[ 
https://issues.apache.org/jira/browse/NIFI-4255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124582#comment-16124582
 ] 

ASF GitHub Bot commented on NIFI-4255:
--------------------------------------

Github user jtstorck commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2065#discussion_r132818810
  
    --- Diff: 
nifi-toolkit/nifi-toolkit-zookeeper-migrator/src/main/java/org/apache/nifi/toolkit/zkmigrator/ZooKeeperMigrator.java
 ---
    @@ -269,15 +269,23 @@ private String ensureNodeExists(ZooKeeper zooKeeper, 
String path, CreateMode cre
             }
         }
     
    -    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode 
destinationAuthMode) {
    -        // For the NiFi use case, all nodes will be migrated to 
CREATOR_ALL_ACL
    +    private DataStatAclNode transformNode(DataStatAclNode node, AuthMode 
destinationAuthMode, boolean useExistingACL) {
    +        // If useExistingACL is false, for the NiFi use cases, all nodes 
will be migrated to CREATOR_ALL_ACL
             final DataStatAclNode migratedNode = new 
DataStatAclNode(node.getPath(), node.getData(), node.getStat(),
    -                destinationAuthMode.equals(AuthMode.OPEN) ? 
ZooDefs.Ids.OPEN_ACL_UNSAFE : ZooDefs.Ids.CREATOR_ALL_ACL,
    +                determineNodeACL(node,destinationAuthMode,useExistingACL),
                     node.getEphemeralOwner());
             LOGGER.info("transformed original node {} to {}", node, 
migratedNode);
             return migratedNode;
         }
     
    +    private List<ACL> determineNodeACL(DataStatAclNode node, AuthMode 
destinationAuthMode, boolean useExistingACL){
    --- End diff --
    
    Rather than having this method get invoked from transformNode, can you do 
this as a stage in the completable future before transformNode is invoked?  I'd 
like to keep all the method coordination controlled by the CompletableFuture 
stages rather than having methods invoke each other.


> Add support for providing ACLs for paths in Zookeeper Migration tool
> --------------------------------------------------------------------
>
>                 Key: NIFI-4255
>                 URL: https://issues.apache.org/jira/browse/NIFI-4255
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.3.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
>
> Currently in the Zookeeper migration utility there is support for applying 
> acls when importing zookeeper data (Znodes).  However this support only 
> applies default ACLs values (either Open or Creator specific), and the value 
> used depends on if security is enabled or disabled in the destination 
> Zookeeper instance. This may become problematic if the user/identity used to 
> import zookeeper data does not align with the users/identities that require 
> read/modify rights on the imported Znodes. This also doesn't provide users 
> flexibility in defining specific rights or applying additional authorizations 
> on paths.
> Enhancing the existing utility to support providing ACL information would 
> offer users more flexibility in defining permissions and authentication 
> schemes on znodes. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to