This is an automated email from the ASF dual-hosted git repository. mattyb149 pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push: new c352c2c NIFI-6228 Fixed order of operations bug that prevented SSLContext from being handled correctly. c352c2c is described below commit c352c2cc3efc03821aa4ef16b6e7ffa45c99843f Author: Mike Thomsen <mikerthom...@gmail.com> AuthorDate: Thu Jun 13 18:05:30 2019 -0400 NIFI-6228 Fixed order of operations bug that prevented SSLContext from being handled correctly. NIFI-6228 Added unit test for SSL configuration. Signed-off-by: Matthew Burgess <mattyb...@apache.org> This closes #3535 --- .../elasticsearch/ElasticSearchClientService.java | 2 ++ .../nifi-elasticsearch-client-service/pom.xml | 5 ++++ .../ElasticSearchClientServiceImpl.java | 2 +- .../ElasticSearch5ClientService_IT.groovy | 26 +++++++++++++++++++++ .../src/test/resources/keystore.jks | Bin 0 -> 3077 bytes .../src/test/resources/truststore.jks | Bin 0 -> 911 bytes 6 files changed, 34 insertions(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java index 188c7bb..57f359d 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java @@ -19,6 +19,7 @@ package org.apache.nifi.elasticsearch; import org.apache.nifi.annotation.documentation.CapabilityDescription; import org.apache.nifi.annotation.documentation.Tags; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.Validator; import org.apache.nifi.controller.ControllerService; import org.apache.nifi.expression.ExpressionLanguageScope; import org.apache.nifi.processor.util.StandardValidators; @@ -46,6 +47,7 @@ public interface ElasticSearchClientService extends ControllerService { + "connections. This service only applies if the Elasticsearch endpoint(s) have been secured with TLS/SSL.") .required(false) .identifiesControllerService(SSLContextService.class) + .addValidator(Validator.VALID) .build(); PropertyDescriptor USERNAME = new PropertyDescriptor.Builder() .name("el-cs-username") diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml index dfdb75a..a1bbdb4 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml @@ -155,6 +155,11 @@ <version>1.10.0-SNAPSHOT</version> <scope>compile</scope> </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-ssl-context-service</artifactId> + <scope>test</scope> + </dependency> </dependencies> <profiles> diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java index b240189..b37ba0c 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java @@ -128,7 +128,7 @@ public class ElasticSearchClientServiceImpl extends AbstractControllerService im final SSLContext sslContext; try { - sslContext = (sslService != null && sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured()) + sslContext = (sslService != null && (sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured())) ? sslService.createSSLContext(SSLContextService.ClientAuth.NONE) : null; } catch (Exception e) { getLogger().error("Error building up SSL Context from the supplied configuration.", e); diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy index b5c4468..fd71d61 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy @@ -21,6 +21,7 @@ import org.apache.nifi.elasticsearch.DeleteOperationResponse import org.apache.nifi.elasticsearch.ElasticSearchClientService import org.apache.nifi.elasticsearch.ElasticSearchClientServiceImpl import org.apache.nifi.elasticsearch.SearchResponse +import org.apache.nifi.ssl.StandardSSLContextService import org.apache.nifi.util.TestRunner import org.apache.nifi.util.TestRunners import org.junit.After @@ -145,4 +146,29 @@ class ElasticSearch5ClientService_IT { old = doc } } + + @Test + void testSSL() { + def sslContext = new StandardSSLContextService() + runner.setProperty(TestControllerServiceProcessor.CLIENT_SERVICE, "Client Service") + runner.disableControllerService(service) + runner.addControllerService("sslContext", sslContext) + runner.setProperty(sslContext, StandardSSLContextService.TRUSTSTORE, "src/test/resources/truststore.jks") + runner.setProperty(sslContext, StandardSSLContextService.TRUSTSTORE_PASSWORD, "2DZ5i7yvbG2GA3Ld4yiAsH62QDqAjWt4ToCU0yHajwM") + runner.setProperty(sslContext, StandardSSLContextService.TRUSTSTORE_TYPE, StandardSSLContextService.STORE_TYPE_JKS) + runner.setProperty(service, ElasticSearchClientService.PROP_SSL_CONTEXT_SERVICE, "sslContext") + runner.enableControllerService(sslContext) + runner.enableControllerService(service) + runner.assertValid() + + runner.disableControllerService(service) + runner.disableControllerService(sslContext) + runner.setProperty(sslContext, StandardSSLContextService.KEYSTORE, "src/test/resources/keystore.jks") + runner.setProperty(sslContext, StandardSSLContextService.KEYSTORE_PASSWORD, "pben4DTOUhLDI8mZiCHNX1dGEAWrpGnSYX38FTvmaeU") + runner.setProperty(sslContext, StandardSSLContextService.KEYSTORE_TYPE, StandardSSLContextService.STORE_TYPE_JKS) + runner.enableControllerService(sslContext) + runner.enableControllerService(service) + + runner.assertValid() + } } diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks new file mode 100644 index 0000000..3375d92 Binary files /dev/null and b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks differ diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks new file mode 100644 index 0000000..0752072 Binary files /dev/null and b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks differ