yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-07-05 16:22:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
datahub/metadata-ingestion/docs/sources/nifi/nifi.md

48 lines
3.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### Authentication
This connector supports following authentication mechanisms
#### Single User Authentication (`auth: SINGLE_USER`)
Connector will pass this `username` and `password` as used on Nifi Login Page over `/access/token` REST endpoint. This mode also works when [Kerberos login identity provider](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#kerberos_login_identity_provider) is set up for Nifi.
#### Client Certificates Authentication (`auth: CLIENT_CERT`)
Connector will use `client_cert_file`(required) and `client_key_file`(optional), `client_key_password`(optional) for mutual TLS authentication.
#### Kerberos Authentication via SPNEGO (`auth: Kerberos`)
If nifi has been configured to use [Kerberos SPNEGO](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#kerberos_service), connector will pass users Kerberos ticket to nifi over `/access/kerberos` REST endpoint. It is assumed that user's Kerberos ticket is already present on the machine on which ingestion runs. This is usually done by installing krb5-user and then running kinit for user.
```console
sudo apt install krb5-user
kinit user@REALM
```
#### Basic Authentication (`auth: BASIC_AUTH`)
Connector will use [HTTPBasicAuth](https://requests.readthedocs.io/en/latest/user/authentication/#basic-authentication) with `username` and `password`.
#### No Authentication (`auth: NO_AUTH`)
This is useful for testing purposes.
### Access Policies
This connector requires following access policies to be set in Nifi for ingestion user.
#### Global Access Policies
| Policy | Privilege | Resource | Action |
| ---------------- | -------------------------------------------------------------------- | ------------- | ------ |
| view the UI | Allows users to view the UI | `/flow` | R |
| query provenance | Allows users to submit a Provenance Search and request Event Lineage | `/provenance` | R |
#### Component level Access Policies (required to be set on root process group)
| Policy | Privilege | Resource | Action |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------- | ------ |
| view the component | Allows users to view component configuration details | `/<component-type>/<component-UUID>` | R |
| view the data | Allows users to view metadata and content for this component in flowfile queues in outbound connections and through provenance events | `/data/<component-type>/<component-UUID>` | R |
| view provenance | Allows users to view provenance events generated by this component | `/provenance-data/<component-type>/<component-UUID>` | R |
Reference in New Issue View Git Blame Copy Permalink