[jira] [Updated] (NIFI-10234) implement a processor of Apache IoTDB
[ https://issues.apache.org/jira/browse/NIFI-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuan Ronaldo updated NIFI-10234: External issue URL: https://github.com/apache/nifi/pull/6265 > implement a processor of Apache IoTDB > - > > Key: NIFI-10234 > URL: https://issues.apache.org/jira/browse/NIFI-10234 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Reporter: Xuan Ronaldo >Assignee: Xuan Ronaldo >Priority: Major > Attachments: README.md, 屏幕截图 2022-07-26 232200.png > > Time Spent: 20m > Remaining Estimate: 0h > > Hi, folks > > I'm a contributer of Apache IoTDB. Recently, I have implemented a processor > which can write data to IoTDB. I'd like to submit it to the NiFi as a > build-in processor. Besides, there are more processors or controller services > will be developed. > > Regards, > Xuan Ronaldo -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [nifi] github-actions[bot] closed pull request #5830: NIFI-4307 Add support for Kotlin to the scripting bundle
github-actions[bot] closed pull request #5830: NIFI-4307 Add support for Kotlin to the scripting bundle URL: https://github.com/apache/nifi/pull/5830 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (NIFI-10313) Unexpected "Access Token not found"
[ https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574950#comment-17574950 ] David Handermann edited comment on NIFI-10313 at 8/3/22 11:20 PM: -- [~malthe] Thanks for indicating that SAML is not configured. Can you provide more details about your identity provider configuration? Are you using LDAP for group resolution and Kerberos for authentication? OpenID Connect excludes configuration with LDAP or Kerberos as a login identity provider. It would be helpful if you can share some form of your login-identity-providers.xml configuration. With the Kubernetes deployment do you have an HTTP ingress configuration with sticky sessions enabled? was (Author: exceptionfactory): [~malthe] Thanks for indicating that SAML is not configured. Can you provide more details about your identity provider configuration? Are you using LDAP for group resolution and Kerberos for authentication? OpenID Connect excludes configuration with LDAP or Kerberos as a login identity provider. It would be helpful if you can share some form of your login-identity-providers.xml configuration. With the Kubernetes deployment do you have anHTTP ingress configuration with sticky sessions enabled? > Unexpected "Access Token not found" > --- > > Key: NIFI-10313 > URL: https://issues.apache.org/jira/browse/NIFI-10313 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.17.0 >Reporter: Malthe Borch >Assignee: David Handermann >Priority: Major > Attachments: nifi.log > > > I'm experiencing some unexpected "Access Token not found" errors after > upgrading to 1.17.0. > See attached traceback. > What happens is that the NiFi UI seems to work but after a short while the > view is redirected to a conflict page (Unable to communicate with NiFi). > There are no other problems or evidence of the issue to be found in the logs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-10313) Unexpected "Access Token not found"
[ https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574950#comment-17574950 ] David Handermann commented on NIFI-10313: - [~malthe] Thanks for indicating that SAML is not configured. Can you provide more details about your identity provider configuration? Are you using LDAP for group resolution and Kerberos for authentication? OpenID Connect excludes configuration with LDAP or Kerberos as a login identity provider. It would be helpful if you can share some form of your login-identity-providers.xml configuration. With the Kubernetes deployment do you have anHTTP ingress configuration with sticky sessions enabled? > Unexpected "Access Token not found" > --- > > Key: NIFI-10313 > URL: https://issues.apache.org/jira/browse/NIFI-10313 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.17.0 >Reporter: Malthe Borch >Assignee: David Handermann >Priority: Major > Attachments: nifi.log > > > I'm experiencing some unexpected "Access Token not found" errors after > upgrading to 1.17.0. > See attached traceback. > What happens is that the NiFi UI seems to work but after a short while the > view is redirected to a conflict page (Unable to communicate with NiFi). > There are no other problems or evidence of the issue to be found in the logs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (NIFI-10313) Unexpected "Access Token not found"
[
https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574942#comment-17574942
]
Malthe Borch edited comment on NIFI-10313 at 8/3/22 10:06 PM:
--
We're actually not using SAML at all and do not have a setting for
{{{}nifi.security.user.saml.authentication.expiration{}}}.
We use LDAP and Kerberos, configured in {{login-identity-providers.xml}} and
OpenId as configured via {{{}nifi.security.user.oidc.*{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
In our setup, NiFi is running via Kubernetes and it's been working fine up
until 1.17.0. We have direct communication between nodes and HTTPS enabled
between them (via keystore and truststore).
was (Author: malthe):
We're actually not using SAML at all and do not have a setting for
{{{}nifi.security.user.saml.authentication.expiration{}}}.
We use LDAP and Kerberos, configured in {{login-identity-providers.xml}} and
OpenId as configured via {{{}nifi.security.user.oidc.*{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
In our setup, NiFi is running via Kubernetes and it's been working fine up
until 1.17.0. We have direct communication between nodes and HTTPS enabled
between them.
> Unexpected "Access Token not found"
> ---
>
> Key: NIFI-10313
> URL: https://issues.apache.org/jira/browse/NIFI-10313
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.17.0
>Reporter: Malthe Borch
>Assignee: David Handermann
>Priority: Major
> Attachments: nifi.log
>
>
> I'm experiencing some unexpected "Access Token not found" errors after
> upgrading to 1.17.0.
> See attached traceback.
> What happens is that the NiFi UI seems to work but after a short while the
> view is redirected to a conflict page (Unable to communicate with NiFi).
> There are no other problems or evidence of the issue to be found in the logs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (NIFI-10313) Unexpected "Access Token not found"
[
https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574942#comment-17574942
]
Malthe Borch edited comment on NIFI-10313 at 8/3/22 10:01 PM:
--
We're actually not using SAML at all and do not have a setting for
{{{}nifi.security.user.saml.authentication.expiration{}}}.
We use LDAP and Kerberos, configured in {{login-identity-providers.xml}} and
OpenId as configured via {{{}nifi.security.user.oidc.*{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
In our setup, NiFi is running via Kubernetes and it's been working fine up
until 1.17.0. We have direct communication between nodes and HTTPS enabled
between them.
was (Author: malthe):
We're actually not using SAML at all and do not have a setting for
{{{}nifi.security.user.saml.authentication.expiration{}}}.
We use LDAP and Kerberos, configured in {{{}login-identity-providers.xml{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
In our setup, NiFi is running via Kubernetes and it's been working fine up
until 1.17.0. We have direct communication between nodes and HTTPS enabled
between them.
> Unexpected "Access Token not found"
> ---
>
> Key: NIFI-10313
> URL: https://issues.apache.org/jira/browse/NIFI-10313
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.17.0
>Reporter: Malthe Borch
>Assignee: David Handermann
>Priority: Major
> Attachments: nifi.log
>
>
> I'm experiencing some unexpected "Access Token not found" errors after
> upgrading to 1.17.0.
> See attached traceback.
> What happens is that the NiFi UI seems to work but after a short while the
> view is redirected to a conflict page (Unable to communicate with NiFi).
> There are no other problems or evidence of the issue to be found in the logs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (NIFI-10313) Unexpected "Access Token not found"
[
https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574942#comment-17574942
]
Malthe Borch edited comment on NIFI-10313 at 8/3/22 10:00 PM:
--
We're actually not using SAML at all and do not have a setting for
{{{}nifi.security.user.saml.authentication.expiration{}}}.
We use LDAP and Kerberos, configured in {{{}login-identity-providers.xml{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
In our setup, NiFi is running via Kubernetes and it's been working fine up
until 1.17.0. We have direct communication between nodes and HTTPS enabled
between them.
was (Author: malthe):
We're actually not using SAML at all and do not have a setting for
{{{}nifi.security.user.saml.authentication.expiration{}}}.
