This is an automated email from the ASF dual-hosted git repository. chriss pushed a commit to branch NIFI-11312 in repository https://gitbox.apache.org/repos/asf/nifi.git
commit de1c0e855eef8e21441ca04142bc13d44e8abd71 Author: Chris Sampson <chris.sampso...@gmail.com> AuthorDate: Mon Mar 20 21:57:57 2023 +0000 NIFI-11312 rationalise nifi-registry docker image startup scripts --- .../nifi-registry-docker/dockerhub/sh/start.sh | 1 + .../dockerhub/sh/update_flow_provider.sh | 3 ++ .../dockerhub/sh/update_login_providers.sh | 1 + .../dockerhub/sh/update_oidc_properties.sh | 18 +++---- .../nifi-registry-docker-maven/dockermaven/pom.xml | 16 ++++++ .../dockermaven/sh/common.sh | 28 ---------- .../dockermaven/sh/secure.sh | 57 -------------------- .../dockermaven/sh/start.sh | 63 ---------------------- .../dockermaven/sh/update_bundle_provider.sh | 48 ----------------- .../dockermaven/sh/update_database.sh | 24 --------- .../dockermaven/sh/update_flow_provider.sh | 47 ---------------- .../dockermaven/sh/update_login_providers.sh | 48 ----------------- .../dockermaven/sh/update_oidc_properties.sh | 27 ---------- 13 files changed, 29 insertions(+), 352 deletions(-) diff --git a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/start.sh b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/start.sh index eba4ef217e..2703395516 100755 --- a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/start.sh +++ b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/start.sh @@ -42,6 +42,7 @@ case ${AUTH} in ;; oidc) echo 'Enabling OIDC user authentication' + prop_replace 'nifi.registry.security.needClientAuth' 'false' . "${scripts_dir}/secure.sh" . "${scripts_dir}/update_oidc_properties.sh" diff --git a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_flow_provider.sh b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_flow_provider.sh index 92a921422d..87fa5bdf72 100644 --- a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_flow_provider.sh +++ b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_flow_provider.sh @@ -35,6 +35,9 @@ case ${NIFI_REGISTRY_FLOW_PROVIDER} in file) xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider" "${providers_file}" ;; + database) + xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider" "${providers_file}" + ;; git) xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider" "${providers_file}" add_property "Remote To Push" "${NIFI_REGISTRY_GIT_REMOTE:-}" diff --git a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_login_providers.sh b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_login_providers.sh index e3280b56aa..b6e4650a42 100755 --- a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_login_providers.sh +++ b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_login_providers.sh @@ -45,3 +45,4 @@ edit_property 'Url' "${LDAP_URL}" edit_property 'User Search Base' "${LDAP_USER_SEARCH_BASE}" edit_property 'User Search Filter' "${LDAP_USER_SEARCH_FILTER}" edit_property 'Identity Strategy' "${LDAP_IDENTITY_STRATEGY}" +edit_property 'Referral Strategy' "${LDAP_REFERRAL_STRATEGY}" diff --git a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_oidc_properties.sh b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_oidc_properties.sh index 827a40edba..d1ddff7f94 100644 --- a/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_oidc_properties.sh +++ b/nifi-registry/nifi-registry-core/nifi-registry-docker/dockerhub/sh/update_oidc_properties.sh @@ -15,13 +15,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -prop_replace 'nifi.security.user.oidc.discovery.url' "${NIFI_SECURITY_USER_OIDC_DISCOVERY_URL}" -prop_replace 'nifi.security.user.oidc.connect.timeout' "${NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT}" -prop_replace 'nifi.security.user.oidc.read.timeout' "${NIFI_SECURITY_USER_OIDC_READ_TIMEOUT}" -prop_replace 'nifi.security.user.oidc.client.id' "${NIFI_SECURITY_USER_OIDC_CLIENT_ID}" -prop_replace 'nifi.security.user.oidc.client.secret' "${NIFI_SECURITY_USER_OIDC_CLIENT_SECRET}" -prop_replace 'nifi.security.user.oidc.preferred.jwsalgorithm' "${NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM}" -prop_replace 'nifi.security.user.oidc.additional.scopes' "${NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES}" -prop_replace 'nifi.security.user.oidc.claim.identifying.user' "${NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER}" -prop_replace 'nifi.security.user.oidc.fallback.claims.identifying.user' "${NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER}" -prop_replace 'nifi.security.user.oidc.truststore.strategy' "${NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY}" +prop_replace 'nifi.registry.security.user.oidc.discovery.url' "${NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL}" +prop_replace 'nifi.registry.security.user.oidc.connect.