[GitHub] [nifi] natural commented on a change in pull request #4207: NIFI-7203 Add ZooKeeper client and server TLS
natural commented on a change in pull request #4207: NIFI-7203 Add ZooKeeper client and server TLS URL: https://github.com/apache/nifi/pull/4207#discussion_r407780342 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/server/ZooKeeperStateServer.java ## @@ -136,7 +167,15 @@ private void startDistributed() throws IOException { quorumPeer.setInitLimit(quorumPeerConfig.getInitLimit()); quorumPeer.setSyncLimit(quorumPeerConfig.getSyncLimit()); quorumPeer.setQuorumVerifier(quorumPeerConfig.getQuorumVerifier(), false); -quorumPeer.setCnxnFactory(connectionFactory); + +if (connectionFactory != null) { +quorumPeer.setCnxnFactory(connectionFactory); +} + +if (secureConnectionFactory != null) { +quorumPeer.setCnxnFactory(secureConnectionFactory); Review comment: Did you mean `quorumPeer.setSecureCnxnFactory(secureConnectionFactory)`? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] natural commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server
natural commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#issuecomment-613139346 > @natural Would you be able to snag the tests from #4207 and make the change to the logic and zookeeper.properties and then we'll just turn the other PR into the client path? @jfrazee thank you for the feedback! I think #4207 should get merged as-is, this PR closed, and the few remaining property file changes put into a new commit/branch/PR. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407768819 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/zookeeper.properties ## @@ -27,6 +27,28 @@ tickTime=2000 dataDir=./state/zookeeper autopurge.snapRetainCount=30 +# Embedded/distributed ZK TLS connection support can be activated by setting these properties at minimum: +# +# secureClientPort=2281 +# serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory + +# Most TLS configurations will set these values as well: +# +# ssl.keyStore.location=/example/path/to/key-store.jks +# ssl.keyStore.password=change this value to the actual value in your installation +# ssl.trustStore.location=/example/path/to/trust-store.jks +# ssl.trustStore.password=change this value to the actual value in your installation +# ssl.hostnameVerification=false Review comment: I'll add a note to that effect. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407768501 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/zookeeper.properties ## @@ -27,6 +27,28 @@ tickTime=2000 dataDir=./state/zookeeper autopurge.snapRetainCount=30 +# Embedded/distributed ZK TLS connection support can be activated by setting these properties at minimum: +# +# secureClientPort=2281 +# serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory + +# Most TLS configurations will set these values as well: Review comment: Agreed. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407768245 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/server/ZooKeeperStateServer.java ## @@ -104,8 +105,16 @@ private void startStandalone() throws IOException { embeddedZkServer.setMinSessionTimeout(config.getMinSessionTimeout()); embeddedZkServer.setMaxSessionTimeout(config.getMaxSessionTimeout()); +final InetSocketAddress port = config.getClientPortAddress(); +final InetSocketAddress secPort = config.getSecureClientPortAddress(); connectionFactory = ServerCnxnFactory.createFactory(); -connectionFactory.configure(config.getClientPortAddress(), config.getMaxClientCnxns()); +if (secPort != null) { Review comment: I think you're right, your implementation should be merged, not this one. I was trying to avoid multiple connections due to the security implications but I think we can just as easily handle that elsewhere. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
natural commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407768353 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/server/ZooKeeperStateServer.java ## @@ -123,8 +132,16 @@ private void startDistributed() throws IOException { try { transactionLog = new FileTxnSnapLog(quorumPeerConfig.getDataLogDir(), quorumPeerConfig.getDataDir()); +final InetSocketAddress port = quorumPeerConfig.getClientPortAddress(); +final InetSocketAddress secPort = quorumPeerConfig.getSecureClientPortAddress(); connectionFactory = ServerCnxnFactory.createFactory(); - connectionFactory.configure(quorumPeerConfig.getClientPortAddress(), quorumPeerConfig.getMaxClientCnxns()); +if (secPort != null) { Review comment: Also same. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] rfellows opened a new pull request #4208: [NIFI-7358] - Fix: Sorting on 'Estimated Time to Back Pressure' in th…
