.com> wrote: > >> > >>> Hi, > >>> > >>> I am currently working on calling the Nifi REST API to get the 'root' > >>> process group and setting it as parent for a new process-group. > >>> > >>> However I am getting the next messages: > >>> > >>> Attempting GET request to: JerseyWebTarget { > >>> https://127.0.0.1:8443/nifi-api/process-groups/root } > >>> 2018-02-26 11:06:55.341 DEBUG ???? --- [ main] > >>> c.c.p.n.c.i.b.BootApiClient : > >>> 2018-02-26 11:06:55.341 DEBUG ???? --- [ main] > >>> c.c.p.n.c.i.b.BootApiClient : Received 403 response from > GET > >>> to JerseyWebTarget { > https://127.0.0.1:8443/nifi-api/process-groups/root > >>> } > >>> > >>> > com.civitaslearning.platform.nifi.client.invoker.boot.exception.NifiForbiddenException: > >>> No applicable policies could be found. Contact the system > administrator. > >>> > >>> This is the content of my authorizations.xml file: > >>> > >>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > >>> > >>> <authorizations> > >>> > >>> <policies> > >>> > >>> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" > >>> resource="/flow" action="R"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" > >>> resource="/restricted-components" action="W"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" > >>> resource="/tenants" action="R"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" > >>> resource="/tenants" action="W"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" > >>> resource="/policies" action="R"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" > >>> resource="/policies" action="W"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" > >>> resource="/controller" action="R"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" > >>> resource="/controller" action="W"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="d2f2019f-0161-1000-201a-94a51ee94006" > >>> resource="/process-groups/root" action="R"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> <policy identifier="d2f20292-0161-1000-e8d2-a8f874682f68" > >>> resource="/process-groups/root" action="W"> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/> > >>> > >>> </policy> > >>> > >>> </policies> > >>> > >>> </authorizations> > >>> > >>> And this is the content of authorizations.xml > >>> > >>> <authorizers> > >>> > >>> <accessPolicyProvider> > >>> > >>> <identifier>file-access-policy-provider</identifier> > >>> > >>> <class>org.apache.nifi.authorization.FileAccessPolicyProvide > >>> r</class> > >>> > >>> <property name="User Group Provider">file-user-group-prov > >>> ider</property> > >>> > >>> <property name="Authorizations File">./conf/authorizations.xm > >>> l</property> > >>> > >>> <property name="Initial Admin Identity">CN=civitas, > >>> OU=ApacheNifi</property> > >>> > >>> <property name="Legacy Authorized Users File"></property> > >>> > >>> > >>> <property name="Node Identity 1"></property> > >>> > >>> </accessPolicyProvider> > >>> > >>> <authorizer> > >>> > >>> <identifier>managed-authorizer</identifier> > >>> > >>> <class>org.apache.nifi.authorization.StandardManagedAuthoriz > >>> er</class> > >>> > >>> <property name="Access Policy Provider">file-access-policy-p > >>> rovider</property> > >>> > >>> </authorizer> > >>> > >>> </authorizers> > >>> > >>> > >>> And users.xml > >>> > >>> > >>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > >>> > >>> <tenants> > >>> > >>> <groups/> > >>> > >>> <users> > >>> > >>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51" > >>> identity="CN=civitas, OU=ApacheNifi"/> > >>> > >>> </users> > >>> > >>> </tenants> > >>> > >>> I already create a policy using the same user cert so I guess the DN is > >>> valid. > >>> Am I defining the policy or making the call in a wrong way? > >>> > >>> Thanks in advance, > >>> > >>> Daniel Hernandez > >>> > >>> > >>> > >> >
