Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Trigger RESTAPI to schedule processors from nifi

Labels:
avatar
author-rank Naveen_Sagar
Explorer

Created ‎05-29-2024 05:09 AM

curl -H   "Content-Type: application/JSON ; Authorization: Bearer {token here}" -d "{"revision":{"clientId":"ac153723-44ff-17fd-e42e-f975cb01817b"},"processors":{"id":"ac15a47e-44ff-17fd-ffff-fffffc691b51","running":"true"}}" -X PUT "https://aaa.com:443/nifi-api/processors/ac15a47e-44ff-17fd-ffff-fffffc691b51/run-status"
 
we are trying to run NIFI processor using NIFI API as above, but its giving UNAUTHORIZED error always. Can any one help in getting this fixed. Are we using correct code? We are able to get the token from NIFI.
1,249 Views
0 Kudos
2 ACCEPTED SOLUTIONS

avatar
author-rank ckumar author-rank
Master Collaborator

Created on ‎05-29-2024 06:58 AM - edited ‎05-29-2024 07:11 AM

 

The following command I have tested and found working, make sure you are passing the right token as sometimes you may end up using extra information in the token 

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <TOKEN>" -d '{"state": "RUNNING", "id": "processor-id", "revision": {"version": versionNumber, "clientId": "clidntIDstring"}}' -k --negotiate "https://hostname:8443/nifi-api/processors/<ID>/run-status"

Also please make sure the user has permission to WRITE permission on components 

 

View solution in original post

1,231 Views

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎05-29-2024 11:23 AM

@Naveen_Sagar 

The Bearer token is issued by a specific NiFi node for a specific user identity.   That Bearer token has a limited life time and can not be used to authenticate a user on any other NiFi node (even one in the same cluster as the original node that provided the bearer token). 

All rest-api endpoints will require some level of authorization.  So simply having a valid bearer token for an authenticated user identity, does not mean that user is authorized to access/interact with every rest-api endpoint.   In your case, the user would need "operate the component" or "view the component" and "modify the component" authorizations in order to change the run-status.

You should inspect the nifi-user.log on the aaa.com nifi server to see what user identity attempted to change the runs-status on that node and was not authorized.  Then verify the necessary authorization is setup for that user identity and try your curl command again.

And make sure as @ckumar pointed out that in his curl example that you are using the "-k" flag which allows curl to auto trust the serverAuth certificate presented in the TLS exchange with your secured NiFi.

Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

1,193 Views
5 REPLIES 5

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎05-29-2024 06:49 AM

@Naveen_Sagar Welcome to our community! To help you get the best possible answer, I have tagged in our NiFi experts @MattWho @SAMSAL @ckumar  who may be able to assist you further.

Please feel free to provide any additional information or details about your query, and we hope that you will find a satisfactory solution to your question.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
1,234 Views
0 Kudos

avatar
author-rank ckumar author-rank
Master Collaborator

Created on ‎05-29-2024 06:58 AM - edited ‎05-29-2024 07:11 AM

 

The following command I have tested and found working, make sure you are passing the right token as sometimes you may end up using extra information in the token 

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <TOKEN>" -d '{"state": "RUNNING", "id": "processor-id", "revision": {"version": versionNumber, "clientId": "clidntIDstring"}}' -k --negotiate "https://hostname:8443/nifi-api/processors/<ID>/run-status"

Also please make sure the user has permission to WRITE permission on components 

 

1,232 Views

avatar
author-rank steven-matison
Guru

Created ‎05-29-2024 07:47 AM

@Naveen_Sagar  I am not sure if this is the right solution, but if you are using NiFI itself to communicate with its own NiFi API,  you can skip the authorization token completely as NiFi is already authorized to execute its own API calls.

1,221 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎05-29-2024 11:23 AM

@Naveen_Sagar 

The Bearer token is issued by a specific NiFi node for a specific user identity.   That Bearer token has a limited life time and can not be used to authenticate a user on any other NiFi node (even one in the same cluster as the original node that provided the bearer token). 

All rest-api endpoints will require some level of authorization.  So simply having a valid bearer token for an authenticated user identity, does not mean that user is authorized to access/interact with every rest-api endpoint.   In your case, the user would need "operate the component" or "view the component" and "modify the component" authorizations in order to change the run-status.

You should inspect the nifi-user.log on the aaa.com nifi server to see what user identity attempted to change the runs-status on that node and was not authorized.  Then verify the necessary authorization is setup for that user identity and try your curl command again.

And make sure as @ckumar pointed out that in his curl example that you are using the "-k" flag which allows curl to auto trust the serverAuth certificate presented in the TLS exchange with your secured NiFi.

Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

1,194 Views

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎06-02-2024 10:15 PM

@Naveen_Sagar, Did the response assist in resolving your query? If it did, kindly mark the relevant reply as the solution, as it will aid others in locating the answer more easily in the future. 


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
1,111 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements