GitHub user YolandaMDavis opened a pull request:
https://github.com/apache/nifi/pull/2046
NIFI-4022 - Enabled SASL auth scheme/ACL support for Curator use
Enhancement allows user to enable SASL based ACL's for nodes created via
Curator for cluster management (e.g. leader election nodes, Cluster
Coordinator/Primary Nodes).
For testing would recommend the following actions:
1) Follow the updated administrator guide (included in PR as a separate
commit) for enabling kerberos on Zookeeper (external or embedded) and NiFi
2)Testing with nifi nodes where principals vary across servers. For
example nifi/[email protected] vs nifi/[email protected]. In this case the
kerberos.removeHostFromPrincipal would need to be true (in both
zookeeper.properties and nifi.properties) to ensure that the user will be
normalized as [email protected] for acls.
3) Ensuring leader election scenarios work as expected with acls in place
on the /nifi path (acl should be 'sasl', <user> cdrwa and 'world', anyone r).
Recommended scenario is removal of Cluster Coordinator from a cluster to ensure
new coordinator is elected.
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number
you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically master)?
- [ ] Is your initial contribution a single, squashed commit?
### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn
-Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to
.name (programmatic access) for each of the new properties?
### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in
which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/YolandaMDavis/nifi NIFI-4022
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2046.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2046
----
commit 9e43229ed409527ffe3bab0b3bdb7584e64ce98e
Author: Yolanda M. Davis <[email protected]>
Date: 2017-07-31T17:27:48Z
NIFI-4022 - Initial update for SASL support for cluster management in
Zookeeper
commit 588a5ca995c46f94e893b249a787be7c8104e060
Author: Yolanda M. Davis <[email protected]>
Date: 2017-08-01T18:31:15Z
NIFI-4022 - adding sasl documentation update and update to test
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
