[nifi] branch master updated: NIFI-5945 Add support for password login to kerberos code in nifi-security-utils
This is an automated email from the ASF dual-hosted git repository.
mattyb149 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 2bbfb32 NIFI-5945 Add support for password login to kerberos code in
nifi-security-utils
2bbfb32 is described below
commit 2bbfb3217be40abe4af7ddb8627808d12d99bb17
Author: Bryan Bende
AuthorDate: Wed Jan 9 17:37:10 2019 -0500
NIFI-5945 Add support for password login to kerberos code in
nifi-security-utils
Fixing solr test
Signed-off-by: Matthew Burgess
This closes #3256
---
...rdKeytabUser.java => AbstractKerberosUser.java} | 41 +++-
.../nifi/security/krb/ConfigurationUtil.java | 25 +
.../krb/{KeytabAction.java => KerberosAction.java} | 34 +++
.../nifi/security/krb/KerberosKeytabUser.java | 59 +++
.../nifi/security/krb/KerberosPasswordUser.java| 110 +
.../krb/{KeytabUser.java => KerberosUser.java} | 7 +-
.../nifi/security/krb/KeytabConfiguration.java | 9 +-
.../org/apache/nifi/security/krb/KDCServer.java| 5 +-
.../krb/{KeytabUserIT.java => KerberosUserIT.java} | 63 +---
.../nifi/security/krb/TestKeytabConfiguration.java | 2 +-
.../apache/nifi/processors/solr/SolrProcessor.java | 32 +++---
.../processors/solr/TestPutSolrContentStream.java | 45 -
12 files changed, 320 insertions(+), 112 deletions(-)
diff --git
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/StandardKeytabUser.java
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java
similarity index 86%
rename from
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/StandardKeytabUser.java
rename to
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java
index 7302ee0..32eb9bb 100644
---
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/StandardKeytabUser.java
+++
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java
@@ -23,7 +23,6 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
-import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.security.PrivilegedAction;
@@ -34,14 +33,9 @@ import java.util.Date;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
-/**
- * Used to authenticate and execute actions when Kerberos is enabled and a
keytab is being used.
- *
- * Some of the functionality in this class is adapted from Hadoop's
UserGroupInformation.
- */
-public class StandardKeytabUser implements KeytabUser {
+public abstract class AbstractKerberosUser implements KerberosUser {
-private static final Logger LOGGER =
LoggerFactory.getLogger(StandardKeytabUser.class);
+private static final Logger LOGGER =
LoggerFactory.getLogger(AbstractKerberosUser.class);
static final String DATE_FORMAT = "-MM-dd'T'HH:mm:ss'Z'";
@@ -50,18 +44,15 @@ public class StandardKeytabUser implements KeytabUser {
*/
static final float TICKET_RENEW_WINDOW = 0.80f;
-private final String principal;
-private final String keytabFile;
-private final AtomicBoolean loggedIn = new AtomicBoolean(false);
+protected final String principal;
+protected final AtomicBoolean loggedIn = new AtomicBoolean(false);
-private Subject subject;
-private LoginContext loginContext;
+protected Subject subject;
+protected LoginContext loginContext;
-public StandardKeytabUser(final String principal, final String keytabFile)
{
+public AbstractKerberosUser(final String principal) {
this.principal = principal;
-this.keytabFile = keytabFile;
-Validate.notBlank(principal);
-Validate.notBlank(keytabFile);
+Validate.notBlank(this.principal);
}
/**
@@ -80,19 +71,19 @@ public class StandardKeytabUser implements KeytabUser {
if (loginContext == null) {
LOGGER.debug("Initializing new login context...");
this.subject = new Subject();
-
-final Configuration config = new
KeytabConfiguration(principal, keytabFile);
-this.loginContext = new LoginContext("KeytabConf", subject,
null, config);
+this.loginContext = createLoginContext(subject);
}
loginContext.login();
loggedIn.set(true);
LOGGER.debug("Successful login for {}", new Object[]{principal});
} catch (LoginException le) {
-throw new LoginException("Unable to login with " + principal + "
[nifi] branch master updated: NIFI-5790 removed the last test as it's causing a race condition intermittently (#3260)
This is an automated email from the ASF dual-hosted git repository.