rfellows opened a new pull request #4208: [NIFI-7358] - Fix: Sorting on 'Estimated Time to Back Pressure' in th… URL: https://github.com/apache/nifi/pull/4208 …e Connection summary table does not work properly Thank you for submitting a contribution to Apache NiFi. Please provide a short description of the PR here: Description of PR fixes bug NIFI-7358 In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [X] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [X] Does your PR title start with **NIFI-** where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [X] Has your PR been rebased against the latest commit within the target branch (typically `master`)? - [X] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._ ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder? - [ ] Have you written or updated unit tests to verify your changes? - [ ] Have you verified that the full build is successful on both JDK 8 and JDK 11? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`? - [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`? - [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Created] (NIFI-7358) Sorting on "Estimated Time to Back Pressure" in the Connection summary table does not work properly
Rob Fellows created NIFI-7358: - Summary: Sorting on "Estimated Time to Back Pressure" in the Connection summary table does not work properly Key: NIFI-7358 URL: https://issues.apache.org/jira/browse/NIFI-7358 Project: Apache NiFi Issue Type: Bug Components: Core UI Affects Versions: 1.11.4 Reporter: Rob Fellows Assignee: Rob Fellows Sorting on estimated time to back pressure does not work as expected. NA values can get mixed in the middle of the results. They should be treated as unknowns and ALWAYS sorted last regardless of sort order. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi] jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407726084 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/zookeeper.properties ## @@ -27,6 +27,28 @@ tickTime=2000 dataDir=./state/zookeeper autopurge.snapRetainCount=30 +# Embedded/distributed ZK TLS connection support can be activated by setting these properties at minimum: +# +# secureClientPort=2281 +# serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory + +# Most TLS configurations will set these values as well: +# +# ssl.keyStore.location=/example/path/to/key-store.jks +# ssl.keyStore.password=change this value to the actual value in your installation +# ssl.trustStore.location=/example/path/to/trust-store.jks +# ssl.trustStore.password=change this value to the actual value in your installation +# ssl.hostnameVerification=false Review comment: Let's remove `ssl.hostnameVerification=false`, or note that you would only do it for testing. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407726084 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/zookeeper.properties ## @@ -27,6 +27,28 @@ tickTime=2000 dataDir=./state/zookeeper autopurge.snapRetainCount=30 +# Embedded/distributed ZK TLS connection support can be activated by setting these properties at minimum: +# +# secureClientPort=2281 +# serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory + +# Most TLS configurations will set these values as well: +# +# ssl.keyStore.location=/example/path/to/key-store.jks +# ssl.keyStore.password=change this value to the actual value in your installation +# ssl.trustStore.location=/example/path/to/trust-store.jks +# ssl.trustStore.password=change this value to the actual value in your installation +# ssl.hostnameVerification=false Review comment: Let's remove this, or note that you would only do it for testing. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407696242 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/zookeeper.properties ## @@ -27,6 +27,28 @@ tickTime=2000 dataDir=./state/zookeeper autopurge.snapRetainCount=30 +# Embedded/distributed ZK TLS connection support can be activated by setting these properties at minimum: +# +# secureClientPort=2281 +# serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory + +# Most TLS configurations will set these values as well: Review comment: Good call on including the example properties. We should include a note about not using the reconfig-style server.N entries if both clientPort and secureClientPort are being used. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#issuecomment-613075157 @natural Would you be able to snag the tests from #4207 and make the change to the logic and zookeeper.properties and then we'll just turn the other PR into the client path? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407690070 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/server/ZooKeeperStateServer.java ## @@ -104,8 +105,16 @@ private void startStandalone() throws IOException { embeddedZkServer.setMinSessionTimeout(config.getMinSessionTimeout()); embeddedZkServer.setMaxSessionTimeout(config.getMaxSessionTimeout()); +final InetSocketAddress port = config.getClientPortAddress(); +final InetSocketAddress secPort = config.getSecureClientPortAddress(); connectionFactory = ServerCnxnFactory.createFactory(); -connectionFactory.configure(config.getClientPortAddress(), config.getMaxClientCnxns()); +if (secPort != null) { Review comment: Since the insecure client port and secure client port aren't mutually exclusive you should add the checks for each port independently and setup two connection factories with their own startup and shutdown. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on a change in pull request #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#discussion_r407690275 ## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/server/ZooKeeperStateServer.java ## @@ -123,8 +132,16 @@ private void startDistributed() throws IOException { try { transactionLog = new FileTxnSnapLog(quorumPeerConfig.getDataLogDir(), quorumPeerConfig.getDataDir()); +final InetSocketAddress port = quorumPeerConfig.getClientPortAddress(); +final InetSocketAddress secPort = quorumPeerConfig.getSecureClientPortAddress(); connectionFactory = ServerCnxnFactory.createFactory(); - connectionFactory.configure(quorumPeerConfig.getClientPortAddress(), quorumPeerConfig.getMaxClientCnxns()); +if (secPort != null) { Review comment: Same as above. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#issuecomment-613039039 @natural Otherwise the implementation appears to be correct. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on issue #4207: NIFI-7203 Add ZooKeeper client and server TLS
