[nifi] branch master updated: NIFI-5945 Add support for password login to kerberos code in nifi-security-utils
This is an automated email from the ASF dual-hosted git repository. mattyb149 pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 2bbfb32 NIFI-5945 Add support for password login to kerberos code in nifi-security-utils 2bbfb32 is described below commit 2bbfb3217be40abe4af7ddb8627808d12d99bb17 Author: Bryan Bende AuthorDate: Wed Jan 9 17:37:10 2019 -0500 NIFI-5945 Add support for password login to kerberos code in nifi-security-utils Fixing solr test Signed-off-by: Matthew Burgess This closes #3256 --- ...rdKeytabUser.java => AbstractKerberosUser.java} | 41 +++- .../nifi/security/krb/ConfigurationUtil.java | 25 + .../krb/{KeytabAction.java => KerberosAction.java} | 34 +++ .../nifi/security/krb/KerberosKeytabUser.java | 59 +++ .../nifi/security/krb/KerberosPasswordUser.java| 110 + .../krb/{KeytabUser.java => KerberosUser.java} | 7 +- .../nifi/security/krb/KeytabConfiguration.java | 9 +- .../org/apache/nifi/security/krb/KDCServer.java| 5 +- .../krb/{KeytabUserIT.java => KerberosUserIT.java} | 63 +--- .../nifi/security/krb/TestKeytabConfiguration.java | 2 +- .../apache/nifi/processors/solr/SolrProcessor.java | 32 +++--- .../processors/solr/TestPutSolrContentStream.java | 45 - 12 files changed, 320 insertions(+), 112 deletions(-) diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/StandardKeytabUser.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java similarity index 86% rename from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/StandardKeytabUser.java rename to nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java index 7302ee0..32eb9bb 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/StandardKeytabUser.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java @@ -23,7 +23,6 @@ import org.slf4j.LoggerFactory; import javax.security.auth.Subject; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosTicket; -import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import java.security.PrivilegedAction; @@ -34,14 +33,9 @@ import java.util.Date; import java.util.Set; import java.util.concurrent.atomic.AtomicBoolean; -/** - * Used to authenticate and execute actions when Kerberos is enabled and a keytab is being used. - * - * Some of the functionality in this class is adapted from Hadoop's UserGroupInformation. - */ -public class StandardKeytabUser implements KeytabUser { +public abstract class AbstractKerberosUser implements KerberosUser { -private static final Logger LOGGER = LoggerFactory.getLogger(StandardKeytabUser.class); +private static final Logger LOGGER = LoggerFactory.getLogger(AbstractKerberosUser.class); static final String DATE_FORMAT = "-MM-dd'T'HH:mm:ss'Z'"; @@ -50,18 +44,15 @@ public class StandardKeytabUser implements KeytabUser { */ static final float TICKET_RENEW_WINDOW = 0.80f; -private final String principal; -private final String keytabFile; -private final AtomicBoolean loggedIn = new AtomicBoolean(false); +protected final String principal; +protected final AtomicBoolean loggedIn = new AtomicBoolean(false); -private Subject subject; -private LoginContext loginContext; +protected Subject subject; +protected LoginContext loginContext; -public StandardKeytabUser(final String principal, final String keytabFile) { +public AbstractKerberosUser(final String principal) { this.principal = principal; -this.keytabFile = keytabFile; -Validate.notBlank(principal); -Validate.notBlank(keytabFile); +Validate.notBlank(this.principal); } /** @@ -80,19 +71,19 @@ public class StandardKeytabUser implements KeytabUser { if (loginContext == null) { LOGGER.debug("Initializing new login context..."); this.subject = new Subject(); - -final Configuration config = new KeytabConfiguration(principal, keytabFile); -this.loginContext = new LoginContext("KeytabConf", subject, null, config); +this.loginContext = createLoginContext(subject); } loginContext.login(); loggedIn.set(true); LOGGER.debug("Successful login for {}", new Object[]{principal}); } catch (LoginException le) { -throw new LoginException("Unable to login with " + principal + "
[nifi] branch master updated: NIFI-5790 removed the last test as it's causing a race condition intermittently (#3260)
