[nifi] branch main updated (efb629e -> dee2fce)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git. from efb629e NIFI- Removed support for Expression Language from Password property Added unit test for no password configured on Zip files add dee2fce NIFI-7871 Correct errors for UUID3, UUID5 and hash functions in EL Guide Added links to UUID function in docs. No new revisions were added by this update. Summary of changes: .../main/asciidoc/expression-language-guide.adoc | 44 +- 1 file changed, 27 insertions(+), 17 deletions(-)
[nifi] branch main updated: NIFI-7777 Removed support for Expression Language from Password property Added unit test for no password configured on Zip files
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new efb629e NIFI- Removed support for Expression Language from Password property Added unit test for no password configured on Zip files efb629e is described below commit efb629e37d487ea72d3e08e1c479e98f7ffc8291 Author: exceptionfactory AuthorDate: Mon Oct 5 22:02:31 2020 -0400 NIFI- Removed support for Expression Language from Password property Added unit test for no password configured on Zip files This closes #4572. Signed-off-by: Andy LoPresto --- .../nifi/processors/standard/UnpackContent.java| 4 +- .../processors/standard/TestUnpackContent.java | 50 +++--- 2 files changed, 36 insertions(+), 18 deletions(-) diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java index d6bf5a3..1fc4e9f 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java @@ -55,7 +55,6 @@ import org.apache.nifi.annotation.lifecycle.OnScheduled; import org.apache.nifi.annotation.lifecycle.OnStopped; import org.apache.nifi.components.PropertyDescriptor; import org.apache.nifi.components.PropertyValue; -import org.apache.nifi.expression.ExpressionLanguageScope; import org.apache.nifi.flowfile.FlowFile; import org.apache.nifi.flowfile.attributes.CoreAttributes; import org.apache.nifi.flowfile.attributes.FragmentAttributes; @@ -158,7 +157,6 @@ public class UnpackContent extends AbstractProcessor { .required(false) .sensitive(true) .addValidator(StandardValidators.NON_BLANK_VALIDATOR) - .expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY) .build(); public static final Relationship REL_SUCCESS = new Relationship.Builder() @@ -221,7 +219,7 @@ public class UnpackContent extends AbstractProcessor { char[] password = null; final PropertyValue passwordProperty = context.getProperty(PASSWORD); if (passwordProperty.isSet()) { -password = passwordProperty.evaluateAttributeExpressions().getValue().toCharArray(); +password = passwordProperty.getValue().toCharArray(); } zipUnpacker = new ZipUnpacker(fileFilter, password); } diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java index 73635bd..f14759f 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java @@ -237,6 +237,22 @@ public class TestUnpackContent { } @Test +public void testZipEncryptionNoPasswordConfigured() throws IOException { +final TestRunner runner = TestRunners.newTestRunner(new UnpackContent()); +runner.setProperty(UnpackContent.PACKAGING_FORMAT, UnpackContent.PackageFormat.ZIP_FORMAT.toString()); + +final String password = String.class.getSimpleName(); +final char[] streamPassword = password.toCharArray(); +final String contents = TestRunner.class.getCanonicalName(); + +final byte[] zipEncrypted = createZipEncrypted(EncryptionMethod.AES, streamPassword, contents); +runner.enqueue(zipEncrypted); +runner.run(); + +runner.assertTransferCount(UnpackContent.REL_FAILURE, 1); +} + +@Test public void testZipWithFilter() throws IOException { final TestRunner unpackRunner = TestRunners.newTestRunner(new UnpackContent()); final TestRunner autoUnpackRunner = TestRunners.newTestRunner(new UnpackContent()); @@ -474,12 +490,28 @@ public class TestUnpackContent { runner.setProperty(UnpackContent.PASSWORD, password); final char[] streamPassword = password.toCharArray(); +final String contents = TestRunner.class.getCanonicalName(); + +final byte[] zipEncrypted = createZipEncrypted(encryptionMethod, streamPassword, contents); +runner.enqueue(zipEncrypted); +runner.run(); + +runner.assertTransferCount
[nifi] branch main updated: NIFI-7777 Added optional Password property to UnpackContent for decrypting Zip archives
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new ea6b011 NIFI- Added optional Password property to UnpackContent for decrypting Zip archives ea6b011 is described below commit ea6b01159d16a1d14e611f3a211caa42fe5577f2 Author: exceptionfactory AuthorDate: Mon Oct 5 20:28:41 2020 -0400 NIFI- Added optional Password property to UnpackContent for decrypting Zip archives This closes #4572. Signed-off-by: Andy LoPresto --- nifi-assembly/NOTICE | 5 ++ .../nifi-standard-processors/pom.xml | 5 ++ .../nifi/processors/standard/UnpackContent.java| 54 ++ .../processors/standard/TestUnpackContent.java | 54 ++ 4 files changed, 108 insertions(+), 10 deletions(-) diff --git a/nifi-assembly/NOTICE b/nifi-assembly/NOTICE index b6ee96c..177f0ea 100644 --- a/nifi-assembly/NOTICE +++ b/nifi-assembly/NOTICE @@ -1946,6 +1946,11 @@ The following binary components are provided under the Apache Software License v Apache FtpServer Core 1.1.1 Copyright 2003-2017 The Apache Software Foundation + (ASLv2) Zip4j +The following NOTICE information applies: + Zip4j 2.6.3. + Copyright 2020 Srikanth Reddy Lingala + Common Development and Distribution License 1.1 diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml index 231e8eb..31d34aa 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml @@ -293,6 +293,11 @@ snappy-java +net.lingala.zip4j +zip4j +2.6.3 + + com.h2database h2 test diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java index f802a5d..d6bf5a3 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java @@ -35,10 +35,11 @@ import java.util.Set; import java.util.UUID; import java.util.concurrent.atomic.AtomicReference; import java.util.regex.Pattern; + +import net.lingala.zip4j.model.LocalFileHeader; import org.apache.commons.compress.archivers.ArchiveEntry; import org.apache.commons.compress.archivers.tar.TarArchiveEntry; import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; -import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; import org.apache.nifi.annotation.behavior.EventDriven; import org.apache.nifi.annotation.behavior.InputRequirement; import org.apache.nifi.annotation.behavior.InputRequirement.Requirement; @@ -53,6 +54,8 @@ import org.apache.nifi.annotation.documentation.Tags; import org.apache.nifi.annotation.lifecycle.OnScheduled; import org.apache.nifi.annotation.lifecycle.OnStopped; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.PropertyValue; +import org.apache.nifi.expression.ExpressionLanguageScope; import org.apache.nifi.flowfile.FlowFile; import org.apache.nifi.flowfile.attributes.CoreAttributes; import org.apache.nifi.flowfile.attributes.FragmentAttributes; @@ -72,6 +75,7 @@ import org.apache.nifi.util.FlowFileUnpackager; import org.apache.nifi.util.FlowFileUnpackagerV1; import org.apache.nifi.util.FlowFileUnpackagerV2; import org.apache.nifi.util.FlowFileUnpackagerV3; +import net.lingala.zip4j.io.inputstream.ZipInputStream; @EventDriven @SideEffectFree @@ -100,7 +104,8 @@ import org.apache.nifi.util.FlowFileUnpackagerV3; @WritesAttribute(attribute = "file.creationTime", description = "The date and time that the file was created. This attribute holds always the same value as file.lastModifiedTime (tar only)."), @WritesAttribute(attribute = "file.owner", description = "The owner of the unpacked file (tar only)"), @WritesAttribute(attribute = "file.group", description = "The group owner of the unpacked file (tar only)"), -@WritesAttribute(attribute = "file.permissions", description = "The read/write/execute permissions of the unpacked file (tar only)")}) +@WritesAttribute(attribute = "file.permission
svn commit: r1882180 - /nifi/site/trunk/security.html
Author: alopresto Date: Thu Oct 1 14:20:02 2020 New Revision: 1882180 URL: http://svn.apache.org/viewvc?rev=1882180&view=rev Log: Added credit for discovered CVE. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1882180&r1=1882179&r2=1882180&view=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Thu Oct 1 14:20:02 2020 @@ -197,7 +197,7 @@ Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. -Credit: This issue was discovered by an anonymous community member. +Credit: This issue was discovered by Dennis Detering (IT Security Consultant at Spike Reply). CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487"; target="_blank">Mitre Database: CVE-2020-9487 NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385"; target="_blank">NIFI-7385 NiFi PR: https://github.com/apache/nifi/pull/4271"; target="_blank">PR 4271
[nifi-site] branch main updated: Added credit for CVE reporter.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/main by this push: new 7ecb4d5 Added credit for CVE reporter. 7ecb4d5 is described below commit 7ecb4d5ff24e793fe247b12939e017ca20fbdfbf Author: Andy LoPresto AuthorDate: Thu Oct 1 07:04:16 2020 -0700 Added credit for CVE reporter. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index c25220e..f96af8c 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -92,7 +92,7 @@ title: Apache NiFi Security Reports Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. -Credit: This issue was discovered by an anonymous community member. +Credit: This issue was discovered by Dennis Detering (IT Security Consultant at Spike Reply). CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487"; target="_blank">Mitre Database: CVE-2020-9487 NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385"; target="_blank">NIFI-7385 NiFi PR: https://github.com/apache/nifi/pull/4271"; target="_blank">PR 4271
svn commit: r1882168 - /nifi/site/trunk/security.html
