Cloudera Community
svenhans
user rank
New Contributor

Re: How to fix error: "Failed to register flow wit...

by New Contributor in Support Questions
‎09-04-2023 07:45 AM
‎09-04-2023 07:45 AM
Hi everyone,  I experienced the same error. After inspecting also the logs of nifi-registry, I found the error  2023-09-04 16:18:10,346 ERROR [NiFi Registry Web Server-17] o.a.n.r.web.mapper.ThrowableMapper An unexpected error has occurred: org.apache.nifi.registry.flow.FlowPersistenceException: Git directory /data/nifi01/nifi-registry-1.18.0/../nifiregistry_git is not clean or has uncommitted changes, resolve those changes first to save flow contents.. Returning Internal Server Error response. org.apache.nifi.registry.flow.FlowPersistenceException: Git directory /data/nifi01/nifi-registry-1.18.0/../nifiregistry_git is not clean or has uncommitted changes, resolve those changes first to save flow contents.   I changed to the path noted in the error message, changed to the user, which executes nifi-registry and checked the git repository status: git status Several files were modified and the git directory clearly was not "clean". I just committed and pushed everything (I had to set the git user name to make a successful commit).  I don't know, why this all happend. But for now, its fixed.  ... View more

Re: HandleHttpRequest / StandardRestrictedSSLConte...

by New Contributor in Support Questions
‎05-30-2023 01:14 AM
‎05-30-2023 01:14 AM
@MattWho In my test the truststore did contain just a single certificate, the public certificate of the authorized user (not private key). However this did not work, the TLS handshake did fail. In the end I did solve my problem like you suggested, with RouteOnAttribute on "http.subject.dn". It would be nice to have a processor for accessing AD to compare if the selected dn is member of some AD-group. ... View more

HandleHttpRequest / StandardRestrictedSSLContextSe...

by New Contributor in Support Questions
‎05-23-2023 07:11 AM
‎05-23-2023 07:11 AM
How do I restrict the access to an endpoint provided by HandleHttpRequest to specific users?   I did setup successfully a HandleHttpRequest-HandleHttpResponse chain, with Client Authentication = "Need Authentication". I provided a key- and truststore and users with a client certificate trusted by CA cert in the truststore can access the endpoint.  However, I do not want everybody in my company to access this endpoint, I want to restrict this to a small group of users (actually to one single server).  For testing purposes I created an empty truststore and imported into this truststore only my client certificate. However, now I cannot access the endpoint anymore (ERR_BAD_SSL_CLIENT_AUTH_CERT).  How do I configure the JKS truststore to only trust one specific client? Or how do I configure HandleHttpRequest processor?  If this is not possible, are there any other possibilities? Could I somehow use a Nifi-REST-API-Token? Could I somehow authenticate with the help of LDAP?   Thank you!   ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎09-26-2024 11:29 AM
Community Statistics
Member Since ‎05-23-2023 07:02 AM
Last Visited ‎09-26-2024 11:29 AM
Posts 3