Koji Kawamura created NIFI-4993:
-----------------------------------
Summary: ReportLineageToAtlas complete path strategy does not
report some lineages with secured NiFi
Key: NIFI-4993
URL: https://issues.apache.org/jira/browse/NIFI-4993
Project: Apache NiFi
Issue Type: Bug
Components: Extensions
Affects Versions: 1.5.0
Reporter: Koji Kawamura
Assignee: Koji Kawamura
ReportLineageToAtlas 'complete path' strategy uses NiFi provenance lineage
query with an anonymous user. If NiFi is secured and the user who made the
lineage query request does not have required privilege, NiFi returns provenance
event type as UNKNOWN, and also does not traverse lineage fully.
Specifically, the authorization is implemented here:
https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/main/java/org/apache/nifi/provenance/PersistentProvenanceRepository.java#L2641
{code: title=PersistentProvenanceRepository$ComputeLineageRunnable.run}
final StandardLineageResult result = submission.getResult();
result.update(replaceUnauthorizedWithPlaceholders(matchingRecords, user),
matchingRecords.size());
{code}
This affects to ReportLineageToAtlas 'complete path' strategy as it will not be
able to traverse parent provenance events to analyze full lineage path for a
FlowFile. As a result, the reporting task can not report lineage with some
structures of flow.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