Author: alopresto Date: Wed Sep 30 22:24:14 2020 New Revision: 1882168 URL: http://svn.apache.org/viewvc?rev=1882168&view=rev Log: Announced 1.12.1 CVEs. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1882168&r1=1882167&r2=1882168&view=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Wed Sep 30 22:24:14 2020 @@ -157,6 +157,164 @@ + + +Fixed in Apache NiFi 1.12.0 + + + + + +Vulnerabilities + + + + +CVE-2020-9486: Apache NiFi information disclosure in logs +Severity: Important +Versions Affected: + +Apache NiFi 1.10.0 - 1.11.4 + + +Description: The NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. +Mitigation: Implemented Argon2 secure hashing to provide a deterministic loggable value which does not reveal the sensitive value. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Andy LoPresto and Pierre Villard. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9486"; target="_blank">Mitre Database: CVE-2020-9486 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7377"; target="_blank">NIFI-7377 +NiFi PR: https://github.com/apache/nifi/pull/4222"; target="_blank">PR 4222 +Released: August 18, 2020 + + + + +CVE-2020-9487: Apache NiFi denial of service +Severity: Important +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. +Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by an anonymous community member. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487"; target="_blank">Mitre Database: CVE-2020-9487 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385"; target="_blank">NIFI-7385 +NiFi PR: https://github.com/apache/nifi/pull/4271"; target="_blank">PR 4271 +Released: August 18, 2020 + + + + +CVE-2020-9491: Apache NiFi use of weak TLS protocols +Severity: Critical +Versions Affected: + +Apache NiFi 1.2.0 - 1.11.4 + + +Description: The NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. +Mitigation: Refactored disparate internal SSL and TLS code, reducing exposure for extension and framework developers to low-level primitives. Added support for TLS v1.3 on supporting JVMs. Restricted all incoming TLS communications to TLS v1.2+. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Juan Carlos Sequeiros and Andy LoPresto. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9491"; target="_blank">Mitre Database: CVE-2020-9491 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7401"; target="_blank">NIFI-7401 +NiFi PR: https://github.com/apache/nifi/pull/4263"; target="_blank">PR 4263 +Released: August 18, 2020 + + + + +CVE-2020-13940: Apache NiFi information disclosure by XXE +Severity: Low +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE). +Mi
[nifi-site] branch main updated: Announced 1.12.0 CVEs.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/main by this push: new e004a1c Announced 1.12.0 CVEs. e004a1c is described below commit e004a1c64a557cab307b7a0cfdd6ea57635ef06a Author: Andy LoPresto AuthorDate: Wed Sep 30 15:20:00 2020 -0700 Announced 1.12.0 CVEs. --- src/pages/html/security.hbs | 158 1 file changed, 158 insertions(+) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 7d6ac51..c25220e 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -52,6 +52,164 @@ title: Apache NiFi Security Reports + + +Fixed in Apache NiFi 1.12.0 + + + + + +Vulnerabilities + + + + +CVE-2020-9486: Apache NiFi information disclosure in logs +Severity: Important +Versions Affected: + +Apache NiFi 1.10.0 - 1.11.4 + + +Description: The NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. +Mitigation: Implemented Argon2 secure hashing to provide a deterministic loggable value which does not reveal the sensitive value. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Andy LoPresto and Pierre Villard. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9486"; target="_blank">Mitre Database: CVE-2020-9486 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7377"; target="_blank">NIFI-7377 +NiFi PR: https://github.com/apache/nifi/pull/4222"; target="_blank">PR 4222 +Released: August 18, 2020 + + + + +CVE-2020-9487: Apache NiFi denial of service +Severity: Important +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. +Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by an anonymous community member. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487"; target="_blank">Mitre Database: CVE-2020-9487 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385"; target="_blank">NIFI-7385 +NiFi PR: https://github.com/apache/nifi/pull/4271"; target="_blank">PR 4271 +Released: August 18, 2020 + + + + +CVE-2020-9491: Apache NiFi use of weak TLS protocols +Severity: Critical +Versions Affected: + +Apache NiFi 1.2.0 - 1.11.4 + + +Description: The NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. +Mitigation: Refactored disparate internal SSL and TLS code, reducing exposure for extension and framework developers to low-level primitives. Added support for TLS v1.3 on supporting JVMs. Restricted all incoming TLS communications to TLS v1.2+. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Juan Carlos Sequeiros and Andy LoPresto. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9491"; target="_blank">Mitre Database: CVE-2020-9491 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7401"; target="_blank">NIFI-7401 +NiFi PR: https://github.com/apache/nifi/pull/4263"; target="_blank">PR 4263 +Released: August 18, 2020 + + + + +CVE-2020-13940: Apache NiFi information disclosure by XXE +Severity: Low +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The notification service manager and various po
[nifi] branch main updated: NIFI-7841: Made corrections in the nifi-walkthroughs docs (#4548)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 7e0bcb9 NIFI-7841: Made corrections in the nifi-walkthroughs docs (#4548) 7e0bcb9 is described below commit 7e0bcb98e1ebc3bc64d1a33dbb7d626496f6e1d0 Author: VKadam <56328193+vedaka...@users.noreply.github.com> AuthorDate: Wed Sep 23 16:37:26 2020 -0700 NIFI-7841: Made corrections in the nifi-walkthroughs docs (#4548) Signed-off-by: Andy LoPresto --- nifi-docs/src/main/asciidoc/walkthroughs.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/walkthroughs.adoc b/nifi-docs/src/main/asciidoc/walkthroughs.adoc index 3d23bbf..2301981 100644 --- a/nifi-docs/src/main/asciidoc/walkthroughs.adoc +++ b/nifi-docs/src/main/asciidoc/walkthroughs.adoc @@ -1079,7 +1079,7 @@ The resulting directory will contain 7 new entries: ** `node3.nifi/` -- The directory containing `node3` keystore and related files -- Optional command to execute all steps together using the toolkit pattern syntax: -* `./bin/tls-toolkit.sh -n 'node[1-3].nifi' -C 'CN=my_username' -c 'ca.nifi'` -- Performs all steps listed above simultaneously +* `./bin/tls-toolkit.sh standalone -n 'node[1-3].nifi' -C 'CN=my_username' -c 'ca.nifi'` -- Performs all steps listed above simultaneously . Create a new `nifi_cluster` folder in an appropriate location. In this example, where all three nodes will run on the same machine, the `/etc/nifi_cluster` directory is used. All further instructions occur from this directory. * `mkdir /etc/nifi_cluster` -- Creates the working directory * `cd /etc/nifi_cluster` -- Change to the created directory
[nifi] branch main updated: NIFI-7832 Resetting boolean that indicates password is being used when service is disabled (#4543)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new caf7960 NIFI-7832 Resetting boolean that indicates password is being used when service is disabled (#4543) caf7960 is described below commit caf79601ac54249cd61cf7b69112257764d4cb3f Author: Bryan Bende AuthorDate: Tue Sep 22 12:11:46 2020 -0400 NIFI-7832 Resetting boolean that indicates password is being used when service is disabled (#4543) Signed-off-by: Andy LoPresto --- .../nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java index 317c5e6..f48f250 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java +++ b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java @@ -222,6 +222,7 @@ public class HortonworksSchemaRegistry extends AbstractControllerService impleme final String keytab = kerberosCredentialsService.getKeytab(); final String jaasConfigString = getKeytabJaasConfig(principal, keytab); schemaRegistryConfig.put(SchemaRegistryClient.Configuration.SASL_JAAS_CONFIG.name(), jaasConfigString); +usingKerberosWithPassword = false; } else if (!StringUtils.isBlank(kerberosPrincipal) && !StringUtils.isBlank(kerberosPassword)) { schemaRegistryConfig.put(SchemaRegistryClientWithKerberosPassword.SCHEMA_REGISTRY_CLIENT_KERBEROS_PRINCIPAL, kerberosPrincipal); schemaRegistryConfig.put(SchemaRegistryClientWithKerberosPassword.SCHEMA_REGISTRY_CLIENT_KERBEROS_PASSWORD, kerberosPassword); @@ -268,6 +269,7 @@ public class HortonworksSchemaRegistry extends AbstractControllerService impleme } initialized = false; +usingKerberosWithPassword = false; }
[nifi] branch main updated: NIFI-7816: Correct documentation example for urlEncode function in Expression Language Guide (#4536)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 4040664 NIFI-7816: Correct documentation example for urlEncode function in Expression Language Guide (#4536) 4040664 is described below commit 40406648864240b83ab91a711b8fe70fd3c02d57 Author: Mohammed Nadeem AuthorDate: Tue Sep 22 00:42:23 2020 +0530 NIFI-7816: Correct documentation example for urlEncode function in Expression Language Guide (#4536) Signed-off-by: Andy LoPresto --- nifi-docs/src/main/asciidoc/expression-language-guide.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc index 7217f2a..b79629e 100644 --- a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc +++ b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc @@ -1380,7 +1380,7 @@ Each of the following functions will encode a string according the rules of the *Examples*: We can URL-Encode an attribute named "url" by using the Expression `${url:urlEncode()}`. If the value of the "url" attribute is "https://nifi.apache.org/some value with spaces", this - Expression will then return "https://nifi.apache.org/some%20value%20with%20spaces";. + Expression will then return "https%3A%2F%2Fnifi.apache.org%2Fsome+value+with+spaces". @@ -1397,7 +1397,7 @@ Each of the following functions will encode a string according the rules of the *Return Type*: [.returnType]#String# *Examples*: If we have a URL-Encoded attribute named "url" with the value - "https://nifi.apache.org/some%20value%20with%20spaces";, then the Expression + "https://nifi.apache.org/some%20value%20with%20spaces"; or "https%3A%2F%2Fnifi.apache.org%2Fsome+value+with+spaces", then the Expression `${url:urlDecode()}` will return "https://nifi.apache.org/some value with spaces".
