Support Questions

Find answers, ask questions, and share your expertise

One Nifi Registry with secure bucket

Hi Community !

 

I have build a new design with a single Nifi Registry to communicate with Nifi development / staging / production platform.
Before this implementation, we built a Nifi Registry for each Nifi cluster.


Before :

before.jpg

Now :

now.jpg

Pictures Source : https://pierrevillard.com/2018/04/09/automate-workflow-deployment-in-apache-nifi-with-the-nifi-regis...

 

Something unexpected comes up.

 

Distinction between dev / staging / production environnement are making with different name of bucket like :
- DEV_mybucket
- STAG_mybucket
- PROD_mybucket

 

On my environnement Nifi development, people from "Team A" can versionned flow in bucket DEV_mybucket.
To deploy on staging, it's very easy to exporting versionned flow from DEV_mybucket and importing to the STAG_mybucket.

 

On my development cluster Nifi, to exclude versionning flow in bucket STAG_mybucket I was thinking to secure those buckets with the policies but ...

 

Using proxy user requests :
- Nifi dev Cluster allows to process requests with read and write

 

People belongs to "Team A" are allowed to manage bucket DEV_mybucket (read and write) and STAG_mybucket (read and write) to deploy on the staging nifi env.
Problem : from the nifi dev cluster, a user from the team A can versioned flow in the bucket DEV_mybucket but also in the bucket STAG_mybucket.

 

I'm trying to find a solution not authorized the Nifi dev Cluster to read or access to the bucket STAG_mybucket. I've tried many way without success.

 

I have read this article by Byran Brende : https://www.mail-archive.com/users@nifi.apache.org/msg14705.html
It seems unlikely to be realizable but I want to hope !

 

If you have any proposition. Thanks for your help

0 REPLIES 0
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.