We use LDAP and Kerberos, configured in {{{}login-identity-providers.xml{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
> Unexpected "Access Token not found"
> ---
>
> Key: NIFI-10313
> URL: https://issues.apache.org/jira/browse/NIFI-10313
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.17.0
>Reporter: Malthe Borch
>Assignee: David Handermann
>Priority: Major
> Attachments: nifi.log
>
>
> I'm experiencing some unexpected "Access Token not found" errors after
> upgrading to 1.17.0.
> See attached traceback.
> What happens is that the NiFi UI seems to work but after a short while the
> view is redirected to a conflict page (Unable to communicate with NiFi).
> There are no other problems or evidence of the issue to be found in the logs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (NIFI-10313) Unexpected "Access Token not found"
[
https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574942#comment-17574942
]
Malthe Borch edited comment on NIFI-10313 at 8/3/22 9:58 PM:
-
We're actually not using SAML at all and do not have a setting for
{{{}nifi.security.user.saml.authentication.expiration{}}}.
We use LDAP and Kerberos, configured in {{{}login-identity-providers.xml{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
was (Author: malthe):
We're actually not using SAML at all and do not have a setting for
{}nifi.security.user.saml.authentication.expiration{}}}.}}
We use LDAP and Kerberos, configured in {{{}login-identity-providers.xml{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
> Unexpected "Access Token not found"
> ---
>
> Key: NIFI-10313
> URL: https://issues.apache.org/jira/browse/NIFI-10313
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.17.0
>Reporter: Malthe Borch
>Assignee: David Handermann
>Priority: Major
> Attachments: nifi.log
>
>
> I'm experiencing some unexpected "Access Token not found" errors after
> upgrading to 1.17.0.
> See attached traceback.
> What happens is that the NiFi UI seems to work but after a short while the
> view is redirected to a conflict page (Unable to communicate with NiFi).
> There are no other problems or evidence of the issue to be found in the logs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-10313) Unexpected "Access Token not found"
[
https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574942#comment-17574942
]
Malthe Borch commented on NIFI-10313:
-
We're actually not using SAML at all and do not have a setting for
{}nifi.security.user.saml.authentication.expiration{}}}.}}
We use LDAP and Kerberos, configured in {{{}login-identity-providers.xml{}}}.
Looking through {{nifi-request.log}} it doesn't seem to have any useful
information on this.
> Unexpected "Access Token not found"
> ---
>
> Key: NIFI-10313
> URL: https://issues.apache.org/jira/browse/NIFI-10313
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.17.0
>Reporter: Malthe Borch
>Assignee: David Handermann
>Priority: Major
> Attachments: nifi.log
>
>
> I'm experiencing some unexpected "Access Token not found" errors after
> upgrading to 1.17.0.
> See attached traceback.
> What happens is that the NiFi UI seems to work but after a short while the
> view is redirected to a conflict page (Unable to communicate with NiFi).
> There are no other problems or evidence of the issue to be found in the logs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-10313) Unexpected "Access Token not found"
[
https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574935#comment-17574935
]
David Handermann commented on NIFI-10313:
-
Thanks for reporting this issue [~malthe].
The {{Access Token not found}} message and the associated stack trace indicate
that the web browser is not providing the JWT through the standard secure
cookie. In normal operation, the browser sends the JWT in a cookie named
{{__Secure-Authorization-Bearer}}, then this method reads the token and
extracts the expiration. NiFi uses session-based expiration for this cookie,
meaning that it should remain available until the browser is closed.
If the NiFi UI works for a short period of time, and then redirects to an error
page, one possibility is that the JWT has a short expiration. Can you provide
the value configured for {{nifi.security.user.saml.authentication.expiration}}
from {{nifi.properties}}? The default value is 12 hours.
It would also be helpful if you can provide some additional details about the
environment, including the SAML Identity Provider used, and whether NiFi is
running behind some kind of proxy or load balancer.
The {{nifi-request.log}} tracks HTTP requests and responses to the NiFi web
server, so it may also have some useful troubleshooting information for
requests leading up to this particular error.
> Unexpected "Access Token not found"
> ---
>
> Key: NIFI-10313
> URL: https://issues.apache.org/jira/browse/NIFI-10313
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.17.0
>Reporter: Malthe Borch
>Assignee: David Handermann
>Priority: Major
> Attachments: nifi.log
>
>
> I'm experiencing some unexpected "Access Token not found" errors after
> upgrading to 1.17.0.
> See attached traceback.
> What happens is that the NiFi UI seems to work but after a short while the
> view is redirected to a conflict page (Unable to communicate with NiFi).
> There are no other problems or evidence of the issue to be found in the logs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (NIFI-10313) Unexpected "Access Token not found"
[ https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann reassigned NIFI-10313: --- Assignee: David Handermann > Unexpected "Access Token not found" > --- > > Key: NIFI-10313 > URL: https://issues.apache.org/jira/browse/NIFI-10313 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.17.0 >Reporter: Malthe Borch >Assignee: David Handermann >Priority: Major > Attachments: nifi.log > > > I'm experiencing some unexpected "Access Token not found" errors after > upgrading to 1.17.0. > See attached traceback. > What happens is that the NiFi UI seems to work but after a short while the > view is redirected to a conflict page (Unable to communicate with NiFi). > There are no other problems or evidence of the issue to be found in the logs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-10313) Unexpected "Access Token not found"
[ https://issues.apache.org/jira/browse/NIFI-10313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574925#comment-17574925 ] Malthe Borch commented on NIFI-10313: - It would seem that NIFI-9849 is a likely culprit of this issue since the traceback mentions code that was introduced here. > Unexpected "Access Token not found" > --- > > Key: NIFI-10313 > URL: https://issues.apache.org/jira/browse/NIFI-10313 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.17.0 >Reporter: Malthe Borch >Priority: Major > Attachments: nifi.log > > > I'm experiencing some unexpected "Access Token not found" errors after > upgrading to 1.17.0. > See attached traceback. > What happens is that the NiFi UI seems to work but after a short while the > view is redirected to a conflict page (Unable to communicate with NiFi). > There are no other problems or evidence of the issue to be found in the logs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-10313) Unexpected "Access Token not found"
Malthe Borch created NIFI-10313: --- Summary: Unexpected "Access Token not found" Key: NIFI-10313 URL: https://issues.apache.org/jira/browse/NIFI-10313 Project: Apache NiFi Issue Type: Bug Affects Versions: 1.17.0 Reporter: Malthe Borch Attachments: nifi.log I'm experiencing some unexpected "Access Token not found" errors after upgrading to 1.17.0. See attached traceback. What happens is that the NiFi UI seems to work but after a short while the view is redirected to a conflict page (Unable to communicate with NiFi). There are no other problems or evidence of the issue to be found in the logs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (NIFI-9849) Refactor SAML 2 Support using Spring Security 5
[
https://issues.apache.org/jira/browse/NIFI-9849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574922#comment-17574922
]
Malthe Borch edited comment on NIFI-9849 at 8/3/22 8:59 PM:
I'm experiencing some unexpected "Access Token not found" errors that seem
related to this change.
What happens is that the NiFi UI seems to work but after a short while the view
is redirected to a conflict page (Unable to communicate with NiFi).
was (Author: malthe):
I'm experiencing some unexpected "Access Token not found" errors that seem
related to this change (traceback below).
What happens is that the NiFi UI seems to work but after a short while the view
is redirected to a conflict page (Unable to communicate with NiFi). There are
no other problems or evidence of the issue to be found in the logs.