pwicks pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new cf7ab0c NIFI-5790 removed the last test as it's causing a race
condition intermittently (#3260)
cf7ab0c is described below
commit cf7ab0ce180ecfdeaf1758e896540b58036896b0
Author: SavtechSolutions
AuthorDate: Thu Jan 10 14:13:35 2019 -0500
NIFI-5790 removed the last test as it's causing a race condition
intermittently (#3260)
Signed-off-by: Peter Wicks
---
.../src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java| 3 ---
1 file changed, 3 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java
b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java
index 4d32b33..2714e2e 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/src/test/java/org/apache/nifi/dbcp/DBCPServiceTest.java
@@ -237,9 +237,6 @@ public class DBCPServiceTest {
Assert.assertEquals(4, service.getDataSource().getNumIdle());
Assert.assertEquals(0, service.getDataSource().getNumActive());
-Thread.sleep(500);
-Assert.assertEquals(1, service.getDataSource().getNumIdle());
-
service.getDataSource().close();
}
[nifi-minifi-cpp] branch master updated: MINIFICPP-703 - UUID generation in C
This is an automated email from the ASF dual-hosted git repository.
phrocker pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
The following commit(s) were added to refs/heads/master by this push:
new e47f8f1 MINIFICPP-703 - UUID generation in C
e47f8f1 is described below
commit e47f8f129259124599367c77b465480f0df44696
Author: Arpad Boda
AuthorDate: Fri Jan 4 14:10:44 2019 +0100
MINIFICPP-703 - UUID generation in C
This closes #467.
Signed-off-by: Marc Parisi
---
nanofi/CMakeLists.txt | 2 +-
nanofi/include/core/cuuid.h | 34 ++
nanofi/src/core/cuuid.cpp | 35 +++
nanofi/tests/CUUIDTests.cpp | 50 +
4 files changed, 120 insertions(+), 1 deletion(-)
diff --git a/nanofi/CMakeLists.txt b/nanofi/CMakeLists.txt
index bd2d952..34e0942 100644
--- a/nanofi/CMakeLists.txt
+++ b/nanofi/CMakeLists.txt
@@ -32,7 +32,7 @@ else()
include_directories(../libminifi/opsys/posix)
endif()
-file(GLOB NANOFI_SOURCES "src/api/*.cpp" "src/cxx/*.cpp" )
+file(GLOB NANOFI_SOURCES "src/api/*.cpp" "src/core/*.cpp" "src/cxx/*.cpp")
file(GLOB NANOFI_EXAMPLES_SOURCES "examples/*.c" )
diff --git a/nanofi/include/core/cuuid.h b/nanofi/include/core/cuuid.h
new file mode 100644
index 000..d4f6dea
--- /dev/null
+++ b/nanofi/include/core/cuuid.h
@@ -0,0 +1,34 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NIFI_MINIFI_CPP_CUUID_H
+#define NIFI_MINIFI_CPP_CUUID_H
+
+#include "uuid/uuid.h"
+
+#define CUUID_TIME_IMPL 0
+#define CUUID_RANDOM_IMPL 1
+#define CUUID_DEFAULT_IMPL 2
+
+typedef struct CIDGenerator {
+ int implementation_;
+} CIDGenerator;
+
+void generate_uuid(const CIDGenerator * generator, char * out);
+
+#endif //NIFI_MINIFI_CPP_CUUID_H
diff --git a/nanofi/src/core/cuuid.cpp b/nanofi/src/core/cuuid.cpp
new file mode 100644
index 000..7f3f372
--- /dev/null
+++ b/nanofi/src/core/cuuid.cpp
@@ -0,0 +1,35 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "core/cuuid.h"
+
+void generate_uuid(const CIDGenerator * generator, char * out) {
+ UUID_FIELD output;
+ switch (generator->implementation_) {
+case CUUID_RANDOM_IMPL:
+ uuid_generate_random(output);
+ break;
+case CUUID_DEFAULT_IMPL:
+ uuid_generate(output);
+ break;
+default:
+ uuid_generate_time(output);
+ break;
+ }
+ uuid_unparse_lower(output, out);
+}
diff --git a/nanofi/tests/CUUIDTests.cpp b/nanofi/tests/CUUIDTests.cpp
new file mode 100644
index 000..3a3ed4b
--- /dev/null
+++ b/nanofi/tests/CUUIDTests.cpp
@@ -0,0 +1,50 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language gover
[nifi-minifi-cpp] branch master updated: MINIFICPP-709: Add timeout
This is an automated email from the ASF dual-hosted git repository.
aldrin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
The following commit(s) were added to refs/heads/master by this push:
new c5603ef MINIFICPP-709: Add timeout
c5603ef is described below
commit c5603ef77ff53d7fca1bef09ffc1a8e35aae7870
Author: Marc Parisi
AuthorDate: Thu Jan 10 12:05:10 2019 -0500
MINIFICPP-709: Add timeout
This closes #471.
