[ https://issues.apache.org/jira/browse/NIFI-4255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124635#comment-16124635 ]
ASF GitHub Bot commented on NIFI-4255: -------------------------------------- Github user YolandaMDavis commented on a diff in the pull request: https://github.com/apache/nifi/pull/2065#discussion_r132821753 --- Diff: nifi-toolkit/nifi-toolkit-zookeeper-migrator/src/main/java/org/apache/nifi/toolkit/zkmigrator/ZooKeeperMigrator.java --- @@ -269,15 +269,23 @@ private String ensureNodeExists(ZooKeeper zooKeeper, String path, CreateMode cre } } - private DataStatAclNode transformNode(DataStatAclNode node, AuthMode destinationAuthMode) { - // For the NiFi use case, all nodes will be migrated to CREATOR_ALL_ACL + private DataStatAclNode transformNode(DataStatAclNode node, AuthMode destinationAuthMode, boolean useExistingACL) { + // If useExistingACL is false, for the NiFi use cases, all nodes will be migrated to CREATOR_ALL_ACL final DataStatAclNode migratedNode = new DataStatAclNode(node.getPath(), node.getData(), node.getStat(), - destinationAuthMode.equals(AuthMode.OPEN) ? ZooDefs.Ids.OPEN_ACL_UNSAFE : ZooDefs.Ids.CREATOR_ALL_ACL, + determineNodeACL(node,destinationAuthMode,useExistingACL), node.getEphemeralOwner()); LOGGER.info("transformed original node {} to {}", node, migratedNode); return migratedNode; } + private List<ACL> determineNodeACL(DataStatAclNode node, AuthMode destinationAuthMode, boolean useExistingACL){ --- End diff -- Sure no problem > Add support for providing ACLs for paths in Zookeeper Migration tool > -------------------------------------------------------------------- > > Key: NIFI-4255 > URL: https://issues.apache.org/jira/browse/NIFI-4255 > Project: Apache NiFi > Issue Type: Improvement > Components: Tools and Build > Affects Versions: 1.3.0 > Reporter: Yolanda M. Davis > Assignee: Yolanda M. Davis > > Currently in the Zookeeper migration utility there is support for applying > acls when importing zookeeper data (Znodes). However this support only > applies default ACLs values (either Open or Creator specific), and the value > used depends on if security is enabled or disabled in the destination > Zookeeper instance. This may become problematic if the user/identity used to > import zookeeper data does not align with the users/identities that require > read/modify rights on the imported Znodes. This also doesn't provide users > flexibility in defining specific rights or applying additional authorizations > on paths. > Enhancing the existing utility to support providing ACL information would > offer users more flexibility in defining permissions and authentication > schemes on znodes. -- This message was sent by Atlassian JIRA (v6.4.14#64029)