Cloudera Community
oopslemon
user rank
New Contributor

Re: Accessing NiFi RestAPI with InvokeHTTP

by Master Mentor Master Mentor in Support Questions
‎01-18-2022 08:23 AM
‎01-18-2022 08:23 AM
@oopslemon  NiFi only encrypts and obscures values in properties that support sensitive properties (so those properties which are specifically coded as sensitive properties like "password" properties). So there is no way at this time to encrypt all or portions of property values not coded as sensitive.  Keep in mind it is not just what is visible in the UI, your unencrypted passwords will be in plaintext with the NiFi flow.xml.gz file as well. My recommendation to you is to use mutual TLS based authentication instead.  You can create a clientAuth certificate to use in your rest API calls.  Then you need to make sure that your clientAuth certificate is authorized to perform the actions the rest-api call is making.  This is not going to be possible while using the single user login mode as it does not allow you to setup additional users and authorizations.  This single users authentication and authorization providers where added to protect users from unprotected access to their NiFis.  It was not meant to be the desired choice when securing your NiFi.  It is one step above an unsecured default setup that existed prior to NiFi 1.14.  It protects you, but also has limitations that go with its very basic functionality. So step one is to switch to another method of authentication and authorization to you NiFi.  TLS is always enabled for authentication as soon as NiFi is configured for HTTPS.  You can configure additional authentication methods like ldap/AD. https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication The authorizer configured in the authorizers.xml file allows you to establish policies that control user/client permissions. https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization   Then you can configure your invokeHTTP processor to simply use a SSLContextService that you would configure with your clientAuth certificate keystore and a truststore.  The password fields in this controller service would be encrypted.  No more need to constantly get a new bearer token.  All you need to worry about is getting a new client certificate before the old one expires which is typically every 2 years, but that is configurable when you create it and get it signed. If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post. Thank you, Matt ... View more

Execute dynamic SQL fetched from file with paramet...

by New Contributor in Support Questions
‎01-17-2022 07:08 AM
‎01-17-2022 07:08 AM
Hello All,   I am trying to execute a SQL query fetched from a file, and bind parameters using the flowfile attributes.   The file looks like the following with the dollar sign specifying desired parameters like NiFi EL. And the flowfile attributes are value ingested from other sources. flowfile content (fetched from sqlquery.txt) SELECT id FROM users WHERE name = ${target_name} AND gender = ${target_gender}; flowfile attributes target_name 'Tom' target_gender 'male'   And what I am trying to attempt is to execute the SQL: SELECT id FROM users WHERE name = 'Tom' AND gender = 'male';   My current approach is: 1. Initialize parameters from other sources and store them in the flowfile attributes. 2. Use FetchFile to get the sql query from the file and store it in the flowfile content. 3. Use ReplaceText to replace literal ${target_name} with the string 'Tom'. 4. Use ReplaceText to replace literal ${target_gender} with the string 'male'. 5. ExecuteSQL   It works, but it doesn't seems right when the number of parameters or number of SQL grows. I'll have to maintain lots of ReplaceText processors or one mapping file for each and every SQL using ReplaceTextWithMapping processor. What I am attempting: I am trying to extract the sql query as an attribute to better leverage NiFi expression language. 1. Initialize parameters from other sources and store them in the flowfile attributes. 2. Use FetchFile to get the sql query from the file and store it in the flowfile content. 3. Use ExtractText  to extract the sql query sqlquery SELECT id FROM users WHERE name = ${target_name} AND gender = ${target_gender}; 4. ExecuteSQL with the property: SQL select query ${sqlquery}   However it execute: SELECT id FROM users WHERE name = ${target_name} AND gender = ${target_gender};  instead of what I am attempting: SELECT id FROM users WHERE name = 'Tom' AND gender = 'male';   Note: I have read the related posts I can find, but none of them really resolve my problem. How can I use variable on query of executeSQL processor on apache NiFi? NiFi Processor to Dynamically Create SQL Query From FlowFile or JSon ExecuteSQL dynamic query..   Is there a way to bind variables when using ExecuteSQL with sql query stored in attribute or content? Or is there a better way to better resolve this use case?   Thank you all in advanced ! ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎03-07-2022 07:40 PM
Community Statistics
Member Since ‎01-16-2022 03:37 PM
Last Visited ‎03-07-2022 07:40 PM
Posts 2