Trying to login to secured NiFi Registry with AD user but it always returns anonymous for "authenticated" user. Same procedure worked in v0.14.3 but stopped with the ones mentioned above.
What I Did
So, this is snippet of code which I'm using for service login. I'm using AD user alongside CA certificates to be able to login. User is part of Admin group in Registry.
nipyapi.utils.set_endpoint(const.secured_nprd_registry_url)
nipyapi.security.set_service_ssl_context(
service='registry',
ca_file='certs/nifi-nprd-ca.pem'
)
log.info("Waiting for Registry to be ready for login")
nipyapi.security.service_login(
service = 'registry',
username = 'srv-1000',
password = password,
bool_response = True,
auth_type = 'basic'
)
nipyapi.utils.wait_to_complete(
test_function=nipyapi.security.service_login,
service='registry',
username='srv-1000',
password=password,
bool_response=True,
nipyapi_delay=nipyapi.config.long_retry_delay,
nipyapi_max_wait=nipyapi.config.long_max_wait
)
registryUser = nipyapi.security.get_service_access_status(service='registry') Output: anonymous user
I think what is happening is the supported auth methods are being clobbered in a last-requested-wins way, which needs to be fixed. this didn't show up in previous versions because there was only one auth method
Urgency
Well, we are using nipyapi as a part of our promotion process and adoption of Cloudera-NiFi. At the moment we can stick with 0.14.3 but it blocks our promotion as soon as we have to promote flows which have ParameterContext (which is fixed in 0.16.1) and that's why we are trying to move to latest version :)
Side note:
For some reason, when doing service_login for NiFI everything works flawlessly on each and every version. The only issue for login is for NiFi registry.
Also, maybe I'm doing something wrong, would be happy to be corrected :)
Chaffelson
commented
3 years ago
Description
Trying to login to secured NiFi Registry with AD user but it always returns
anonymousfor "authenticated" user. Same procedure worked in v0.14.3 but stopped with the ones mentioned above.What I Did
So, this is snippet of code which I'm using for service login. I'm using AD user alongside CA certificates to be able to login. User is part of Admin group in Registry.
registryUser = nipyapi.security.get_service_access_status(service='registry')Output: anonymous userregistryToken = nipyapi.config.registry_config.api_key.get('basicAuth')Output: NoneregistryToken = nipyapi.config.registry_config.api_key.get('tokenAuth')Output: str:tokenComment from @Chaffelson on this topic
Urgency
Well, we are using nipyapi as a part of our promotion process and adoption of Cloudera-NiFi. At the moment we can stick with 0.14.3 but it blocks our promotion as soon as we have to promote flows which have ParameterContext (which is fixed in 0.16.1) and that's why we are trying to move to latest version :)
Side note: For some reason, when doing service_login for NiFI everything works flawlessly on each and every version. The only issue for login is for NiFi registry. Also, maybe I'm doing something wrong, would be happy to be corrected :)