[GitHub] [nifi] alopresto commented on issue #3495: NIFI-5973 Adds ShellUserGroupProvider

Thu, 13 Jun 2019 16:42:55 -0700 

alopresto commented on issue #3495: NIFI-5973 Adds ShellUserGroupProvider
URL: https://github.com/apache/nifi/pull/3495#issuecomment-501917084
 
 
   The relevant portions of my `authorizers.xml` file: 
   
   ```
       <userGroupProvider>
           <identifier>shell-user-group-provider</identifier>
           <class>org.apache.nifi.authorization.ShellUserGroupProvider</class>
           <property name="Initial Refresh Delay">30</property>
           <property name="Refresh Delay">30</property>
       </userGroupProvider>
   ...
       <accessPolicyProvider>
           <identifier>file-access-policy-provider</identifier>
           <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
           <property name="User Group 
Provider">shell-user-group-provider</property>
           <property name="Authorizations 
File">./conf/authorizations.xml</property>
           <property name="Initial Admin Identity">alopresto</property>
           <property name="Legacy Authorized Users File"></property>
           <property name="Node Identity 1"></property>
           <property name="Node Group"></property>
       </accessPolicyProvider>
   ...
       <authorizer>
           <identifier>managed-authorizer</identifier>
           
<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
           <property name="Access Policy 
Provider">file-access-policy-provider</property>
       </authorizer>
   ```
   
   After initial startup (these files did not exist and were created): 
   
   No `users.xml`.
   
   `authorizations.xml`:
   ```
   🔓 0s @ 16:41:57 $ more conf/authorizations.xml
   <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
   <authorizations>
       <policies>
           <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" 
resource="/flow" action="R">
               <user identifier="502"/>
           </policy>
           <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" 
resource="/restricted-components" action="W">
               <user identifier="502"/>
           </policy>
           <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" 
resource="/tenants" action="R">
               <user identifier="502"/>
           </policy>
           <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" 
resource="/tenants" action="W">
               <user identifier="502"/>
           </policy>
           <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" 
resource="/policies" action="R">
               <user identifier="502"/>
           </policy>
           <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" 
resource="/policies" action="W">
               <user identifier="502"/>
           </policy>
           <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" 
resource="/controller" action="R">
               <user identifier="502"/>
           </policy>
           <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" 
resource="/controller" action="W">
               <user identifier="502"/>
           </policy>
       </policies>
   </authorizations>
   ```
   
   Where `502` is the `uid` of `alopresto` on this OS. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to