[nifi] 05/11: NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate flowfile attributes where possible
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit 6aa58d1374129f723dc5130ab88da10d1f755c94 Author: Matthew Burgess AuthorDate: Fri Sep 11 14:19:38 2020 -0400 NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate flowfile attributes where possible Signed-off-by: Pierre Villard This closes #4523. --- .../nifi/processors/standard/AbstractExecuteSQL.java | 15 --- .../org/apache/nifi/processors/standard/ExecuteSQL.java | 2 +- .../apache/nifi/processors/standard/ExecuteSQLRecord.java | 2 +- .../apache/nifi/processors/standard/TestExecuteSQL.java | 6 -- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java index 845..6481181 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java @@ -127,6 +127,7 @@ public abstract class AbstractExecuteSQL extends AbstractProcessor { .defaultValue("0 seconds") .required(true) .addValidator(StandardValidators.TIME_PERIOD_VALIDATOR) + .expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES) .sensitive(false) .build(); @@ -138,7 +139,7 @@ public abstract class AbstractExecuteSQL extends AbstractProcessor { .defaultValue("0") .required(true) .addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR) - .expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY) + .expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES) .build(); public static final PropertyDescriptor OUTPUT_BATCH_SIZE = new PropertyDescriptor.Builder() @@ -152,7 +153,7 @@ public abstract class AbstractExecuteSQL extends AbstractProcessor { .defaultValue("0") .required(true) .addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR) - .expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY) + .expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES) .build(); public static final PropertyDescriptor FETCH_SIZE = new PropertyDescriptor.Builder() @@ -163,7 +164,7 @@ public abstract class AbstractExecuteSQL extends AbstractProcessor { .defaultValue("0") .required(true) .addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR) - .expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY) + .expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES) .build(); protected List propDescriptors; @@ -210,11 +211,11 @@ public abstract class AbstractExecuteSQL extends AbstractProcessor { final List resultSetFlowFiles = new ArrayList<>(); final ComponentLog logger = getLogger(); -final Integer queryTimeout = context.getProperty(QUERY_TIMEOUT).asTimePeriod(TimeUnit.SECONDS).intValue(); -final Integer maxRowsPerFlowFile = context.getProperty(MAX_ROWS_PER_FLOW_FILE).evaluateAttributeExpressions().asInteger(); -final Integer outputBatchSizeField = context.getProperty(OUTPUT_BATCH_SIZE).evaluateAttributeExpressions().asInteger(); +final int queryTimeout = context.getProperty(QUERY_TIMEOUT).evaluateAttributeExpressions(fileToProcess).asTimePeriod(TimeUnit.SECONDS).intValue(); +final Integer maxRowsPerFlowFile = context.getProperty(MAX_ROWS_PER_FLOW_FILE).evaluateAttributeExpressions(fileToProcess).asInteger(); +final Integer outputBatchSizeField = context.getProperty(OUTPUT_BATCH_SIZE).evaluateAttributeExpressions(fileToProcess).asInteger(); final int outputBatchSize = outputBatchSizeField == null ? 0 : outputBatchSizeField; -final Integer fetchSize = context.getProperty(FETCH_SIZE).evaluateAttributeExpressions().asInteger(); +final Integer fetchSize = context.getProperty(FETCH_SIZE).evaluateAttributeExpressions(fileToProcess).asInteger(); List preQueries = getQueries(context.getProperty(SQL_PRE_QUERY).evaluateAttributeExpressions(fileToProcess).getValue()); List postQueries = getQueries(context.getProperty(SQL_POST_QUERY).evaluateAttributeExpressions(fileToProcess).getValue()); diff --git a/nifi-
[nifi] 08/11: NIFI-5583: Add cdc processor for MySQL referring to GTID.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit 174720104872b43dbaf94a268690d986de7f6b03 Author: yoshiata AuthorDate: Mon Jul 2 15:55:50 2018 +0900 NIFI-5583: Add cdc processor for MySQL referring to GTID. Signed-off-by: Pierre Villard This closes #2997. --- .../nifi/cdc/mysql/event/BaseBinlogEventInfo.java | 10 ++ .../cdc/mysql/event/BaseBinlogRowEventInfo.java| 6 + .../cdc/mysql/event/BaseBinlogTableEventInfo.java | 5 + .../cdc/mysql/event/BeginTransactionEventInfo.java | 5 + .../nifi/cdc/mysql/event/BinlogEventInfo.java | 3 + .../mysql/event/CommitTransactionEventInfo.java| 5 + .../apache/nifi/cdc/mysql/event/DDLEventInfo.java | 5 + .../nifi/cdc/mysql/event/DeleteRowsEventInfo.java | 4 + .../nifi/cdc/mysql/event/InsertRowsEventInfo.java | 5 + .../nifi/cdc/mysql/event/UpdateRowsEventInfo.java | 5 + .../mysql/event/io/AbstractBinlogEventWriter.java | 19 +- .../cdc/mysql/processors/CaptureChangeMySQL.java | 177 ++- .../mysql/processors/CaptureChangeMySQLTest.groovy | 193 + 13 files changed, 393 insertions(+), 49 deletions(-) diff --git a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java index 7089cda..9106e93 100644 --- a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java +++ b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java @@ -25,6 +25,7 @@ public class BaseBinlogEventInfo extends BaseEventInfo implements BinlogEventInf private String binlogFilename; private Long binlogPosition; +private String binlogGtidSet; public BaseBinlogEventInfo(String eventType, Long timestamp, String binlogFilename, Long binlogPosition) { super(eventType, timestamp); @@ -32,6 +33,11 @@ public class BaseBinlogEventInfo extends BaseEventInfo implements BinlogEventInf this.binlogPosition = binlogPosition; } +public BaseBinlogEventInfo(String eventType, Long timestamp, String binlogGtidSet) { +super(eventType, timestamp); +this.binlogGtidSet = binlogGtidSet; +} + public String getBinlogFilename() { return binlogFilename; } @@ -39,4 +45,8 @@ public class BaseBinlogEventInfo extends BaseEventInfo implements BinlogEventInf public Long getBinlogPosition() { return binlogPosition; } + +public String getBinlogGtidSet() { +return binlogGtidSet; +} } diff --git a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java index 4796947..6517225 100644 --- a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java +++ b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java @@ -37,6 +37,12 @@ public class BaseBinlogRowEventInfo extends BaseBinlogTableEve this.delegate = new BaseRowEventInfo<>(tableInfo, type, timestamp, rows); } +public BaseBinlogRowEventInfo(TableInfo tableInfo, String type, Long timestamp, String binlogGtidSet, BitSet includedColumns, List rows) { +super(tableInfo, type, timestamp, binlogGtidSet); +this.includedColumns = includedColumns; +this.delegate = new BaseRowEventInfo<>(tableInfo, type, timestamp, rows); +} + public BitSet getIncludedColumns() { return includedColumns; } diff --git a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java index c5d3ddf..ea23023 100644 --- a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java +++ b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java @@ -35,6 +35,11 @@ public class BaseBinlogTableEventInfo extends BaseBin
[nifi] 09/11: NIFI-7580-Add documentation around autoloading NARs
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit 1adb16efb8e976c47e310bc10ac19e5d439b891d Author: abrown AuthorDate: Tue Sep 15 11:55:30 2020 +0100 NIFI-7580-Add documentation around autoloading NARs Signed-off-by: Pierre Villard This closes #4529. --- .../src/main/asciidoc/administration-guide.adoc| 62 ++ 1 file changed, 62 insertions(+) diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index ea2919f..337c60b 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -3676,3 +3676,65 @@ In your new NiFi installation: 3. After confirming your new NiFi instances are stable and working as expected, the old installation can be removed. NOTE: If the original NiFi was setup to run as a service, update any symlinks or service scripts to point to the new NiFi version executables. + + +== Processor Locations + +[[processor-location-options]] +=== Available Configuration Options + +NiFi provides 3 configuration options for processor locations. Namely: + + nifi.nar.library.directory + nifi.nar.library.directory. + nifi.nar.library.autoload.directory + +NOTE: Paths set using these options are relative to the NiFi Home Directory. For example, if the NiFi Home Directory is `/var/lib/nifi`, and the Library Directory is `./lib`, then the final path is `/var/lib/nifi/lib`. + +The `nifi.nar.library.directory` is used for the default location for provided NiFi processors. It is not recommended to use this for custom processors as these could be lost during a NiFi upgrade. For example: + + nifi.nar.library.directory=./lib + +The `nifi.nar.library.directory.` allows the admin to provide multiple arbritary paths for NiFi to locate custom processors. A unique property identifier must append the property for each unique path. For example: + + nifi.nar.library.directory.myCustomLibs=./my-custom-nars/lib + nifi.nar.library.directory.otherCustomLibs=./other-custom-nars/lib + +The `nifi.nar.library.autoload.directory` is used by the autoload feature, where NiFi can automatically load new processors added to the configured path without requiring a restart. For example: + + nifi.nar.library.autoload.directory=./autoload/lib + +=== Installing Custom Processors + +This section describes the original process for installing custom processors that requires a restart to NiFi. To use the Autoloading feature, see the below <> section. + +Firstly, we will configure a directory for the custom processors. See <> for more about these configuration options. + + nifi.nar.library.directory.myCustomLibs=./my-custom-nars/lib + +Ensure that this directory exists and has appropriate permissions for the nifi user and group. + +Now, we must place our custom processor nar in the configured directory. The configured directory is relative to the NiFi Home directory; for example, let us say that our NiFi Home Dir is `/var/lib/nifi`, we would place our custom processor nar in `/var/lib/nifi/my-custom-nars/lib`. + +Ensure that the file has appropriate permissions for the nifi user and group. + +Restart NiFi and the custom processor should now be available when adding a new Processor to your flow. + +[[autoloading-processors]] +=== Autoloading Custom Processors + +This section describes the process to use the Autoloading feature for custom processors. + +To use the autoloading feature, the `nifi.nar.library.autoload.directory` property must be configured to point at the desired directory. By default, this points at `./extensions`. + +For example: + + nifi.nar.library.autoload.directory=./extensions + +Ensure that this directory exists and has appropriate permissions for the nifi user and group. + +Now, we must place our custom processor nar in the configured directory. The configured directory is relative to the NiFi Home directory; for example, let us say that our NiFi Home Dir is `/var/lib/nifi`, we would place our custom processor nar in `/var/lib/nifi/extensions`. + +Ensure that the file has appropriate permissions for the nifi user and group. + +Refresh the browser page and the custom processor should now be available when adding a new Processor to your flow.
[nifi] 02/11: NIFI-7742: update case clause logic
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit 57eb740384e7cb9f7268d5660587dc82316d5a52 Author: Shane Ardell AuthorDate: Fri Sep 11 16:43:24 2020 -0400 NIFI-7742: update case clause logic --- .../controllers/nf-ng-canvas-flow-status-controller.js | 17 +++-- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js index 2e2ebc5..5595803 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js @@ -321,20 +321,9 @@ var group = item.parentGroup; if (nfCommon.isDefinedAndNotNull(group.id)) { nfProcessGroup.enterGroup(group.id).done(function () { -if ($('#process-group-configuration').is(':visible')) { - nfProcessGroupConfiguration.loadConfiguration(group.id).done(function () { - nfProcessGroupConfiguration.selectControllerService(item.id); -}); -} else { - nfProcessGroupConfiguration.showConfiguration(group.id).done(function () { - nfSettings.selectControllerService(item.id); -}); -} -}); -} else { -// reload the settings and show - nfSettings.showSettings().done(function () { - nfSettings.selectControllerService(item.id); + nfProcessGroupConfiguration.showConfiguration(group.id).done(function () { + nfProcessGroupConfiguration.selectControllerService(item.id); +}); }); } break;
