This is an automated email from the ASF dual-hosted git repository.
mattyb149 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new c352c2c NIFI-6228 Fixed order of operations bug that prevented
SSLContext from being handled correctly.
c352c2c is described below
commit c352c2cc3efc03821aa4ef16b6e7ffa45c99843f
Author: Mike Thomsen <mikerthom...@gmail.com>
AuthorDate: Thu Jun 13 18:05:30 2019 -0400
NIFI-6228 Fixed order of operations bug that prevented SSLContext from
being handled correctly.
NIFI-6228 Added unit test for SSL configuration.
Signed-off-by: Matthew Burgess <mattyb...@apache.org>
This closes #3535
---
.../elasticsearch/ElasticSearchClientService.java | 2 ++
.../nifi-elasticsearch-client-service/pom.xml | 5 ++++
.../ElasticSearchClientServiceImpl.java | 2 +-
.../ElasticSearch5ClientService_IT.groovy | 26 +++++++++++++++++++++
.../src/test/resources/keystore.jks | Bin 0 -> 3077 bytes
.../src/test/resources/truststore.jks | Bin 0 -> 911 bytes
6 files changed, 34 insertions(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java
index 188c7bb..57f359d 100644
---
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java
+++
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java
@@ -19,6 +19,7 @@ package org.apache.nifi.elasticsearch;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.Validator;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
@@ -46,6 +47,7 @@ public interface ElasticSearchClientService extends
ControllerService {
+ "connections. This service only applies if the
Elasticsearch endpoint(s) have been secured with TLS/SSL.")
.required(false)
.identifiesControllerService(SSLContextService.class)
+ .addValidator(Validator.VALID)
.build();
PropertyDescriptor USERNAME = new PropertyDescriptor.Builder()
.name("el-cs-username")
diff --git
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
index dfdb75a..a1bbdb4 100644
---
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
+++
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
@@ -155,6 +155,11 @@
<version>1.10.0-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-ssl-context-service</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<profiles>
diff --git
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
index b240189..b37ba0c 100644
---
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
+++
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
@@ -128,7 +128,7 @@ public class ElasticSearchClientServiceImpl extends
AbstractControllerService im
final SSLContext sslContext;
try {
- sslContext = (sslService != null &&
sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured())
+ sslContext = (sslService != null &&
(sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured()))
?
sslService.createSSLContext(SSLContextService.ClientAuth.NONE) : null;
} catch (Exception e) {
getLogger().error("Error building up SSL Context from the supplied
configuration.", e);
diff --git
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy
index b5c4468..fd71d61 100644
---
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy
+++
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy
@@ -21,6 +21,7 @@ import org.apache.nifi.elasticsearch.DeleteOperationResponse
import org.apache.nifi.elasticsearch.ElasticSearchClientService
import org.apache.nifi.elasticsearch.ElasticSearchClientServiceImpl
import org.apache.nifi.elasticsearch.SearchResponse
+import org.apache.nifi.ssl.StandardSSLContextService
import org.apache.nifi.util.TestRunner
import org.apache.nifi.util.TestRunners
import org.junit.After
@@ -145,4 +146,29 @@ class ElasticSearch5ClientService_IT {
old = doc
}
}
+
+ @Test
+ void testSSL() {
+ def sslContext = new StandardSSLContextService()
+ runner.setProperty(TestControllerServiceProcessor.CLIENT_SERVICE,
"Client Service")
+ runner.disableControllerService(service)
+ runner.addControllerService("sslContext", sslContext)
+ runner.setProperty(sslContext, StandardSSLContextService.TRUSTSTORE,
"src/test/resources/truststore.jks")
+ runner.setProperty(sslContext,
StandardSSLContextService.TRUSTSTORE_PASSWORD,
"2DZ5i7yvbG2GA3Ld4yiAsH62QDqAjWt4ToCU0yHajwM")
+ runner.setProperty(sslContext,
StandardSSLContextService.TRUSTSTORE_TYPE,
StandardSSLContextService.STORE_TYPE_JKS)
+ runner.setProperty(service,
ElasticSearchClientService.PROP_SSL_CONTEXT_SERVICE, "sslContext")
+ runner.enableControllerService(sslContext)
+ runner.enableControllerService(service)
+ runner.assertValid()
+
+ runner.disableControllerService(service)
+ runner.disableControllerService(sslContext)
+ runner.setProperty(sslContext, StandardSSLContextService.KEYSTORE,
"src/test/resources/keystore.jks")
+ runner.setProperty(sslContext,
StandardSSLContextService.KEYSTORE_PASSWORD,
"pben4DTOUhLDI8mZiCHNX1dGEAWrpGnSYX38FTvmaeU")
+ runner.setProperty(sslContext,
StandardSSLContextService.KEYSTORE_TYPE,
StandardSSLContextService.STORE_TYPE_JKS)
+ runner.enableControllerService(sslContext)
+ runner.enableControllerService(service)
+
+ runner.assertValid()
+ }
}
diff --git
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks
new file mode 100644
index 0000000..3375d92
Binary files /dev/null and
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks
differ
diff --git
a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks
new file mode 100644
index 0000000..0752072
Binary files /dev/null and
b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks
differ