jfrazee commented on issue #4207: NIFI-7203 Add ZooKeeper client and server TLS URL: https://github.com/apache/nifi/pull/4207#issuecomment-613031456 @joewitt Both? I had just finished up the work but with the addition of the client implementation and server tests which hadn't existed previously. Thought I'd throw it up because the tests and client piece would be additive. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server
jfrazee commented on issue #4202: NIFI-7203 Support for TLS in Zookeeper Server URL: https://github.com/apache/nifi/pull/4202#issuecomment-613029136 @natural Having also recently implemented this (#4207) I have a couple of comments: - Secure and insecure aren't mutually exclusive so if you also have `clientPort` in zookeeper.properties the behavior will be unexpected in that it'll ignore it and use `secureClientPort` instead. - I wouldn't recommend setting `ssl.hostnameVerification=false` as an example. - We should add some tests. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] joewitt commented on issue #4207: NIFI-7203 Add ZooKeeper client and server TLS
joewitt commented on issue #4207: NIFI-7203 Add ZooKeeper client and server TLS URL: https://github.com/apache/nifi/pull/4207#issuecomment-613028522 @jfrazee Is this PR related to/duplicative/complimentary to https://github.com/apache/nifi/pull/4202? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] jfrazee opened a new pull request #4207: NIFI-7203 Add ZooKeeper client and server TLS
jfrazee opened a new pull request #4207: NIFI-7203 Add ZooKeeper client and server TLS URL: https://github.com/apache/nifi/pull/4207 Thank you for submitting a contribution to Apache NiFi. Please provide a short description of the PR here: Description of PR _Enables X functionality; fixes bug NIFI-._ In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with **NIFI-** where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically `master`)? - [ ] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._ ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder? - [ ] Have you written or updated unit tests to verify your changes? - [ ] Have you verified that the full build is successful on both JDK 8 and JDK 11? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`? - [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`? - [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-613001810 Actually, having run check style with that enabled... it seems that it is more normal than I thought lol: ```bash ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.0:check (check-style) on project nifi-toolkit-flowanalyzer: You have 4 Checkstyle violations. -> [Help 1] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.0:check (check-style) on project nifi-flowfile-packager: You have 37 Checkstyle violations. -> [Help 1] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.0:check (check-style) on project nifi-properties: You have 194 Checkstyle violations. -> [Help 1] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.0:check (check-style) on project nifi-hl7-query-language: You have 56 Checkstyle violations. -> [Help 1] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.0:check (check-style) on project nifi-toolkit-zookeeper-migrator: You have 18 Checkstyle violations. -> [Help 1] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.0:check (check-style) on project nifi-api: You have 788 Checkstyle violations. -> [Help 1] ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-612992109 Review and tests make sense, built with contrib-check all good. Personally, I don't think end of line comments are a good thing, but we don't have the TrailingCommentCheck enabled in check style, so no reason to worry with this. +1 fwiw This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Updated] (NIFI-7304) Default value for content length filter blocks Site to Site communication
[ https://issues.apache.org/jira/browse/NIFI-7304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy LoPresto updated NIFI-7304: Status: Patch Available (was: In Progress) > Default value for content length filter blocks Site to Site communication > - > > Key: NIFI-7304 > URL: https://issues.apache.org/jira/browse/NIFI-7304 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.12.0 >Reporter: Andy LoPresto >Assignee: Andy LoPresto >Priority: Blocker > Labels: cluster, filter, http, replication, security, > site-to-site > Time Spent: 40m > Remaining Estimate: 0h > > When the content-length filter was introduced in NIFI-7153, it did not > separate Site to Site (S2S) or cluster request replication requests from > user-generated requests. With the default value of 20 MB, it is very likely > that legitimate requests of this nature will be unexpectedly blocked. > The immediate fix is to change the default value in {{nifi.properties}} to > empty and only enable this functionality when a value is provided. > A subtask will be opened to investigate if these requests should be excluded > from the length limiting filter (either by convention or via an > admin-enumerated exclusion list/setting). