Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
2.0.0
-
None
Description
The new GitHub/GitLab Registry Clients offer better integration with developer teams' existing git repositories and way of working. The downside is that buckets don't exist to control access to (parts of) the repositories. To compensate for this, we'd want to have one Registry Client per team, allowing direct access to the team data pipeline repo.
This runs into security concerns as this would allow all NiFi developers access to eachothers repositories.
Please consider implementing access policies on (non-NiFi?) Registry Clients so that we can limit access to a client/repository on a group/team basis. This would be the replacement for Bucket functionality.
The basic scenario would be that a NiFi user would only see the Registry Clients they have access to in the dropdown when committing/changing/importing flows.
The extra awesome would also distinguish read and modify permissions. Read would allow importing a new flow from the registry and changing a local version to match that in the registry. Modify would allow committing new flows and versions.