[jira] [Commented] (NIFI-4255) Add support for providing ACLs for paths in Zookeeper Migration tool

Wed, 23 Aug 2017 12:35:57 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16138936#comment-16138936
 ] 

ASF GitHub Bot commented on NIFI-4255:
--------------------------------------

Github user jtstorck commented on the issue:

    https://github.com/apache/nifi/pull/2065
  
    +1 LGTM
    
    Made a few minor formatting changes, and moved the spock spec from 
src/test/java to src/test/groovy.
    
    To test this, I ran a KDC and ZK server in a docker container with two 
principals.  I created a node using principal1 that was sasl-secured via 
principal1, and used the zk migrator to export it to a json file.  Then, I 
manually modified the json file to change the ACL on the node I created to set 
the owner to principal2.  I then used the zk migrator to send the updated json 
to ZK, using the --ignore-source and --use-existing-acl options.  After 
attempting to access the node as principal1 (which failed as expected), I was 
able to access the node as princopal2 (as expected).


> Add support for providing ACLs for paths in Zookeeper Migration tool
> --------------------------------------------------------------------
>
>                 Key: NIFI-4255
>                 URL: https://issues.apache.org/jira/browse/NIFI-4255
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.3.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
>
> Currently in the Zookeeper migration utility there is support for applying 
> acls when importing zookeeper data (Znodes).  However this support only 
> applies default ACLs values (either Open or Creator specific), and the value 
> used depends on if security is enabled or disabled in the destination 
> Zookeeper instance. This may become problematic if the user/identity used to 
> import zookeeper data does not align with the users/identities that require 
> read/modify rights on the imported Znodes. This also doesn't provide users 
> flexibility in defining specific rights or applying additional authorizations 
> on paths.
> Enhancing the existing utility to support providing ACL information would 
> offer users more flexibility in defining permissions and authentication 
> schemes on znodes. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to