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT}" +prop_replace 'nifi.registry.security.user.oidc.read.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT}" +prop_replace 'nifi.registry.security.user.oidc.client.id' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID}" +prop_replace 'nifi.registry.security.user.oidc.client.secret' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET}" +prop_replace 'nifi.registry.security.user.oidc.preferred.jwsalgorithm' "${NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM}" +prop_replace 'nifi.registry.security.user.oidc.additional.scopes' "${NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES}" +prop_replace 'nifi.registry.security.user.oidc.claim.identifying.user' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER}" diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/pom.xml b/nifi-registry/nifi-registry-docker-maven/dockermaven/pom.xml index e95cdc0100..8ee1b271ae 100644 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/pom.xml +++ b/nifi-registry/nifi-registry-docker-maven/dockermaven/pom.xml @@ -48,6 +48,22 @@ <artifactId>maven-antrun-plugin</artifactId> <version>1.8</version> <executions> + <execution> + <id>copy-scripts-for-docker</id> + <phase>process-sources</phase> + <configuration> + <target name="copy docker scripts to nifi-registry-docker for image build"> + <copy todir="${project.basedir}/target/sh" overwrite="true" flatten="true"> + <fileset dir="${project.basedir}/../../nifi-registry-core/nifi-registry-docker/dockerhub/sh" includes="*.sh"> + <include name="*.sh" /> + </fileset> + </copy> + </target> + </configuration> + <goals> + <goal>run</goal> + </goals> + </execution> <execution> <id>copy-for-docker</id> <phase>process-sources</phase> diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/common.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/common.sh deleted file mode 100755 index 0f594d9aed..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/common.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -e -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# 1 - value to search for -# 2 - value to replace -# 3 - file to perform replacement inline -prop_replace () { - target_file=${3:-${nifi_registry_props_file}} - echo 'replacing target file ' ${target_file} - sed -i -e "s|^$1=.*$|$1=$2|" ${target_file} -} - -# NIFI_REGISTRY_HOME is defined by an ENV command in the backing Dockerfile -export nifi_registry_props_file=${NIFI_REGISTRY_HOME}/conf/nifi-registry.properties -export hostname=$(hostname) diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/secure.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/secure.sh deleted file mode 100644 index 8a7a5bbed5..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/secure.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -e - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -scripts_dir='/opt/nifi-registry/scripts' - -[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" - -# Perform idempotent changes of configuration to support secure environments -echo 'Configuring environment with SSL settings' - -: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."} -if [ ! -f "${KEYSTORE_PATH}" ]; then - echo "Keystore file specified (${KEYSTORE_PATH}) does not exist." - exit 1 -fi -: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."} -: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."} - -: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."} -if [ ! -f "${TRUSTSTORE_PATH}" ]; then - echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist." - exit 1 -fi -: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."} -: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."} - -prop_replace 'nifi.registry.security.keystore' "${KEYSTORE_PATH}" -prop_replace 'nifi.registry.security.keystoreType' "${KEYSTORE_TYPE}" -prop_replace 'nifi.registry.security.keystorePasswd' "${KEYSTORE_PASSWORD}" -prop_replace 'nifi.registry.security.keyPasswd' "${KEY_PASSWORD:-$KEYSTORE_PASSWORD}" -prop_replace 'nifi.registry.security.truststore' "${TRUSTSTORE_PATH}" -prop_replace 'nifi.registry.security.truststoreType' "${TRUSTSTORE_TYPE}" -prop_replace 'nifi.registry.security.truststorePasswd' "${TRUSTSTORE_PASSWORD}" - -# Disable HTTP and enable HTTPS -prop_replace 'nifi.registry.web.http.port' '' -prop_replace 'nifi.registry.web.http.host' '' -prop_replace 'nifi.registry.web.https.port' "${NIFI_REGISTRY_WEB_HTTPS_PORT:-18443}" -prop_replace 'nifi.registry.web.https.host' "${NIFI_REGISTRY_WEB_HTTPS_HOST:-$HOSTNAME}" - -# Establish initial user and an associated admin identity -sed -i -e 's|<property name="Initial User Identity 1">.*</property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_REGISTRY_HOME}/conf/authorizers.xml -sed -i -e 's|<property name="Initial Admin Identity">.