[jira] [Commented] (NIFIREG-60) Add support for configuring NiFi Identities in FileAccessPolicyProvider

Fri, 01 Dec 2017 12:50:19 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFIREG-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274955#comment-16274955
 ] 

ASF GitHub Bot commented on NIFIREG-60:
---------------------------------------

Github user kevdoran commented on a diff in the pull request:

    https://github.com/apache/nifi-registry/pull/45#discussion_r154445377
  
    --- Diff: 
nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/file/FileAccessPolicyProvider.java
 ---
    @@ -517,28 +522,22 @@ private void populateInitialAdmin(final 
Authorizations authorizations) {
             }
         }
     
    -//    /**
    -//     * Creates a user for each node and gives the nodes write permission 
to /proxy.
    -//     *
    -//     * @param authorizations the overall authorizations
    -//     */
    -//    private void populateNodes(Authorizations authorizations) {
    -//        for (String nodeIdentity : nodeIdentities) {
    -//            final User node = 
userGroupProvider.getUserByIdentity(nodeIdentity);
    -//            if (node == null) {
    -//                throw new AuthorizerCreationException("Unable to locate 
node " + nodeIdentity + " to seed policies.");
    -//            }
    -//
    -//            // grant access to the proxy resource
    -//            addUserToAccessPolicy(authorizations, 
ResourceType.Proxy.getValue(), node.getIdentifier(), WRITE_CODE);
    -//
    -//            // grant the user read/write access data of the root group
    -//            if (rootGroupId != null) {
    -//                addUserToAccessPolicy(authorizations, 
ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + 
rootGroupId, node.getIdentifier(), READ_CODE);
    -//                addUserToAccessPolicy(authorizations, 
ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + 
rootGroupId, node.getIdentifier(), WRITE_CODE);
    -//            }
    -//        }
    -//    }
    +    /**
    +     * Creates a user for each NiFi client and gives each one write 
permission to /proxy.
    +     *
    +     * @param authorizations the overall authorizations
    +     */
    +    private void populateNodes(Authorizations authorizations) {
    --- End diff --
    
    Good catch, will update


> Add support for configuring NiFi Identities in FileAccessPolicyProvider
> -----------------------------------------------------------------------
>
>                 Key: NIFIREG-60
>                 URL: https://issues.apache.org/jira/browse/NIFIREG-60
>             Project: NiFi Registry
>          Issue Type: New Feature
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>
> Similar to how in NiFi a user is to configure Node Identities in 
> authorizers.xml to enable clustered NiFi nodes to be initialized as proxies 
> for other users, NiFi Registry should allow for NiFi clients identities to be 
> initialized as authorized proxies for end users, via a similar configuration 
> scheme.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to