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi] ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-612984602 @ijokarumawak can you take a look, you have reviewed the wait processor stuff before This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-612984447 Reviewing This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Created] (NIFI-7356) Enable TLS for embedded Zookeeper when NiFi has TLS enabled
Troy Melhase created NIFI-7356: -- Summary: Enable TLS for embedded Zookeeper when NiFi has TLS enabled Key: NIFI-7356 URL: https://issues.apache.org/jira/browse/NIFI-7356 Project: Apache NiFi Issue Type: Sub-task Components: Configuration, Configuration Management Reporter: Troy Melhase Assignee: Troy Melhase -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (NIFI-7357) Make Zookeeper TLS Properties Available via nifi.properties
Troy Melhase created NIFI-7357: -- Summary: Make Zookeeper TLS Properties Available via nifi.properties Key: NIFI-7357 URL: https://issues.apache.org/jira/browse/NIFI-7357 Project: Apache NiFi Issue Type: Sub-task Components: Configuration, Configuration Management Reporter: Troy Melhase Assignee: Troy Melhase -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (MINIFICPP-1191) minor bootstrap typo
[ https://issues.apache.org/jira/browse/MINIFICPP-1191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dustin Rodrigues updated MINIFICPP-1191: Resolution: Not A Bug Status: Resolved (was: Patch Available) > minor bootstrap typo > > > Key: MINIFICPP-1191 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1191 > Project: Apache NiFi MiNiFi C++ > Issue Type: Bug >Reporter: Dustin Rodrigues >Assignee: Dustin Rodrigues >Priority: Trivial > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi-minifi-cpp] dtrodrigues commented on issue #753: MINIFICPP-1191 - fix bootstrap typo
dtrodrigues commented on issue #753: MINIFICPP-1191 - fix bootstrap typo URL: https://github.com/apache/nifi-minifi-cpp/pull/753#issuecomment-612981718 Whoops, yeah you're right. I mis-read. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi-minifi-cpp] dtrodrigues closed pull request #753: MINIFICPP-1191 - fix bootstrap typo
dtrodrigues closed pull request #753: MINIFICPP-1191 - fix bootstrap typo URL: https://github.com/apache/nifi-minifi-cpp/pull/753 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] alopresto opened a new pull request #4206: NIFI-7304 Disabled CLF by default and allow S2S & cluster comms to bypass length check
alopresto opened a new pull request #4206: NIFI-7304 Disabled CLF by default and allow S2S & cluster comms to bypass length check URL: https://github.com/apache/nifi/pull/4206 Thank you for submitting a contribution to Apache NiFi. Please provide a short description of the PR here: Description of PR _NIFI-7154 introduced the `ContentLengthFilter`, which restricted the max content-length on incoming requests. This PR reverts the behavior to disable the filter by default unless an administrator explicitly provides a max size in `nifi.properties` and allows Site-to-Site and cluster communications to bypass the filter._ In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with **NIFI-** where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically `master`)? - [ ] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._ ### For code changes: - [x] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder? - [x] Have you written or updated unit tests to verify your changes? - [x] Have you verified that the full build is successful on both JDK 8 and JDK 11? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`? - [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`? - [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi-minifi-cpp] apiri commented on issue #753: MINIFICPP-1191 - fix bootstrap typo
apiri commented on issue #753: MINIFICPP-1191 - fix bootstrap typo URL: https://github.com/apache/nifi-minifi-cpp/pull/753#issuecomment-612969099 Hey @dtrodrigues. I believe this to be correct given that we are inspecting if cmake should be skipped. If not, the command is actually being executed. I view the current form being a way to get the backing command for inspection and/or use elsewhere as a dry-run of sorts. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] alopresto commented on issue #4099: NIFI-7170: Add option to disable anonymous authentication
alopresto commented on issue #4099: NIFI-7170: Add option to disable anonymous authentication URL: https://github.com/apache/nifi/pull/4099#issuecomment-612962685 Matt, can you explain in what scenario(s) a user would be able to authenticate as `anonymous`? My understanding is there is one case (after this PR is merged) -- when a user request provides no credentials _AND_ the NiFi admin has explicitly enabled anonymous authentication. Is there any scenario I am not aware of? This should be independent of whether the request is then proxied by a trusted source. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi-registry] bbende opened a new pull request #276: NIFIREG-385 Make revision feature configurable