{code:java}
2022-08-02 12:38:53,940 WARN [NiFi Web Server-146]
o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Access
Token not found. Returning Conflict response.
java.lang.IllegalStateException: Access Token not found
at
org.apache.nifi.web.api.AccessResource.getAccessTokenExpiration(AccessResource.java:459)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:134)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:177)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:81)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
at
org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at
org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:311)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at
org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1459)
{code}
> Refactor SAML 2 Support using Spring Security 5
> ---
>
> Key: NIFI-9849
> URL: https://issues.apache.org/jira/browse/NIFI-9849
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
> Fix For: 1.17.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> The [Spring Security SAML|https://spring.io/projects/spring-security-saml]
> project, which provides the implementation for SAML integration in NiFi
> reached end of life in October 2021. Spring Security 5.5 and 5.6 include a
> new implementation of support for SAML integration.
> NiFi integration with SAML should be refactored to remove the dependency on
> the unmaintained Spring Security SAML library. The new implementation should
> be built on Spring Security 5
[jira] [Comment Edited] (NIFI-9849) Refactor SAML 2 Support using Spring Security 5
[
https://issues.apache.org/jira/browse/NIFI-9849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574922#comment-17574922
]
Malthe Borch edited comment on NIFI-9849 at 8/3/22 8:56 PM:
I'm experiencing some unexpected "Access Token not found" errors that seem
related to this change (traceback below).
What happens is that the NiFi UI seems to work but after a short while the view
is redirected to a conflict page (Unable to communicate with NiFi). There are
no other problems or evidence of the issue to be found in the logs.
{code:java}
2022-08-02 12:38:53,940 WARN [NiFi Web Server-146]
o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Access
Token not found. Returning Conflict response.
java.lang.IllegalStateException: Access Token not found
at
org.apache.nifi.web.api.AccessResource.getAccessTokenExpiration(AccessResource.java:459)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:134)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:177)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:81)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
at
org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at
org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:311)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at
org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1459)
{code}
was (Author: malthe):
I'm experiencing some unexpected "Access Token not found" errors that seem
related to this change (traceback below).
What happens is that the NiFi UI seems to work but after a short while the view
is redirected to a conflict page. There are no other problems or evidence of
the issue to be found in the logs.
{code:java}
2022-08-02 12:38:53,940 WARN [NiFi Web Server-146]
o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Access
Token not found. Returning Conflict response.
java.lang.IllegalStateException: Access Token not found
at
org.apache.nifi.web.api.AccessResource.getAccessTokenExpiration(AccessResource.java:459)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at
[jira] [Commented] (NIFI-9849) Refactor SAML 2 Support using Spring Security 5
[ https://issues.apache.org/jira/browse/NIFI-9849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574923#comment-17574923 ] David Handermann commented on NIFI-9849: [~malthe] Please create a new Jira issue, which can be linked to this one if necessary. > Refactor SAML 2 Support using Spring Security 5 > --- > > Key: NIFI-9849 > URL: https://issues.apache.org/jira/browse/NIFI-9849 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework, Security >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.17.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > The [Spring Security SAML|https://spring.io/projects/spring-security-saml] > project, which provides the implementation for SAML integration in NiFi > reached end of life in October 2021. Spring Security 5.5 and 5.6 include a > new implementation of support for SAML integration. > NiFi integration with SAML should be refactored to remove the dependency on > the unmaintained Spring Security SAML library. The new implementation should > be built on Spring Security 5 libraries, which also includes a number of > transitive dependency upgrades. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-9849) Refactor SAML 2 Support using Spring Security 5
[
https://issues.apache.org/jira/browse/NIFI-9849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574922#comment-17574922
]
Malthe Borch commented on NIFI-9849:
I'm experiencing some unexpected "Access Token not found" errors that seem
related to this change (traceback below).
What happens is that the NiFi UI seems to work but after a short while the view
is redirected to a conflict page. There are no other problems or evidence of
the issue to be found in the logs.
{code:java}
2022-08-02 12:38:53,940 WARN [NiFi Web Server-146]
o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Access
Token not found. Returning Conflict response.
java.lang.IllegalStateException: Access Token not found
at
org.apache.nifi.web.api.AccessResource.getAccessTokenExpiration(AccessResource.java:459)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:134)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:177)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:81)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
at
org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at
org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:311)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at
org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1459)
{code}
> Refactor SAML 2 Support using Spring Security 5
> ---
>
> Key: NIFI-9849
> URL: https://issues.apache.org/jira/browse/NIFI-9849
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
> Fix For: 1.17.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> The [Spring Security SAML|https://spring.io/projects/spring-security-saml]
> project, which provides the implementation for SAML integration in NiFi
> reached end of life in October 2021. Spring Security 5.5 and 5.6 include a
> new implementation of support for SAML integration.
> NiFi integration with SAML should be refactored to remove the dependency on
> the unmaintained Spring Security SAML library. The new implementation should
> be built on Spring Security 5 libraries, which also includes a number of
> transitive dependency upgrades.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [nifi] emiliosetiadarma commented on a diff in pull request #6262: NIFI-10298: changed tests in nifi-framework-cluster to use Java if po…
emiliosetiadarma commented on code in PR #6262:
URL: https://github.com/apache/nifi/pull/6262#discussion_r937085971
##
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClientTest.java:
##
@@ -0,0 +1,217 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.cluster.coordination.http.replication.okhttp;
+
+import org.apache.nifi.security.util.TemporaryKeyStoreBuilder;
+import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.util.NiFiProperties;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class OkHttpReplicationClientTest {
+private static TlsConfiguration tlsConfiguration;
+
+@BeforeAll
+public static void setUpOnce() {
+tlsConfiguration = new TemporaryKeyStoreBuilder().build();
+}
+
+@Test
+public void testShouldReplaceNonZeroContentLengthHeader() {
+final Map headers = new HashMap<>();
+headers.put("Content-Length", "123");
+headers.put("Other-Header", "arbitrary value");
+
+// must be case-insensitive
+final String[] methods = new String[] {"DELETE", "delete", "DeLeTe"};
+
+final NiFiProperties mockProperties = mockNiFiProperties();
+
+final OkHttpReplicationClient client = new
OkHttpReplicationClient(mockProperties);
+
+for (final String method: methods) {
+client.prepareRequest(method, headers, null);
+
+assertEquals(2, headers.size());
+assertEquals("0", headers.get("Content-Length"));
+}
+}
+
+@Test
+void testShouldNotReplaceContentLengthHeaderWhenZeroOrNull() {
+final String method = "DELETE";
+final String[] zeroOrNullContentLengths = new String[] {null, "0"};
+
+final NiFiProperties mockProperties = mockNiFiProperties();
+
+final OkHttpReplicationClient client = new
OkHttpReplicationClient(mockProperties);
+
+final Map headers = new HashMap<>();
+for (final String contentLength: zeroOrNullContentLengths) {
+headers.put("Content-Length", contentLength);
+headers.put("Other-Header", "arbitrary value");
+
+client.prepareRequest(method, headers, null);
+
+assertEquals(2, headers.size());
+assertEquals(contentLength, headers.get("Content-Length"));
+}
+}
+
+@Test
+void testShouldNotReplaceNonZeroContentLengthHeaderOnOtherMethod() {
+final Map headers = new HashMap<>();
+headers.put("Content-Length", "123");
+headers.put("Other-Header", "arbitrary value");
+
+final NiFiProperties mockProperties = mockNiFiProperties();
+
+final OkHttpReplicationClient client = new
OkHttpReplicationClient(mockProperties);
+
+final String[] nonDeleteMethods = new String[] {"POST", "PUT", "GET",
"HEAD"};
+
+for (final String method: nonDeleteMethods) {
+client.prepareRequest(method, headers, null);
+
+assertEquals(2, headers.size());
+assertEquals("123", headers.get("Content-Length"));
+}
+}
+
+@Test
+void testShouldUseKeystorePasswordIfKeyPasswordIsBlank() {
+final Map propsMap = new HashMap() {{
+put(NiFiProperties.SECURITY_TRUSTSTORE,
tlsConfiguration.getTruststorePath());
+put(NiFiProperties.SECURITY_TRUSTSTORE_TYPE,
tlsConfiguration.getTruststoreType().getType());
+put(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD,
tlsConfiguration.getTruststorePassword());
+put(NiFiProperties.SECURITY_KEYSTORE,
tlsConfiguration.getKeystorePath());
+put(NiFiProperties.SECURITY_KEYSTORE_TYPE,
tlsConfiguration.getKeystoreType().getType());
+put(NiFiProperties.SECURITY_KEYSTORE_PASSWD,
tlsConfiguration.getKeystorePassword());
+
[GitHub] [nifi] NissimShiman commented on pull request #5878: NIFI-9814: Add Range Sampling strategy to SampleRecord
NissimShiman commented on PR #5878: URL: https://github.com/apache/nifi/pull/5878#issuecomment-1204380413 Just noticed this was still open ... Follow commit looks good. Nice catch with additional @WriteAttributes of mime.count Verified that it is indeed added on flowfile output and nice cleaning up of customValidate() based on new .dependsOn() for the various PropertyDescriptors I apologize if this was waiting on comment following up on the latter commit LGTM +1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on a diff in pull request #6264: NIFI-10306: Add logging to StandardProcessGroup.addConnection() with more details
exceptionfactory commented on code in PR #6264:
URL: https://github.com/apache/nifi/pull/6264#discussion_r937022324
##
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-components/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java:
##
@@ -1146,42 +1146,75 @@ public void addConnection(final Connection connection) {
if (isInputPort(source)) { // if source is an input port, its
destination must be in the same group unless it's an input port
if (isInputPort(destination)) { // if destination is input
port, it must be in a child group.
