Version: v0.6.2

NiFi User

NifiUser is the Schema for the nifi users API.

apiVersion: nifi.orange.com/v1alpha1
kind: NifiUser
metadata:
name: aguitton
spec:
identity: alexandre.guitton@orange.com
clusterRef:
name: nc
namespace: nifikop
createCert: false

NifiUser

FieldTypeDescriptionRequiredDefault
metadataObjectMetadatais metadata that all persisted resources must have, which includes all objects users must create.Nonil
specNifiUserSpecdefines the desired state of NifiUser.Nonil
statusNifiUserStatusdefines the observed state of NifiUser.Nonil

NifiUserSpec

FieldTypeDescriptionRequiredDefault
identitystringused to define the user identity on NiFi cluster side, when the user's name doesn't suit with Kubernetes resource name.No-
secretNamestringname of the secret where all cert resources will be stored.No-
clusterRefClusterReferencecontains the reference to the NifiCluster with the one the user is linked.Yes-
DNSNames[ ]stringlist of DNSNames that the user will used to request the NifiCluster (allowing to create the right certificates associated).Yes-
includeJKSbooleanwhether or not the the operator also include a Java keystore format (JKS) with you secret.Yes-
createCertbooleanwhether or not a certificate will be created for this user.No-
accessPolicies[ ]AccessPolicydefines the list of access policies that will be granted to the group.No[]

NifiUserStatus

FieldTypeDescriptionRequiredDefault
idstringthe nifi user's node id.Yes-
versionstringthe last nifi user's node revision version catched.Yes-

ClusterReference

FieldTypeDescriptionRequiredDefault
namestringname of the NifiCluster.Yes-
namespacestringthe NifiCluster namespace location.Yes-

AccessPolicy

FieldTypeDescriptionRequiredDefault
typeAccessPolicyTypedefines the kind of access policy, could be "global" or "component".Yes-
actionAccessPolicyActiondefines the kind of action that will be granted, could be "read" or "write".Yes-
resourceAccessPolicyResourcedefines the kind of resource targeted by this access policies, please refer to the following page : https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#access-policiesYes-
componentTypestringused if the type is "component", it allows to define the kind of component on which is the access policy.No-
componentIdstringused if the type is "component", it allows to define the id of the component on which is the access policy.No-

AccessPolicyType

NameValueDescription
GlobalAccessPolicyTypeglobalGlobal access policies govern the following system level authorizations
ComponentAccessPolicyTypecomponentComponent level access policies govern the following component level authorizations

AccessPolicyAction

NameValueDescription
ReadAccessPolicyActionreadAllows users to view
WriteAccessPolicyActionwriteAllows users to modify

AccessPolicyResource

NameValueDescription
FlowAccessPolicyResource/flowAbout the UI
ControllerAccessPolicyResource/controllerabout the controller including Reporting Tasks, Controller Services, Parameter Contexts and Nodes in the Cluster
ParameterContextAccessPolicyResource/parameter-contextAbout the Parameter Contexts. Access to Parameter Contexts are inherited from the "access the controller" policies unless overridden.
ProvenanceAccessPolicyResource/provenanceAllows users to submit a Provenance Search and request Event Lineage
RestrictedComponentsAccessPolicyResource/restricted-componentsAbout the restricted components assuming other permissions are sufficient. The restricted components may indicate which specific permissions are required. Permissions can be granted for specific restrictions or be granted regardless of restrictions. If permission is granted regardless of restrictions, the user can create/modify all restricted components.
PoliciesAccessPolicyResource/policiesAbout the policies for all components
TenantsAccessPolicyResource/tenantsAbout the users and user groups
SiteToSiteAccessPolicyResource/site-to-siteAllows other NiFi instances to retrieve Site-To-Site details
SystemAccessPolicyResource/systemAllows users to view System Diagnostics
ProxyAccessPolicyResource/proxyAllows proxy machines to send requests on the behalf of others
CountersAccessPolicyResource/countersAbout counters
ComponentsAccessPolicyResource/About the component configuration details
OperationAccessPolicyResource/operationto operate components by changing component run status (start/stop/enable/disable), remote port transmission status, or terminating processor threads
ProvenanceDataAccessPolicyResource/provenance-datato view provenance events generated by this component
DataAccessPolicyResource/dataAbout metadata and content for this component in flowfile queues in outbound connections and through provenance events
PoliciesComponentAccessPolicyResource/policies-
DataTransferAccessPolicyResource/data-transferAllows a port to receive data from NiFi instances
Last updated on by Alexandre Guitton