Support Questions
Find answers, ask questions, and share your expertise

"No available buckets"- secured nifi & secured nifi-registry & LDAP

"No available buckets"- secured nifi & secured nifi-registry & LDAP

New Contributor

Hey,
For some reason I'm getting "No available buckets" when I try to start a version control and I really don't know how to find root problem. I have following configuration (I'm trying to setup environment in kubernetes, but I don't think that this is a problem)
- Secured Nifi: nifi.k8s.company.com

 

    - NIFI_WEB_PROXY_HOST = nifi.k8s.company.com
    - INITIAL_ADMIN_IDENTITY = uid=johndoe,ou=users,ou=team,dc=company,dc=com
    - LDAP_AUTHENTICATION_STRATEGY = ANONYMOUS
    - LDAP_USER_SEARCH_BASE = ou=users,ou=team,dc=company,dc=com
    - LDAP_USER_SEARCH_FILTER = uid={0}
    - LDAP_IDENTITY_STRATEGY = USE_DN

 

- Secured Nifi Registry: nifi-registry.k8s.company.com

 

    - NIFI_REGISTRY_WEB_HTTP_HOST = 127.0.0.1
    - INITIAL_ADMIN_IDENTITY = uid=johndoe,ou=users,ou=team,dc=company,dc=com
    - LDAP_AUTHENTICATION_STRATEGY = ANONYMOUS
    - LDAP_USER_SEARCH_BASE = ou=users,ou=team,dc=company,dc=com
    - LDAP_USER_SEARCH_FILTER = uid={0}
    - LDAP_IDENTITY_STRATEGY = USE_DN

 

 

I'm able to log-in by using LDAP credentials. My username in top-right corner is displayed as uid=johndoe,ou=users,ou=team,dc=company,dc=com same for Nifi Registry.
On Nifi I have permissions to:

- view the component

- modify the component

- view the policies

- modify the policies

 

On Nifi Registry my user has all privileges (proxy privileges including). I created bucket and assigned my user to it and set all permissions.

Both applications have only one user- the initial admin.

 

Now, when I create a process group, right click on it and than Version -> Start version control. I see that some request is sent in background and after second I get No available buckets text in form.

I turned on debug logs, however I don't see any suspicious behavior. In Nifi registry I see:

 

