[
https://issues.apache.org/jira/browse/NIFI-14163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard resolved NIFI-14163.
-----------------------------------
Fix Version/s: 2.2.0
Resolution: Fixed
> Enhance GCPCredentialsControllerService to support domain-wide delegation
> -------------------------------------------------------------------------
>
> Key: NIFI-14163
> URL: https://issues.apache.org/jira/browse/NIFI-14163
> Project: Apache NiFi
> Issue Type: Task
> Components: Extensions
> Reporter: Bob Paulin
> Priority: Major
> Fix For: 2.2.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Google Service Accounts can be configured to support Domain-wide Delegation
> by a Service Account. When this is configured in the Google Admin Console
> (see
> https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority)
> a service account may impersonate a specific user account (the delegate).
> For example assume you are using an existing Apache NiFi processors such as
> ListGoogleDrive. Using a service account the service account email must be
> added to the drive for that drive to be visible to the processor. If
> Domain-wide delegation configured and an existing user that already has
> access to the drive is specified as the delegate; then the processor will
> list all drives available to that user using the service account credential
> as if the call were made directly from the delegated user account.
>
> This task is to enhance the existing GCPCredentialsControllerService to allow
> a flow designer to select a Delegation Strategy of Delegated Account which
> would then require the user to add an account to impersonate. The Controller
> service will continue default to the current behavior which is to use the
> Service Account's identity.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