if
(!processGroups.containsKey(destinationGroup.getIdentifier())) {
-throw new IllegalStateException("Cannot add Connection
to Process Group because destination is an Input Port that does not belong to a
child Process Group");
+throw new IllegalStateException("Cannot add Connection
for Input Port[" + source.getIdentifier() +
+"] from Process Group [" +
sourceGroup.getIdentifier() +
+"] to Process Group [" +
destinationGroup.getIdentifier() +
+"] because destination [" +
destination.getIdentifier() +
+"] is an Input Port that does not belong to a
child Process Group");
}
} else if (sourceGroup != this || destinationGroup != this) {
-throw new IllegalStateException("Cannot add Connection to
Process Group because source and destination are not both in this Process
Group");
+throw new IllegalStateException("Cannot add Connection for
Input Port[" + source.getIdentifier() +
+"] from Process Group [" +
sourceGroup.getIdentifier() +
+"] to Process Group [" +
destinationGroup.getIdentifier() +
+"] destination [" + destination.getIdentifier() +
+"] because source and destination are not both in
this Process Group");
}
} else if (isOutputPort(source)) {
// if source is an output port, its group must be a child of
this group, and its destination must be in this
// group (processor/output port) or a child group (input port)
if (!processGroups.containsKey(sourceGroup.getIdentifier())) {
-throw new IllegalStateException("Cannot add Connection to
Process Group because source is an Output Port that does not belong to a child
Process Group");
+throw new IllegalStateException("Cannot add Connection for
Output Port[" + source.getIdentifier() +
+"] from Process Group [" +
sourceGroup.getIdentifier() +
+"] to Process Group [" +
destinationGroup.getIdentifier() +
+"] destination [" + destination.getIdentifier() +
+"] because source is an Output Port that does not
belong to a child Process Group");
}
if (isInputPort(destination)) {
if
(!processGroups.containsKey(destinationGroup.getIdentifier())) {
-throw new IllegalStateException("Cannot add Connection
to Process Group because its destination is an Input Port that does not belong
to a child Process Group");
+throw new IllegalStateException("Cannot add Connection
for Output Port[" + source.getIdentifier() +
+"] from Process Group [" +
sourceGroup.getIdentifier() +
+"] to Process Group [" +
destinationGroup.getIdentifier() +
+"] because destination [" +
destination.getIdentifier() +
+"] is an Input Port that does not belong to a
child Process Group");
}
} else if (destinationGroup != this) {
-throw new IllegalStateException("Cannot add Connection to
Process Group because its destination does not belong to this Process Group");
+throw new IllegalStateException("Cannot add Connection for
Output Port[" + source.getIdentifier() +
+"] from Process Group [" +
sourceGroup.getIdentifier() +
+"] to Process Group [" +
destinationGroup.getIdentifier() +
+"] because its destination [" +
destination.getIdentifier() +
+"] does not belong to this Process Group");
}
} else { // source is not a port
if (sourceGroup != this) {
-throw new IllegalStateException("Cannot add Connection to
Process Group because the source does not belong to this Process Group");
+
[GitHub] [nifi] exceptionfactory commented on a diff in pull request #6262: NIFI-10298: changed tests in nifi-framework-cluster to use Java if po…
exceptionfactory commented on code in PR #6262:
URL: https://github.com/apache/nifi/pull/6262#discussion_r937016261
##
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClientTest.java:
##
@@ -0,0 +1,217 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.cluster.coordination.http.replication.okhttp;
+
+import org.apache.nifi.security.util.TemporaryKeyStoreBuilder;
+import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.util.NiFiProperties;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class OkHttpReplicationClientTest {
+private static TlsConfiguration tlsConfiguration;
+
+@BeforeAll
+public static void setUpOnce() {
+tlsConfiguration = new TemporaryKeyStoreBuilder().build();
+}
+
+@Test
+public void testShouldReplaceNonZeroContentLengthHeader() {
+final Map headers = new HashMap<>();
+headers.put("Content-Length", "123");
+headers.put("Other-Header", "arbitrary value");
+
+// must be case-insensitive
+final String[] methods = new String[] {"DELETE", "delete", "DeLeTe"};
+
+final NiFiProperties mockProperties = mockNiFiProperties();
+
+final OkHttpReplicationClient client = new
OkHttpReplicationClient(mockProperties);
+
+for (final String method: methods) {
+client.prepareRequest(method, headers, null);
+
+assertEquals(2, headers.size());
+assertEquals("0", headers.get("Content-Length"));
+}
+}
+
+@Test
+void testShouldNotReplaceContentLengthHeaderWhenZeroOrNull() {
+final String method = "DELETE";
+final String[] zeroOrNullContentLengths = new String[] {null, "0"};
+
+final NiFiProperties mockProperties = mockNiFiProperties();
+
+final OkHttpReplicationClient client = new
OkHttpReplicationClient(mockProperties);
+
+final Map headers = new HashMap<>();
+for (final String contentLength: zeroOrNullContentLengths) {
+headers.put("Content-Length", contentLength);
+headers.put("Other-Header", "arbitrary value");
+
+client.prepareRequest(method, headers, null);
+
+assertEquals(2, headers.size());
+assertEquals(contentLength, headers.get("Content-Length"));
+}
+}
+
+@Test
+void testShouldNotReplaceNonZeroContentLengthHeaderOnOtherMethod() {
+final Map headers = new HashMap<>();
+headers.put("Content-Length", "123");
+headers.put("Other-Header", "arbitrary value");
+
+final NiFiProperties mockProperties = mockNiFiProperties();
+
+final OkHttpReplicationClient client = new
OkHttpReplicationClient(mockProperties);
+
+final String[] nonDeleteMethods = new String[] {"POST", "PUT", "GET",
"HEAD"};
+
+for (final String method: nonDeleteMethods) {
+client.prepareRequest(method, headers, null);
+
+assertEquals(2, headers.size());
+assertEquals("123", headers.get("Content-Length"));
+}
+}
+
+@Test
+void testShouldUseKeystorePasswordIfKeyPasswordIsBlank() {
+final Map propsMap = new HashMap() {{
+put(NiFiProperties.SECURITY_TRUSTSTORE,
tlsConfiguration.getTruststorePath());
+put(NiFiProperties.SECURITY_TRUSTSTORE_TYPE,
tlsConfiguration.getTruststoreType().getType());
+put(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD,
tlsConfiguration.getTruststorePassword());
+put(NiFiProperties.SECURITY_KEYSTORE,
tlsConfiguration.getKeystorePath());
+put(NiFiProperties.SECURITY_KEYSTORE_TYPE,
tlsConfiguration.getKeystoreType().getType());
+put(NiFiProperties.SECURITY_KEYSTORE_PASSWD,
tlsConfiguration.getKeystorePassword());
+
[jira] [Updated] (NIFI-10311) Upgrade Avro From 1.11.0 to 1.11.1
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-10311: Summary: Upgrade Avro From 1.11.0 to 1.11.1 (was: Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518) > Upgrade Avro From 1.11.0 to 1.11.1 > -- > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Assignee: Mike R >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a > high rating of 7.5 according to the NIST NVD -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-10311) Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574896#comment-17574896 ] ASF subversion and git services commented on NIFI-10311: Commit 8e7b78941ebaab5bedff2695a4f3d800cabff59c in nifi's branch refs/heads/main from UcanInfosec [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=8e7b78941e ] NIFI-10311 Upgraded Avro from 1.11.0 to 1.11.1 This closes #6267 Signed-off-by: David Handermann > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518 > - > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Assignee: Mike R >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a > high rating of 7.5 according to the NIST NVD -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-10311) Upgrade Avro From 1.11.0 to 1.11.1
