[ 
https://issues.apache.org/jira/browse/NIFI-12229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pierre Villard updated NIFI-12229:
----------------------------------
    Resolution: Feedback Received
        Status: Resolved  (was: Patch Available)

Apache NiFi 1.x is no longer maintained and no new release is planned on the 
1.x release line. Marking as resolved as part of a cleanup operation. Please 
open a new one with an updated description if this is still relevant for NiFi 
2.x.

> Edits to Registry-Client in NiFi require NiFi service restart to take affect.
> -----------------------------------------------------------------------------
>
>                 Key: NIFI-12229
>                 URL: https://issues.apache.org/jira/browse/NIFI-12229
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.23.1
>            Reporter: Matthew Clarke
>            Assignee: Simon Bence
>            Priority: Major
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Within NiFi --> global menu --> Controller Settings --> Registry Clients 
> there is no option to "disable" and "enable" the added registry clients.  The 
> ability to edit a Registry Client is allowed and there is even a button 
> "Update" a user can click on after making edits.  However, clicking "update" 
> does not apply the changes.  A restart of the NiFi service is required for 
> updates to take affect.
> How to reproduce
> - Create a StandardRestrictedSSLContextService configured with only a 
> truststore
> - Create a second StandardRestrictedSSLContextService configured with both 
> keystore and truststore.
> - Create a Registry Client (NiFiRegistryFlowRegistryClient) and configure 
> https:/<nifi-registry hostname>:<nifi-registry port> and configure to use SSL 
> Context service created with both keystore and truststore
> - From canvas start version control on a process group.
> - Now edit the registry client so that it uses SSL context service with only 
> truststore and click "Update".
> - Return to canvas and edit version controlled PG and commit new version.  
> You'll notice this is still possible because registry client continues to use 
> the SSL Context service that has both keystore and truststore.
> - If you then restart the NiFi service, you'll notice the version controlled 
> PG now exhibit a "?" because it is unable to retrieve version flow 
> information from Registry because it is now loaded with different ssl context 
> service.  NiFi-Registry logs will show "anonymous" access attempts as 
> expected.
> While above allows for easy method to reproduce issue.  The more likely issue 
> will occur when a user obtains new certificates and tries to update an 
> existing SSL Context service or create a new and then tries to use it in the 
> Registry Client.  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to