[nifi] 11/11: NIFI-7787 fixing version references
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit c18a81dad91fd6b07c084c21f03d57007e2c5731 Author: Joe Witt AuthorDate: Thu Sep 17 15:23:58 2020 -0700 NIFI-7787 fixing version references --- nifi-commons/nifi-security-utils-api/pom.xml | 2 +- nifi-commons/nifi-security-utils/pom.xml | 2 +- .../nifi-extension-utils/nifi-kerberos-test-utils/pom.xml | 8 nifi-nar-bundles/nifi-framework-bundle/pom.xml| 2 +- nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml | 2 +- .../nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml| 2 +- nifi-nar-bundles/pom.xml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/nifi-commons/nifi-security-utils-api/pom.xml b/nifi-commons/nifi-security-utils-api/pom.xml index 02dbe52..c953a2c 100644 --- a/nifi-commons/nifi-security-utils-api/pom.xml +++ b/nifi-commons/nifi-security-utils-api/pom.xml @@ -17,7 +17,7 @@ org.apache.nifi nifi-commons -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT nifi-security-utils-api diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml index 2b7bd58..b4289c2 100644 --- a/nifi-commons/nifi-security-utils/pom.xml +++ b/nifi-commons/nifi-security-utils/pom.xml @@ -40,7 +40,7 @@ org.apache.nifi nifi-security-utils-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT ch.qos.logback diff --git a/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml index a223d03..3801ca9 100644 --- a/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml +++ b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml @@ -18,7 +18,7 @@ org.apache.nifi nifi-extension-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT nifi-kerberos-test-utils @@ -27,17 +27,17 @@ org.apache.nifi nifi-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT org.apache.nifi nifi-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT org.apache.nifi nifi-kerberos-credentials-service-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml index db1e89e..0905d41 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml @@ -56,7 +56,7 @@ org.apache.nifi nifi-security-utils-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT org.apache.nifi diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml index 38a3234..ea6cb8f 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml @@ -150,7 +150,7 @@ org.apache.nifi nifi-kerberos-test-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT test diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml index 83ddffc..5de1149 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml +++ b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml @@ -117,7 +117,7 @@ org.apache.nifi nifi-kerberos-test-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT test diff --git a/nifi-nar-bundles/pom.xml b/nifi-nar-bundles/pom.xml index 84b9ccb..5582713 100755 --- a/nifi-nar-bundles/pom.xml +++ b/nifi-nar-bundles/pom.xml @@ -201,7 +201,7 @@ org.apache.nifi nifi-security-utils-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT provided
[nifi] 04/11: NIFI-7807 Updating in-class documentation to be more clear & adding additionalDetails with examples
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit 33d9b8fdcaa787334a8acbd79e961396c9bf2e74 Author: abrown AuthorDate: Mon Sep 14 13:53:48 2020 +0100 NIFI-7807 Updating in-class documentation to be more clear & adding additionalDetails with examples Signed-off-by: Pierre Villard This closes #4526. --- .../org/apache/nifi/processors/kudu/PutKudu.java | 2 +- .../additionalDetails.html | 185 + 2 files changed, 186 insertions(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java index 064e295..3e8e199 100644 --- a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java +++ b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java @@ -75,7 +75,7 @@ import java.util.stream.Stream; @InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED) @Tags({"put", "database", "NoSQL", "kudu", "HDFS", "record"}) @CapabilityDescription("Reads records from an incoming FlowFile using the provided Record Reader, and writes those records " + -"to the specified Kudu's table. The schema for the table must be provided in the processor properties or from your source." + +"to the specified Kudu's table. The schema for the Kudu table is inferred from the schema of the Record Reader." + " If any error occurs while reading records from the input, or writing records to Kudu, the FlowFile will be routed to failure") @WritesAttribute(attribute = "record.count", description = "Number of records written to Kudu") diff --git a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/resources/docs/org.apache.nifi.processors.kudu.PutKudu/additionalDetails.html b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/resources/docs/org.apache.nifi.processors.kudu.PutKudu/additionalDetails.html new file mode 100644 index 000..bb79092 --- /dev/null +++ b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/resources/docs/org.apache.nifi.processors.kudu.PutKudu/additionalDetails.html @@ -0,0 +1,185 @@ + + + + + +PutKudu + + + + + + +Description: + +This processor writes Records to a Kudu table. + +A Record Reader must be supplied to read the records from the FlowFile. +The schema supplied to the Record Reader is used to match fields in the Record to the columns of the Kudu table. +See the Table Schema section for more. + + +Table Name +When Hive MetaStore integration is enabled for Impala/Kudu, do not use the "impala::" syntax for the table name. Simply use the Hive "dbname.tablename" syntax. + + +For example, without HMS integration, you might use + + + +Table Name: impala::default.testtable + + + +With HMS integration, you would simply use + + + +Table Name: default.testtable + + + + +Table Schema + + +When writing to Kudu, NiFi must map the fields from the Record to the columns of the Kudu table. It does this by acquiring the schema of the table from Kudu and the schema +provided by the Record Reader. It can now compare the Record field names against the Kudu table column names. Additionally, it also compares the field and colunm types, to +apply the appropriate type conversions. + + + +For example, assuming you have the following data: + + + + +{ +"forename":"Jessica", +"surname":"Smith", +"employee_id":123456789 +} + + + + +With the following schema in the Record Reader: + + + + +{ +"type": "record", +"namespace": "nifi", +"name": "employee", +"fields": [ +{ "name": "forename", "type": &
[nifi] 07/11: NIFI-7768 Added support for monogdb+srv connection strings.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit 2174af7a3ad7de47f355a7e509d02a09100991af Author: Mike Thomsen AuthorDate: Mon Sep 7 20:08:46 2020 -0400 NIFI-7768 Added support for monogdb+srv connection strings. This closes #4514. Signed-off-by: Joey Frazee --- .../apache/nifi/processors/mongodb/GetMongoIT.java | 9 + .../processors/mongodb/RunMongoAggregationIT.java | 9 +++-- nifi-nar-bundles/nifi-mongodb-bundle/pom.xml | 23 +- 3 files changed, 13 insertions(+), 28 deletions(-) diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java index ddea9a8..7ec724c 100644 --- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java +++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java @@ -311,11 +311,12 @@ public class GetMongoIT { * Test original behavior; Manually set query of {}, no input */ final String attr = "query.attr"; -runner.setProperty(GetMongo.QUERY, "{}"); +final String queryValue = "{}"; +runner.setProperty(GetMongo.QUERY, queryValue); runner.setProperty(GetMongo.QUERY_ATTRIBUTE, attr); runner.run(); runner.assertTransferCount(GetMongo.REL_SUCCESS, 3); -testQueryAttribute(attr, "{ }"); +testQueryAttribute(attr, queryValue); runner.clearTransferState(); @@ -325,7 +326,7 @@ public class GetMongoIT { runner.removeProperty(GetMongo.QUERY); runner.setIncomingConnection(false); runner.run(); -testQueryAttribute(attr, "{ }"); +testQueryAttribute(attr, queryValue); runner.clearTransferState(); @@ -336,7 +337,7 @@ public class GetMongoIT { runner.setIncomingConnection(true); runner.enqueue("{}"); runner.run(); -testQueryAttribute(attr, "{ }"); +testQueryAttribute(attr, queryValue); /* * Input flowfile with invalid query diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java index 2aadc5f..24c130f 100644 --- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java +++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java @@ -37,6 +37,7 @@ import org.junit.Test; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Calendar; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -239,12 +240,16 @@ public class RunMongoAggregationIT { @Test public void testExtendedJsonSupport() throws Exception { -String pattern = "-MM-dd'T'HH:mm:ss.SSS"; +String pattern = "-MM-dd'T'HH:mm:ss'Z'"; SimpleDateFormat simpleDateFormat = new SimpleDateFormat(pattern); +//Let's put this a week from now to make sure that we're not getting too close to +//the creation date +Date nowish = new Date(now.getTime().getTime() + (7 * 24 * 60 * 60 * 1000)); + final String queryInput = "[\n" + " {\n" + "\"$match\": {\n" + -" \"date\": { \"$gte\": { \"$date\": \"2019-01-01T00:00:00Z\" }, \"$lte\": { \"$date\": \"" + simpleDateFormat.format(now.getTime()) + "\" } }\n" + +" \"date\": { \"$gte\": { \"$date\": \"2019-01-01T00:00:00Z\" }, \"$lte\": { \"$date\": \"" + simpleDateFormat.format(nowish) + "\" } }\n" + "}\n" + " },\n" + " {\n" + diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml b/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml index ba46fde..1f2d7ad 100644 --- a/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml @@ -35,30 +35,9 @@ -3.2.2 +3.12.7 - - -3.4 - -3.4.3 - - - -3.6 - -3.6.4 - - - -3.8 - -3.8.0 - - - -
[nifi] 10/11: NIFI-7799: Relogin with Kerberos on connect exception in DBCPConnectionPool (#4519)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit e952a76e4f9eba5e668ff06af5ff95554b851acf Author: Matthew Burgess AuthorDate: Thu Sep 17 13:33:54 2020 -0400 NIFI-7799: Relogin with Kerberos on connect exception in DBCPConnectionPool (#4519) --- .../{ => nifi-kerberos-test-utils}/pom.xml | 43 ++- .../kerberos/MockKerberosCredentialsService.java | 85 ++ nifi-nar-bundles/nifi-extension-utils/pom.xml | 1 + .../nifi-hive-bundle/nifi-hive3-processors/pom.xml | 6 ++ .../processors/hive/TestPutHive3Streaming.java | 67 ++--- .../nifi-dbcp-service/pom.xml | 19 + .../org/apache/nifi/dbcp/DBCPConnectionPool.java | 9 +++ .../java/org/apache/nifi/dbcp/DBCPServiceTest.java | 38 ++ .../src/test/resources/fake.keytab | 0 9 files changed, 187 insertions(+), 81 deletions(-) diff --git a/nifi-nar-bundles/nifi-extension-utils/pom.xml b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml similarity index 57% copy from nifi-nar-bundles/nifi-extension-utils/pom.xml copy to nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml index 2980f23..a223d03 100644 --- a/nifi-nar-bundles/nifi-extension-utils/pom.xml +++ b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml @@ -1,4 +1,4 @@ - +
[nifi] branch support/nifi-1.12.x updated (113050a -> c18a81d)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git. discard 113050a NIFI-7787 fixing version references discard 94ad325 NIFI-7799: Relogin with Kerberos on connect exception in DBCPConnectionPool (#4519) discard d6d9509 NIFI-7580-Add documentation around autoloading NARs discard 9de8759 NIFI-5583: Add cdc processor for MySQL referring to GTID. discard 0873ed5 NIFI-7768 Added support for monogdb+srv connection strings. discard 57d7ca1 NIFI-7800: Fix line endings for changed files discard 5499870 NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate flowfile attributes where possible discard 3bb414f NIFI-7807 Updating in-class documentation to be more clear & adding additionalDetails with examples discard 51a3cf4 NIFI-7742: remove defined and null check discard 0baf82b NIFI-7742: update case clause logic discard 3a6915d NIFI-7742: add case for controller service selections discard f41adc6 NIFI-7802 Remove commons-configuration2 dependency from nifi-security-utils which ends up nifi-standard-services-api and on the classpath of any standard services new c0e7f77 NIFI-7742: add case for controller service selections new 57eb740 NIFI-7742: update case clause logic new b9b31b2 NIFI-7742: remove defined and null check new 33d9b8f NIFI-7807 Updating in-class documentation to be more clear & adding additionalDetails with examples new 6aa58d1 NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate flowfile attributes where possible new 05d445f NIFI-7800: Fix line endings for changed files new 2174af7 NIFI-7768 Added support for monogdb+srv connection strings. new 1747201 NIFI-5583: Add cdc processor for MySQL referring to GTID. new 1adb16e NIFI-7580-Add documentation around autoloading NARs new e952a76 NIFI-7799: Relogin with Kerberos on connect exception in DBCPConnectionPool (#4519) new c18a81d NIFI-7787 fixing version references This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (113050a) \ N -- N -- N refs/heads/support/nifi-1.12.x (c18a81d) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 11 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: nifi-commons/nifi-security-utils/pom.xml | 5 ++ .../nifi/security/xml/SafeXMLConfiguration.java| 0 nifi-commons/nifi-security-xml-config/pom.xml | 78 -- nifi-commons/pom.xml | 1 - 4 files changed, 5 insertions(+), 79 deletions(-) rename nifi-commons/{nifi-security-xml-config => nifi-security-utils}/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java (100%) delete mode 100644 nifi-commons/nifi-security-xml-config/pom.xml
