[cetic/nifi] Users and Authorizations not persisted

[gforeman02]

Describe the bug The users.xml and authorizations.xml files were previously persisted to the "auth-conf" directory. PR #169 changed this to the "conf" directory.

Version of Helm, Kubernetes and the Nifi chart: helm: v3.5.1 kubernetes version: v1.20.5 cetic/nifi release: master

What happened: On uninstall/install of chart, all users/permissions reset to default. Persistence is enabled.

What you expected to happen: Users and permissions to persist.

How to reproduce it (as minimally and precisely as possible): Install the chart. In nifi, create a user, assign a permission. Uninstall the chart. Re-install the chart. All users/permissions are gone. Additionally, a find on the persistence directory shows no users.xml file.

Anything else we need to know:

Here are some information that help troubleshooting:

• if relevant, provide your values.yaml or the changes made to the default one (after removing sensitive information)
• the output of the folowing commands:

Check if a pod is in error:

kubectl get pod
NAME                  READY   STATUS    RESTARTS   AGE
myrelease-nifi-0             3/4     Failed   1          56m
myrelease-nifi-registry-0    1/1     Running   0          56m
myrelease-nifi-zookeeper-0   1/1     Running   0          56m
myrelease-nifi-zookeeper-1   1/1     Running   0          56m
myrelease-nifi-zookeeper-2   1/1     Running   0          56m

Inspect the pod, check the "Events" section at the end for anything suspicious.

kubectl describe pod myrelease-nifi-0

Get logs on a failed container inside the pod (here the server one):

kubectl logs myrelease-nifi-0 server

[lquinonesp]

I am still experiencing this issue on version 1.14 using chart 1.0.5. Is there anything I am missing? Should I open a new ticket?

[wknickless]

@lquinonesp did you set persistence.enabled=true ? It's not the default, and if you don't set it to true then you'll see this behavior.

[lquinonesp]

@wknickless Persistence is enabled and I know that flows persist, just not user policies. If I restart my pod, NiFi loads everything up with only the admin user defined in the values.yaml

[wknickless]

@lquinonesp I'm sorry - I forgot I had to fix this. Thank you for following up! This commit in PR #218 resolves that problem: https://github.com/wknickless/helm-nifi/commit/2874d6722d60c1a6da5977ad7e35f9ac1de97f44

[wknickless]

@lquinonesp Just to make sure we haven't missed a corner case that you're running into, which authentication/authorization system are you using? SingleUser, OIDC, LDAP, ... ?

[lquinonesp]

@wknickless I am using OIDC.

[wknickless]

@lquinonesp yes the fix in PR #218 is specifically for OIDC.

[lquinonesp]

@wknickless Do I need to wait for the PR to close or do I need to apply a different nifi or chart version?

[wknickless]

@lquinonesp you can wait until #218 is merged and 1.1.0 is released. Alternatively, you can help everyone by trying it in your environment and letting us know if it works or breaks for you.

You can try #218 by doing something like:

git clone https://github.com/wknickless/helm-nifi.git helm-nifi
cd helm-nifi
git checkout feature/cert-manager
helm dep update
helm install nifi . -f $HOME/my-nifi-values.yaml