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-10311: Labels: dependency-upgrade (was: ) > Upgrade Avro From 1.11.0 to 1.11.1 > -- > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Assignee: Mike R >Priority: Minor > Labels: dependency-upgrade > Fix For: 1.18.0 > > Time Spent: 1h > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (NIFI-10311) Upgrade Avro From 1.11.0 to 1.11.1
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann resolved NIFI-10311. - Fix Version/s: 1.18.0 Resolution: Fixed > Upgrade Avro From 1.11.0 to 1.11.1 > -- > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Assignee: Mike R >Priority: Minor > Fix For: 1.18.0 > > Time Spent: 1h > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-10311) Upgrade Avro From 1.11.0 to 1.11.1
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-10311: Priority: Minor (was: Major) > Upgrade Avro From 1.11.0 to 1.11.1 > -- > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Assignee: Mike R >Priority: Minor > Time Spent: 1h > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a > high rating of 7.5 according to the NIST NVD -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-10311) Upgrade Avro From 1.11.0 to 1.11.1
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-10311: Description: Update Avro From 1.11.0 to 1.11.1. (was: Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a high rating of 7.5 according to the NIST NVD) > Upgrade Avro From 1.11.0 to 1.11.1 > -- > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Assignee: Mike R >Priority: Minor > Time Spent: 1h > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [nifi] exceptionfactory closed pull request #6267: NIFI-10311: Update Avro From 1.11.0 to 1.11.1
exceptionfactory closed pull request #6267: NIFI-10311: Update Avro From 1.11.0 to 1.11.1 URL: https://github.com/apache/nifi/pull/6267 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] NissimShiman commented on pull request #6228: NIFI-10235 Set Replay ContentClaim Length from Content Repository
NissimShiman commented on PR #6228: URL: https://github.com/apache/nifi/pull/6228#issuecomment-1204307327 @exceptionfactory The initial fix works as I was able to verify (using a pkcs12 keystore) that trying to replay a SEND for InvokeHTTP (to ListenHTTP) did not work before the fix, but does work after this fix. I see where the code is now looking at ContentClaim size to get a more accurate size. Very nice diagnosis. LGTM +1, but I'll plan to circle back if/when additional work is done. The BCFKS issue is even when using a real password (and doesn't occur when following the instructions for PKCS12 keys - found in the first link of the SECRET KEY GENERATION section), so I am not sure what it happening with that. Error is: keytool error: java.io.IOException: BCKFS KeyStore corrupted: MAC calculation failed using java: openjdk version 1.8.0_332 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (NIFI-10312) Broken flowid handling in minifi-c2 service
Csaba Bejan created NIFI-10312: -- Summary: Broken flowid handling in minifi-c2 service Key: NIFI-10312 URL: https://issues.apache.org/jira/browse/NIFI-10312 Project: Apache NiFi Issue Type: Bug Components: C2, MiNiFi Reporter: Csaba Bejan When MiNiFi is communication with minifi-c2 service via the C2 protocol the flowId parsing seems to be broken so the publishing mechanism is not working. Pattern needs to be updated to match the expected url structure or flow id needs to be sent in a more robust way as current approach is error prone. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [nifi] exceptionfactory commented on pull request #6228: NIFI-10235 Set Replay ContentClaim Length from Content Repository
exceptionfactory commented on PR #6228: URL: https://github.com/apache/nifi/pull/6228#issuecomment-1204100417 > When trying instructions for creating storetype of type BCFKS https://exceptionfactory.com/posts/2021/11/10/configuring-apache-nifi-repository-encryption (under SECRET KEY GENERATION) the keytool -genseckey followed by the keytool -list command has output saying that there is an invalid MAC Thanks for the feedback @NissimShiman! When verifying the the BCFKS keystore, it is necessary to provide the store password in the command. The example has the word `PLACEHOLDER`, which must be changed to the actual password. I am still evaluating the issues associated with encrypted repositories. The current version of this pull request resolves the problem for simple use scenarios, but there is an additional issue related to content claim length determination when the framework writes multiple FlowFiles to a single resource. I am planning to update the pull request as soon as I have a working solution. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] NissimShiman commented on pull request #6228: NIFI-10235 Set Replay ContentClaim Length from Content Repository
NissimShiman commented on PR #6228: URL: https://github.com/apache/nifi/pull/6228#issuecomment-1204089507 @exceptionfactory Working to recreate setup before and after fix... When trying instructions for creating storetype of type BCFKS https://exceptionfactory.com/posts/2021/11/10/configuring-apache-nifi-repository-encryption (under SECRET KEY GENERATION) the keytool -genseckey followed by the keytool -list command has output saying that there is an invalid MAC This is not a blocker on this (as ticket was done with PKCS12), but I noticed you were the author of that article so maybe that could be looked into at some later time (and by the way, thank you for your very informative articles in general :) ) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MINIFICPP-1896) Change C2 component-level start/stop commands to use UUID
[ https://issues.apache.org/jira/browse/MINIFICPP-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marton Szasz updated MINIFICPP-1896: Issue Type: Bug (was: Task) > Change C2 component-level start/stop commands to use UUID > - > > Key: MINIFICPP-1896 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1896 > Project: Apache NiFi MiNiFi C++ > Issue Type: Bug >Reporter: Marton Szasz >Priority: Major > > Because the component name is not guaranteed to be unique, in which case we > can't identify the correct target to start/stop. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MINIFICPP-1896) Change C2 component-level start/stop commands to use UUID
[ https://issues.apache.org/jira/browse/MINIFICPP-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marton Szasz reassigned MINIFICPP-1896: --- Assignee: Marton Szasz > Change C2 component-level start/stop commands to use UUID > - > > Key: MINIFICPP-1896 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1896 > Project: Apache NiFi MiNiFi C++ > Issue Type: Bug >Reporter: Marton Szasz >Assignee: Marton Szasz >Priority: Major > > Because the component name is not guaranteed to be unique, in which case we > can't identify the correct target to start/stop. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MINIFICPP-1896) Change C2 component-level start/stop commands to use UUID
[ https://issues.apache.org/jira/browse/MINIFICPP-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marton Szasz updated MINIFICPP-1896: Description: Because the component name is not guaranteed to be unique, in which case we can't identify the correct target to start/stop. > Change C2 component-level start/stop commands to use UUID > - > > Key: MINIFICPP-1896 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1896 > Project: Apache NiFi MiNiFi C++ > Issue Type: Task >Reporter: Marton Szasz >Priority: Major > > Because the component name is not guaranteed to be unique, in which case we > can't identify the correct target to start/stop. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MINIFICPP-1896) Change C2 component-level start/stop commands to use UUID
