[
https://issues.apache.org/jira/browse/NIFI-11109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nissim Shiman updated NIFI-11109:
---------------------------------
Description:
If nifi is set to use a registry client and nifi-flow-registry-client-nar is
removed from lib, the next nifi restart will result in the registry's class
name (in flow.xml.gz/flow.json.gz) to be modified from
org.apache.nifi.registry.flow.NifiRegistryFlowRegistryClient
to
NifiRegistryFlowRegistryClient.
The url property will also be encrypted.
When the nifi-flow-registry-client-nar is returned to lib, and nifi is
restarted, these changes remain and registry is unreachable using this registry
client.
-Also, if the nar removed was nifi-standard-services-api-nar, then besides the
above behavior, processors under version control via this registry client may
also have their dynamic properties encrypted. These properties remain encrypted
even after nifi-standard-services-api-nar is returned to lib and nifi is
restarted.-
-This is seen with a dynamic property added to GenerateFlowFile (when
GenericFlowFile is part of a PG under registry version control).-
-These are edge cases as admins should be very careful about removing nars from
lib, but it would be good if protections were added to protect flow.xml/json
from modifications in these situations.-
was:
If nifi is set to use a registry client and nifi-flow-registry-client-nar is
removed from lib, the next nifi restart will result in the registry's class
name (in flow.xml.gz/flow.json.gz) to be modified from
org.apache.nifi.registry.flow.NifiRegistryFlowRegistryClient
to
NifiRegistryFlowRegistryClient.
The url property will also be encrypted.
When the nifi-flow-registry-client-nar is returned to lib, and nifi is
restarted, these changes remain and registry is unreachable using this registry
client.
Also, if the nar removed was nifi-standard-services-api-nar, then besides the
above behavior, processors under version control via this registry client may
also have their dynamic properties encrypted. These properties remain
encrypted even after nifi-standard-services-api-nar is returned to lib and nifi
is restarted.
This is seen with a dynamic property added to GenerateFlowFile (when
GenericFlowFile is part of a PG under registry version control).
These are edge cases as admins should be very careful about removing nars from
lib, but it would be good if protections were added to protect flow.xml/json
from modifications in these situations.
> flow.json/xml modified when using registry client while missing
> nifi-flow-registry-client-nar
> ---------------------------------------------------------------------------------------------
>
> Key: NIFI-11109
> URL: https://issues.apache.org/jira/browse/NIFI-11109
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.19.1
> Reporter: Nissim Shiman
> Assignee: Nissim Shiman
> Priority: Major
>
> If nifi is set to use a registry client and nifi-flow-registry-client-nar is
> removed from lib, the next nifi restart will result in the registry's class
> name (in flow.xml.gz/flow.json.gz) to be modified from
> org.apache.nifi.registry.flow.NifiRegistryFlowRegistryClient
> to
> NifiRegistryFlowRegistryClient.
> The url property will also be encrypted.
> When the nifi-flow-registry-client-nar is returned to lib, and nifi is
> restarted, these changes remain and registry is unreachable using this
> registry client.
> -Also, if the nar removed was nifi-standard-services-api-nar, then besides
> the above behavior, processors under version control via this registry client
> may also have their dynamic properties encrypted. These properties remain
> encrypted even after nifi-standard-services-api-nar is returned to lib and
> nifi is restarted.-
> -This is seen with a dynamic property added to GenerateFlowFile (when
> GenericFlowFile is part of a PG under registry version control).-
> -These are edge cases as admins should be very careful about removing nars
> from lib, but it would be good if protections were added to protect
> flow.xml/json from modifications in these situations.-
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
