Migrate NiFi file-based policies

Provides information about and examples of migrating NiFi file-based policies.

To migrate NiFi file-based authorization policies, you will perform the following edits.

Edit the users.xml from the source cluster by removing references to the source node users. Replace the users.xml on each destination NiFi node with the modified users.xml. The default CFM 2.0.1 location is /var/lib/nifi.

CFM NiFi uses the CMUserGroupProvider, configured in the authorizers.xml file, and places all the NiFi node hostnames in the nifi group. Edit the authorizations.xml from the source cluster by removing source node users from each policy they were assigned and replacing them with the nifi group identifier.

For example, if HDF NiFi had three NiFi node users on the “proxy user requests” policy:


<policy identifier="287edf48-da72-359b-8f61-da5d4c45a270" resource="/proxy" action="W">
            <user identifier="fd4f71d3-7b7c-3286-bec0-d42a752f1e0c"/>
            <user identifier="80ba71da-7789-3c7b-924f-041d598c8137"/>
            <user identifier="e32ed0da-e652-39e6-86db-48cfa3750a9f"/>
        </policy>

You should edit the policy with the following information for CFM 2.0.1:


<policy identifier="287edf48-da72-359b-8f61-da5d4c45a270" resource="/proxy" action="W">
           <group identifier="nifi"/>
</policy>

You must make similar changes if your flow uses Site-to-Site. You must update the “retrieve site-to-site details” global access policy:

<policy identifier="c86712ce-0172-1000-0000-00007a4ea450" resource="/site-to-site" action="R">
            <group identifier="nifi"/>
</policy>

You must also update the “retrieve data via site-to-site” policy on related input ports:


<policy identifier="c8a608dd-0172-1000-ffff-ffffec1193ac" resource="/data-transfer/input-ports/c85b69ba-0172-1000-0000-000077bde971" action="W">
            <group identifier="nifi"/>
       </policy>

Replace the authorizations.xml on each destination cluster NiFi node with the modified authorizations.xml. The default CFM 2.0.1 location is /var/lib/nifi.

After you finish

When you have finished migrating NiFi file-based policies, proceed with the steps for migrating NiFi Registry file-based policies.