[ https://issues.apache.org/jira/browse/MINIFICPP-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marton Szasz updated MINIFICPP-1896: Summary: Change C2 component-level start/stop commands to use UUID (was: Remove unused C2 component-level start/stop commands) > Change C2 component-level start/stop commands to use UUID > - > > Key: MINIFICPP-1896 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1896 > Project: Apache NiFi MiNiFi C++ > Issue Type: Task >Reporter: Marton Szasz >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-10244) Add WebClientService Abstraction for HTTP Operations
[ https://issues.apache.org/jira/browse/NIFI-10244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-10244: Status: Patch Available (was: In Progress) > Add WebClientService Abstraction for HTTP Operations > > > Key: NIFI-10244 > URL: https://issues.apache.org/jira/browse/NIFI-10244 > Project: Apache NiFi > Issue Type: New Feature > Components: Core Framework, Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Multiple framework and extension components perform various HTTP operations > using a variety of HTTP libraries. Processors such as InvokeHTTP and > Controller Services such as RestLookupService use OkHttp while other > components, such as PostHTTP, use Apache HttpComponents. Other components, > such as the Confluent Schema Registry Client and the NiFi Registry Client use > Jersey. Supporting multiple HTTP client libraries presents challenges for > dependency management and maintenance efforts. > A new HTTP service interface should be developed to abstract HTTP operations > and common protocol configuration settings. This shared service interface can > support a variety of use cases and should be able to replace direct HTTP > client library interaction. > The service interface should support standard HTTP request-response features, > avoiding any external dependencies. The interface definition and standard > implementation should support synchronous HTTP operations, using a fluent > style of for composing requests and handling responses. > The service implementation should support configurable properties for socket > communication timeouts, HTTP application protocol selection, and TLS > communication. > The interface and implementation should be specified in separate common > modules, which should also provide the basis for a Controller Service > interface and implementation. This design should support both framework-level > reuse as well as user-facing component configuration. > The Controller Service interface and implementation should provide a reusable > foundation for Processors that require HTTP operations. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [nifi] exceptionfactory opened a new pull request, #6268: NIFI-10244 Add nifi-web-client-api and implementation
exceptionfactory opened a new pull request, #6268: URL: https://github.com/apache/nifi/pull/6268 # Summary [NIFI-10244](https://issues.apache.org/jira/browse/NIFI-10244) Adds a `nifi-web-client-api` module providing reusable interfaces to abstract HTTP communication. The `nifi-web-client-api` module provides a `WebClientService` interface with a fluent design pattern similar to the Spring Framework [WebClient](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/reactive/function/client/WebClient.html). The `WebClientService` and associated components support composition and execution of HTTP requests using standard or custom HTTP methods. The `WebClientService` supports synchronous request execution. The `nifi-web-client-api` module also provides an `HttpUriBuilder` interface to abstract composition of a `java.net.URI` based on component elements. The `nifi-web-client` module provides a standard implementation of these interfaces using [OkHttp](https://square.github.io/okhttp/). The `StandardWebClientService` class supports configuration of common settings, such as timeouts, TLS, and proxy access. The `nifi-web-client-api` and `nifi-web-client` modules under `nifi-commons` provide the foundation for a new Controller Service interface named `WebClientServiceProvider` defined in `nifi-web-client-provider-api`. The `StandardWebClientServiceProvider` implementation in `nifi-web-client-provider-service` enables components to define a reusable service configuration for HTTP communication. This approach follows the pattern of the Proxy Configuration Service, allowing Processors to abstract HTTP socket configuration. The `nifi-web-client-api` and `nifi-web-client-provider-api` also provide a layer of abstraction for components that require HTTP components. This narrows the scope of impact for dependency upgrades and allows components to implement HTTP communication without depending on a particular HTTP library. The initial implementation is self-contained with a number of unit tests using OkHttp MockWebServer. Runtime integration can be tested with scripted components, and further improvements can be implemented in subsequent pull requests as necessary. The purpose of this pull request is to provide the foundational implementation for additional development efforts. # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0` - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0` ### Pull Request Formatting - [X] Pull Request based on current revision of the `main` branch - [X] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [X] Build completed using `mvn clean install -P contrib-check` - [X] JDK 8 - [X] JDK 11 - [X] JDK 17 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] pgyori commented on a diff in pull request #6234: NIFI-10256 CSVRecordReader using RFC 4180 CSV format trimming startin…
pgyori commented on code in PR #6234:
URL: https://github.com/apache/nifi/pull/6234#discussion_r936709751
##
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/csv/CSVReader.java:
##
@@ -79,6 +81,17 @@ public class CSVReader extends SchemaRegistryService
implements RecordReaderFact
.required(true)
.build();
+public static final PropertyDescriptor TRIM_DOUBLE_QUOTE = new
PropertyDescriptor.Builder()
+.name("Trim double quote")
+.description("Whether or not to trim starting and ending double
quotes. For example: with trim string '\"test\"'"
Review Comment:
I think it would be useful to add to the description something like
"if set to 'false' it means full compliance with RFC-4180".
This is because a new user who hasn't used this before selects RFC-4180 as
the CSV format, they would probably only want to know what value of this
property guarantees that.
##
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/test/java/org/apache/nifi/csv/TestJacksonCSVRecordReader.java:
##
@@ -57,9 +57,9 @@ private List getDefaultFields() {
return fields;
}
-private JacksonCSVRecordReader createReader(final InputStream in, final
RecordSchema schema, CSVFormat format) throws IOException {
+private JacksonCSVRecordReader createReader(final InputStream in, final
RecordSchema schema, CSVFormat format, final boolean trimDoubleQuote) throws
IOException {
Review Comment:
Just like in the case of the constructor of CSVRecordReader, I recommend
overloading this method with a variant that does not contain the
`trimDoubleQuote` parameter, and it should call this method with
`trimDoubleQuote=true`.
##
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/csv/CSVRecordReader.java:
##
@@ -44,11 +44,12 @@
public class CSVRecordReader extends AbstractCSVRecordReader {
private final CSVParser csvParser;
+private final boolean trimDoubleQuote;
private List recordFields;
public CSVRecordReader(final InputStream in, final ComponentLog logger,
final RecordSchema schema, final CSVFormat csvFormat, final boolean hasHeader,
final boolean ignoreHeader,
Review Comment:
I recommend reintroducing the declaration of the original constructor, and
the implementation should just call this constructor with
`trimDoubleQuote=true`. This way everywhere where you called this constructor
with `trimDoubleQuote=true`, you could revert to calling the original
constructor.