*</property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_REGISTRY_HOME}/conf/authorizers.xml diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/start.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/start.sh deleted file mode 100755 index 2703395516..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/start.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh -e - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -scripts_dir='/opt/nifi-registry/scripts' - -[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" - -# Establish baseline properties -prop_replace 'nifi.registry.web.http.port' "${NIFI_REGISTRY_WEB_HTTP_PORT:-18080}" -prop_replace 'nifi.registry.web.http.host' "${NIFI_REGISTRY_WEB_HTTP_HOST:-$HOSTNAME}" - -. ${scripts_dir}/update_database.sh - -# Check if we are secured or unsecured -case ${AUTH} in - tls) - echo 'Enabling Two-Way SSL user authentication' - . "${scripts_dir}/secure.sh" - ;; - ldap) - echo 'Enabling LDAP user authentication' - # Reference ldap-provider in properties - prop_replace 'nifi.registry.security.identity.provider' 'ldap-identity-provider' - prop_replace 'nifi.registry.security.needClientAuth' 'false' - - . "${scripts_dir}/secure.sh" - . "${scripts_dir}/update_login_providers.sh" - ;; - oidc) - echo 'Enabling OIDC user authentication' - prop_replace 'nifi.registry.security.needClientAuth' 'false' - - . "${scripts_dir}/secure.sh" - . "${scripts_dir}/update_oidc_properties.sh" - ;; -esac - -. "${scripts_dir}/update_flow_provider.sh" -. "${scripts_dir}/update_bundle_provider.sh" - -# Continuously provide logs so that 'docker logs' can produce them -tail -F "${NIFI_REGISTRY_HOME}/logs/nifi-registry-app.log" & -"${NIFI_REGISTRY_HOME}/bin/nifi-registry.sh" run & -nifi_registry_pid="$!" - -trap "echo Received trapped signal, beginning shutdown...;" KILL TERM HUP INT EXIT; - -echo NiFi-Registry running with PID ${nifi_registry_pid}. -wait ${nifi_registry_pid} diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_bundle_provider.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_bundle_provider.sh deleted file mode 100644 index 27d5c940ac..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_bundle_provider.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -e - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -providers_file=${NIFI_REGISTRY_HOME}/conf/providers.xml -property_xpath='/providers/extensionBundlePersistenceProvider' - -add_property() { - property_name=$1 - property_value=$2 - - if [ -n "${property_value}" ]; then - xmlstarlet ed --inplace --subnode "${property_xpath}" --type elem -n property -v "${property_value}" \ - -i \$prev --type attr -n name -v "${property_name}" \ - "${providers_file}" - fi -} - -xmlstarlet ed --inplace -u "${property_xpath}/property[@name='Extension Bundle Storage Directory']" -v "${NIFI_REGISTRY_BUNDLE_STORAGE_DIR:-./extension_bundles}" "${providers_file}" - -case ${NIFI_REGISTRY_BUNDLE_PROVIDER} in - file) - xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider" "${providers_file}" - ;; - s3) - xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.aws.S3BundlePersistenceProvider" "${providers_file}" - add_property "Region" "${NIFI_REGISTRY_S3_REGION:-}" - add_property "Bucket Name" "${NIFI_REGISTRY_S3_BUCKET_NAME:-}" - add_property "Key Prefix" "${NIFI_REGISTRY_S3_KEY_PREFIX:-}" - add_property "Credentials Provider" "${NIFI_REGISTRY_S3_CREDENTIALS_PROVIDER:-DEFAULT_CHAIN}" - add_property "Access Key" "${NIFI_REGISTRY_S3_ACCESS_KEY:-}" - add_property "Secret Access Key" "${NIFI_REGISTRY_S3_SECRET_ACCESS_KEY:-}" - add_property "Endpoint URL" "${NIFI_REGISTRY_S3_ENDPOINT_URL:-}" - ;; -esac diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_database.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_database.sh deleted file mode 100644 index 59d94d7b39..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_database.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -e - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -prop_replace 'nifi.registry.db.url' "${NIFI_REGISTRY_DB_URL:-jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE}" -prop_replace 'nifi.registry.db.driver.class' "${NIFI_REGISTRY_DB_CLASS:-org.h2.Driver}" -prop_replace 'nifi.registry.db.driver.directory' "${NIFI_REGISTRY_DB_DIR:-}" -prop_replace 'nifi.registry.db.username' "${NIFI_REGISTRY_DB_USER:-nifireg}" -prop_replace 'nifi.registry.db.password' "${NIFI_REGISTRY_DB_PASS:-nifireg}" -prop_replace 'nifi.registry.db.maxConnections' "${NIFI_REGISTRY_DB_MAX_CONNS:-5}" -prop_replace 'nifi.registry.db.sql.debug' "${NIFI_REGISTRY_DB_DEBUG_SQL:-false}" diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_flow_provider.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_flow_provider.sh deleted file mode 100644 index 95c9099337..