Support Questions

Naveen_Sagar · ‎05-29-2024

curl -H "Content-Type: application/JSON ; Authorization: Bearer {token here}" -d "{"revision":{"clientId":"ac153723-44ff-17fd-e42e-f975cb01817b"},"processors":{"id":"ac15a47e-44ff-17fd-ffff-fffffc691b51","running":"true"}}" -X PUT "https://aaa.com:443/nifi-api/processors/ac15a47e-44ff-17fd-ffff-fffffc691b51/run-status"

we are trying to run NIFI processor using NIFI API as above, but its giving UNAUTHORIZED error always. Can any one help in getting this fixed. Are we using correct code? We are able to get the token from NIFI.

ckumar · ‎05-29-2024

The following command I have tested and found working, make sure you are passing the right token as sometimes you may end up using extra information in the token

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <TOKEN>" -d '{"state": "RUNNING", "id": "processor-id", "revision": {"version": versionNumber, "clientId": "clidntIDstring"}}' -k --negotiate "https://hostname:8443/nifi-api/processors/<ID>/run-status"

Also please make sure the user has permission to WRITE permission on components

View solution in original post

MattWho · ‎05-29-2024

@Naveen_Sagar

The Bearer token is issued by a specific NiFi node for a specific user identity. That Bearer token has a limited life time and can not be used to authenticate a user on any other NiFi node (even one in the same cluster as the original node that provided the bearer token).

All rest-api endpoints will require some level of authorization. So simply having a valid bearer token for an authenticated user identity, does not mean that user is authorized to access/interact with every rest-api endpoint. In your case, the user would need "operate the component" or "view the component" and "modify the component" authorizations in order to change the run-status.

You should inspect the nifi-user.log on the aaa.com nifi server to see what user identity attempted to change the runs-status on that node and was not authorized. Then verify the necessary authorization is setup for that user identity and try your curl command again.

And make sure as @ckumar pointed out that in his curl example that you are using the "-k" flag which allows curl to auto trust the serverAuth certificate presented in the TLS exchange with your secured NiFi.

Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

VidyaSargur · ‎05-29-2024

@Naveen_Sagar Welcome to our community! To help you get the best possible answer, I have tagged in our NiFi experts @MattWho @SAMSAL @ckumar who may be able to assist you further.

Please feel free to provide any additional information or details about your query, and we hope that you will find a satisfactory solution to your question.

Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

ckumar · ‎05-29-2024

The following command I have tested and found working, make sure you are passing the right token as sometimes you may end up using extra information in the token

curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer <TOKEN>" -d '{"state": "RUNNING", "id": "processor-id", "revision": {"version": versionNumber, "clientId": "clidntIDstring"}}' -k --negotiate "https://hostname:8443/nifi-api/processors/<ID>/run-status"

Also please make sure the user has permission to WRITE permission on components

steven-matison · ‎05-29-2024

@Naveen_Sagar I am not sure if this is the right solution, but if you are using NiFI itself to communicate with its own NiFi API, you can skip the authorization token completely as NiFi is already authorized to execute its own API calls.

MattWho · ‎05-29-2024

@Naveen_Sagar

The Bearer token is issued by a specific NiFi node for a specific user identity. That Bearer token has a limited life time and can not be used to authenticate a user on any other NiFi node (even one in the same cluster as the original node that provided the bearer token).

All rest-api endpoints will require some level of authorization. So simply having a valid bearer token for an authenticated user identity, does not mean that user is authorized to access/interact with every rest-api endpoint. In your case, the user would need "operate the component" or "view the component" and "modify the component" authorizations in order to change the run-status.

You should inspect the nifi-user.log on the aaa.com nifi server to see what user identity attempted to change the runs-status on that node and was not authorized. Then verify the necessary authorization is setup for that user identity and try your curl command again.

And make sure as @ckumar pointed out that in his curl example that you are using the "-k" flag which allows curl to auto trust the serverAuth certificate presented in the TLS exchange with your secured NiFi.

Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

VidyaSargur · ‎06-02-2024

@Naveen_Sagar, Did the response assist in resolving your query? If it did, kindly mark the relevant reply as the solution, as it will aid others in locating the answer more easily in the future.

Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Support Questions

Trigger RESTAPI to schedule processors from nifi