Created 05-29-2024 05:09 AM
Created on 05-29-2024 06:58 AM - edited 05-29-2024 07:11 AM
The following command I have tested and found working, make sure you are passing the right token as sometimes you may end up using extra information in the token
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <TOKEN>" -d '{"state": "RUNNING", "id": "processor-id", "revision": {"version": versionNumber, "clientId": "clidntIDstring"}}' -k --negotiate "https://hostname:8443/nifi-api/processors/<ID>/run-status"
Also please make sure the user has permission to WRITE permission on components
Created 05-29-2024 11:23 AM
@Naveen_Sagar
The Bearer token is issued by a specific NiFi node for a specific user identity. That Bearer token has a limited life time and can not be used to authenticate a user on any other NiFi node (even one in the same cluster as the original node that provided the bearer token).
All rest-api endpoints will require some level of authorization. So simply having a valid bearer token for an authenticated user identity, does not mean that user is authorized to access/interact with every rest-api endpoint. In your case, the user would need "operate the component" or "view the component" and "modify the component" authorizations in order to change the run-status.
You should inspect the nifi-user.log on the aaa.com nifi server to see what user identity attempted to change the runs-status on that node and was not authorized. Then verify the necessary authorization is setup for that user identity and try your curl command again.
And make sure as @ckumar pointed out that in his curl example that you are using the "-k" flag which allows curl to auto trust the serverAuth certificate presented in the TLS exchange with your secured NiFi.
Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 05-29-2024 06:49 AM
@Naveen_Sagar Welcome to our community! To help you get the best possible answer, I have tagged in our NiFi experts @MattWho @SAMSAL @ckumar who may be able to assist you further.
Please feel free to provide any additional information or details about your query, and we hope that you will find a satisfactory solution to your question.
Regards,
Vidya Sargur,Created on 05-29-2024 06:58 AM - edited 05-29-2024 07:11 AM
The following command I have tested and found working, make sure you are passing the right token as sometimes you may end up using extra information in the token
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <TOKEN>" -d '{"state": "RUNNING", "id": "processor-id", "revision": {"version": versionNumber, "clientId": "clidntIDstring"}}' -k --negotiate "https://hostname:8443/nifi-api/processors/<ID>/run-status"
Also please make sure the user has permission to WRITE permission on components
Created 05-29-2024 07:47 AM
@Naveen_Sagar I am not sure if this is the right solution, but if you are using NiFI itself to communicate with its own NiFi API, you can skip the authorization token completely as NiFi is already authorized to execute its own API calls.
Created 05-29-2024 11:23 AM
@Naveen_Sagar
The Bearer token is issued by a specific NiFi node for a specific user identity. That Bearer token has a limited life time and can not be used to authenticate a user on any other NiFi node (even one in the same cluster as the original node that provided the bearer token).
All rest-api endpoints will require some level of authorization. So simply having a valid bearer token for an authenticated user identity, does not mean that user is authorized to access/interact with every rest-api endpoint. In your case, the user would need "operate the component" or "view the component" and "modify the component" authorizations in order to change the run-status.
You should inspect the nifi-user.log on the aaa.com nifi server to see what user identity attempted to change the runs-status on that node and was not authorized. Then verify the necessary authorization is setup for that user identity and try your curl command again.
And make sure as @ckumar pointed out that in his curl example that you are using the "-k" flag which allows curl to auto trust the serverAuth certificate presented in the TLS exchange with your secured NiFi.
Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 06-02-2024 10:15 PM
@Naveen_Sagar, Did the response assist in resolving your query? If it did, kindly mark the relevant reply as the solution, as it will aid others in locating the answer more easily in the future.
Regards,
Vidya Sargur,