Re: Troubleshooting Apache NiFi 1.4.0 Authorizations
Thanks for replying back. Can you ensure your browser cache is cleared? If that's not it, it's possible your running an older version of Chrome that is incompatible. Matt On Tue, Oct 10, 2017 at 4:10 PM, Brian Ghigiarelliwrote: > Thanks for the quick response, Matt! Unfortunately, it wasn't letting me > update the Policies either, but your response did remind to use Firefox vs. > Chrome. Turns out that when I was clicking on the hamburger menu > > Policies, Chrome was throwing a JS error on nf-canvas-all.js?1.4.0:47: > 21377 > with "undefined is not a function" Looks like it maps to some > K.resource.startsWith("/policies") line. Works fine in Firefox, and I can > add all the policies I want through there. > > Thanks again, > Brian > > On Tue, Oct 10, 2017 at 3:58 PM Matt Gilman > wrote: > > > Brian, > > > > NiFi will only grant permissions to the components in the canvas if there > > is an existing flow.xml.gz in your conf directory. This is due to > lifecycle > > constraints when clustered. This is described in the link you provided if > > you scroll down a little bit and look for the (i) info icon. > > > > Thanks > > > > Matt > > > > On Tue, Oct 10, 2017 at 3:47 PM, Brian Ghigiarelli > > wrote: > > > > > With a clean install of Apache NiFi 1.4.0 using certificate-based > > > authentication through file providers, I am able to login to the NiFi > > > canvas, but it is not authorizing me (the Initial Admin Identity) to > > > perform any tasks. I'm following the first example configuration at > > > https://nifi.apache.org/docs/nifi-docs/html/administration- > > > guide.html#initial-admin-identity. > > > I > > > can see that the authorizations.xml file is being generated with the > same > > > UUID as the user that is generated in users.xml, and that user has > > entries > > > in the following policies: > > > > > >- /flow (R) > > >- /restricted-components (W) > > >- /tenants (R) > > >- /tenants (W) > > >- /policies (R) > > >- /policies (W) > > >- /controller (R) > > >- /controller (W) > > > > > > Based on the docs, a few pieces of the authorizers.xml file changed > from > > > 1.3.0 to 1.4.0, and I changed the nifi.properties > > > nifi.security.user.authorizer to managed-authorizer. Any ideas what I'm > > > missing here? Or where to begin debugging? > > > > > > Thanks, > > > Brian > > > > > >
Re: Troubleshooting Apache NiFi 1.4.0 Authorizations
Thanks for the quick response, Matt! Unfortunately, it wasn't letting me update the Policies either, but your response did remind to use Firefox vs. Chrome. Turns out that when I was clicking on the hamburger menu > Policies, Chrome was throwing a JS error on nf-canvas-all.js?1.4.0:47:21377 with "undefined is not a function" Looks like it maps to some K.resource.startsWith("/policies") line. Works fine in Firefox, and I can add all the policies I want through there. Thanks again, Brian On Tue, Oct 10, 2017 at 3:58 PM Matt Gilmanwrote: > Brian, > > NiFi will only grant permissions to the components in the canvas if there > is an existing flow.xml.gz in your conf directory. This is due to lifecycle > constraints when clustered. This is described in the link you provided if > you scroll down a little bit and look for the (i) info icon. > > Thanks > > Matt > > On Tue, Oct 10, 2017 at 3:47 PM, Brian Ghigiarelli > wrote: > > > With a clean install of Apache NiFi 1.4.0 using certificate-based > > authentication through file providers, I am able to login to the NiFi > > canvas, but it is not authorizing me (the Initial Admin Identity) to > > perform any tasks. I'm following the first example configuration at > > https://nifi.apache.org/docs/nifi-docs/html/administration- > > guide.html#initial-admin-identity. > > I > > can see that the authorizations.xml file is being generated with the same > > UUID as the user that is generated in users.xml, and that user has > entries > > in the following policies: > > > >- /flow (R) > >- /restricted-components (W) > >- /tenants (R) > >- /tenants (W) > >- /policies (R) > >- /policies (W) > >- /controller (R) > >- /controller (W) > > > > Based on the docs, a few pieces of the authorizers.xml file changed from > > 1.3.0 to 1.4.0, and I changed the nifi.properties > > nifi.security.user.authorizer to managed-authorizer. Any ideas what I'm > > missing here? Or where to begin debugging? > > > > Thanks, > > Brian > > >
Re: Troubleshooting Apache NiFi 1.4.0 Authorizations
Brian, NiFi will only grant permissions to the components in the canvas if there is an existing flow.xml.gz in your conf directory. This is due to lifecycle constraints when clustered. This is described in the link you provided if you scroll down a little bit and look for the (i) info icon. Thanks Matt On Tue, Oct 10, 2017 at 3:47 PM, Brian Ghigiarelliwrote: > With a clean install of Apache NiFi 1.4.0 using certificate-based > authentication through file providers, I am able to login to the NiFi > canvas, but it is not authorizing me (the Initial Admin Identity) to > perform any tasks. I'm following the first example configuration at > https://nifi.apache.org/docs/nifi-docs/html/administration- > guide.html#initial-admin-identity. > I > can see that the authorizations.xml file is being generated with the same > UUID as the user that is generated in users.xml, and that user has entries > in the following policies: > >- /flow (R) >- /restricted-components (W) >- /tenants (R) >- /tenants (W) >- /policies (R) >- /policies (W) >- /controller (R) >- /controller (W) > > Based on the docs, a few pieces of the authorizers.xml file changed from > 1.3.0 to 1.4.0, and I changed the nifi.properties > nifi.security.user.authorizer to managed-authorizer. Any ideas what I'm > missing here? Or where to begin debugging? > > Thanks, > Brian >