[nifi] 01/11: NIFI-7742: add case for controller service selections
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit c0e7f773f0fdd3af6f6bdf38aada3f4162bdae5f Author: Shane Ardell AuthorDate: Fri Sep 11 15:49:51 2020 -0400 NIFI-7742: add case for controller service selections --- .../nf-ng-canvas-flow-status-controller.js | 39 ++ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js index 8a338fa..2e2ebc5 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js @@ -27,9 +27,11 @@ 'nf.ClusterSummary', 'nf.ErrorHandler', 'nf.Settings', -'nf.ParameterContexts'], -function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts) { -return (nf.ng.Canvas.FlowStatusCtrl = factory($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts)); +'nf.ParameterContexts', +'nf.ProcessGroup', +'nf.ProcessGroupConfiguration'], +function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts, nfProcessGroup, nfProcessGroupConfiguration) { +return (nf.ng.Canvas.FlowStatusCtrl = factory($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts, nfProcessGroup, nfProcessGroupConfiguration)); }); } else if (typeof exports === 'object' && typeof module === 'object') { module.exports = (nf.ng.Canvas.FlowStatusCtrl = @@ -41,7 +43,9 @@ require('nf.ClusterSummary'), require('nf.ErrorHandler'), require('nf.Settings'), -require('nf.ParameterContexts'))); +require('nf.ParameterContexts'), +require('nf.ProcessGroup'), +require('nf.ProcessGroupConfiguration'))); } else { nf.ng.Canvas.FlowStatusCtrl = factory(root.$, root.nf.Common, @@ -51,9 +55,11 @@ root.nf.ClusterSummary, root.nf.ErrorHandler, root.nf.Settings, -root.nf.ParameterContexts); +root.nf.ParameterContexts, +root.nf.ProcessGroup, +root.nf.ProcessGroupConfiguration); } -}(this, function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts) { +}(this, function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts, nfProcessGroup, nfProcessGroupConfiguration) { 'use strict'; return function (serviceProvider) { @@ -311,6 +317,27 @@ var paramContext = item.parentGroup; nfParameterContexts.showParameterContext(paramContext.id, null, item.name); break; +case 'controller service': +var group = item.parentGroup; +if (nfCommon.isDefinedAndNotNull(group.id)) { + nfProcessGroup.enterGroup(group.id).done(function () { +if ($('#process-group-configuration').is(':visible')) { + nfProcessGroupConfiguration.loadConfiguration(group.id).done(function () { + nfProcessGroupConfiguration.selectControllerService(item.id); +}); +} else { + nfProcessGroupConfiguration.showConfiguration(group.id).done(function () { + nfSettings.selectControllerService(item.id); +
[nifi] 03/11: NIFI-7742: remove defined and null check
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit b9b31b299b6d5c21681d1b1d827f5fba89bb4a40 Author: Shane Ardell AuthorDate: Fri Sep 11 17:21:20 2020 -0400 NIFI-7742: remove defined and null check This closes #4524 Signed-off-by: Scott Aslan --- .../canvas/controllers/nf-ng-canvas-flow-status-controller.js | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js index 5595803..4de9712 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js @@ -319,13 +319,11 @@ break; case 'controller service': var group = item.parentGroup; -if (nfCommon.isDefinedAndNotNull(group.id)) { - nfProcessGroup.enterGroup(group.id).done(function () { - nfProcessGroupConfiguration.showConfiguration(group.id).done(function () { - nfProcessGroupConfiguration.selectControllerService(item.id); -}); + nfProcessGroup.enterGroup(group.id).done(function () { + nfProcessGroupConfiguration.showConfiguration(group.id).done(function () { + nfProcessGroupConfiguration.selectControllerService(item.id); }); -} +}); break; default: var group = item.parentGroup;
[nifi] branch main updated: NIFI-7730 Added regression tests for multiple certificate keystores. Cleaned up JettyServer code. Changed test logging severity to include debug statements. Added test reso
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new c3cab48 NIFI-7730 Added regression tests for multiple certificate keystores. Cleaned up JettyServer code. Changed test logging severity to include debug statements. Added test resources. c3cab48 is described below commit c3cab48325a8c013f267c9ccc3a375ceb0e3c5e9 Author: Kotaro Terada AuthorDate: Tue Aug 11 18:19:23 2020 +0900 NIFI-7730 Added regression tests for multiple certificate keystores. Cleaned up JettyServer code. Changed test logging severity to include debug statements. Added test resources. This closes #4498. Co-authored-by: Kotaro Terada --- .../nifi/remote/client/http/TestHttpClient.java| 2 +- .../org/apache/nifi/web/server/JettyServer.java| 14 +-- .../nifi/web/server/JettyServerGroovyTest.groovy | 105 + .../apache/nifi/web/server/JettyServerTest.java| 56 +-- .../nifi-jetty/src/test/resources/log4j.properties | 1 + .../src/test/resources/multiple_cert_keystore.jks | Bin 0 -> 4457 bytes .../src/test/resources/multiple_cert_keystore.p12 | Bin 0 -> 4949 bytes .../nifi/integration/util/NiFiTestServer.java | 7 +- .../reporting/prometheus/PrometheusServer.java | 2 +- .../processors/standard/HandleHttpRequest.java | 7 +- .../nifi/processors/standard/ListenHTTP.java | 7 +- .../processors/standard/TestGetHTTPGroovy.groovy | 4 +- .../processors/standard/TestPostHTTPGroovy.groovy | 4 +- .../java/org/apache/nifi/web/util/TestServer.java | 7 +- .../jetty/AbstractJettyWebSocketService.java | 2 +- .../websocket/example/WebSocketClientExample.java | 2 +- .../websocket/example/WebSocketServerExample.java | 7 +- .../server/TlsCertificateAuthorityService.java | 7 +- 18 files changed, 136 insertions(+), 98 deletions(-) diff --git a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java index f6bf811..ab71c56 100644 --- a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java +++ b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java @@ -453,7 +453,7 @@ public class TestHttpClient { final ServletHandler wrongPathServletHandler = new ServletHandler(); wrongPathContextHandler.insertHandler(wrongPathServletHandler); -final SslContextFactory sslContextFactory = new SslContextFactory(); +final SslContextFactory sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks"); sslContextFactory.setKeyStorePassword("passwordpassword"); sslContextFactory.setKeyStoreType("JKS"); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java index ca7944f..e53c785 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java @@ -975,19 +975,13 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader { } private SslContextFactory createSslContextFactory() { -final SslContextFactory contextFactory = new SslContextFactory(); -configureSslContextFactory(contextFactory, props); -return contextFactory; +final SslContextFactory.Server serverContextFactory = new SslContextFactory.Server(); +configureSslContextFactory(serverContextFactory, props); +return serverContextFactory; } -protected static void configureSslContextFactory(SslContextFactory contextFactory, NiFiProperties props) { -// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, -// not a client. Server does not need to perform hostname verification on the client. -// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS". -contextFactory.setEndpointIdentificationAlgorithm(null); - +protected static void configureSslContextFactory(SslContextFactory.Server contextFactory, NiFiProperties props) { // Explicitly exclude legacy TLS protoc
[nifi] branch main updated: NIFI-7767 - Fixed issue with tls-toolkit not adding SANs to generated certificates. Added tests. NIFI-7767 - Fixed up TlsCertificateAuthorityTest to include SAN in tests.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 1e6619b NIFI-7767 - Fixed issue with tls-toolkit not adding SANs to generated certificates. Added tests. NIFI-7767 - Fixed up TlsCertificateAuthorityTest to include SAN in tests. 1e6619b is described below commit 1e6619b91f2d9a7af2d7195464d4a0f5b595b93d Author: Nathan Gough AuthorDate: Fri Aug 28 16:33:51 2020 -0400 NIFI-7767 - Fixed issue with tls-toolkit not adding SANs to generated certificates. Added tests. NIFI-7767 - Fixed up TlsCertificateAuthorityTest to include SAN in tests. --- .../nifi/security/util/CertificateUtils.java | 3 +- .../nifi/security/util/CertificateUtilsTest.groovy | 51 + .../tls/service/TlsCertificateAuthorityTest.java | 27 +++ .../TlsCertificateAuthorityServiceHandlerTest.java | 88 -- 4 files changed, 145 insertions(+), 24 deletions(-) diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java index ee0c33e..a93c518 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java @@ -50,6 +50,7 @@ import org.apache.commons.lang3.StringUtils; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.DLSequence; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -598,7 +599,7 @@ public final class CertificateUtils { ASN1Encodable extension = attValue.getObjectAt(0); if (extension instanceof Extensions) { return (Extensions) extension; -} else if (extension instanceof DERSequence) { +} else if (extension instanceof DERSequence || extension instanceof DLSequence) { return Extensions.getInstance(extension); } } diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy index d20cfeb..a1044ca 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy @@ -16,12 +16,20 @@ */ package org.apache.nifi.security.util +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers +import org.bouncycastle.asn1.x500.X500Name +import org.bouncycastle.asn1.x500.style.BCStyle +import org.bouncycastle.asn1.x500.style.IETFUtils import org.bouncycastle.asn1.x509.Extension import org.bouncycastle.asn1.x509.Extensions import org.bouncycastle.asn1.x509.ExtensionsGenerator import org.bouncycastle.asn1.x509.GeneralName import org.bouncycastle.asn1.x509.GeneralNames import org.bouncycastle.operator.OperatorCreationException +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder +import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest +import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder +import org.bouncycastle.util.IPAddress import org.junit.After import org.junit.Before import org.junit.BeforeClass @@ -68,6 +76,7 @@ class CertificateUtilsTest extends GroovyTestCase { private static final String SUBJECT_DN = "CN=NiFi Test Server,OU=Security,O=Apache,ST=CA,C=US" private static final String ISSUER_DN = "CN=NiFi Test CA,OU=Security,O=Apache,ST=CA,C=US" +private static final List SUBJECT_ALT_NAMES = ["127.0.0.1", "nifi.nifi.apache.org"] @BeforeClass static void setUpOnce() { @@ -655,4 +664,46 @@ class CertificateUtilsTest extends GroovyTestCase { assert tlsVersion == "TLSv1.3" } } + +@Test +void testGetExtensionsFromCSR() { +// Arrange +KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA") +KeyPair keyPair = generator.generateKeyPair() +Extensions sanExtensions = createDomainAlternativeNamesExtensions(SUBJECT_ALT_NAMES, SUBJECT_DN) + +JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(SUBJECT_DN), keyPair.getPublic()) + jcaPKCS10CertificationRequestBuilder.addAttribute(PKCS
