Skip to content
This repository has been archived by the owner on Oct 20, 2022. It is now read-only.

[Fix/NiFiUser] Setting permissions on componentId level #104

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[Fix/NiFiUser] Setting permissions on componentId level #104

wants to merge 3 commits into from

Conversation

teplydat
Copy link

Q A
Bug fix? yes
New feature? no
API breaks? ?
Deprecations? no
Related tickets fixes #66
License Apache 2.0

What's in this PR?

First draft to fix setting permissions on componentId level.

Additional context

Background info

When you try to get an accessPolicy by the name of the componentId from the nifi api you will get back the accessPolicy from its parent (and not null or empty) in case it has no accessPolicy yet.
(entity, err := nClient.GetAccessPolicy(string(accessPolicy.Action), accessPolicy.GetResource(cluster)) in pkg/clientwrappers/accesspolicies/policies.go)
Then nifikop thinks the accessPolicy already exists and does not create it.
That's why I added more or less an if statment (componentID_from_nifi_api != componentID_from_nifiuser). Then the accessPolicy does not exist yet and needs to be created.

Requirements

  • Create a processgroup in the nifi UI called "whatever". If you click on it you can see the id on the left side. In this example it is "e9c12f7e-0178-1000-0000-00007b03d420"

Example nifiuser CR

Here is an example to test a nifiuser including the edge case resource: / (adjust your componentId):

cat <<EOF | kubectl apply -f -
apiVersion: nifi.orange.com/v1alpha1
kind: NifiUser
metadata:
  name: default
spec:
  identity: user
  clusterRef:
    name: simplenifi
    namespace: default
  includeJKS: false
  createCert: false
  accessPolicies:
    - type: component
      action: write
      componentType: process-groups
      resource: /
      componentId: "e9c12f7e-0178-1000-0000-00007b03d420"
    - type: component
      action: write
      componentType: process-groups
      resource: /data
      componentId: "e9c12f7e-0178-1000-0000-00007b03d420"
EOF

Verify

In nifi UI under "User Policies" you can see now:

  • "Component policy for process group whatever (write)"
  • "Data policy for process group whatever (write)"

Without the fix no process group is mentioned under the "User Policies".

Checklist

  • Implementation tested
  • Error handling code meets the guideline
  • Logging code meets the guideline
  • User guide and development docs updated (if needed)
  • Append changelog with changes

Sorry for the bad code. I tried to make it understandable.
What do you think about that behavior?

@teplydat
Copy link
Author

@erdrix this PR would be great.

The codestyle is not perfect but I tested it over a couple of weeks and it works.

@erdrix erdrix self-assigned this Jul 9, 2021
@erdrix erdrix added bug Something isn't working community MVP Targeted for the v1 release priority:2 labels Jul 9, 2021
@erdrix erdrix changed the title first draft [Fix] Setting permissions on componentId level Jul 9, 2021
@erdrix erdrix changed the title [Fix] Setting permissions on componentId level [Fix/NiFiUser] Setting permissions on componentId level Jul 9, 2021
@erdrix erdrix added this to the 0.7.1 milestone Sep 17, 2021
@erdrix erdrix modified the milestones: 0.7.1, 0.7.3 Nov 12, 2021
@erdrix erdrix modified the milestones: 0.7.3, 0.8.0 Dec 15, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@erdrix erdrix

Labels
bug Something isn't working community MVP Targeted for the v1 release priority:2
Projects
None yet
Milestone
0.8.0
Development

Successfully merging this pull request may close these issues.

no effect for componentId in NifiUser / NifiUserGroup (accessPolicies)
2 participants
@teplydat @erdrix