David Handermann created NIFI-9679:
--------------------------------------
Summary: Add Permissions for Accessing Environment Credentials
Key: NIFI-9679
URL: https://issues.apache.org/jira/browse/NIFI-9679
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Extensions
Reporter: David Handermann
Assignee: David Handermann
Multiple extension components support authenticated access to various service
providers using a variety of authentication strategies. Supporting libraries
often provide fallback strategies that can read credentials from system
properties, environment variables, or default file locations.
In some deployments, the fallback credentials may provide greater access to
resources than would otherwise be supported through direct component
configuration. Although a component may not be configured with explicit
credentials, the component can access external service resources using fallback
capabilities. In deployments with restricted access policies, the hosting
server should be able to access these resources, but NiFi access should be
limited.
Introducing a new Required Permission and annotating applicable components will
support fine-grained control over NiFi component access. Applicable components
include processors supporting access to Amazon Web Services, Google Cloud
Platform, and Microsoft Azure.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
