[jira] [Commented] (NIFI-10228) FlowParser is using incorrect identifier for process group

Wed, 26 Oct 2022 12:02:06 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-10228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17624692#comment-17624692
 ] 

Mark Bean commented on NIFI-10228:
----------------------------------

[~bbende] I submitted a PR for this some time ago. Another user suggested a 
unit test. However [~markap14] an I agree that a unit test is not necessary. 
Would you mind looking at the PR and approving if no concerns. 

[https://github.com/apache/nifi/pull/6217]

 

> FlowParser is using incorrect identifier for process group
> ----------------------------------------------------------
>
>                 Key: NIFI-10228
>                 URL: https://issues.apache.org/jira/browse/NIFI-10228
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.16.3
>            Reporter: Mark Bean
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> When starting NiFi for the first time using the managed-authorizer, NiFi will 
> put the Initial Admin Identity in certain Access Policies. However, it only 
> does this for Global Access Policies, and does not add this user to any 
> Component Access Policies, e.g. 'view/modify the component'. 
>  
> This has been frustrating, but as I understand it is unavoidable because the 
> UUID of the root process group has not yet been created (there is no 
> flow.xml.gz) at the time the policies are generated.
>  
> However, I found that if a flow.xml.gz existed without a corresponding 
> authorizations.xml or users.xml, then the startup process would in fact 
> create the Component Access Policies and add the admin user to them.
>  
> Now, with the introduction of flow.json.gz, the root process group has both  
> "identifier" and "instanceIdentifier" properties. The Component Access 
> Policies created on startup as described above reference the "identifier" 
> UUID, but the UI indicates the "instanceIdentifier" is the proper UUID for 
> the root process group. Therefore, the Component Access Policies are 
> ineffective as they reference an incorrect UUID value.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to