[jira] [Created] (NIFI-12229) Edits to Registry-Client in NiFi require NiFi service restart to take affect.

Fri, 13 Oct 2023 09:32:05 -0700 

Matthew Clarke created NIFI-12229:
-------------------------------------

             Summary: Edits to Registry-Client in NiFi require NiFi service 
restart to take affect.
                 Key: NIFI-12229
                 URL: https://issues.apache.org/jira/browse/NIFI-12229
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework
    Affects Versions: 1.23.1
            Reporter: Matthew Clarke


Within NiFi --> global menu --> Controller Settings --> Registry Clients there 
is no option to "disable" and "enable" the added registry clients.  The ability 
to edit a Registry Client is allowed and there is even a button "Update" a user 
can click on after making edits.  However, clicking "update" does not apply the 
changes.  A restart of the NiFi service is required for updates to take affect.

How to reproduce
- Create a StandardRestrictedSSLContextService configured with only a truststore
- Create a second StandardRestrictedSSLContextService configured with both 
keystore and truststore.
- Create a Registry Client (NiFiRegistryFlowRegistryClient) and configure 
https:/<nifi-registry hostname>:<nifi-registry port> and configure to use SSL 
Context service created with both keystore and truststore
- From canvas start version control on a process group.
- Now edit the registry client so that it uses SSL context service with only 
truststore and click "Update".
- Return to canvas and edit version controlled PG and commit new version.  
You'll notice this is still possible because registry client continues to use 
the SSL Context service that has both keystore and truststore.
- If you then restart the NiFi service, you'll notice the version controlled PG 
now exhibit a "?" because it is unable to retrieve version flow information 
from Registry because it is now loaded with different ssl context service.  
NiFi-Registry logs will show "anonymous" access attempts as expected.

While above allows for easy method to reproduce issue.  The more likely issue 
will occur when a user obtains new certificates and tries to update an existing 
SSL Context service or create a new and then tries to use it in the Registry 
Client.  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to