ottobackwards
commented
2 years ago I am guessing here but wouldn't the issue being that you in nipyapi need to use the same self signed certificate and things that nifi is using when it starts up?
Closed narasimhatejav closed 2 years ago
ottobackwards
commented
2 years ago I am guessing here but wouldn't the issue being that you in nipyapi need to use the same self signed certificate and things that nifi is using when it starts up?
narasimhatejav
commented
2 years ago @ottobackwards Thank you for your quick response
The below are the nifi.properties file
nifi.security.keystore=./conf/keys/client-ks.p12, nifi.security.keystoreType=PKCS12, nifi.security.keystorePasswd=123456, nifi.security.keyPasswd=123456, nifi.security.truststore=./conf/keys/localhost-ts.p12, nifi.security.truststoreType=PKCS12, nifi.security.truststorePasswd=123456
But now when i try to run the below code :
`nipyapi.utils.set_endpoint(secured_nifi_url) nipyapi.security.set_service_ssl_context( service='nifi', ca_file=host_certs_path + '/localhost-ts.pem' )
nipyapi.utils.wait_to_complete( test_function=nipyapi.security.service_login, service='nifi', username='user1', password='123456', bool_response=True, nipyapi_delay=nipyapi.config.long_retry_delay, nipyapi_max_wait=nipyapi.config.long_max_wait )`
I am getting the below error and warnings:
'C:\Users\naras\AppData\Roaming\Python\Python38\site-packages\urllib3\connection.py:455: SubjectAltNameWarning: Certificate for localhost has no subjectAltName, falling back to check for a commonName for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
MaxRetryError: HTTPSConnectionPool(host='localhost', port=8443): Max retries exceeded with url: /nifi-api/access/token (Caused by SSLError(SSLCertVerificationError("hostname 'localhost' doesn't match 'user1'")))'
This is how i have created certificate authority :
tls-toolkit.bat standalone --certificateAuthorityHostname localhost --hostnames localhost --subjectAlternativeNames nifi,registry,secure-nifi,secure-registry --nifiDnSuffix ", OU=nifi" --keyStorePassword 123456 --trustStorePassword 123456 --clientCertDn "CN=user1, OU=nifi" --clientCertPassword 123456 --days 9999 --outputDirectory C:\nipyapi-tests
Please let me know if i am missing something in configuration
ottobackwards
commented
2 years ago I'm not sure how to fix what you are seeing. But... if you look at https://github.com/Chaffelson/nipyapi/blob/main/nipyapi/demo/secure_connection.py and the docker images in the project, you can see an example of connection to a secure setup.
I would suggest that you examine that.
Chaffelson
commented
2 years ago The error about subjectAltName is telling you that you are using incorrectly built certificates, it is a common response from NiFi when you don't correctly follow standards.
The error hostname 'localhost' doesn't match 'user1 is more or less saying the same thing for a different reason, but I think you should look at how your Certs are built. 1.14 is secure by default which may also be tripping you up.
narasimhatejav
commented
2 years ago Thanks @Chaffelson @ottobackwards for your suggestions, I have followed the same commands in this link https://gist.github.com/kevdoran/70447c312ca955c3a39b15cbfafb5123 , i will check this. I will close this issue
Unable to authorize nifi from nipyapi
Description
Describe what you were trying to get done, or what you would like the package to do.
Tell us what happened, what went wrong, and what you expected to happen.
@Chaffelson , I have installed nifi 1.14.0 in my windows system. I am trying to access nifi with nipyapi, i have tried by Creating self signed certificate
What I Did
By Creating self signed certificate
As suggested by @kevdoran in the below link i have followed the same steps and i am able to create self signed certificates but even with certificates i am not able to login to nifi https://gist.github.com/kevdoran/70447c312ca955c3a39b15cbfafb5123
`import nipyapi from nipyapi.nifi import configuration as nifi_config from os import path from nipyapi import canvas,config secured_registry_url = 'https://localhost:18443/nifi-registry-api' secured_nifi_url = 'https://localhost:8443/nifi-api'
host_certs_path = "C:/nipyapi-tests/keys" nipyapi.security.set_service_ssl_context( service='registry', ca_file=path.join(host_certs_path, 'localhost-ts.pem'), client_cert_file=path.join(host_certs_path, 'client-cert.pem'), client_key_file=path.join(host_certs_path, 'client-key.pem'), client_key_password='123456' )
registry_user = nipyapi.utils.wait_to_complete( test_function=nipyapi.security.get_service_access_status, service='registry', bool_response=True, nipyapi_delay=nipyapi.config.long_retry_delay, nipyapi_max_wait=nipyapi.config.long_max_wait )
nipyapi.utils.set_endpoint(secured_nifi_url) nipyapi.security.set_service_ssl_context( service='nifi', ca_file=host_certs_path + '/localhost-ts.pem' )
nipyapi.utils.wait_to_complete( test_function=nipyapi.security.service_login, service='nifi', username='d14d933b-51a8-482b-9d7a-65855b45d7b7', password='6dTpkYwjCFMfDwCem4Lh5JDcSax9+m9K', bool_response=True, nipyapi_delay=nipyapi.config.long_retry_delay, nipyapi_max_wait=nipyapi.config.long_max_wait )
root_id = canvas.get_root_pg_id()`
username and password are generated by NIFI while installing
Error :
ValueError: Timed Out waiting for get_service_access_status to completeUrgency
Its a urgent one, as of now we want a working model with or without ssl, we will get started with the flow.