bbende opened a new pull request #276: NIFIREG-385 Make revision feature configurable URL: https://github.com/apache/nifi-registry/pull/276 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] EndzeitBegins edited a comment on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
EndzeitBegins edited a comment on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-612940158 @ottobackwards Thanks for the reply. I've updated the fork accordingly. The changes should be easier to see now. I mostly have extended the existing tests to be more uniform and reflect the desired behaviour. A review would be highly appreciated. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] EndzeitBegins commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
EndzeitBegins commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-612940158 @ottobackwards Thanks for the reply. I've updated the fork accordingly. The changes should be easiert to see now. I mostly have extended the existing tests to be more uniform and reflect the desired behaviour. A review would be highly appreciated. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Created] (NIFIREG-385) Make revision feature configurable
Bryan Bende created NIFIREG-385: --- Summary: Make revision feature configurable Key: NIFIREG-385 URL: https://issues.apache.org/jira/browse/NIFIREG-385 Project: NiFi Registry Issue Type: Improvement Reporter: Bryan Bende Assignee: Bryan Bende Fix For: 1.0.0 In order to make the master branch be compatible with current NiFi releases, we should make the revision feature configurable. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-7354) Allow dynamic configuration of analytics properties in Docker
[ https://issues.apache.org/jira/browse/NIFI-7354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aldrin Piri updated NIFI-7354: -- Fix Version/s: 1.12.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Allow dynamic configuration of analytics properties in Docker > - > > Key: NIFI-7354 > URL: https://issues.apache.org/jira/browse/NIFI-7354 > Project: Apache NiFi > Issue Type: Improvement > Components: Docker >Reporter: Matt Burgess >Assignee: Matt Burgess >Priority: Major > Fix For: 1.12.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Until NIFI-6232 is implemented, it would be nice to be able to specify the > analytics properties via environment variables as is done for other > properties. Here are the defaults: > nifi.analytics.predict.enabled=false > nifi.analytics.predict.interval=3 mins > nifi.analytics.query.interval=5 mins > nifi.analytics.connection.model.implementation=org.apache.nifi.controller.status.analytics.models.OrdinaryLeastSquares > nifi.analytics.connection.model.score.name=rSquared > nifi.analytics.connection.model.score.threshold=.90 > At the least it would be good to be able to enable the analytics capability > this way, but might as well do all of them at once. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7354) Allow dynamic configuration of analytics properties in Docker
[ https://issues.apache.org/jira/browse/NIFI-7354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17082303#comment-17082303 ] ASF subversion and git services commented on NIFI-7354: --- Commit c9f48e378837a67a4d0c05e4d1b3bf5ade9cab18 in nifi's branch refs/heads/master from Matt Burgess [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c9f48e3 ] NIFI-7354: Allow analytics properties to be set via environment variables in docker scripts This closes #4203. Signed-off-by: Aldrin Piri > Allow dynamic configuration of analytics properties in Docker > - > > Key: NIFI-7354 > URL: https://issues.apache.org/jira/browse/NIFI-7354 > Project: Apache NiFi > Issue Type: Improvement > Components: Docker >Reporter: Matt Burgess >Assignee: Matt Burgess >Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > Until NIFI-6232 is implemented, it would be nice to be able to specify the > analytics properties via environment variables as is done for other > properties. Here are the defaults: > nifi.analytics.predict.enabled=false > nifi.analytics.predict.interval=3 mins > nifi.analytics.query.interval=5 mins > nifi.analytics.connection.model.implementation=org.apache.nifi.controller.status.analytics.models.OrdinaryLeastSquares > nifi.analytics.connection.model.score.name=rSquared > nifi.analytics.connection.model.score.threshold=.90 > At the least it would be good to be able to enable the analytics capability > this way, but might as well do all of them at once. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi] asfgit closed pull request #4203: NIFI-7354: Allow analytics properties to be set via environment variables in dockermaven
asfgit closed pull request #4203: NIFI-7354: Allow analytics properties to be set via environment variables in dockermaven URL: https://github.com/apache/nifi/pull/4203 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] mcgilman commented on issue #4099: NIFI-7170: Add option to disable anonymous authentication
