Re: read in values from nifi.properties in a Groovy ExecuteScript processor
Andy, That worked thank you. For any one else following I called the get method and then used the standard and protected classes with the nifiproperries loader. On Sep 24, 2016 2:26 AM, "Andy LoPresto" wrote: > Tom, > > If you are only concerned with the values in the currently-running NiFi > instance, you shouldn't need to directly interact with the file system. > Just use NiFIPropertiesLoader#get(). Use the static loaders if you want to > get an instance from a specific (non-default) file location. > > Andy LoPresto > alopre...@apache.org > alopresto.apa...@gmail.com > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Sep 23, 2016, at 23:09, Tom Gullo wrote: > > Andy, I wasn't sure if I would need to read the file in myself but it > looks like I do. Those unit tests help a lot. Thanks > > -Tom > > On Fri, Sep 23, 2016 at 10:47 PM, Andy LoPresto > wrote: > >> Meant to add that there are Groovy unit tests for those classes so you >> may be able to copy the code directly from [1] and [2]. >> >> [1] https://github.com/apache/nifi/blob/master/nifi-nar-bund >> les/nifi-framework-bundle/nifi-framework/nifi-properties- >> loader/src/test/groovy/org/apache/nifi/properties/Protect >> edNiFiPropertiesGroovyTest.groovy >> [2] https://github.com/apache/nifi/blob/master/nifi-nar-bund >> les/nifi-framework-bundle/nifi-framework/nifi-properties- >> loader/src/test/groovy/org/apache/nifi/properties/NiFiPro >> pertiesLoaderGroovyTest.groovy >> >> Andy LoPresto >> alopre...@apache.org >> *alopresto.apa...@gmail.com * >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >> On Sep 23, 2016, at 7:45 PM, Andy LoPresto wrote: >> >> Tom, >> >> You’ll want to take a look at ProtectedNiFiProperties [1] and >> NiFiPropertiesLoader [2]. ProtectedNiFiProperties provides a decorator on a >> normal NiFiProperties class which allows access to various values via key >> access or through named getters. It “unprotects” the values and can return >> a regular NiFiProperties instance with direct access to the plain values. >> The NiFiPropertiesLoader can be instantiated with the decryption key >> (currently the only supported protection scheme is AES/GCM encryption) and >> can load multiple instances of the NiFiProperties directly from any >> nifi.properties file simultaneously. >> >> If you wanted to do this with a non-native file (i.e. a source that NiFi >> does not have an internal mechanism for reading), you’d probably use a >> GetFile -> ExtractText -> EncryptContent processor chain, or the >> ExecuteScript processor (Groovy and other scripting languages have >> extensive tooling provided to easily read from files, parse text, etc.). >> >> [1] https://github.com/apache/nifi/blob/master/nifi-nar-bund >> les/nifi-framework-bundle/nifi-framework/nifi-properties- >> loader/src/main/java/org/apache/nifi/properties/Protect >> edNiFiProperties.java >> [2] https://github.com/apache/nifi/blob/master/nifi-nar-bund >> les/nifi-framework-bundle/nifi-framework/nifi-properties- >> loader/src/main/java/org/apache/nifi/properties/NiFiPropertiesLoader.java >> >> >> Andy LoPresto >> alopre...@apache.org >> *alopresto.apa...@gmail.com * >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >> On Sep 23, 2016, at 3:28 PM, Tom Gullo wrote: >> >> I'm using v1.0. I want to access some values that are in the >> nifi.properties file. And I would like to just use the nifi.properties >> file because I'll be encrypting some of these values and I want to use the >> built in encryption feature. >> >> Thanks >> >> On Fri, Sep 23, 2016 at 6:05 PM, Andrew Grande >> wrote: >> >>> Which NiFi version? With 1.0 there are some bits for variable registry >>> available, basically one can reference values from external config files >>> via regular EL expressions. >>> >>> Andrew >>> >>> On Fri, Sep 23, 2016, 6:00 PM Tom Gullo wrote: >>> I want to read in values from nifi.properties in a Groovy ExecuteScript processor. What's the best way to do that? Thanks -Tom >>> >> >> >> >
Access denied for kerberos users