[nifi] branch main updated: NIFI-7778: Made corrections in descriptions of padLeft, padRight, plus (#4504)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new e884b3c NIFI-7778: Made corrections in descriptions of padLeft, padRight, plus (#4504) e884b3c is described below commit e884b3cdb2bf2df7c00c914edf520394081f3628 Author: VKadam <56328193+vedaka...@users.noreply.github.com> AuthorDate: Tue Sep 1 13:07:47 2020 -0700 NIFI-7778: Made corrections in descriptions of padLeft, padRight, plus (#4504) Signed-off-by: Andy LoPresto --- nifi-docs/src/main/asciidoc/expression-language-guide.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc index 354d1c2..aad0db2 100644 --- a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc +++ b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc @@ -980,7 +980,7 @@ Expressions will provide the following results: [.function] === padLeft -*Description*: [.description]#The `padLeft` function prepends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached. +*Description*: [.description]#The `padLeft` function prepends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached.# It returns the argument as is if its length is already equal or higher than the desired length, if the padding string is `null`, and if the desired length is either negative or greater than `Integer.MAX_VALUE`. It returns `null` if the argument string is not a valid attribute. @@ -1015,7 +1015,7 @@ Expressions will provide the following results: [.function] === padRight -*Description*: [.description]#The `padRight` function appends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached. +*Description*: [.description]#The `padRight` function appends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached.# It returns the argument as is if its length is already equal or higher than the desired length, if the padding string is `null`, and if the desired length is either negative or greater than `Integer.MAX_VALUE`. It returns `null` if the argument string is not a valid attribute. @@ -1981,7 +1981,7 @@ Divide. This is to preserve backwards compatibility and to not force rounding er === plus *Description*: [.description]#Adds a numeric value to the Subject. If either the argument or the Subject cannot be - coerced into a Number, returns `null`. Does not provide handling for overflow. + coerced into a Number, returns `null`. Does not provide handling for overflow.# *Subject Type*: [.subject]#Number or Decimal#
[nifi] branch main updated: NIFI-6666 removing all modifications to the nifi-api and the newly created builder class
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 4417b9d NIFI- removing all modifications to the nifi-api and the newly created builder class 4417b9d is described below commit 4417b9d64a48b52927c67e42a7bb278e92403e9c Author: Joe Witt AuthorDate: Wed Aug 12 17:11:29 2020 -0700 NIFI- removing all modifications to the nifi-api and the newly created builder class This closes #4475. Signed-off-by: Andy LoPresto --- nifi-api/pom.xml | 95 -- .../code-gen/NifiBuildProperties.java.template | 93 - .../org/apache/nifi/registry/VariableRegistry.java | 10 --- .../org/apache/nifi/build/TestBuildProperties.java | 39 - .../nifi/util/StandardProcessorTestRunner.java | 32 .../nifi/processors/standard/TestInvokeHTTP.java | 7 +- .../nifi/text/TestFreeFormTextRecordSetWriter.java | 4 +- 7 files changed, 4 insertions(+), 276 deletions(-) diff --git a/nifi-api/pom.xml b/nifi-api/pom.xml index 50bb79d..c710f97 100644 --- a/nifi-api/pom.xml +++ b/nifi-api/pom.xml @@ -23,99 +23,4 @@ nifi-api jar - - - - - -pl.project13.maven -git-commit-id-plugin -4.0.0 - - -generate-sources - -revision - - - - - - --MM-dd'T'HH:mm:ssZ - - - - -com.google.code.maven-replacer-plugin -replacer -1.5.3 - - -Generate NifiBuildProperties Java class -generate-sources - -replace - - - ${project.basedir}/src/main/code-gen/NifiBuildProperties.java.template - ${project.build.directory}/generated-sources/java/org/apache/nifi/build/NifiBuildProperties.java - - - - - - -#maven.build.timestamp# -${maven.build.timestamp} - - - -#project.version# -${project.version} - - - #git.branch#${git.branch} - #git.build.number#${git.build.number} - #git.build.number.unique#${git.build.number.unique} - #git.build.time#${git.build.time} - #git.build.version#${git.build.version} - #git.closest.tag.commit.count#${git.closest.tag.commit.count} - #git.closest.tag.name#${git.closest.tag.name} - #git.commit.id#${git.commit.id} - #git.commit.id.abbrev#${git.commit.id.abbrev} - #git.commit.id.describe#${git.commit.id.describe} - #git.commit.id.describe-short#${git.commit.id.describe-short} - #git.commit.time#${git.commit.time} - #git.dirty#${git.dirty} - #git.total.commit.count#${git.total.commit.count} - - - - - - -org.codehaus.mojo -build-helper-maven-plugin -3.0.0 - - -add-source -generate-sources - -add-source - - - - ${project.build.directory}/generated-sources/java/ - - - - - - - - - - diff --git a/nifi-api/src/main/code-gen/NifiBuildProperties.java.template b/nifi-api/src/main/code-gen/NifiBuildProperties.java.template deleted file mode 100644 index 050bd98..000 --- a/nifi-api/src/main/code-gen/NifiBuildProperties.java.template +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright
[nifi] branch main updated: NIFI-XXXX Fixed typo in documentation.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new a794930 NIFI- Fixed typo in documentation. a794930 is described below commit a79493082c8ab90b40e40fd21ffe08008857cac0 Author: Kyle Miracle AuthorDate: Wed Aug 5 18:45:11 2020 -0400 NIFI- Fixed typo in documentation. This closes #4455. Signed-off-by: Andy LoPresto --- .../main/java/org/apache/nifi/processors/standard/UpdateCounter.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java index e8f3bcf..0edcba6 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java @@ -48,7 +48,7 @@ public class UpdateCounter extends AbstractProcessor { static final PropertyDescriptor COUNTER_NAME = new PropertyDescriptor.Builder() .name("counter-name") .displayName("Counter Name") -.description("The name of the counter you want to set the value off - supports expression language like ${counterName}") +.description("The name of the counter you want to set the value of - supports expression language like ${counterName}") .required(true) .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) .addValidator(StandardValidators.ATTRIBUTE_EXPRESSION_LANGUAGE_VALIDATOR)
[nifi] branch main updated: NIFI-7572: Force ScriptedTransformRecord to recompile the script when started
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 6488db1 NIFI-7572: Force ScriptedTransformRecord to recompile the script when started 6488db1 is described below commit 6488db13762fd42ce6c51f574e2e47ac29006ab5 Author: Matthew Burgess AuthorDate: Thu Aug 6 10:54:41 2020 -0400 NIFI-7572: Force ScriptedTransformRecord to recompile the script when started This closes #4458. Signed-off-by: Andy LoPresto --- .../processors/script/ScriptedTransformRecord.java | 2 + .../script/TestScriptedTransformRecord.java| 60 ++ 2 files changed, 62 insertions(+) diff --git a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java index d14187e..0adf82c 100644 --- a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java +++ b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java @@ -183,6 +183,8 @@ public class ScriptedTransformRecord extends AbstractProcessor implements Search scriptToRun = IOUtils.toString(scriptStream, Charset.defaultCharset()); } } +// Always compile when first run +compiledScriptRef.set(null); } diff --git a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java index 3b15cf3..08676c8 100644 --- a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java +++ b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java @@ -333,6 +333,66 @@ public class TestScriptedTransformRecord { assertEquals("Unknown Author", outputRecords.get(1).getAsRecord("book", bookSchema).getValue("author")); } +@Test +public void testRecompileJythonScript() throws InitializationException { +final RecordSchema schema = createSimpleNumberSchema(); +setup(schema); + +testRunner.setProperty(ScriptedTransformRecord.LANGUAGE, "python"); +testRunner.setProperty(ScriptingComponentUtils.SCRIPT_BODY, "_ = record"); + +final Map num1 = new HashMap<>(); +num1.put("num", 1); +final Map num2 = new HashMap<>(); +num2.put("num", 2); +final Map num3 = new HashMap<>(); +num3.put("num", 3); + +recordReader.addRecord(new MapRecord(schema, num1)); +recordReader.addRecord(new MapRecord(schema, num2)); +recordReader.addRecord(new MapRecord(schema, num3)); + +testRunner.enqueue(new byte[0]); + +testRunner.run(); + testRunner.assertAllFlowFilesTransferred(ScriptedTransformRecord.REL_SUCCESS, 1); + +MockFlowFile out = testRunner.getFlowFilesForRelationship(ScriptedTransformRecord.REL_SUCCESS).get(0); +out.assertAttributeEquals("record.count", "3"); +assertEquals(3, testRunner.getCounterValue("Records Transformed").intValue()); +assertEquals(0, testRunner.getCounterValue("Records Dropped").intValue()); + +List recordsWritten = recordWriter.getRecordsWritten(); +assertEquals(3, recordsWritten.size()); + +for (int i = 0; i < 3; i++) { +assertEquals(i + 1, recordsWritten.get(i).getAsInt("num").intValue()); +} + +testRunner.clearTransferState(); +// reset the writer +testRunner.removeControllerService(recordWriter); +recordWriter = new ArrayListRecordWriter(schema); +testRunner.addControllerService("record-writer", recordWriter); +testRunner.enableControllerService(recordWriter); + +testRunner.setProperty(ScriptingComponentUtils.SCRIPT_BODY, "record.setValue(\"num\", 5)\n_ = record"); + +testRunner.enqueue(new byte[0]); +testRunner.run(); + testRunner.assertAllFlowFilesTransferred(ScriptedTransformRecord.REL_SUCCESS, 1); + +out = testRunner.getFlowFilesForRelationship(ScriptedTransformRecord.REL_SUCCESS).get(0); +out.as
[nifi] branch main updated: NIFI-7703 updated all commons codec references to 1.14
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 536dbb7 NIFI-7703 updated all commons codec references to 1.14 536dbb7 is described below commit 536dbb7213b58ea1cf7dfa538cffdf3a0836 Author: Joe Witt AuthorDate: Tue Aug 4 08:36:00 2020 -0700 NIFI-7703 updated all commons codec references to 1.14 This closes #4448. Signed-off-by: Andy LoPresto --- nifi-commons/nifi-security-utils/pom.xml | 2 +- nifi-commons/nifi-web-utils/pom.xml| 2 +- nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml | 2 +- nifi-nar-bundles/nifi-framework-bundle/pom.xml | 2 +- nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml | 2 +- nifi-nar-bundles/nifi-standard-bundle/pom.xml | 2 +- nifi-toolkit/nifi-toolkit-cli/pom.xml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml index ede0c9b..f705a1e9 100644 --- a/nifi-commons/nifi-security-utils/pom.xml +++ b/nifi-commons/nifi-security-utils/pom.xml @@ -50,7 +50,7 @@ commons-codec commons-codec -1.12 +1.14 org.bouncycastle diff --git a/nifi-commons/nifi-web-utils/pom.xml b/nifi-commons/nifi-web-utils/pom.xml index 40d6455..72e40d9 100644 --- a/nifi-commons/nifi-web-utils/pom.xml +++ b/nifi-commons/nifi-web-utils/pom.xml @@ -34,7 +34,7 @@ commons-codec commons-codec -1.13 +1.14 org.apache.commons diff --git a/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml b/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml index 77c8aa7..fe0298c 100644 --- a/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml +++ b/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml @@ -49,7 +49,7 @@ language governing permissions and limitations under the License. --> commons-codec commons-codec -1.13 +1.14 org.apache.nifi diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml index e3cd279..ecf7f7c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml @@ -214,7 +214,7 @@ commons-codec commons-codec -1.12 +1.14 javax.ws.rs diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml index 8bedf5d..f112283 100755 --- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml +++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml @@ -58,7 +58,7 @@ commons-codec commons-codec -1.12 +1.14 org.apache.nifi diff --git a/nifi-nar-bundles/nifi-standard-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/pom.xml index 602bec5..fa82d34 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/pom.xml @@ -199,7 +199,7 @@ commons-codec commons-codec -1.12 +1.14 com.hierynomus diff --git a/nifi-toolkit/nifi-toolkit-cli/pom.xml b/nifi-toolkit/nifi-toolkit-cli/pom.xml index 8db46af..e7cc16e 100644 --- a/nifi-toolkit/nifi-toolkit-cli/pom.xml +++ b/nifi-toolkit/nifi-toolkit-cli/pom.xml @@ -100,7 +100,7 @@ commons-codec commons-codec -1.13 +1.14 org.glassfish.jersey.media