##
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/csv/JacksonCSVRecordReader.java:
##
@@ -52,11 +52,12 @@ public class JacksonCSVRecordReader extends
AbstractCSVRecordReader {
private final MappingIterator recordStream;
private List rawFieldNames = null;
private boolean allowDuplicateHeaderNames;
+private final boolean trimDoubleQuote;
private volatile static CsvMapper mapper = new
CsvMapper().enable(CsvParser.Feature.WRAP_AS_ARRAY);
public JacksonCSVRecordReader(final InputStream in, final ComponentLog
logger, final RecordSchema schema, final CSVFormat csvFormat, final boolean
hasHeader, final boolean ignoreHeader,
Review Comment:
Same as in the case of CSVRecordReader: I recommend reintroducing the
declaration of the original constructor, and the implementation should just
call this constructor with trimDoubleQuote=true. This way everywhere where you
called this constructor with trimDoubleQuote=true, you could revert to calling
the original constructor.
##
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/csv/CSVReader.java:
##
@@ -50,6 +50,8 @@
import java.util.List;
import java.util.Map;
+import static org.apache.nifi.csv.CSVUtils.CSV_FORMAT;
Review Comment:
I believe this is an accidental auto-import. Could you please remove it?
##
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/test/java/org/apache/nifi/csv/TestCSVRecordReader.java:
##
@@ -63,9 +63,9 @@ private List getDefaultFields() {
return fields;
}
-private CSVRecordReader createReader(final InputStream in, final
RecordSchema schema, CSVFormat format) throws IOException {
+private CSVRecordReader createReader(final InputStream in, final
RecordSchema schema, CSVFormat format, final boolean trimDoubleQuote) throws
IOException {
Review Comment:
Just like in the case of the constructor of
[GitHub] [nifi] mr1716 commented on pull request #6267: NIFI-10311: Update Avro From 1.11.0 to 1.11.1
mr1716 commented on PR #6267: URL: https://github.com/apache/nifi/pull/6267#issuecomment-1204001751 @exceptionfactory didnt realize this. Thanks for the heads up. Will make note for later. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] exceptionfactory commented on pull request #6267: NIFI-10311: Update Avro From 1.11.0 to 1.11.1
exceptionfactory commented on PR #6267: URL: https://github.com/apache/nifi/pull/6267#issuecomment-1203997956 Thanks for the reply @UcanInfosec. The root Maven configuration overrides transitive versions of Jackson using a Bill-of-Materials dependency, so the current version of NiFi is not impacted, but aligning the version of Avro is helpful. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] UcanInfosec commented on pull request #6267: NIFI-10311: Update Avro From 1.11.0 to 1.11.1
UcanInfosec commented on PR #6267: URL: https://github.com/apache/nifi/pull/6267#issuecomment-1203992217 @exceptionfactory You are correct. But the version 1.11.0 of Avro has an old Jackson-databind, which means that the Avro software should be updated -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (NIFI-10234) implement a processor of Apache IoTDB
[ https://issues.apache.org/jira/browse/NIFI-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann reassigned NIFI-10234: --- Assignee: Xuan Ronaldo > implement a processor of Apache IoTDB > - > > Key: NIFI-10234 > URL: https://issues.apache.org/jira/browse/NIFI-10234 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Reporter: Xuan Ronaldo >Assignee: Xuan Ronaldo >Priority: Major > Attachments: README.md, 屏幕截图 2022-07-26 232200.png > > Time Spent: 20m > Remaining Estimate: 0h > > Hi, folks > > I'm a contributer of Apache IoTDB. Recently, I have implemented a processor > which can write data to IoTDB. I'd like to submit it to the NiFi as a > build-in processor. Besides, there are more processors or controller services > will be developed. > > Regards, > Xuan Ronaldo -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (NIFI-10311) Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann reassigned NIFI-10311: --- Assignee: Mike R > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518 > - > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Assignee: Mike R >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a > high rating of 7.5 according to the NIST NVD -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [nifi] exceptionfactory commented on pull request #6267: NIFI-10311: Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518
exceptionfactory commented on PR #6267: URL: https://github.com/apache/nifi/pull/6267#issuecomment-1203971954 Thanks for the upgrade @UcanInfosec! CVE-2020-36518 does not apply to Avro, it applies to Jackson 2.13.0, which is already upgraded. However, upgrading to this version of Avro is still useful. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] urbandan commented on pull request #6185: NIFI-10199: PublishKafka InFlightMessageTracker should not log batch …
urbandan commented on PR #6185: URL: https://github.com/apache/nifi/pull/6185#issuecomment-1203970036 hi @markap14, can you please take a look at this PR? it's a small change to reduce the noise in the logs of the PublishKafka* processors -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-10311) Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike R updated NIFI-10311: -- Description: Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a high rating of 7.5 according to the NIST NVD (was: Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518) > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518 > - > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Mike R >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a > high rating of 7.5 according to the NIST NVD -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-10311) Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518
[ https://issues.apache.org/jira/browse/NIFI-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike R updated NIFI-10311: -- Affects Version/s: 1.17.0 > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518 > - > > Key: NIFI-10311 > URL: https://issues.apache.org/jira/browse/NIFI-10311 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.17.0 >Reporter: Mike R >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518. The CVE has a > high rating of 7.5 according to the NIST NVD -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [nifi] UcanInfosec opened a new pull request, #6267: NIFI-10311: Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518
UcanInfosec opened a new pull request, #6267: URL: https://github.com/apache/nifi/pull/6267 # Summary [NiFi-10311](https://issues.apache.org/jira/projects/NIFI/issues/NIFI-10311) Upgrade Avro 1.11.0 to 1.11.1 to remediate the CVE with a High rating of 7.5 # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [X] [NiFi-10311](https://issues.apache.org/jira/projects/NIFI/issues/NIFI-10311) ### Pull Request Tracking - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0` - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0` ### Pull Request Formatting - [X] Pull Request based on current revision of the `main` branch - [X] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [X] Build completed using `mvn clean install -P contrib-check` - [X] JDK 8 - [X] JDK 11 - [X] JDK 17 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (NIFI-10311) Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518
Mike R created NIFI-10311: - Summary: Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518 Key: NIFI-10311 URL: https://issues.apache.org/jira/browse/NIFI-10311 Project: Apache NiFi Issue Type: Improvement Reporter: Mike R Update Avro From 1.11.0 to 1.11.1 to remediate CVE-2020-36518 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MINIFICPP-1885) Make features selectable in the Windows installer
[ https://issues.apache.org/jira/browse/MINIFICPP-1885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574702#comment-17574702 ] Ferenc Gerlits edited comment on MINIFICPP-1885 at 8/3/22 12:32 PM: We can already select the extensions to install; this was done in MINIFICPP-1672 ([https://github.com/apache/nifi-minifi-cpp/pull/1203]). We just need to set most extensions to disabled by default. was (Author: fgerlits): We can already select the extensions to install; this was done in MINIFICPP-1672 ([https://github.com/apache/nifi-minifi-cpp/pull/1203).] We just need to set most extensions to disabled by default. > Make features selectable in the Windows installer > - > > Key: MINIFICPP-1885 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1885 > Project: Apache NiFi MiNiFi C++ > Issue Type: Improvement >Reporter: Ferenc Gerlits >Assignee: Ferenc Gerlits >Priority: Minor > Fix For: 0.13.0 > > > Include as many extensions as possible in the Windows installer, but make all > except the current selection off by default. > In particular, scripting support should be included in the installer as an > optional component, which the user can enable during installation. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MINIFICPP-1885) Make features selectable in the Windows installer
[ https://issues.apache.org/jira/browse/MINIFICPP-1885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17574702#comment-17574702 ] Ferenc Gerlits commented on MINIFICPP-1885: --- We can already select the extensions to install; this was done in MINIFICPP-1672 ([https://github.com/apache/nifi-minifi-cpp/pull/1203).] We just need to set most extensions to disabled by default. > Make features selectable in the Windows installer > - > > Key: MINIFICPP-1885 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1885 > Project: Apache NiFi MiNiFi C++ > Issue Type: Improvement >Reporter: Ferenc Gerlits >Assignee: Ferenc Gerlits >Priority: Minor > Fix For: 0.13.0 > > > Include as many extensions as possible in the Windows installer, but make all > except the current selection off by default. > In particular, scripting support should be included in the installer as an > optional component, which the user can enable during installation. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [nifi-minifi-cpp] szaszm commented on a diff in pull request #1360: MINIFICPP-1853 Enable multiple metrics from the same processor type
szaszm commented on code in PR #1360:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1360#discussion_r925855542
##
C2.md:
##
@@ -55,48 +58,49 @@ With this change, heartbeat with agent manifest included is
sent only for the fi
light weight heartbeat. If for some reason the C2 server does not receive the
first full heartbeat, the manifest can
be requested via C2 DESCRIBE manifest command.
