Chris I responded to the slack thread. Pretty sure it is doing exactly what is expected. We are not offering a user management and policy authoring experience for that. It is quite literally 'single user auth' and in that mode this single user we generate has all the authorizations. This is functionally equivalent to how it was with an unsecured instance with what is basically 'anonymous' user except in this case it is TLS and requires the known single user credentials. For real usage, just as before, users need to take advantage of one of the other existing authentication and authorization plugin options.
Thanks On Sun, Jun 13, 2021 at 11:26 AM Chris Sampson <chris.samp...@naimuri.com.invalid> wrote: > > FYI, there's a new thread in slack about the new single-user-authoriser > setup - user has https but no users/policy screen for setting up AuthZ. > > Might be worth someone taking a look before an RC to see whether there's > documentation (or functionality) that needs clarifying. > > > Cheers, > > Chris Sampson > > On Sun, 13 Jun 2021, 13:57 Mark Bean, <mark.o.b...@gmail.com> wrote: > > > There are three open PR's I would appreciate some eyes on before the RC > > process is kicked off. Two of the three have been reviewed, but not yet by > > a committer. > > > > https://github.com/apache/nifi/pull/5094 > > https://github.com/apache/nifi/pull/5061 > > https://github.com/apache/nifi/pull/5064 > > > > Thanks in advance! > > -Mark > > > > On Fri, Jun 11, 2021 at 4:05 PM Joe Witt <joe.w...@gmail.com> wrote: > > > > > So. Dang. Cool. I just built from latest main and poof - I'm on https > > > with username/password. > > > > > > Will start whipping up the process for an RC. Probably will be a > > > little slow going with dayjob factors but will get on it. > > > > > > Thanks > > > > > > On Fri, Jun 11, 2021 at 12:14 PM David Handermann > > > <exceptionfact...@apache.org> wrote: > > > > > > > > Thanks to Mark Payne, NIFI-8516 is now merged, so that covers current > > > open > > > > issues around securing the default configuration. > > > > > > > > Regards, > > > > David Handermann > > > > > > > > On Fri, Jun 11, 2021 at 11:55 AM David Handermann < > > > > exceptionfact...@apache.org> wrote: > > > > > > > > > Joe, > > > > > > > > > > Thanks for following up. The PR for NIFI-8516 has gone through > > several > > > > > rounds of feedback, I believe it is about ready to go, pending > > > confirmation > > > > > that the ability to set custom credentials addresses the ease of use > > > > > concern. > > > > > > > > > > Regards, > > > > > David Handermann > > > > > > > > > > On Fri, Jun 11, 2021 at 11:41 AM Joe Witt <joe.w...@gmail.com> > > wrote: > > > > > > > > > >> David, > > > > >> > > > > >> Ok thanks - do you have a sense of when what you see as good 1.14 > > > > >> specific work will be merged? Do you have the reviewers/engagement > > > > >> you need? > > > > >> > > > > >> This 1.14 is already pretty packed but definitely agree we need to > > > > >> make real progress on secure by default and this release is a great > > > > >> time to take the first big step. > > > > >> > > > > >> Thanks > > > > >> > > > > >> On Mon, May 31, 2021 at 5:52 AM David Handermann > > > > >> <exceptionfact...@apache.org> wrote: > > > > >> > > > > > >> > Thanks for kicking off the discussion Joe! > > > > >> > > > > > >> > Of the many items that could be included in the next release, > > > securing > > > > >> the > > > > >> > default configuration as described in NIFI-8220 > > > > >> > <https://issues.apache.org/jira/browse/NIFI-8220> would be great > > to > > > > >> have > > > > >> > completed. Most of the elements are in place, and the current > > Pull > > > > >> Request > > > > >> > for NIFI-8516 <https://github.com/apache/nifi/pull/5068> is under > > > > >> review. > > > > >> > If there are any other achievable items that should be included as > > > part > > > > >> of > > > > >> > a secure default installation for NiFi, it would be helpful to add > > > > >> > sub-tasks to NIFI-8220. The current scope is limited to a > > > standalone > > > > >> > installation, so issues regarding clustered deployments can be > > > handled > > > > >> > separately. If others are interested in evaluating the proposed > > new > > > > >> > default configuration that requires HTTPS and leverages a > > generated > > > > >> > username and password, feel free to provide feedback on NIFI-8516. > > > > >> > > > > > >> > Regards, > > > > >> > David Handermann > > > > >> > > > > > >> > On Thu, May 27, 2021 at 6:51 PM Otto Fowler < > > > ottobackwa...@gmail.com> > > > > >> wrote: > > > > >> > > > > > >> > > I think NIFI-8625 and NIFI-8461 need to be understood and > > > addressed. > > > > >> > > > > > > >> > > > > > > >> > > > On May 27, 2021, at 13:29, Joe Witt <joe.w...@gmail.com> > > wrote: > > > > >> > > > > > > > >> > > > Team, > > > > >> > > > > > > > >> > > > There has been a tremendous amount of work already on the 1.14 > > > line > > > > >> as > > > > >> > > shown: > > > > >> > > > > > > > >> > > > > > https://issues.apache.org/jira/projects/NIFI/versions/12349644 > > > > >> > > > > > > > >> > > > These include merging the nifi registry and minifi java into > > the > > > > >> nifi > > > > >> > > > line itself. So when we release these things stay in sync and > > > > >> > > > maintained. The release will now produce things like Apache > > > NiFi, > > > > >> the > > > > >> > > > Apache NiFi toolkit, Apache NiFi Registry, and Apache NiFi > > > MiNiFi > > > > >> Java > > > > >> > > > and the Apache NiFi stateless runtime as well. There have > > been > > > many > > > > >> > > > improvements to core nifi and stateless nifi now meaning we > > > have the > > > > >> > > > traditional execution form factor and this new stateless mode. > > > We > > > > >> can > > > > >> > > > now hot load nars from HDFS storage locations which could mean > > > HDFS, > > > > >> > > > blob storage in the cloud, etc.. There is a lot more. > > > > >> > > > > > > > >> > > > Anyway, I wanted to start circling the wagons for a 1.14 > > > release. > > > > >> I'm > > > > >> > > > happy to take on RM duties especially since there will be new > > > > >> elements > > > > >> > > > to the release process. > > > > >> > > > > > > > >> > > > Thanks > > > > >> > > > > > > >> > > > > > > >> > > > > > > > > > >