[nifi] branch main updated: NIFI-7605 Removed user-agent default value so no header will be sent by default. Added and updated unit tests.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 0861b2f NIFI-7605 Removed user-agent default value so no header will be sent by default. Added and updated unit tests. 0861b2f is described below commit 0861b2f632694435b1d115bbe6e04eb453518728 Author: Mike Thomsen AuthorDate: Fri Jul 24 07:52:27 2020 -0400 NIFI-7605 Removed user-agent default value so no header will be sent by default. Added and updated unit tests. This closes #4428. Signed-off-by: Andy LoPresto Signed-off-by: Joe Witt --- .../nifi/processors/standard/InvokeHTTP.java | 179 ++--- .../nifi/processors/standard/TestInvokeHTTP.java | 50 -- 2 files changed, 129 insertions(+), 100 deletions(-) diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java index 374e9fb..4e91cb7 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java @@ -111,29 +111,29 @@ import org.joda.time.format.DateTimeFormatter; @Tags({"http", "https", "rest", "client"}) @InputRequirement(Requirement.INPUT_ALLOWED) @CapabilityDescription("An HTTP client processor which can interact with a configurable HTTP Endpoint. The destination URL and HTTP Method are configurable." -+ " FlowFile attributes are converted to HTTP headers and the FlowFile contents are included as the body of the request (if the HTTP Method is PUT, POST or PATCH).") ++ " FlowFile attributes are converted to HTTP headers and the FlowFile contents are included as the body of the request (if the HTTP Method is PUT, POST or PATCH).") @WritesAttributes({ -@WritesAttribute(attribute = "invokehttp.status.code", description = "The status code that is returned"), -@WritesAttribute(attribute = "invokehttp.status.message", description = "The status message that is returned"), -@WritesAttribute(attribute = "invokehttp.response.body", description = "In the instance where the status code received is not a success (2xx) " -+ "then the response body will be put to the 'invokehttp.response.body' attribute of the request FlowFile."), -@WritesAttribute(attribute = "invokehttp.request.url", description = "The request URL"), -@WritesAttribute(attribute = "invokehttp.tx.id", description = "The transaction ID that is returned after reading the response"), -@WritesAttribute(attribute = "invokehttp.remote.dn", description = "The DN of the remote server"), -@WritesAttribute(attribute = "invokehttp.java.exception.class", description = "The Java exception class raised when the processor fails"), -@WritesAttribute(attribute = "invokehttp.java.exception.message", description = "The Java exception message raised when the processor fails"), -@WritesAttribute(attribute = "user-defined", description = "If the 'Put Response Body In Attribute' property is set then whatever it is set to " -+ "will become the attribute key and the value would be the body of the HTTP response.")}) -@DynamicProperties ({ -@DynamicProperty(name = "Header Name", value = "Attribute Expression Language", expressionLanguageScope = ExpressionLanguageScope.FLOWFILE_ATTRIBUTES, -description = -"Send request header with a key matching the Dynamic Property Key and a value created by evaluating " -+ "the Attribute Expression Language set in the value of the Dynamic Property."), -@DynamicProperty(name = "post:form:", value = "Attribute Expression Language", expressionLanguageScope = ExpressionLanguageScope.FLOWFILE_ATTRIBUTES, -description = -"When the HTTP Method is POST, dynamic properties with the property name in the form of post:form:," -+ " where the will be the form data name, will be used to fill out the multipart form parts." -+ " If send message body is false, the flowfile will not be sent, but any other form data will be.") +@WritesAttribute(attribute = "invokehttp.status.code",
[nifi] branch main updated: NIFI-7640 Add documentation: temporary directory (#4414)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 455f48f NIFI-7640 Add documentation: temporary directory (#4414) 455f48f is described below commit 455f48fce4fbbae19df27a7702d49f1912f8753a Author: Tamás Bunth AuthorDate: Wed Jul 29 22:57:34 2020 +0200 NIFI-7640 Add documentation: temporary directory (#4414) NiFi uses the Java IO temporary directory for storing HTTP multipart files when using HandleHttpRequest processor. The directory can be overwritten with Java command line parameter. --- nifi-docs/src/main/asciidoc/administration-guide.adoc | 2 +- .../java/org/apache/nifi/processors/standard/HandleHttpRequest.java | 6 -- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index 7e29109..8e5c69d 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -2215,7 +2215,7 @@ take effect only after NiFi has been stopped and restarted. if the service is still running, the Bootstrap will `kill` the process, or terminate it abruptly. |`java.arg.N`|Any number of JVM arguments can be passed to the NiFi JVM when the process is started. These arguments are defined by adding properties to _bootstrap.conf_ that begin with `java.arg.`. The rest of the property name is not relevant, other than to differentiate property names, and will be ignored. The default includes -properties for minimum and maximum Java Heap size, the garbage collector to use, etc. +properties for minimum and maximum Java Heap size, the garbage collector to use, Java IO temporary directory, etc. |`nifi.bootstrap.sensitive.key`|The root key (in hexadecimal format) for encrypted sensitive configuration values. When NiFi is started, this root key is used to decrypt sensitive values from the _nifi.properties_ file into memory for later use. The Encrypt-Config Tool can be used to specify the root key, encrypt sensitive values in _nifi.properties_ and update _bootstrap.conf_. See the <> for an example. diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java index 86ee126..a7d3c89 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java @@ -94,7 +94,8 @@ import java.util.regex.Pattern; @InputRequirement(Requirement.INPUT_FORBIDDEN) @Tags({"http", "https", "request", "listen", "ingress", "web service"}) @CapabilityDescription("Starts an HTTP Server and listens for HTTP Requests. For each request, creates a FlowFile and transfers to 'success'. " -+ "This Processor is designed to be used in conjunction with the HandleHttpResponse Processor in order to create a Web Service") ++ "This Processor is designed to be used in conjunction with the HandleHttpResponse Processor in order to create a Web Service. In case " ++ " of a multipart request, one FlowFile is generated for each part.") @WritesAttributes({ @WritesAttribute(attribute = HTTPUtils.HTTP_CONTEXT_ID, description = "An identifier that allows the HandleHttpRequest and HandleHttpResponse " + "to coordinate which FlowFile belongs to which HTTP Request/Response."), @@ -131,7 +132,8 @@ import java.util.regex.Pattern; @WritesAttribute(attribute = "http.multipart.name", description = "For requests with Content-Type \"multipart/form-data\", the part's name is recorded into this attribute"), @WritesAttribute(attribute = "http.multipart.filename", -description = "For requests with Content-Type \"multipart/form-data\", when the part contains an uploaded file, the name of the file is recorded into this attribute"), +description = "For requests with Content-Type \"multipart/form-data\", when the part contains an uploaded file, the name of the file is recorded into this attribute. " ++ "Files are stored temporarily at the default temporary-file directory specified in \"java.io.File\" Java Docs)
[nifi] branch main updated: NIFI-7638 Implemented custom nifi.sensitive.props.algorithm for AES-G/CM with Argon2 KDF. Added documentation for encryption of flow sensitive values. Added unit tests.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 7d20c03 NIFI-7638 Implemented custom nifi.sensitive.props.algorithm for AES-G/CM with Argon2 KDF. Added documentation for encryption of flow sensitive values. Added unit tests. 7d20c03 is described below commit 7d20c03f89358a5d5c6db63e631013e1c4be4bc4 Author: Andy LoPresto AuthorDate: Fri Jul 17 15:33:47 2020 -0700 NIFI-7638 Implemented custom nifi.sensitive.props.algorithm for AES-G/CM with Argon2 KDF. Added documentation for encryption of flow sensitive values. Added unit tests. This closes #4427. --- .../util/crypto/RandomIVPBECipherProvider.java | 2 +- .../src/main/asciidoc/administration-guide.adoc| 14 +- .../org/apache/nifi/encrypt/StringEncryptor.java | 148 ++-- .../apache/nifi/encrypt/StringEncryptorTest.groovy | 150 - 4 files changed, 240 insertions(+), 74 deletions(-) diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java index 99ad9c6..f536770 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java @@ -46,7 +46,7 @@ public abstract class RandomIVPBECipherProvider implements PBECipherProvider { * @return the initialized cipher * @throws Exception if there is a problem initializing the cipher */ -abstract Cipher getCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception; +public abstract Cipher getCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception; abstract Logger getLogger(); diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index 86777d2..3c1ebbd 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -1580,7 +1580,19 @@ If on a system where the unlimited strength policies cannot be installed, it is If it is not possible to install the unlimited strength jurisdiction policies, the `Allow Weak Crypto` setting can be changed to `allowed`, but *this is _not_ recommended*. Changing this setting explicitly acknowledges the inherent risk in using weak cryptographic configurations. = -It is preferable to request upstream/downstream systems to switch to link:https://cwiki.apache.org/confluence/display/NIFI/Encryption+Information[keyed encryption^] or use a "strong" link:https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations[Key Derivation Function (KDF) supported by NiFi^]. +It is preferable to request upstream/downstream systems to switch to link:https://cwiki.apache.org/confluence/display/NIFI/Encryption+Information[keyed encryption^] or use a "strong" <>. + +[[nifi_sensitive_props_key]] +== Encrypted Passwords in Flow Definitions + +NiFi always stores all sensitive values (passwords, tokens, and other credentials) populated into a flow in an encrypted format on disk. The encryption algorithm used is specified by `nifi.sensitive.props.algorithm` and the password from which the encryption key is derived is specified by `nifi.sensitive.props.key` in _nifi.properties_ (see <> for additional information). Prior to version 1.12.0, the list of available algorithms was all pass [...] + +* `NIFI_ARGON2_AES_GCM_256` -- 256-bit key length +* `NIFI_ARGON2_AES_GCM_128` -- 128-bit key length + +Both options require a password (`nifi.sensitive.props.key` value) of *at least 12 characters*. This means the "default" value (if left empty, a hard-coded default is used) will not be sufficient. + +These options provide a bridge solution to higher security without requiring a change to the structure of _nifi.properties_. Due to the implementation of flow synchronization, on every change to the flow definition, all sensitive properties are re-encrypted during flow serialization, and each encryption operation requires the derivation of the key. _As Argon2 is intentionally time-hard, this will introduce an approximately 1 second cost per sensitive value per flow modification._ This is [...] [[encrypt-config_tool]] == Encrypted Passwords in Configuration Files diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-
[nifi] branch main updated: NIFI-7622 Use param context name from inside nested versioned PG when importing
