Created on 07-13-2022 06:37 AM - edited 07-13-2022 08:34 AM
Hello,
I have successfully migrated the h2 database of registry to Postgres sql but it did not migrate the users.xml and authorizations.xml to postgres.
Could you please help in pointing me in right direction on what setting needs to be changed to get migrate the users and authorizations data aswell to Postgres SQL.
Thanks
Meeran
Created 07-14-2022 06:59 AM
The users.xml is created/managed by the File-User-Group-Provider in the Authorizers.xml file.
The authorizations.xml is created/managed by the File-Access-Policy-provider in the Authoirizers.xml file.
Neither of these providers support using a database for persisting the users, groups, and authorizations.
For more information on the authorization providers, follow the below link:
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#authorization
NiFi-Registry supports using an embedded H2 DB (default) or an external DB (Postgres or MySQL) for storing knowledge of which buckets exist, which versioned items belong to which buckets, as well as the version history for each item. The actual version controlled flows are not stored in the DB
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#metadata-database
The actual Version Controlled dataflow data is stored via the configured Persistence provider. The default provider is FileSystemFlowPersistenceProvider which writes this data to a directory locally on the NiFi-Registry host. The other available option is the GitFlowPersistenceProvider which commits this data to a remote Git repository when configured correctly. For more detail follow below link:
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#persistence-providers
If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.
Thank you,
Matt
Created on 07-15-2022 06:00 AM - edited 07-15-2022 06:02 AM
Thanks for the reply @MattWho
Firstly with the below configurations changes in authorizers.xml, I was able to store the users and their related authorization policies in database and I was able to successfully store the users and their permissions in postgresSQL database from registry
<userGroupProvider>
<identifier>database-user-group-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.database.DatabaseUserGroupProvider</class>
<property name="Initial User Identity 1">DEV-ADMIN</property>
</userGroupProvider>
------------------------------
<accessPolicyProvider>
<identifier>database-access-policy-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.database.DatabaseAccessPolicyProvider</class>
<property name="User Group Provider">database-user-group-provider</property>
<property name="Initial Admin Identity">DEV-ADMIN</property>
<property name="NiFi Identity 1"></property>
<property name="NiFi Group Name"></property>
</accessPolicyProvider>
--------------------------------------
<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.registry.security.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy Provider">database-access-policy-provider</property>
</authorizer>
Everything is working perfect. the only need here is to get the existing users.xml and authorizations.xml data migrated to Postgres DB and we can get rid of these files.
Please help