FYI, there's a new thread in slack about the new single-user-authoriser setup - user has https but no users/policy screen for setting up AuthZ.
Might be worth someone taking a look before an RC to see whether there's documentation (or functionality) that needs clarifying. Cheers, Chris Sampson On Sun, 13 Jun 2021, 13:57 Mark Bean, <mark.o.b...@gmail.com> wrote: > There are three open PR's I would appreciate some eyes on before the RC > process is kicked off. Two of the three have been reviewed, but not yet by > a committer. > > https://github.com/apache/nifi/pull/5094 > https://github.com/apache/nifi/pull/5061 > https://github.com/apache/nifi/pull/5064 > > Thanks in advance! > -Mark > > On Fri, Jun 11, 2021 at 4:05 PM Joe Witt <joe.w...@gmail.com> wrote: > > > So. Dang. Cool. I just built from latest main and poof - I'm on https > > with username/password. > > > > Will start whipping up the process for an RC. Probably will be a > > little slow going with dayjob factors but will get on it. > > > > Thanks > > > > On Fri, Jun 11, 2021 at 12:14 PM David Handermann > > <exceptionfact...@apache.org> wrote: > > > > > > Thanks to Mark Payne, NIFI-8516 is now merged, so that covers current > > open > > > issues around securing the default configuration. > > > > > > Regards, > > > David Handermann > > > > > > On Fri, Jun 11, 2021 at 11:55 AM David Handermann < > > > exceptionfact...@apache.org> wrote: > > > > > > > Joe, > > > > > > > > Thanks for following up. The PR for NIFI-8516 has gone through > several > > > > rounds of feedback, I believe it is about ready to go, pending > > confirmation > > > > that the ability to set custom credentials addresses the ease of use > > > > concern. > > > > > > > > Regards, > > > > David Handermann > > > > > > > > On Fri, Jun 11, 2021 at 11:41 AM Joe Witt <joe.w...@gmail.com> > wrote: > > > > > > > >> David, > > > >> > > > >> Ok thanks - do you have a sense of when what you see as good 1.14 > > > >> specific work will be merged? Do you have the reviewers/engagement > > > >> you need? > > > >> > > > >> This 1.14 is already pretty packed but definitely agree we need to > > > >> make real progress on secure by default and this release is a great > > > >> time to take the first big step. > > > >> > > > >> Thanks > > > >> > > > >> On Mon, May 31, 2021 at 5:52 AM David Handermann > > > >> <exceptionfact...@apache.org> wrote: > > > >> > > > > >> > Thanks for kicking off the discussion Joe! > > > >> > > > > >> > Of the many items that could be included in the next release, > > securing > > > >> the > > > >> > default configuration as described in NIFI-8220 > > > >> > <https://issues.apache.org/jira/browse/NIFI-8220> would be great > to > > > >> have > > > >> > completed. Most of the elements are in place, and the current > Pull > > > >> Request > > > >> > for NIFI-8516 <https://github.com/apache/nifi/pull/5068> is under > > > >> review. > > > >> > If there are any other achievable items that should be included as > > part > > > >> of > > > >> > a secure default installation for NiFi, it would be helpful to add > > > >> > sub-tasks to NIFI-8220. The current scope is limited to a > > standalone > > > >> > installation, so issues regarding clustered deployments can be > > handled > > > >> > separately. If others are interested in evaluating the proposed > new > > > >> > default configuration that requires HTTPS and leverages a > generated > > > >> > username and password, feel free to provide feedback on NIFI-8516. > > > >> > > > > >> > Regards, > > > >> > David Handermann > > > >> > > > > >> > On Thu, May 27, 2021 at 6:51 PM Otto Fowler < > > ottobackwa...@gmail.com> > > > >> wrote: > > > >> > > > > >> > > I think NIFI-8625 and NIFI-8461 need to be understood and > > addressed. > > > >> > > > > > >> > > > > > >> > > > On May 27, 2021, at 13:29, Joe Witt <joe.w...@gmail.com> > wrote: > > > >> > > > > > > >> > > > Team, > > > >> > > > > > > >> > > > There has been a tremendous amount of work already on the 1.14 > > line > > > >> as > > > >> > > shown: > > > >> > > > > > > >> > > > > https://issues.apache.org/jira/projects/NIFI/versions/12349644 > > > >> > > > > > > >> > > > These include merging the nifi registry and minifi java into > the > > > >> nifi > > > >> > > > line itself. So when we release these things stay in sync and > > > >> > > > maintained. The release will now produce things like Apache > > NiFi, > > > >> the > > > >> > > > Apache NiFi toolkit, Apache NiFi Registry, and Apache NiFi > > MiNiFi > > > >> Java > > > >> > > > and the Apache NiFi stateless runtime as well. There have > been > > many > > > >> > > > improvements to core nifi and stateless nifi now meaning we > > have the > > > >> > > > traditional execution form factor and this new stateless mode. > > We > > > >> can > > > >> > > > now hot load nars from HDFS storage locations which could mean > > HDFS, > > > >> > > > blob storage in the cloud, etc.. There is a lot more. > > > >> > > > > > > >> > > > Anyway, I wanted to start circling the wagons for a 1.14 > > release. > > > >> I'm > > > >> > > > happy to take on RM duties especially since there will be new > > > >> elements > > > >> > > > to the release process. > > > >> > > > > > > >> > > > Thanks > > > >> > > > > > >> > > > > > >> > > > > > > >