Matthew Clarke created NIFI-3001:
------------------------------------
Summary: The authorizers.xml file should be parsed for new
users/node identities even if users.xml already exists.
Key: NIFI-3001
URL: https://issues.apache.org/jira/browse/NIFI-3001
Project: Apache NiFi
Issue Type: Improvement
Affects Versions: 1.0.0
Reporter: Matthew Clarke
The intent of having an users.xml and authorizations.xml file is so that the
users.xml file can be used/copied to multiple systems for reuse.
The problem is when standing up a new system/cluster with a pre-populated
users.xml file, NiFi does not update it on startup. A new system is very likely
to have new node identities defined in the authorizers.xml file that will not
exist in the ported users.xml file.
My thought is that on every startup NiFi should parse the "node identities"
from the authorizers.xml file and add them if missing to the users.xml file and
grant those added users to the /proxy resource in the authorizations.xml. This
reduces complications users can experience when adding additional nodes to a
pre-existing cluster.
The "Initial admin" and "legacy authorized-users.xml" settings in the
authorizers.xml file should only ever be parsed once and only if a
authorizations.xml file does not exist. If the authorizations.xml file does
not exist, these users should be added to the existing users.xml file (or
create one if does not exist) and granted the initial admin related policy
resources in the authorizations.xml file. By setting it up this way if an
"admin" is removed from the UI at some later time a restart of NiFi will not
result in that user being added back in to the existing authorizations.xml or
users.xml.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
