ASF GitHub Bot commented on NIFI-4255:

Github user jtstorck commented on a diff in the pull request:

    --- Diff: 
    @@ -269,15 +269,23 @@ private String ensureNodeExists(ZooKeeper zooKeeper, 
String path, CreateMode cre
    -    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode 
destinationAuthMode) {
    -        // For the NiFi use case, all nodes will be migrated to 
    +    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode 
destinationAuthMode, boolean useExistingACL) {
    +        // If useExistingACL is false, for the NiFi use cases, all nodes 
will be migrated to CREATOR_ALL_ACL
             final DataStatAclNode migratedNode = new 
DataStatAclNode(node.getPath(), node.getData(), node.getStat(),
    -                destinationAuthMode.equals(AuthMode.OPEN) ? 
    +                determineNodeACL(node,destinationAuthMode,useExistingACL),
             LOGGER.info("transformed original node {} to {}", node, 
             return migratedNode;
    +    private List<ACL> determineNodeACL(DataStatAclNode node, AuthMode 
destinationAuthMode, boolean useExistingACL){
    --- End diff --
    Rather than having this method get invoked from transformNode, can you do 
this as a stage in the completable future before transformNode is invoked?  I'd 
like to keep all the method coordination controlled by the CompletableFuture 
stages rather than having methods invoke each other.

> Add support for providing ACLs for paths in Zookeeper Migration tool
> --------------------------------------------------------------------
>                 Key: NIFI-4255
>                 URL: https://issues.apache.org/jira/browse/NIFI-4255
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.3.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
> Currently in the Zookeeper migration utility there is support for applying 
> acls when importing zookeeper data (Znodes).  However this support only 
> applies default ACLs values (either Open or Creator specific), and the value 
> used depends on if security is enabled or disabled in the destination 
> Zookeeper instance. This may become problematic if the user/identity used to 
> import zookeeper data does not align with the users/identities that require 
> read/modify rights on the imported Znodes. This also doesn't provide users 
> flexibility in defining specific rights or applying additional authorizations 
> on paths.
> Enhancing the existing utility to support providing ACL information would 
> offer users more flexibility in defining permissions and authentication 
> schemes on znodes. 

This message was sent by Atlassian JIRA

Reply via email to