Joe, I would like to see this review closed out before a 1.16 RC if possible: https://github.com/apache/nifi/pull/4646 I think it's mainly waiting on someone to verify that all of the changes have been made.
Thanks, Mike On Wed, Mar 9, 2022 at 10:54 AM Joe Witt <joe.w...@gmail.com> wrote: > > Mark > > The single user authorizer and default setup install is just to avoid > having wide open systems by default. So if you want to make changes to > security settings and do it right you dont' use that mode. Happy to have > improvements within that scope of intent but does not sound like anything > we'd wait for. When it lands it lands. > > Thanks > > On Wed, Mar 9, 2022 at 8:49 AM Mark Bean <mark.o.b...@gmail.com> wrote: > > > Joe, > > > > I just discovered an issue yesterday that might need attention first. I > > haven't investigated fully yet nor created a ticket because I don't yet > > fully understand it. However, it appears as though the > > single-user-authorizer may not be behaving as intended. When I updated > > nifi.properties to swap the self-signed, auto-generated keystore and > > truststore with "real" ones, single-user became _every_ user. My suspicion > > is that any user whose browser presents a cert that was signed by a CA in > > the truststore is allowed in - without even prompting for > > username/password. > > > > It may be considered a configuration error to allow this to happen. Still, > > this seems like extremely dangerous behavior. > > > > -Mark > > > > > > On Wed, Mar 9, 2022 at 10:42 AM Joe Witt <joe.w...@gmail.com> wrote: > > > > > Team > > > > > > We appear to be at a good point to start pulling together the release > > > candidate for 1.16. > > > > > > https://issues.apache.org/jira/projects/NIFI/versions/12350741 > > > > > > I'm basically waiting for > > https://issues.apache.org/jira/browse/NIFI-9761 > > > to land then will start pulling together the release. > > > > > > Thanks > > > > > > On Mon, Feb 14, 2022 at 11:18 AM Joe Witt <joe.w...@gmail.com> wrote: > > > > > > > Eduardo > > > > > > > > Getting reviewers on the UI/rest/front-end are among the toughest as > > > > there just aren't as many of those folks. > > > > > > > > The reply from Pierre was probably most telling. It looks fine but > > > > many of us would pause to merge without knowing precisely what the > > > > implications are. What happens on a taxed system with many > > > > CSs...I''ll comment on the PR. > > > > > > > > Thanks > > > > Joe > > > > > > > > On Mon, Feb 14, 2022 at 11:13 AM Eduardo Fontes > > > > <eduardo.fon...@gmail.com> wrote: > > > > > > > > > > Hi All, > > > > > > > > > > Is it possible to include > > > > https://issues.apache.org/jira/browse/NIFI-8927 > > > > > in release 1.16? > > > > > I've been asking for a review > > https://github.com/apache/nifi/pull/5247 > > > > > since AUG/2021 and I don't understand why nobody did it. It's a > > simple > > > > and > > > > > useful UI feature. > > > > > > > > > > Peace out. > > > > > Eduardo Fontes > > > > > > > > >
