[jira] [Assigned] (NIFI-3001) The authorizers.xml file should be parsed for new users/node identities even if users.xml already exists.

Tue, 08 Nov 2016 11:40:19 -0800 

     [ 
https://issues.apache.org/jira/browse/NIFI-3001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bryan Bende reassigned NIFI-3001:
---------------------------------

    Assignee: Bryan Bende

> The authorizers.xml file should be parsed for new users/node identities even 
> if users.xml already exists.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-3001
>                 URL: https://issues.apache.org/jira/browse/NIFI-3001
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.0.0
>            Reporter: Matthew Clarke
>            Assignee: Bryan Bende
>
> The intent of having an users.xml and authorizations.xml file is so that the 
> users.xml file can be used/copied to multiple systems for reuse. 
> The problem is when standing up a new system/cluster with a pre-populated 
> users.xml file, NiFi does not update it on startup. A new system is very 
> likely to have new node identities defined in the authorizers.xml file that 
> will not exist in the ported users.xml file.
> My thought is that on every startup NiFi should parse the "node identities" 
> from the authorizers.xml file and add them if missing to the users.xml file 
> and grant those added users to the /proxy resource in the authorizations.xml. 
>  This reduces complications users can experience when adding additional nodes 
> to a pre-existing cluster.
> The "Initial admin" and "legacy authorized-users.xml" settings in the 
> authorizers.xml file should only ever be parsed once and only if a 
> authorizations.xml file does not exist.   If the authorizations.xml file does 
> not exist, these users should be added to the existing users.xml file (or 
> create one if does not exist) and granted the initial admin related policy 
> resources in the authorizations.xml file.  By setting it up this way if an 
> "admin" is removed from the UI at some later time a restart of NiFi will not 
> result in that user being added back in to the existing authorizations.xml or 
> users.xml.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to