Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Nifi Upload XML Template 403

Labels:
avatar
author-rank Kushisabishii
Explorer

Created ‎09-29-2022 01:09 AM

I have a problem very similar to this one which has been marked as solved. I have followed the instructions which did not work.

 

I am trying to upload a Nifi XML template that I have previously exported, but am getting a 403.

I am running Nifi version 1.17.0 in a docker container.

The docker image is the latest, which should be 1.14.0

It is run using docker compose.

I am using Postman to send the REST requests.

 

The steps I have taken are:

 

  1. Generate an access token using: POST https://localhost:8443/nifi-api/access/token with an x-www.form-urlencoded body containing the username and password set in the .env file. This token is then used as the bearer token
  2. Get the root process-group id using: GET https://localhost:8443/nifi-api/flow/process-group/root then taking the id from processGroupFlow:id
  3. Failing to import an XML template using: POST https://localhost:8443/nifi-api/process-groups/{id}/templates/import where the body is raw XML, containing the previously exported template.

The error I receive is:

HTTP ERROR 403 Forbidden

URI:STATUS:MESSAGE:SERVLET:

/nifi-api/process-groups/882f73b9-0183-1000-28e5-9508657cbe9f/templates/import
403
Forbidden
jerseySpring

 

My docker compose yaml file is:

version: '2.2'
services:
nifi:
image: apache/nifi:latest
container_name: nifi
ports:
- ${HTTP_EXTERNAL_PORT}:${HTTP_INTERNAL_PORT}
- ${HTTPS_EXTERNAL_PORT}:${HTTPS_INTERNAL_PORT}
environment:
- SINGLE_USER_CREDENTIALS_USERNAME=${NIFI_USERNAME}
- SINGLE_USER_CREDENTIALS_PASSWORD=${NIFI_PASSWORD}

 

My docker compose .env file is

HTTPS_EXTERNAL_PORT=8443
HTTPS_INTERNAL_PORT=8443

HTTP_EXTERNAL_PORT=8080
HTTP_INTERNAL_PORT=8080

NIFI_USERNAME=myUsername
NIFI_PASSWORD=myPassword

 

 

Thank you for your help!

2,593 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Kushisabishii
Explorer

Created ‎10-19-2022 06:52 AM

I've solved it myself. I've updated to version 1.18, and updated the docker-compose.yml file with an additional environment variable: NIFI_WEB_PROXY_HOST which equals a comma separated list of hosts that can access the system.

Then, using the following command I was able to upload a template:

 

curl -XPOST -H "Authorization: Bearer {token}" https://{host}:{port}/nifi-api/process-groups/{process-group-ID}/templates/upload -k -v -F template=@{template-name}.xml

View solution in original post

2,447 Views
0 Kudos
4 REPLIES 4

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎09-30-2022 02:35 PM

@Kushisabishii 

What are you seeing in the nifi-user.log when you make this import attempt?
You may be getting the 403 because the user is not authorized properly to perform the import call.

 

If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

Thank you,

Matt

2,537 Views
0 Kudos

avatar
author-rank Kushisabishii
Explorer

Created ‎10-03-2022 01:05 AM

Thank you for the reply @MattWho,

I agree, the 403 on the REST Api pages suggests: Client is not authorized to make this request. What I am trying to understand is why does this happen. The problem is I am new to Nifi and very much on a steep learning curve with limited time. The nifi-user.log you mentioned is below.

nifi@228d7503eaae:/opt/nifi/nifi-current/logs$ more nifi-user.log
2022-10-03 07:56:07,890 INFO [main] o.a.n.a.single.user.SingleUserAuthorizer Initializing Authorizer
2022-10-03 07:56:07,986 INFO [main] o.a.n.a.FileUserGroupProvider Creating new users file at /opt/nifi/nifi-current/./conf/users.xml
2022-10-03 07:56:07,997 INFO [main] o.a.n.a.FileUserGroupProvider Users/Groups file loaded at Mon Oct 03 07:56:07 UTC 2022
2022-10-03 07:56:07,997 INFO [main] o.a.n.a.FileAccessPolicyProvider Creating new authorizations file at /opt/nifi/nifi-current/./conf/authorizations.xml
2022-10-03 07:56:08,011 INFO [main] o.a.n.a.FileAccessPolicyProvider Authorizations file loaded at Mon Oct 03 07:56:08 UTC 2022
2022-10-03 07:56:08,014 INFO [main] o.a.n.a.single.user.SingleUserAuthorizer Configuring Authorizer

 

Thank you for taking the time to respond



 

2,513 Views
0 Kudos

avatar
author-rank Kushisabishii
Explorer

Created ‎10-19-2022 06:52 AM

I've solved it myself. I've updated to version 1.18, and updated the docker-compose.yml file with an additional environment variable: NIFI_WEB_PROXY_HOST which equals a comma separated list of hosts that can access the system.

Then, using the following command I was able to upload a template:

 

curl -XPOST -H "Authorization: Bearer {token}" https://{host}:{port}/nifi-api/process-groups/{process-group-ID}/templates/upload -k -v -F template=@{template-name}.xml

2,448 Views
0 Kudos

avatar
author-rank jojejoby
New Contributor

Created ‎11-28-2022 03:39 AM

@Kushisabishii  could you please advise what list of host needs to be provided on the NIFI_WEB_PROXY_HOST I have added the docker host and port that I access the NiFi UI. 


For example my NiFi is accessible via https://docker-host.comp.com/nifi/

Hence I have added the NIFI_WEB_PROXY_HOST = docker-host.comp.com:443 into my docker compose file. Do I need to consider any other hosts to be added ?

2,302 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements