Making a call to "/process-groups/root" should retrieve the root
process group which should then have an id element.
On Mon, Feb 26, 2018 at 5:20 PM, Daniel Hernandez
<daniel.hernan...@civitaslearning.com> wrote:
> Thanks Matt,
>
> I get now what is the problem, in order to exhaust all my possibilities I
> may ask, is there a way using the API to get the root UUID from the
> flow.xml.gz file? Because I see the file there after running the tests.
>
> Thanks,
>
>
> On Mon, Feb 26, 2018 at 3:26 PM, Daniel Hernandez <
> daniel.hernan...@civitaslearning.com> wrote:
>
>> Hi Matt,
>>
>> Thanks for your answer.
>>
>> Do you know if there is a way to preconfigure this value when running
>> Nifi's Docker image? I am making the calls from an integration test that
>> runs a docker container with the Nifi server. I already check and the value
>> under <rootGroup><id> in the flow.xml.gz file changes everytime I deploy
>> the container, I guess it is created at startup. Is it possible that I can
>> change my docker image to get a fix root group value?
>>
>> Thanks,
>>
>> Daniel
>>
>> On Mon, Feb 26, 2018 at 11:35 AM, Daniel Hernandez <daniel.hernandez@
>> civitaslearning.com> wrote:
>>
>>> Hi,
>>>
>>> I am currently working on calling the Nifi REST API to get the 'root'
>>> process group and setting it as parent for a new process-group.
>>>
>>> However I am getting the next messages:
>>>
>>> Attempting GET request to: JerseyWebTarget {
>>> https://127.0.0.1:8443/nifi-api/process-groups/root }
>>> 2018-02-26 11:06:55.341 DEBUG ???? --- [ main]
>>> c.c.p.n.c.i.b.BootApiClient :
>>> 2018-02-26 11:06:55.341 DEBUG ???? --- [ main]
>>> c.c.p.n.c.i.b.BootApiClient : Received 403 response from GET
>>> to JerseyWebTarget { https://127.0.0.1:8443/nifi-api/process-groups/root
>>> }
>>>
>>> com.civitaslearning.platform.nifi.client.invoker.boot.exception.NifiForbiddenException:
>>> No applicable policies could be found. Contact the system administrator.
>>>
>>> This is the content of my authorizations.xml file:
>>>
>>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>>>
>>> <authorizations>
>>>
>>> <policies>
>>>
>>> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f"
>>> resource="/flow" action="R">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515"
>>> resource="/restricted-components" action="W">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7"
>>> resource="/tenants" action="R">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5"
>>> resource="/tenants" action="W">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212"
>>> resource="/policies" action="R">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d"
>>> resource="/policies" action="W">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03"
>>> resource="/controller" action="R">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf"
>>> resource="/controller" action="W">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="d2f2019f-0161-1000-201a-94a51ee94006"
>>> resource="/process-groups/root" action="R">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> <policy identifier="d2f20292-0161-1000-e8d2-a8f874682f68"
>>> resource="/process-groups/root" action="W">
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
>>>
>>> </policy>
>>>
>>> </policies>
>>>
>>> </authorizations>
>>>
>>> And this is the content of authorizations.xml
>>>
>>> <authorizers>
>>>
>>> <accessPolicyProvider>
>>>
>>> <identifier>file-access-policy-provider</identifier>
>>>
>>> <class>org.apache.nifi.authorization.FileAccessPolicyProvide
>>> r</class>
>>>
>>> <property name="User Group Provider">file-user-group-prov
>>> ider</property>
>>>
>>> <property name="Authorizations File">./conf/authorizations.xm
>>> l</property>
>>>
>>> <property name="Initial Admin Identity">CN=civitas,
>>> OU=ApacheNifi</property>
>>>
>>> <property name="Legacy Authorized Users File"></property>
>>>
>>>
>>> <property name="Node Identity 1"></property>
>>>
>>> </accessPolicyProvider>
>>>
>>> <authorizer>
>>>
>>> <identifier>managed-authorizer</identifier>
>>>
>>> <class>org.apache.nifi.authorization.StandardManagedAuthoriz
>>> er</class>
>>>
>>> <property name="Access Policy Provider">file-access-policy-p
>>> rovider</property>
>>>
>>> </authorizer>
>>>
>>> </authorizers>
>>>
>>>
>>> And users.xml
>>>
>>>
>>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>>>
>>> <tenants>
>>>
>>> <groups/>
>>>
>>> <users>
>>>
>>> <user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"
>>> identity="CN=civitas, OU=ApacheNifi"/>
>>>
>>> </users>
>>>
>>> </tenants>
>>>
>>> I already create a policy using the same user cert so I guess the DN is
>>> valid.
>>> Am I defining the policy or making the call in a wrong way?
>>>
>>> Thanks in advance,
>>>
>>> Daniel Hernandez
>>>
>>>
>>>
>>