This is an automated email from the ASF dual-hosted git repository. pwicks pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new cf7ab0c NIFI-5790 removed the last test as it's causing a race condition intermittently (#3260) cf7ab0c is described below commit cf7ab0ce180ecfdeaf1758e896540b58036896b0 Author: SavtechSolutions AuthorDate: Thu Jan 10 14:13:35 2019 -0500 NIFI-5790 removed the last test as it's causing a race condition intermittently (#3260) Signed-off-by: Peter Wicks --- .../src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java| 3 --- 1 file changed, 3 deletions(-) diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java index 4d32b33..2714e2e 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java +++ b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java @@ -237,9 +237,6 @@ public class DBCPServiceTest { Assert.assertEquals(4, service.getDataSource().getNumIdle()); Assert.assertEquals(0, service.getDataSource().getNumActive()); -Thread.sleep(500); -Assert.assertEquals(1, service.getDataSource().getNumIdle()); - service.getDataSource().close(); }
[nifi-minifi-cpp] branch master updated: MINIFICPP-703 - UUID generation in C
This is an automated email from the ASF dual-hosted git repository. phrocker pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git The following commit(s) were added to refs/heads/master by this push: new e47f8f1 MINIFICPP-703 - UUID generation in C e47f8f1 is described below commit e47f8f129259124599367c77b465480f0df44696 Author: Arpad Boda AuthorDate: Fri Jan 4 14:10:44 2019 +0100 MINIFICPP-703 - UUID generation in C This closes #467. Signed-off-by: Marc Parisi --- nanofi/CMakeLists.txt | 2 +- nanofi/include/core/cuuid.h | 34 ++ nanofi/src/core/cuuid.cpp | 35 +++ nanofi/tests/CUUIDTests.cpp | 50 + 4 files changed, 120 insertions(+), 1 deletion(-) diff --git a/nanofi/CMakeLists.txt b/nanofi/CMakeLists.txt index bd2d952..34e0942 100644 --- a/nanofi/CMakeLists.txt +++ b/nanofi/CMakeLists.txt @@ -32,7 +32,7 @@ else() include_directories(../libminifi/opsys/posix) endif() -file(GLOB NANOFI_SOURCES "src/api/*.cpp" "src/cxx/*.cpp" ) +file(GLOB NANOFI_SOURCES "src/api/*.cpp" "src/core/*.cpp" "src/cxx/*.cpp") file(GLOB NANOFI_EXAMPLES_SOURCES "examples/*.c" ) diff --git a/nanofi/include/core/cuuid.h b/nanofi/include/core/cuuid.h new file mode 100644 index 000..d4f6dea --- /dev/null +++ b/nanofi/include/core/cuuid.h @@ -0,0 +1,34 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NIFI_MINIFI_CPP_CUUID_H +#define NIFI_MINIFI_CPP_CUUID_H + +#include "uuid/uuid.h" + +#define CUUID_TIME_IMPL 0 +#define CUUID_RANDOM_IMPL 1 +#define CUUID_DEFAULT_IMPL 2 + +typedef struct CIDGenerator { + int implementation_; +} CIDGenerator; + +void generate_uuid(const CIDGenerator * generator, char * out); + +#endif //NIFI_MINIFI_CPP_CUUID_H diff --git a/nanofi/src/core/cuuid.cpp b/nanofi/src/core/cuuid.cpp new file mode 100644 index 000..7f3f372 --- /dev/null +++ b/nanofi/src/core/cuuid.cpp @@ -0,0 +1,35 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "core/cuuid.h" + +void generate_uuid(const CIDGenerator * generator, char * out) { + UUID_FIELD output; + switch (generator->implementation_) { +case CUUID_RANDOM_IMPL: + uuid_generate_random(output); + break; +case CUUID_DEFAULT_IMPL: + uuid_generate(output); + break; +default: + uuid_generate_time(output); + break; + } + uuid_unparse_lower(output, out); +} diff --git a/nanofi/tests/CUUIDTests.cpp b/nanofi/tests/CUUIDTests.cpp new file mode 100644 index 000..3a3ed4b --- /dev/null +++ b/nanofi/tests/CUUIDTests.cpp @@ -0,0 +1,50 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language gover
[nifi-minifi-cpp] branch master updated: MINIFICPP-709: Add timeout
This is an automated email from the ASF dual-hosted git repository. aldrin pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git The following commit(s) were added to refs/heads/master by this push: new c5603ef MINIFICPP-709: Add timeout c5603ef is described below commit c5603ef77ff53d7fca1bef09ffc1a8e35aae7870 Author: Marc Parisi AuthorDate: Thu Jan 10 12:05:10 2019 -0500 MINIFICPP-709: Add timeout This closes #471. Signed-off-by: Aldrin Piri --- libminifi/src/RemoteProcessorGroupPort.cpp | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libminifi/src/RemoteProcessorGroupPort.cpp b/libminifi/src/RemoteProcessorGroupPort.cpp index cbc0412..54329f8 100644 --- a/libminifi/src/RemoteProcessorGroupPort.cpp +++ b/libminifi/src/RemoteProcessorGroupPort.cpp @@ -292,6 +292,9 @@ std::pair RemoteProcessorGroupPort::refreshRemoteSite2SiteInfo } client = std::unique_ptr(dynamic_cast(client_ptr)); client->initialize("GET", loginUrl.str(), ssl_service); + // use a connection timeout. if this times out we will simply attempt re-connection + // so no need for configuration parameter that isn't already defined in Processor + client->setConnectionTimeout(10); token = utils::get_token(client.get(), this->rest_user_name_, this->rest_password_); logger_->log_debug("Token from NiFi REST Api endpoint %s, %s", loginUrl.str(), token); @@ -307,6 +310,9 @@ std::pair RemoteProcessorGroupPort::refreshRemoteSite2SiteInfo int siteTosite_port_ = -1; client = std::unique_ptr(dynamic_cast(client_ptr)); client->initialize("GET", fullUrl.str().c_str(), ssl_service); +// use a connection timeout. if this times out we will simply attempt re-connection +// so no need for configuration parameter that isn't already defined in Processor +client->setConnectionTimeout(10); if (!proxy_.host.empty()) { client->setHTTPProxy(proxy_); }
[nifi] branch master updated: NIFI-5944: When components are started on NiFi startup, if they are invalid, don't fail immediately and give up. Instead, keep attempting to start the component when it b
This is an automated email from the ASF dual-hosted git repository. mcgilman pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 706cf7d NIFI-5944: When components are started on NiFi startup, if they are invalid, don't fail immediately and give up. Instead, keep attempting to start the component when it becomes valid. 706cf7d is described below commit 706cf7dcff1eddaf86e6dd7496734ec637d31810 Author: Mark Payne AuthorDate: Thu Jan 10 09:53:05 2019 -0500 NIFI-5944: When components are started on NiFi startup, if they are invalid, don't fail immediately and give up. Instead, keep attempting to start the component when it becomes valid. This closes #3259 --- .../nifi/controller/AbstractComponentNode.java | 12 ++-- .../org/apache/nifi/controller/ComponentNode.java | 2 +- .../org/apache/nifi/controller/ProcessorNode.java | 17 - .../org/apache/nifi/controller/FlowController.java | 4 +- .../nifi/controller/StandardProcessorNode.java | 33 ++--- .../reporting/AbstractReportingTaskNode.java | 15 +++-- .../scheduling/StandardProcessScheduler.java | 22 +++--- .../serialization/ScheduledStateLookup.java| 2 +- .../service/StandardControllerServiceNode.java | 78 +++--- .../scheduling/TestStandardProcessScheduler.java | 43 .../TestStandardControllerServiceProvider.java | 21 -- 11 files changed, 158 insertions(+), 91 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java index f3ae41f..e17682e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java @@ -373,9 +373,8 @@ public abstract class AbstractComponentNode implements ComponentNode { } @Override -public final void performValidation() { -boolean replaced = false; -do { +public final ValidationStatus performValidation() { +while (true) { final ValidationState validationState = getValidationState(); final ValidationContext validationContext = getValidationContext(); @@ -391,8 +390,11 @@ public abstract class AbstractComponentNode implements ComponentNode { final ValidationStatus status = results.isEmpty() ? ValidationStatus.VALID : ValidationStatus.INVALID; final ValidationState updatedState = new ValidationState(status, results); -replaced = replaceValidationState(validationState, updatedState); -} while (!replaced); +final boolean replaced = replaceValidationState(validationState, updatedState); +if (replaced) { +return status; +} +} } protected Collection computeValidationErrors(final ValidationContext validationContext) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java index d0ed572..2357d41 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java @@ -179,7 +179,7 @@ public interface ComponentNode extends ComponentAuthorizable { /** * Asynchronously begins the validation process */ -public abstract void performValidation(); +public abstract ValidationStatus performValidation(); /** * Returns a {@link List} of all {@link PropertyDescriptor}s that this diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java index 6e8206e..12eeb88 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java @@ -17,6 +17,7 @@ package org.apache.nifi.controller;