- #in minifi.properties
+```
+#in minifi.properties
- # Disable/Enable C2
- nifi.c2.enable=true
+# Disable/Enable C2
+nifi.c2.enable=true
Review Comment:
I prefer the original [classic markdown
style](https://www.markdownguide.org/basic-syntax#code-blocks-1) over the
github markdown extension.
##
extensions/standard-processors/processors/GetFile.h:
##
@@ -62,23 +62,27 @@ class GetFileMetrics : public state::response::ResponseNode
{
std::vector serialize() override {
std::vector resp;
+state::response::SerializedResponseNode root_node;
+root_node.name = source_component_.getName();
Review Comment:
Indexing components by UUID would be more robust, and would work when
multiple processors of the same type share the same name. What do you think?
##
libminifi/test/resources/TestSameProcessorMetrics.yml:
##
@@ -0,0 +1,119 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+Flow Controller:
+name: MiNiFi Flow
+id: 2438e3c8-015a-1000-79ca-83af40ec1990
+Processors:
+- name: GetFile1
+ id: 471deef6-2a6e-4a7d-912a-81cc17e3a206
+ class: org.apache.nifi.processors.standard.GetFile
+ max concurrent tasks: 1
+ scheduling strategy: TIMER_DRIVEN
+ scheduling period: 1 sec
+ penalization period: 30 sec
+ yield period: 1 sec
+ run duration nanos: 0
+ auto-terminated relationships list:
+ Properties:
+ Input Directory: /tmp/getfile1
+ Keep Source File: true
+- name: GetFile2
+ id: 471deef6-2a6e-4a7d-912a-81cc17e3a207
+ class: org.apache.nifi.processors.standard.GetFile
+ max concurrent tasks: 1
+ scheduling strategy: TIMER_DRIVEN
+ scheduling period: 1 sec
+ penalization period: 30 sec
+ yield period: 1 sec
+ run duration nanos: 0
+ auto-terminated relationships list:
+ Properties:
+ Input Directory: /tmp/getfile2
+ Keep Source File: true
+- name: GetTCP1
+ id: 2438e3c8-015a-1000-79ca-83af40ec1995
+ class: org.apache.nifi.processors.standard.GetTCP
+ max concurrent tasks: 1
+ scheduling strategy: TIMER_DRIVEN
+ scheduling period: 10 msec
+ penalization period: 30 msec
+ yield period: 10 msec
+ run duration nanos: 0
+ auto-terminated relationships list:
+ Properties:
+ SSL Context Service: SSLContextService
+ endpoint-list: localhost:8776
+ end-of-message-byte: d
+ reconnect-interval: 100ms
+ connection-attempt-timeout: 2000
+- name: GetTCP2
+ id: 2438e3c8-015a-1000-79ca-83af40ec1996
+ class: org.apache.nifi.processors.standard.GetTCP
+ max concurrent tasks: 1
+ scheduling strategy: TIMER_DRIVEN
+ scheduling period: 10 msec
+ penalization period: 30 msec
+ yield period: 10 msec
+ run duration nanos: 0
+ auto-terminated relationships list:
+ Properties:
+ SSL Context Service: SSLContextService
+ endpoint-list: localhost:8776
+ end-of-message-byte: d
+ reconnect-interval: 100ms
+ connection-attempt-timeout: 2000
+- name: LogAttribute
+ id: 2438e3c8-015a-1000-79ca-83af40ec1992
+ class: org.apache.nifi.processors.standard.LogAttribute
+ max concurrent tasks: 1
+ scheduling strategy: TIMER_DRIVEN
+ scheduling period: 1 sec
+ penalization period: 30 sec
+ yield period: 1 sec
+ run duration nanos: 0
+ auto-terminated relationships list:
+- response
Review Comment:
No such relationship on LogAttribute. Did you mean success?
##
extensions/http-curl/tests/C2DescribeMetricsTest.cpp:
##
@@ -0,0 +1,156 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under
[GitHub] [nifi-minifi-cpp] adam-markovics commented on a diff in pull request #1328: MINIFICPP-1812 - Clean up Repository threads
adam-markovics commented on code in PR #1328:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1328#discussion_r936542023
##
libminifi/include/core/ThreadedRepository.h:
##
@@ -0,0 +1,106 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include
+#include
+
+#include "Repository.h"
+#include "TraceableResource.h"
+
+namespace org::apache::nifi::minifi::core {
+
+class ThreadedRepository : public core::Repository, public
core::TraceableResource {
+ public:
+ using Repository::Repository;
+
+ ~ThreadedRepository() override {
+if (running_state_.load() != RUNNING_STATE::STOPPED) {
+ logger_->log_error("Thread of %s should have been stopped in subclass
before ThreadedRepository's destruction", name_);
+}
+ }
+
+ bool initialize(const std::shared_ptr& /*configure*/) override {
+return true;
+ }
+
+ // Starts repository monitor thread
+ bool start() override {
+// if STOPPED, turn to STARTING, otherwise return
+RUNNING_STATE expected{RUNNING_STATE::STOPPED};
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] szaszm commented on a diff in pull request #1328: MINIFICPP-1812 - Clean up Repository threads
szaszm commented on code in PR #1328:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1328#discussion_r934641557
##
libminifi/include/core/ThreadedRepository.h:
##
@@ -0,0 +1,106 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include
+#include
+
+#include "Repository.h"
+#include "TraceableResource.h"
+
+namespace org::apache::nifi::minifi::core {
+
+class ThreadedRepository : public core::Repository, public
core::TraceableResource {
+ public:
+ using Repository::Repository;
+
+ ~ThreadedRepository() override {
+if (running_state_.load() != RUNNING_STATE::STOPPED) {
+ logger_->log_error("Thread of %s should have been stopped in subclass
before ThreadedRepository's destruction", name_);
+}
+ }
+
+ bool initialize(const std::shared_ptr& /*configure*/) override {
+return true;
+ }
+
+ // Starts repository monitor thread
+ bool start() override {
+// if STOPPED, turn to STARTING, otherwise return
+RUNNING_STATE expected{RUNNING_STATE::STOPPED};
Review Comment:
I think all caps naming should be reserved for macros. Symbolic constants,
including enum values are edge case, so I usually accept either, but they
should be CamelCase. The type name should definitely be CamelCase, unless
following some standard-like snake_case pattern from somewhere else. Please
rename.
```suggestion
RunningState expected{RunningState::Stopped};
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
