[
https://issues.apache.org/jira/browse/NIFI-3162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Koji Kawamura updated NIFI-3162:
--------------------------------
Description:
Since NiFi 1.0.0, several configurations have been added to RemoteProcessGroup
such as Transport Protocol and Proxy settings.
Currently, configuration updates against these new settings are not audited.
In addition to these RemoteProcessGroup settings, RemoteProcessGroupPort will
have new configurations by NIFI-1202.
This JIRA ticket tracks the work of adding audit events for these new settings.
h3. Investigate current behavior
In order to fix properly, I've tested to know what works and what doesn't. Here
is the result of current behavior (measured with 1.2.0-SNAPSHOT, but it should
be the same for versions after 1.0).
|| Operation performed || Created Audit Type || Audited Operation || Need fix?
||
| Create RPG | RPG | Add | No |
| Enable transmission | RPG | Start | No |
| Disable transmission | RPG | Stop | No |
| Delete RPG | RPG? | Remove? | Different issue |
| Edit RPG config | RPG | Configure | Yes fix-1 |
| Enable/Disable individual remote port | (none) | (none) | Yes fix-2 |
| Edit individual remote port config | (none) | (none) | Yes fix-3 |
h3. Fix-1: Edit RPG config
Currently, this is partially audited for 'Communications Timeout' and 'Yield
Duration'.
We need to track edit for these as well: Transport Protocol, HTTP Proxy Server
Hostname, Port, User, Password
h3. Fix-2: Enable/Disable individual remote port
>From 'Remote ports' context menu of a RPG, each remote port can be
>enabled/disabled individually. Currently this operation is not audited.
was:
Since NiFi 1.0.0, several configurations have been added to RemoteProcessGroup
such as Transport Protocol and Proxy settings.
Currently, configuration updates against these new settings are not audited.
In addition to these RemoteProcessGroup settings, RemoteProcessGroupPort will
have new configurations by NIFI-1202.
This JIRA ticket tracks the work of adding audit events for these new settings.
h3. Investigate current behavior
In order to fix properly, I've tested to know what works and what doesn't. Here
is the result of current behavior (measured with 1.2.0-SNAPSHOT, but it should
be the same for versions after 1.0).
|| Operation performed || Created Audit Type || Audited Operation || Need fix?
||
| Create RPG | RemoteProcessGroup | Add | No |
| Enable transmission | RemoteProcessGroup | Start | No |
| Disable transmission | RemoteProcessGroup | Stop | No |
| Delete RPG | RemoteProcessGroup? | Remove? | Different issue |
| Edit RPG config | RemoteProcessGroup | Configure | Yes |
| Enable/Disable individual remote port | (none) | (none) | Yes |
| Edit individual remote port config | (none) | (none) | Yes |
> RPG proxy and Remote Group Port configuration changes should be audited
> -----------------------------------------------------------------------
>
> Key: NIFI-3162
> URL: https://issues.apache.org/jira/browse/NIFI-3162
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Koji Kawamura
> Assignee: Koji Kawamura
>
> Since NiFi 1.0.0, several configurations have been added to
> RemoteProcessGroup such as Transport Protocol and Proxy settings.
> Currently, configuration updates against these new settings are not audited.
> In addition to these RemoteProcessGroup settings, RemoteProcessGroupPort
> will have new configurations by NIFI-1202.
> This JIRA ticket tracks the work of adding audit events for these new
> settings.
> h3. Investigate current behavior
> In order to fix properly, I've tested to know what works and what doesn't.
> Here is the result of current behavior (measured with 1.2.0-SNAPSHOT, but it
> should be the same for versions after 1.0).
> || Operation performed || Created Audit Type || Audited Operation || Need
> fix? ||
> | Create RPG | RPG | Add | No |
> | Enable transmission | RPG | Start | No |
> | Disable transmission | RPG | Stop | No |
> | Delete RPG | RPG? | Remove? | Different issue |
> | Edit RPG config | RPG | Configure | Yes fix-1 |
> | Enable/Disable individual remote port | (none) | (none) | Yes fix-2 |
> | Edit individual remote port config | (none) | (none) | Yes fix-3 |
> h3. Fix-1: Edit RPG config
> Currently, this is partially audited for 'Communications Timeout' and 'Yield
> Duration'.
> We need to track edit for these as well: Transport Protocol, HTTP Proxy
> Server Hostname, Port, User, Password
> h3. Fix-2: Enable/Disable individual remote port
> From 'Remote ports' context menu of a RPG, each remote port can be
> enabled/disabled individually. Currently this operation is not audited.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
