This is an automated email from the ASF dual-hosted git repository.
szaszm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
commit 328a5e7d88c016957564c49969ad0aa43bd1e014
Author: Gabor Gyimesi <gamezb...@gmail.com>
AuthorDate: Thu Mar 21 13:54:25 2024 +0100
MINIFICPP-2224 Drop support for disabling peer verification in InvokeHTTP
Closes #1745
Signed-off-by: Marton Szasz <sza...@apache.org>
---
PROCESSORS.md | 2 +-
docker/test/integration/features/https.feature | 18 ------------------
extensions/http-curl/processors/InvokeHTTP.cpp | 3 +--
extensions/http-curl/processors/InvokeHTTP.h | 3 +--
4 files changed, 3 insertions(+), 23 deletions(-)
diff --git a/PROCESSORS.md b/PROCESSORS.md
index c746f430f..a11083896 100644
--- a/PROCESSORS.md
+++ b/PROCESSORS.md
@@ -1358,7 +1358,7 @@ In the list below, the names of required properties
appear in bold. Any other pr
| send-message-body | true |
true<br/>false
| DEPRECATED. Only kept for backwards compatibility, no functionality is
included.
|
| Send Message Body | true |
true<br/>false
| If true, sends the HTTP message body on POST/PUT/PATCH requests
(default). If false, suppresses the message body and content-type header for
these requests.
|
| Use Chunked Encoding | false |
true<br/>false
| When POST'ing, PUT'ing or PATCH'ing content set this property to true in
order to not pass the 'Content-length' header and instead send
'Transfer-Encoding' with a value of 'chunked'. This will enable the data
transfer mechanism which was introduced in HTTP 1.1 to pass data of unknown
lengths in chunks. |
-| Disable Peer Verification | false |
true<br/>false
| Disables peer verification for the SSL session
|
+| Disable Peer Verification | false |
true<br/>false
| DEPRECATED. The value is ignored, peer and host verification are always
performed when using SSL/TLS.
|
| Put Response Body in Attribute | |
| If set, the response body received back will be put into an attribute of
the original FlowFile instead of a separate FlowFile. The attribute key to put
to is determined by evaluating value of this property.
|
| Always Output Response | false |
true<br/>false
| Will force a response FlowFile to be generated and routed to the
'Response' relationship regardless of what the server status code received is
|
| Penalize on "No Retry" | false |
true<br/>false
| Enabling this property will penalize FlowFiles that are routed to the
"No Retry" relationship.
|
diff --git a/docker/test/integration/features/https.feature
b/docker/test/integration/features/https.feature
index f19e339d1..f4ff9d246 100644
--- a/docker/test/integration/features/https.feature
+++ b/docker/test/integration/features/https.feature
@@ -54,24 +54,6 @@ Feature: Transfer data from and to MiNiFi using HTTPS
Then no files are placed in the monitored directory in 10s of running time
- Scenario: InvokeHTTP to ListenHTTP without an SSLContextService works
without a proper server cert if peer verification is disabled
- Given a GenerateFlowFile processor with the "Data Format" property set to
"Text"
- And the "Unique FlowFiles" property of the GenerateFlowFile processor is
set to "false"
- And the "Custom Text" property of the GenerateFlowFile processor is set to
"sed do eiusmod tempor incididunt"
- And a InvokeHTTP processor with the "Remote URL" property set to
"https://server-${feature_id}:4430/contentListener";
- And the "HTTP Method" property of the InvokeHTTP processor is set to "POST"
- And the "Disable Peer Verification" property of the InvokeHTTP processor
is set to "true"
- And the "success" relationship of the GenerateFlowFile processor is
connected to the InvokeHTTP
-
- And a ListenHTTP processor with the "Listening Port" property set to
"4430" in a "server" flow
- And the "SSL Certificate" property of the ListenHTTP processor is set to
"/tmp/resources/self_signed_server.crt"
- And a PutFile processor with the "Directory" property set to "/tmp/output"
in the "server" flow
- And the "success" relationship of the ListenHTTP processor is connected to
the PutFile
-
- When both instances start up
- Then a flowfile with the content "sed do eiusmod tempor incididunt" is
placed in the monitored directory in less than 10s
-
-
Scenario: InvokeHTTP to ListenHTTP with mutual TLS, using certificate files
Given a GenerateFlowFile processor with the "Data Format" property set to
"Text"
And the "Unique FlowFiles" property of the GenerateFlowFile processor is
set to "false"
diff --git a/extensions/http-curl/processors/InvokeHTTP.cpp
b/extensions/http-curl/processors/InvokeHTTP.cpp
index 2a3fe7294..cced54c0a 100644
--- a/extensions/http-curl/processors/InvokeHTTP.cpp
+++ b/extensions/http-curl/processors/InvokeHTTP.cpp
@@ -108,7 +108,6 @@ void InvokeHTTP::setupMembersFromProperties(const
core::ProcessContext& context)
context.getProperty(InvokeHTTP::ProxyPassword, proxy_.password);
follow_redirects_ =
context.getProperty<bool>(InvokeHTTP::FollowRedirects).value_or(false);
- disable_peer_verification_ =
(context.getProperty(InvokeHTTP::DisablePeerVerification) |
utils::andThen(&utils::string::toBool)).value_or(false);
content_type_ = context.getProperty(InvokeHTTP::ContentType);
if (auto ssl_context_name = context.getProperty(SSLContext)) {
@@ -128,7 +127,7 @@ std::unique_ptr<minifi::extensions::curl::HTTPClient>
InvokeHTTP::createHTTPClie
setupClientTimeouts(*client, connect_timeout_, read_timeout_);
client->setHTTPProxy(proxy_);
client->setFollowRedirects(follow_redirects_);
- client->setPeerVerification(!disable_peer_verification_);
+ client->setPeerVerification(true);
if (send_message_body_ && content_type_)
client->setContentType(*content_type_);
setupClientTransferEncoding(*client, use_chunked_encoding_);
diff --git a/extensions/http-curl/processors/InvokeHTTP.h
b/extensions/http-curl/processors/InvokeHTTP.h
index ccf2177c3..9da89866b 100644
--- a/extensions/http-curl/processors/InvokeHTTP.h
+++ b/extensions/http-curl/processors/InvokeHTTP.h
@@ -150,7 +150,7 @@ class InvokeHTTP : public core::Processor {
.withDefaultValue("false")
.build();
EXTENSIONAPI static constexpr auto DisablePeerVerification =
core::PropertyDefinitionBuilder<>::createProperty("Disable Peer Verification")
- .withDescription("Disables peer verification for the SSL session")
+ .withDescription("DEPRECATED. The value is ignored, peer and host
verification are always performed when using SSL/TLS.")
.withPropertyType(core::StandardPropertyTypes::BOOLEAN_TYPE)
.withDefaultValue("false")
.build();
@@ -297,7 +297,6 @@ class InvokeHTTP : public core::Processor {
utils::HTTPProxy proxy_{};
bool follow_redirects_ = false;
- bool disable_peer_verification_ = false;
std::optional<std::string> content_type_;
