Re: Troubleshooting Apache NiFi 1.4.0 Authorizations

2017-10-10 Thread Matt Gilman 
Thanks for replying back. Can you ensure your browser cache is cleared? If
that's not it, it's possible your running an older version of Chrome that
is incompatible.

Matt

On Tue, Oct 10, 2017 at 4:10 PM, Brian Ghigiarelli 
wrote:

> Thanks for the quick response, Matt! Unfortunately, it wasn't letting me
> update the Policies either, but your response did remind to use Firefox vs.
> Chrome. Turns out that when I was clicking on the hamburger menu >
> Policies, Chrome was throwing a JS error on nf-canvas-all.js?1.4.0:47:
> 21377
> with "undefined is not a function"   Looks like it maps to some
> K.resource.startsWith("/policies") line.  Works fine in Firefox, and I can
> add all the policies I want through there.
>
> Thanks again,
> Brian
>
> On Tue, Oct 10, 2017 at 3:58 PM Matt Gilman 
> wrote:
>
> > Brian,
> >
> > NiFi will only grant permissions to the components in the canvas if there
> > is an existing flow.xml.gz in your conf directory. This is due to
> lifecycle
> > constraints when clustered. This is described in the link you provided if
> > you scroll down a little bit and look for the (i) info icon.
> >
> > Thanks
> >
> > Matt
> >
> > On Tue, Oct 10, 2017 at 3:47 PM, Brian Ghigiarelli 
> > wrote:
> >
> > > With a clean install of Apache NiFi 1.4.0 using certificate-based
> > > authentication through file providers, I am able to login to the NiFi
> > > canvas, but it is not authorizing me (the Initial Admin Identity) to
> > > perform any tasks. I'm following the first example configuration at
> > > https://nifi.apache.org/docs/nifi-docs/html/administration-
> > > guide.html#initial-admin-identity.
> > > I
> > > can see that the authorizations.xml file is being generated with the
> same
> > > UUID as the user that is generated in users.xml, and that user has
> > entries
> > > in the following policies:
> > >
> > >- /flow  (R)
> > >- /restricted-components (W)
> > >- /tenants (R)
> > >- /tenants (W)
> > >- /policies (R)
> > >- /policies (W)
> > >- /controller (R)
> > >- /controller (W)
> > >
> > > Based on the docs, a few pieces of the authorizers.xml file changed
> from
> > > 1.3.0 to 1.4.0, and I changed the nifi.properties
> > > nifi.security.user.authorizer to managed-authorizer. Any ideas what I'm
> > > missing here? Or where to begin debugging?
> > >
> > > Thanks,
> > > Brian
> > >
> >
>

Re: Troubleshooting Apache NiFi 1.4.0 Authorizations

2017-10-10 Thread Brian Ghigiarelli 
Thanks for the quick response, Matt! Unfortunately, it wasn't letting me
update the Policies either, but your response did remind to use Firefox vs.
Chrome. Turns out that when I was clicking on the hamburger menu >
Policies, Chrome was throwing a JS error on nf-canvas-all.js?1.4.0:47:21377
with "undefined is not a function"   Looks like it maps to some
K.resource.startsWith("/policies") line.  Works fine in Firefox, and I can
add all the policies I want through there.

Thanks again,
Brian

On Tue, Oct 10, 2017 at 3:58 PM Matt Gilman  wrote:

> Brian,
>
> NiFi will only grant permissions to the components in the canvas if there
> is an existing flow.xml.gz in your conf directory. This is due to lifecycle
> constraints when clustered. This is described in the link you provided if
> you scroll down a little bit and look for the (i) info icon.
>
> Thanks
>
> Matt
>
> On Tue, Oct 10, 2017 at 3:47 PM, Brian Ghigiarelli 
> wrote:
>
> > With a clean install of Apache NiFi 1.4.0 using certificate-based
> > authentication through file providers, I am able to login to the NiFi
> > canvas, but it is not authorizing me (the Initial Admin Identity) to
> > perform any tasks. I'm following the first example configuration at
> > https://nifi.apache.org/docs/nifi-docs/html/administration-
> > guide.html#initial-admin-identity.
> > I
> > can see that the authorizations.xml file is being generated with the same
> > UUID as the user that is generated in users.xml, and that user has
> entries
> > in the following policies:
> >
> >- /flow  (R)
> >- /restricted-components (W)
> >- /tenants (R)
> >- /tenants (W)
> >- /policies (R)
> >- /policies (W)
> >- /controller (R)
> >- /controller (W)
> >
> > Based on the docs, a few pieces of the authorizers.xml file changed from
> > 1.3.0 to 1.4.0, and I changed the nifi.properties
> > nifi.security.user.authorizer to managed-authorizer. Any ideas what I'm
> > missing here? Or where to begin debugging?
> >
> > Thanks,
> > Brian
> >
>

Re: Troubleshooting Apache NiFi 1.4.0 Authorizations

2017-10-10 Thread Matt Gilman 
Brian,

NiFi will only grant permissions to the components in the canvas if there
is an existing flow.xml.gz in your conf directory. This is due to lifecycle
constraints when clustered. This is described in the link you provided if
you scroll down a little bit and look for the (i) info icon.

Thanks

Matt

On Tue, Oct 10, 2017 at 3:47 PM, Brian Ghigiarelli 
wrote:

> With a clean install of Apache NiFi 1.4.0 using certificate-based
> authentication through file providers, I am able to login to the NiFi
> canvas, but it is not authorizing me (the Initial Admin Identity) to
> perform any tasks. I'm following the first example configuration at
> https://nifi.apache.org/docs/nifi-docs/html/administration-
> guide.html#initial-admin-identity.
> I
> can see that the authorizations.xml file is being generated with the same
> UUID as the user that is generated in users.xml, and that user has entries
> in the following policies:
>
>- /flow  (R)
>- /restricted-components (W)
>- /tenants (R)
>- /tenants (W)
>- /policies (R)
>- /policies (W)
>- /controller (R)
>- /controller (W)
>
> Based on the docs, a few pieces of the authorizers.xml file changed from
> 1.3.0 to 1.4.0, and I changed the nifi.properties
> nifi.security.user.authorizer to managed-authorizer. Any ideas what I'm
> missing here? Or where to begin debugging?
>
> Thanks,
> Brian
>