search

konpyutaika / nifikop

The NiFiKop NiFi Kubernetes operator makes it easy to run Apache NiFi on Kubernetes. Apache NiFI is a free, open-source solution that support powerful and scalable directed graphs of data routing, transformation, and system mediation logic.
https://konpyutaika.github.io/nifikop/
Apache License 2.0
125 stars 42 forks source link

AuthorizerConfig - Secret or ConfigMap keeps erroring #251

Closed jayctran closed 1 year ago

jayctran commented 1 year ago

What steps will reproduce the bug?

Nifi is running with the default authorizors.xml and there is no issue with it.

Trying to utilise ReadOnlyConfig.AuthorizorConfig, both Secret or ConfigMap is not replacing and coming up with errors no matter the content.

authorizers.xml is a working copy from conf/authorizers.xml with a slightly changed authorizer identifier. Identifier is changed from managed-authorizer to managed-authorizer-test

  1. Created a secret or config map with below commands: kubectl create secret generic nifi-file-secret -n nifi --from-file=authorizers.xml --from-file=nifi.properties kubectl create configmap nifi-config-map -n nifi --from-file=authorizers.xml
  2. Nifikop starts a nifi-cluster node

What is the expected behavior?

The content in nifi-config-map.data."authorizers.xml" should be over-writing conf/authorizers.xml file.

I am expecting to see the conf/authorizers.xml file to have managed-authorizer-test.

What do you see instead?

I still see the default settings for the authorizers.xml.

Additional errors I am seeing. The first error is correctly showing where I deleted the config map for testing purposes. It correctly showed the error with the missing configmap.

{"level":"error","time":"2023-04-14T05:18:39.893Z","logger":"controllers.NifiCluster","caller":"nifi/secretconfig.go:468","msg":"error occurred during getting authorizer readonly configmap","clusterName":"nifi-cluster","nodeId":1,"error":"configmap not ready: ConfigMap \"nifi-config-map\" not found","stacktrace":"github.com/konpyutaika/nifikop/pkg/resources/nifi.(Reconciler).getAuthorizersConfigString\n\t/workspace/pkg/resources/nifi/secretconfig.go:468\ngithub.com/konpyutaika/nifikop/pkg/resources/nifi.(Reconciler).secretConfig\n\t/workspace/pkg/resources/nifi/secretconfig.go:53\ngithub.com/konpyutaika/nifikop/pkg/resources/nifi.(Reconciler).Reconcile\n\t/workspace/pkg/resources/nifi/nifi.go:156\ngithub.com/konpyutaika/nifikop/controllers.(NifiClusterReconciler).Reconcile\n\t/workspace/controllers/nificluster_controller.go:133\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:121\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:320\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:273\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:234"}

With the config map created it always shows a stacktrace with no obvious error.

{"level":"error","time":"2023-04-14T05:20:52.106Z","logger":"controllers.NifiCluster","caller":"nifi/secretconfig.go:468","msg":"error occurred during getting authorizer readonly configmap","clusterName":"nifi-cluster","nodeId":1,"stacktrace":"github.com/konpyutaika/nifikop/pkg/resources/nifi.(Reconciler).getAuthorizersConfigString\n\t/workspace/pkg/resources/nifi/secretconfig.go:468\ngithub.com/konpyutaika/nifikop/pkg/resources/nifi.(Reconciler).secretConfig\n\t/workspace/pkg/resources/nifi/secretconfig.go:53\ngithub.com/konpyutaika/nifikop/pkg/resources/nifi.(Reconciler).Reconcile\n\t/workspace/pkg/resources/nifi/nifi.go:156\ngithub.com/konpyutaika/nifikop/controllers.(NifiClusterReconciler).Reconcile\n\t/workspace/controllers/nificluster_controller.go:133\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:121\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:320\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:273\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:234"}

Possible solution

The stacktrace is from pkg/resources/nifi/secretconfig.go:468

However I'm not sure where to go from here.

Is it possible that err is always populated for some reason even though there's no error? Or perhaps there's an issue with my configuration but I do not see what I'm doing wrong there. No matter what content I have I still get the same stacktrace - whether it's a working authorizers.xml or just a string in the configmap.

NiFiKop version

v.1.1.0-release

Golang version

??

Kubernetes version

1.25.1

NiFi version

1.21.0

Additional context

No response

mh013370 commented 1 year ago

@juldrixx I think this necessitates a v1.2.0 release including the custom authorizers fix.

mh013370 commented 1 year ago

There's a lot of context here in this nifikop slack thread: https://konpytika.slack.com/archives/C035X6KP684/p1679324260885219

TLDR is there's a fix staged but it hasn't been released yet

juldrixx commented 1 year ago

Released 1.1.1, should be good with it.