mcgilman commented on issue #4099: NIFI-7170: Add option to disable anonymous authentication URL: https://github.com/apache/nifi/pull/4099#issuecomment-612885579 @alopresto I think I agree with you and I'm happy to update this PR to reflect that. However, I just want to reiterate so there is no confusion. Technically, we already do what you just suggested. If it is anonymous, we need to authorize it as such. This is the case today. The intent of this JIRA/PR was to disable default anonymous authentication. In other words, when the incoming request contains no attempted authentication the user becomes the anonymous user. This PR changes that to be disabled by default. The NiFi admin would need to opt in to this behavior. The case I'm highlighting right now is when the incoming request is proxied by a trusted source. In this scenario, the request is authenticated and authorized. It just happens that the end-user is anonymous. So in that way, it differs from the original intent here. However, I believe this would be the expected behavior when the NiFi admin sets this new property. Please confirm we are on the same page and I'm happy to update. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
ottobackwards commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-612880334 Thanks for improving this. Your diff's are the complete files. Please re-submit without formatting changes etc. You can run mvn with ` mvn -T 1C clean install -Pcontrib-check,include-grpc ` validate. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Commented] (NIFI-7348) FlowFiles re-entering a Wait-processor after they've expired expire immediatelly
[ https://issues.apache.org/jira/browse/NIFI-7348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17082268#comment-17082268 ] Otto Fowler commented on NIFI-7348: --- I don't think this is intentional. > FlowFiles re-entering a Wait-processor after they've expired expire > immediatelly > > > Key: NIFI-7348 > URL: https://issues.apache.org/jira/browse/NIFI-7348 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.11.4 > Environment: Windows 10 / Ubuntu >Reporter: endzeit >Assignee: endzeit >Priority: Major > Labels: easyfix > Attachments: Wait_processor_expiration_issue.xml > > Time Spent: 40m > Remaining Estimate: 0h > > We recently noticed a behaviour of the Wait processor that we thought of to > be a bug. > > As the attribute WAIT_START_TIMESTAMP is only removed once the FlowFile > leaves the processor successfully or failing, it affects FlowFiles that > expire the EXPIRATION_DURATION and re-enter the processor. > In case the FlowFile enters the same processor again - after expiring > beforehand - it is transported to the expired output immediately, without > waiting for the EXPIRATION_DURATION again. > Is this desired behaviour? > > I'll attach a very simple demonstration. Just let it run a minute or two and > look at the FlowFile attribute "counter" afterwards. > > There has been a pull-request addressing a similar issue (NIFI-5892), which > resulted in the attribute being removed after success and failure. This case > just seems to haven't been thought about back then. Or was there a reason to > not clear the attribute after expiration? I couldn't find a mention regarding > expiration in the issue. > > As this should be a very easy fix I would love to contribute, once you > confirm this is not intentional. > > *Current workaround:* > simply remove the attribute WAIT_START_TIMESTAMP after the FlowFile leaves > the Wait processor, e.g. using an UpdateAttribute processor > > *Edit 2020-04-13:* > Also this seems to have the side effect of NOT documenting the repeated > processing. There is no provenance entry added when re-entering the processor > and expiring immediately, leading to the error being harder to trace. > Because of this I reset the priority to "Major", which seems to be the > default anyway. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi] EndzeitBegins commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
EndzeitBegins commented on issue #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201#issuecomment-612867048 Re-run CI build because of flaky tests. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] EndzeitBegins opened a new pull request #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
EndzeitBegins opened a new pull request #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201 Description of PR The WAIT processor removes attribute WAIT_START_TIMESTAMP after transferring FlowFiles to the REL_EXPIRED. See [NIFI-7348](https://issues.apache.org/jira/browse/NIFI-7348) ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with **NIFI-** where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically `master`)? - [x] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._ ### For code changes: - [x] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder? - [x] Have you written or updated unit tests to verify your changes? - [ ] Have you verified that the full build is successful on both JDK 8 and JDK 11? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [nifi] EndzeitBegins closed pull request #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration
EndzeitBegins closed pull request #4201: NIFI-7348 Wait - Removes WAIT_START_TIMESTAMP after expiration URL: https://github.com/apache/nifi/pull/4201 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services