Closed juldrixx closed 7 months ago
Tested with NiFiKop 1.5.0.
apiVersion: nifi.konpyutaika.com/v1
kind: NifiUser
metadata:
name: myuser
spec:
identity: myuser@konpyutaika.com
clusterRef:
name: nifikop
createCert: false
accessPolicies:
- type: global
action: read
resource: /flow
- type: component
action: read
resource: /
componentType: process-groups
componentId: f14df4f6-018b-1000-0000-0000746142ad
apiVersion: nifi.konpyutaika.com/v1
kind: NifiUser
metadata:
name: myuser
spec:
identity: myuser@konpyutaika.com
clusterRef:
name: nifikop
createCert: false
accessPolicies:
- type: global
action: read
resource: /flow
- type: component
action: read
resource: /
componentType: process-groups
componentId: foo
Same result with a group.
apiVersion: nifi.konpyutaika.com/v1
kind: NifiUser
metadata:
name: myuser
spec:
identity: myuser@konpyutaika.com
clusterRef:
name: nifikop
createCert: false
---
apiVersion: nifi.konpyutaika.com/v1
kind: NifiUserGroup
metadata:
name: mygroup
spec:
clusterRef:
name: nifikop
usersRef:
- name: myuser
accessPolicies:
- type: global
action: read
resource: /flow
- type: component
action: read
resource: /
componentType: process-groups
componentId: f1485c40-018b-1000-7290-9ed76423fd90
apiVersion: nifi.konpyutaika.com/v1
kind: NifiUser
metadata:
name: myuser
spec:
identity: myuser@konpyutaika.com
clusterRef:
name: nifikop
createCert: false
---
apiVersion: nifi.konpyutaika.com/v1
kind: NifiUserGroup
metadata:
name: mygroup
spec:
clusterRef:
name: nifikop
usersRef:
- name: myuser
accessPolicies:
- type: global
action: read
resource: /flow
- type: component
action: read
resource: /
componentType: process-groups
componentId: foo
The componentId
field is effective.
From nifikop created by teplydat: Orange-OpenSource/nifikop#66
Bug Report
What did you do? I want to grant permission on specific "components" (let's call it "itam". So it is a process group under "NiFi Flow") via CR "NifiUserGroup". Doc is here: https://orange-opensource.github.io/nifikop/docs/v0.4.3/3_tasks/4_nifi_user_group
I tried different things for componentId.
What did you expect to see? User policy should be for example: "Component policy for process Group itam"
What did you see instead? Under which circumstances? No such policy. If I don't specify "componentId" then it is: "Component policy for process Group NiFi Flow"
Environment
nifikop version: nifikop: v0.4.2-alpha-release
go version: -
Kubernetes version information: OpenShift 4.6.z, K8s 1.19
Kubernetes cluster kind: ?
NiFi version: nifi-1.11.4-RC1
Possible Solution It seems the componentId is not set here: https://github.com/Orange-OpenSource/nifikop/blob/08e3fc742d96d630287b244f95b4e2dbeb2890a1/pkg/clientwrappers/accesspolicies/policies.go#L132
Would be very nice if someone can help!