2021-03-15 15:55:21,089 DEBUG [NiFi Registry Web Server-14] o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using X509IdentityProvider
2021-03-15 15:55:21,089 DEBUG [NiFi Registry Web Server-14] o.a.n.r.w.s.a.x.X509CertificateExtractor No client certificate found in request.
2021-03-15 15:55:21,089 DEBUG [NiFi Registry Web Server-14] o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using JwtIdentityProvider
2021-03-15 15:55:21,089 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.BearerAuthIdentityProvider HTTP Bearer Auth credentials not present. Not attempting to extract credentials for authentication.
2021-03-15 15:55:21,089 DEBUG [NiFi Registry Web Server-14] o.a.n.r.w.s.a.AnonymousIdentityFilter Populated SecurityContextHolder with anonymous token: 'anonymous'
2021-03-15 15:55:21,090 DEBUG [NiFi Registry Web Server-14] o.a.n.r.w.s.a.ResourceAuthorizationFilter Request filter authorization check is not required for this HTTP Method on this resource. Allowing request to proceed. An additional authorization check might be performed downstream of this filter.
2021-03-15 15:55:21,094 DEBUG [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Creating new transaction with name [org.apache.nifi.registry.web.service.StandardServiceFacade.getBuckets]: PROPAGATION_REQUIRED,ISOLATION_READ_COMMITTED,-java.lang.Throwable
2021-03-15 15:55:21,095 DEBUG [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Acquired Connection [HikariProxyConnection@1875958779 wrapping conn1: url=jdbc:h2:./database/nifi-registry-primary user=NIFIREG] for JDBC transaction
2021-03-15 15:55:21,095 DEBUG [NiFi Registry Web Server-14] o.s.jdbc.datasource.DataSourceUtils Changing isolation level of JDBC Connection [HikariProxyConnection@1875958779 wrapping conn1: url=jdbc:h2:./database/nifi-registry-primary user=NIFIREG] to 2
2021-03-15 15:55:21,095 DEBUG [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Switching JDBC Connection [HikariProxyConnection@1875958779 wrapping conn1: url=jdbc:h2:./database/nifi-registry-primary user=NIFIREG] to manual commit
2021-03-15 15:55:21,095 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing SQL query [SELECT * FROM BUCKET ORDER BY name ASC]
2021-03-15 15:55:21,095 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets
2021-03-15 15:55:21,096 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,096 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing prepared SQL query
2021-03-15 15:55:21,096 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing prepared SQL statement [SELECT * FROM BUCKET WHERE id = ?]
2021-03-15 15:55:21,096 TRACE [NiFi Registry Web Server-14] o.s.jdbc.core.StatementCreatorUtils Setting SQL statement parameter value: column index 1, parameter value [dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc], value class [java.lang.String], SQL type unknown
2021-03-15 15:55:21,096 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Proxy chain will not be authorized, public access is allowed for read on /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,097 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing prepared SQL query
2021-03-15 15:55:21,097 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing prepared SQL statement [SELECT * FROM BUCKET WHERE id IN (?) ORDER BY name ASC]
2021-03-15 15:55:21,098 TRACE [NiFi Registry Web Server-14] o.s.jdbc.core.StatementCreatorUtils Setting SQL statement parameter value: column index 1, parameter value [dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc], value class [java.lang.String], SQL type unknown
2021-03-15 15:55:21,099 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing SQL query [SELECT * FROM REVISION]
2021-03-15 15:55:21,099 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets
2021-03-15 15:55:21,099 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets
2021-03-15 15:55:21,099 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing prepared SQL query
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.springframework.jdbc.core.JdbcTemplate Executing prepared SQL statement [SELECT * FROM BUCKET WHERE id = ?]
2021-03-15 15:55:21,100 TRACE [NiFi Registry Web Server-14] o.s.jdbc.core.StatementCreatorUtils Setting SQL statement parameter value: column index 1, parameter value [dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc], value class [java.lang.String], SQL type unknown
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Proxy chain will not be checked, public access is allowed for read on /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.PublicCheckingAuthorizable Requested resource is /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.PublicCheckingAuthorizable Delegating to inheriting authorizable for /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,100 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,101 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.PublicCheckingAuthorizable Requested resource is /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,101 DEBUG [NiFi Registry Web Server-14] o.a.n.r.s.a.r.PublicCheckingAuthorizable Delegating to inheriting authorizable for /buckets/dd34dc68-6bdb-41fe-b5fb-a190a7e3b4fc
2021-03-15 15:55:21,101 TRACE [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Triggering beforeCommit synchronization
2021-03-15 15:55:21,101 TRACE [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Triggering beforeCompletion synchronization
2021-03-15 15:55:21,101 DEBUG [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Initiating transaction commit
2021-03-15 15:55:21,101 DEBUG [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Committing JDBC transaction on Connection [HikariProxyConnection@1875958779 wrapping conn1: url=jdbc:h2:./database/nifi-registry-primary user=NIFIREG]
2021-03-15 15:55:21,101 TRACE [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Triggering afterCommit synchronization
2021-03-15 15:55:21,101 TRACE [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Triggering afterCompletion synchronization
2021-03-15 15:55:21,101 DEBUG [NiFi Registry Web Server-14] o.s.j.d.DataSourceTransactionManager Releasing JDBC Connection [HikariProxyConnection@1875958779 wrapping conn1: url=jdbc:h2:./database/nifi-registry-primary user=NIFIREG] after transaction
2021-03-15 15:55:22,875 DEBUG [Listen to Bootstrap] o.apache.nifi.registry.BootstrapListener Listening for Bootstrap Requests

 


So Nifi Registry does receive request from Nifi and probably it does return a bucket since there is a valid bucket UUID.
When I run:

 

registry list-buckets -tst jks -ts /opt/nifi/nifi-current/truststore.jks -tsp xxx -u https://nifi-registry-internal-service:18443/

 

I indeed see my bucket, so I have no idea why I don't see it through WEB UI.
I saw in videos and other tutorials to add "localhost" user which will be some kind of proxy, but even though I add user like:

 

CN=uid=johndoe,ou=users,ou=team,dc=company,dc=com, OU=NIFI

 

It still doesn't work.

I use Nifi in 1.12.1 version