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_flow_provider.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -e - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -providers_file=${NIFI_REGISTRY_HOME}/conf/providers.xml -property_xpath='/providers/flowPersistenceProvider' - -add_property() { - property_name=$1 - property_value=$2 - - if [ -n "${property_value}" ]; then - xmlstarlet ed --inplace --subnode "${property_xpath}" --type elem -n property -v "${property_value}" \ - -i \$prev --type attr -n name -v "${property_name}" \ - "${providers_file}" - fi -} - -xmlstarlet ed --inplace -u "${property_xpath}/property[@name='Flow Storage Directory']" -v "${NIFI_REGISTRY_FLOW_STORAGE_DIR:-./flow_storage}" "${providers_file}" - -case ${NIFI_REGISTRY_FLOW_PROVIDER} in - file) - xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider" "${providers_file}" - ;; - database) - xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider" "${providers_file}" - ;; - git) - xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider" "${providers_file}" - add_property "Remote To Push" "${NIFI_REGISTRY_GIT_REMOTE:-}" - add_property "Remote Access User" "${NIFI_REGISTRY_GIT_USER:-}" - add_property "Remote Access Password" "${NIFI_REGISTRY_GIT_PASSWORD:-}" - ;; -esac diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_login_providers.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_login_providers.sh deleted file mode 100755 index b6e4650a42..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_login_providers.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -e - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -login_providers_file=${NIFI_REGISTRY_HOME}/conf/identity-providers.xml -property_xpath='//identityProviders/provider/property' - -# Update a given property in the login-identity-providers file if a value is specified -edit_property() { - property_name=$1 - property_value=$2 - - if [ -n "${property_value}" ]; then - xmlstarlet ed --inplace -u "${property_xpath}[@name='${property_name}']" -v "${property_value}" "${login_providers_file}" - fi -} - -# Remove comments to enable the ldap-provider -sed -i '/To enable the ldap-identity-provider remove/d' "${login_providers_file}" - -edit_property 'Authentication Strategy' "${LDAP_AUTHENTICATION_STRATEGY}" -edit_property 'Manager DN' "${LDAP_MANAGER_DN}" -edit_property 'Manager Password' "${LDAP_MANAGER_PASSWORD}" -edit_property 'TLS - Keystore' "${LDAP_TLS_KEYSTORE}" -edit_property 'TLS - Keystore Password' "${LDAP_TLS_KEYSTORE_PASSWORD}" -edit_property 'TLS - Keystore Type' "${LDAP_TLS_KEYSTORE_TYPE}" -edit_property 'TLS - Truststore' "${LDAP_TLS_TRUSTSTORE}" -edit_property 'TLS - Truststore Password' "${LDAP_TLS_TRUSTSTORE_PASSWORD}" -edit_property 'TLS - Truststore Type' "${LDAP_TLS_TRUSTSTORE_TYPE}" -edit_property 'TLS - Protocol' "${LDAP_TLS_PROTOCOL}" -edit_property 'Url' "${LDAP_URL}" -edit_property 'User Search Base' "${LDAP_USER_SEARCH_BASE}" -edit_property 'User Search Filter' "${LDAP_USER_SEARCH_FILTER}" -edit_property 'Identity Strategy' "${LDAP_IDENTITY_STRATEGY}" -edit_property 'Referral Strategy' "${LDAP_REFERRAL_STRATEGY}" diff --git a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_oidc_properties.sh b/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_oidc_properties.sh deleted file mode 100644 index 77819f69c5..0000000000 --- a/nifi-registry/nifi-registry-docker-maven/dockermaven/sh/update_oidc_properties.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -e - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -prop_replace 'nifi.registry.security.user.oidc.discovery.url' "${NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL}" -prop_replace 'nifi.registry.security.user.oidc.connect.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT}" -prop_replace 'nifi.registry.security.user.oidc.read.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT}" -prop_replace 'nifi.registry.security.user.oidc.client.id' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID}" -prop_replace 'nifi.registry.security.user.oidc.client.secret' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET}" -prop_replace 'nifi.registry.security.user.oidc.preferred.jwsalgorithm' "${NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM}" -prop_replace 'nifi.registry.security.user.oidc.additional.scopes' "${NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES}" -prop_replace 'nifi.registry.security.user.oidc.claim.identifying.user' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER}" -prop_replace 'nifi.registry.security.user.oidc.fallback.claims.identifying.user' "${NIFI_REGISTRY_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER}" -prop_replace 'nifi.registry.security.user.oidc.truststore.strategy' "${NIFI_REGISTRY_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY}"