Hi all, I configured an 1.0.0 NIFI instance to use Kerberos services for authentication. I can connect to the UI using the certificate corresponding to the user declared in the Initial Admin Identity. However, when I try to connect using a user declared in the Kerberos server : 1. Based on some docs, I should be able to submit a request to get access to the UI. It's not the case. 2. Using the initial admin user, I created a user in Nifi and add in some profiles. However, I still have the following message : "Access Denied Unable to perform the desired action due to insufficient permissions. Contact the system administrator." The user is correctly declared in the Kerberos server. When it is not, a pop-up displays : The supplied username and password are not valid. Have someone already met this issue ? Thanks in advance BR Nicolas
Re: Access denied for kerberos users
Hello, Since you are getting to "insufficient permissions" page this means that NiFi successfully authenticated your user against the KDC, but then the authorizer in NiFi said the user didn't have permissions for something. What policies did you grant to the kerberos user in NiFi? At a minimum they need a policy for "view the user interface" from the global policies in the top-right menu. -Bryan On Mon, Sep 26, 2016 at 11:43 AM, Provenzano Nicolas < nicolas.provenz...@gfi.fr> wrote: > Hi all, > > > > I configured an 1.0.0 NIFI instance to use Kerberos services for > authentication. > > > > I can connect to the UI using the certificate corresponding to the user > declared in the Initial Admin Identity. > > > > However, when I try to connect using a user declared in the Kerberos > server : > > > > 1. Based on some docs, I should be able to submit a request to get > access to the UI. It’s not the case. > > 2. Using the initial admin user, I created a user in Nifi and add > in some profiles. > > > > However, I still have the following message : > > > > *“Access Denied* > > *Unable to perform the desired action due to insufficient permissions. > Contact the system administrator.”* > > > > The user is correctly declared in the Kerberos server. When it is not, a > pop-up displays : > > *The supplied username and password are not valid.* > > Have someone already met this issue ? > > > > Thanks in advance > > > > BR > > > > Nicolas >
RE: Access denied for kerberos users
Nicolas,
If Bryan’s suggestion doesn’t work (and he’s probably correct), you may not
have named your user correctly in NiFi. Go try to authenticate again, then go
to {nifi install directory}/logs and look at the end of nif-user.log. You
should see more details about your authentication request and what name it
tried to use to authenticate you. This was how I worked around getting my
naming conventions to match.
In my case I had enabled “Identity Mapping Properties” in nifi.properties so
that I could use both certificates and Kerberos, but had forgotten to rename
the account objects I had already added to NiFi.
Thanks,
Peter
From: Bryan Bende [mailto:bbe...@gmail.com]
Sent: Monday, September 26, 2016 10:14 AM
To: users@nifi.apache.org
Subject: Re: Access denied for kerberos users
Hello,
Since you are getting to "insufficient permissions" page this means that NiFi
successfully authenticated your user against the KDC, but then the authorizer
in NiFi said the user didn't have permissions for something.
What policies did you grant to the kerberos user in NiFi?
At a minimum they need a policy for "view the user interface" from the global
policies in the top-right menu.
-Bryan
On Mon, Sep 26, 2016 at 11:43 AM, Provenzano Nicolas
mailto:nicolas.provenz...@gfi.fr>> wrote:
Hi all,
I configured an 1.0.0 NIFI instance to use Kerberos services for authentication.
I can connect to the UI using the certificate corresponding to the user
declared in the Initial Admin Identity.
However, when I try to connect using a user declared in the Kerberos server :
1. Based on some docs, I should be able to submit a request to get access
to the UI. It’s not the case.
2. Using the initial admin user, I created a user in Nifi and add in some
profiles.
However, I still have the following message :
“Access Denied
Unable to perform the desired action due to insufficient permissions. Contact
the system administrator.”
The user is correctly declared in the Kerberos server. When it is not, a pop-up
displays :
The supplied username and password are not valid.
Have someone already met this issue ?
Thanks in advance
BR
Nicolas