Signed-off-by: Aldrin Piri
---
libminifi/src/RemoteProcessorGroupPort.cpp | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libminifi/src/RemoteProcessorGroupPort.cpp
b/libminifi/src/RemoteProcessorGroupPort.cpp
index cbc0412..54329f8 100644
--- a/libminifi/src/RemoteProcessorGroupPort.cpp
+++ b/libminifi/src/RemoteProcessorGroupPort.cpp
@@ -292,6 +292,9 @@ std::pair
RemoteProcessorGroupPort::refreshRemoteSite2SiteInfo
}
client =
std::unique_ptr(dynamic_cast(client_ptr));
client->initialize("GET", loginUrl.str(), ssl_service);
+ // use a connection timeout. if this times out we will simply attempt
re-connection
+ // so no need for configuration parameter that isn't already defined in
Processor
+ client->setConnectionTimeout(10);
token = utils::get_token(client.get(), this->rest_user_name_,
this->rest_password_);
logger_->log_debug("Token from NiFi REST Api endpoint %s, %s",
loginUrl.str(), token);
@@ -307,6 +310,9 @@ std::pair
RemoteProcessorGroupPort::refreshRemoteSite2SiteInfo
int siteTosite_port_ = -1;
client =
std::unique_ptr(dynamic_cast(client_ptr));
client->initialize("GET", fullUrl.str().c_str(), ssl_service);
+// use a connection timeout. if this times out we will simply attempt
re-connection
+// so no need for configuration parameter that isn't already defined in
Processor
+client->setConnectionTimeout(10);
if (!proxy_.host.empty()) {
client->setHTTPProxy(proxy_);
}
[nifi] branch master updated: NIFI-5944: When components are started on NiFi startup, if they are invalid, don't fail immediately and give up. Instead, keep attempting to start the component when it b
This is an automated email from the ASF dual-hosted git repository.
mcgilman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 706cf7d NIFI-5944: When components are started on NiFi startup, if
they are invalid, don't fail immediately and give up. Instead, keep attempting
to start the component when it becomes valid.
706cf7d is described below
commit 706cf7dcff1eddaf86e6dd7496734ec637d31810
Author: Mark Payne
AuthorDate: Thu Jan 10 09:53:05 2019 -0500
NIFI-5944: When components are started on NiFi startup, if they are
invalid, don't fail immediately and give up. Instead, keep attempting to start
the component when it becomes valid.
This closes #3259
---
.../nifi/controller/AbstractComponentNode.java | 12 ++--
.../org/apache/nifi/controller/ComponentNode.java | 2 +-
.../org/apache/nifi/controller/ProcessorNode.java | 17 -
.../org/apache/nifi/controller/FlowController.java | 4 +-
.../nifi/controller/StandardProcessorNode.java | 33 ++---
.../reporting/AbstractReportingTaskNode.java | 15 +++--
.../scheduling/StandardProcessScheduler.java | 22 +++---
.../serialization/ScheduledStateLookup.java| 2 +-
.../service/StandardControllerServiceNode.java | 78 +++---
.../scheduling/TestStandardProcessScheduler.java | 43
.../TestStandardControllerServiceProvider.java | 21 --
11 files changed, 158 insertions(+), 91 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java
index f3ae41f..e17682e 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/AbstractComponentNode.java
@@ -373,9 +373,8 @@ public abstract class AbstractComponentNode implements
ComponentNode {
}
@Override
-public final void performValidation() {
-boolean replaced = false;
-do {
+public final ValidationStatus performValidation() {
+while (true) {
final ValidationState validationState = getValidationState();
final ValidationContext validationContext = getValidationContext();
@@ -391,8 +390,11 @@ public abstract class AbstractComponentNode implements
ComponentNode {
final ValidationStatus status = results.isEmpty() ?
ValidationStatus.VALID : ValidationStatus.INVALID;
final ValidationState updatedState = new ValidationState(status,
results);
-replaced = replaceValidationState(validationState, updatedState);
-} while (!replaced);
+final boolean replaced = replaceValidationState(validationState,
updatedState);
+if (replaced) {
+return status;
+}
+}
}
protected Collection computeValidationErrors(final
ValidationContext validationContext) {
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java
index d0ed572..2357d41 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ComponentNode.java
@@ -179,7 +179,7 @@ public interface ComponentNode extends
ComponentAuthorizable {
/**
* Asynchronously begins the validation process
*/
-public abstract void performValidation();
+public abstract ValidationStatus performValidation();
/**
* Returns a {@link List} of all {@link PropertyDescriptor}s that this
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java
index 6e8206e..12eeb88 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/ProcessorNode.java
@@ -17,6 +17,7 @@
package org.apache.nifi.controller;