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 5cb8d24 NIFI-7622 Use param context name from inside nested versioned PG when importing 5cb8d24 is described below commit 5cb8d246899df914781001415d0e155f90ef6ed3 Author: Bryan Bende AuthorDate: Fri Jul 10 14:30:20 2020 -0400 NIFI-7622 Use param context name from inside nested versioned PG when importing This closes #4401. Signed-off-by: Andy LoPresto --- .../main/java/org/apache/nifi/groups/StandardProcessGroup.java | 9 - .../org/apache/nifi/registry/flow/RestBasedFlowRegistry.java | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java index d3b0c9e..99282c7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java @@ -4211,7 +4211,7 @@ public final class StandardProcessGroup implements ProcessGroup { return childSnapshot.getParameterContexts(); } catch (final NiFiRegistryException e) { throw new IllegalArgumentException("The Flow Registry with ID " + registryId + " reports that no Flow exists with Bucket " -+ bucketId + ", Flow " + flowId + ", Version " + flowVersion); ++ bucketId + ", Flow " + flowId + ", Version " + flowVersion, e); } catch (final IOException ioe) { throw new IllegalStateException( "Failed to communicate with Flow Registry when attempting to retrieve a versioned flow"); @@ -4273,6 +4273,13 @@ public final class StandardProcessGroup implements ProcessGroup { // Create a new Parameter Context based on the parameters provided final VersionedParameterContext versionedParameterContext = versionedParameterContexts.get(proposedParameterContextName); +// Protect against NPE in the event somehow the proposed name is not in the set of contexts +if (versionedParameterContext == null) { +final String paramContextNames = StringUtils.join(versionedParameterContexts.keySet()); +throw new IllegalStateException("Proposed parameter context name '" + proposedParameterContextName ++ "' does not exist in set of available parameter contexts [" + paramContextNames + "]"); +} + final ParameterContext contextByName = getParameterContextByName(versionedParameterContext.getName()); final ParameterContext selectedParameterContext; if (contextByName == null) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java index dc5f28e..0adda02 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java @@ -258,6 +258,7 @@ public class RestBasedFlowRegistry implements FlowRegistry { group.setProcessors(contents.getProcessors()); group.setRemoteProcessGroups(contents.getRemoteProcessGroups()); group.setVariables(contents.getVariables()); +group.setParameterContextName(contents.getParameterContextName()); group.setFlowFileConcurrency(contents.getFlowFileConcurrency()); group.setFlowFileOutboundPolicy(contents.getFlowFileOutboundPolicy()); coordinates.setLatest(snapshot.isLatest());
[nifi] branch main updated: NIFI-7568 - Applied Kerberos mappings to authentication requests. Kerberos mappings should now be applied correctly in H2 database for username/password based login. Added
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new d846a74 NIFI-7568 - Applied Kerberos mappings to authentication requests. Kerberos mappings should now be applied correctly in H2 database for username/password based login. Added tests. Logout now deletes signing key by key ID rather than identity. Validate token expiration now uses mapped identity instead, which allows logging of the mapped identity. Updated delete key to expect only 0 or 1 keys deleted. d846a74 is described below commit d846a74730edb4d142e0a3051c60e9fec33f1f09 Author: Nathan Gough AuthorDate: Mon Jun 29 19:18:22 2020 -0400 NIFI-7568 - Applied Kerberos mappings to authentication requests. Kerberos mappings should now be applied correctly in H2 database for username/password based login. Added tests. Logout now deletes signing key by key ID rather than identity. Validate token expiration now uses mapped identity instead, which allows logging of the mapped identity. Updated delete key to expect only 0 or 1 keys deleted. This closes #4416. Signed-off-by: Andy LoPresto --- .../java/org/apache/nifi/admin/dao/KeyDAO.java | 6 +- .../apache/nifi/admin/dao/impl/StandardKeyDAO.java | 8 +- .../org/apache/nifi/admin/service/KeyService.java | 4 +- ...{DeleteKeysAction.java => DeleteKeyAction.java} | 17 +- .../admin/service/impl/StandardKeyService.java | 26 +-- .../src/main/java/org/apache/nifi/key/Key.java | 9 + .../org/apache/nifi/web/api/AccessResource.java| 19 +- .../accesscontrol/ITAccessTokenEndpoint.java | 9 +- .../nifi/integration/util/NiFiTestAuthorizer.java | 4 +- .../util/NiFiTestLoginIdentityProvider.java| 1 + .../apache/nifi/integration/util/NiFiTestUser.java | 8 + .../nifi-mapped-identities.properties | 144 +++ .../web/security/jwt/JwtAuthenticationFilter.java | 2 +- .../apache/nifi/web/security/jwt/JwtService.java | 27 ++- .../jwt/JwtAuthenticationProviderTest.java | 132 ++ .../nifi/web/security/jwt/JwtServiceTest.java | 202 ++--- .../nifi/web/security/jwt/TestKeyService.java | 73 17 files changed, 613 insertions(+), 78 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java index 9626445..3cfaf2f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java @@ -48,9 +48,9 @@ public interface KeyDAO { Key createKey(String identity); /** - * Deletes all keys for the specified user identity. + * Deletes a key using the key ID. * - * @param identity The user identity + * @param keyId The key ID */ -void deleteKeys(String identity); +Integer deleteKey(Integer keyId); } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java index 44d9716..28d090d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java @@ -47,7 +47,7 @@ public class StandardKeyDAO implements KeyDAO { + ")"; private static final String DELETE_KEYS = "DELETE FROM KEY " -+ "WHERE IDENTITY = ?"; ++ "WHERE ID = ?"; private final Connection connection; @@ -156,13 +156,13 @@ public class StandardKeyDAO implements KeyDAO { } @Override -public void deleteKeys(String identity) { +public Integer deleteKey(Integer keyId) { PreparedStatement statement = null; try { // add each authority for the specified user statement = connection.prepareStatement(DELETE_KEYS); -statement.setString(1, identity); -statement.executeUpdate(); +statement.setInt(1, keyId); +return statement.executeUpdate(); } catch (SQLException sqle) { throw new DataAccessException(sqle); } catch (DataAccessException dae) { diff --git a/
[nifi] branch main updated: NIFI-7304 Removed default value for nifi.web.max.content.size. Added Bundle#toString() method. Refactored implementation of filter addition logic. Added logging. Added unit
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new dbee774 NIFI-7304 Removed default value for nifi.web.max.content.size. Added Bundle#toString() method. Refactored implementation of filter addition logic. Added logging. Added unit tests to check for filter enablement. Introduced content-length exception handling in StandardPublicPort. Added filter bypass functionality for framework requests in ContentLengthFilter. Updated property documentation in Admin Guide. Renamed methods & added Javadoc to clarify purpose of filters in Jet [...] dbee774 is described below commit dbee774c5b95121b2d89621fc66f8a215c15ad7c Author: Andy LoPresto AuthorDate: Wed Apr 1 20:20:38 2020 -0700 NIFI-7304 Removed default value for nifi.web.max.content.size. Added Bundle#toString() method. Refactored implementation of filter addition logic. Added logging. Added unit tests to check for filter enablement. Introduced content-length exception handling in StandardPublicPort. Added filter bypass functionality for framework requests in ContentLengthFilter. Updated property documentation in Admin Guide. Renamed methods & added Javadoc to clarify purpose of filters in JettyServer. Cleaned up conditional logic in StandardPublicPort. Moved ContentLengthFilterTest to correct module. Refactored unit tests for accuracy and clarity. Fixed remaining merge conflict due to method renaming. Signed-off-by: Joe Witt --- .../java/org/apache/nifi/util/NiFiProperties.java | 9 +- .../org/apache/nifi/util/NiFiPropertiesTest.java | 5 +- .../src/main/asciidoc/administration-guide.adoc| 2 +- .../main/java/org/apache/nifi/bundle/Bundle.java | 5 + .../StandardNiFiPropertiesGroovyTest.groovy| 16 ++ .../nifi-framework/nifi-resources/pom.xml | 2 +- .../org/apache/nifi/remote/StandardPublicPort.java | 61 +++-- .../remote/StandardPublicPortGroovyTest.groovy | 116 .../org/apache/nifi/web/server/JettyServer.java| 98 +-- .../nifi/web/server/JettyServerGroovyTest.groovy | 81 ++ .../nifi/web/filter/ContentLengthFilterTest.java | 185 - .../src/test/resources/logback-test.xml| 2 + .../web/security/requests/ContentLengthFilter.java | 36 +++ .../requests/ContentLengthFilterTest.groovy| 297 + .../src/test/resources/logback-test.xml| 6 +- 15 files changed, 685 insertions(+), 236 deletions(-) diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java index 662f5d0..5a74f73 100644 --- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java +++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java @@ -653,8 +653,15 @@ public abstract class NiFiProperties { return getProperty(WEB_MAX_HEADER_SIZE, DEFAULT_WEB_MAX_HEADER_SIZE); } +/** + * Returns the {@code nifi.web.max.content.size} value from {@code nifi.properties}. + * Does not provide a default value because the presence of any value here enables the + * {@code ContentLengthFilter}. + * + * @return the specified max content-length and units for an incoming HTTP request + */ public String getWebMaxContentSize() { -return getProperty(WEB_MAX_CONTENT_SIZE, DEFAULT_WEB_MAX_CONTENT_SIZE); +return getProperty(WEB_MAX_CONTENT_SIZE); } public String getMaxWebRequestsPerSecond() { diff --git a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java index da5e8da..27ced62 100644 --- a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java +++ b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java @@ -17,8 +17,9 @@ package org.apache.nifi.util; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -269,7 +270,7 @@ public class NiFiPropertiesTest { }}); // Assert defaults match expectations: -assertEquals(properties.getWebMaxContentSize(), "20 MB"); +assertNull(properties.getWebMaxContentSize()); // Re-arrange with specific values: final String size = "size value"; diff --git a/nifi-docs/src/main/asciidoc/administration-guid
[nifi-standard-libraries] branch main created (now 790c215)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-standard-libraries.git. at 790c215 NIFILIBS-1 Setup root pom, README, LICENSE, & NOTICE No new revisions were added by this update.
[nifi-container] branch main created (now 3205b9a)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-container.git. at 3205b9a NIFI-4425 - Rename README to include md extension so it is appropriately rendered. No new revisions were added by this update.
[nifi-maven] branch main created (now b81db23)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-maven.git. at b81db23 Merge branch 'nifi-maven-1.3.1-rc1' No new revisions were added by this update.
[nifi-minifi-cpp] branch main created (now ddddb22)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git. at b22 MINIFICPP-1282 Use GNUInstallDirs for more reliable determination of installed lib/lib64 directories No new revisions were added by this update.
[nifi-minifi] branch main created (now b6ec05d)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi.git. at b6ec05d Merge pull request #193 from mattyb149/MINIFI-245 No new revisions were added by this update.
[nifi-registry] branch main created (now eda3f7c)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-registry.git. at eda3f7c NIFIREG-227 GitFlowPersistenceProvider option to clone repo on startup - Remove the extra file creation in clone repo - Fix checkstyle issues - Added documentation and made changes as per suggestions made by HorizonNet - Javadoc and documentation improvements No new revisions were added by this update.
[nifi-fds] branch main created (now 0f99323)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-fds.git. at 0f99323 [NIFI-6646] untheme confirm dialog close button No new revisions were added by this update.
[nifi-site] branch main created (now f447a58)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git. at f447a58 Moved Jeff Storck to In Memoriam section. This branch includes the following new commits: new f447a58 Moved Jeff Storck to In Memoriam section. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[nifi-site] 01/01: Moved Jeff Storck to In Memoriam section.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit f447a588ee06b994d173fb6380f23dd887d48bcf Author: Andy LoPresto AuthorDate: Mon Jun 15 11:47:53 2020 -0700 Moved Jeff Storck to In Memoriam section. --- src/pages/html/people.hbs | 30 +++--- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/src/pages/html/people.hbs b/src/pages/html/people.hbs index a6a0fd7..575a30b 100644 --- a/src/pages/html/people.hbs +++ b/src/pages/html/people.hbs @@ -155,11 +155,6 @@ title: Apache NiFi Team -jstorck -Jeff Storck - - - phrocker Marc Parisi @@ -288,6 +283,27 @@ title: Apache NiFi Team + + + +In Memoriam + + + + + + + + +Id +Name + + +jstorck +Jeff Storck (PMC) + + + @@ -307,8 +323,8 @@ title: Apache NiFi Team bimargulies Benson Margulies - - + +
[nifi] branch main created (now 239a2e8)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git. at 239a2e8 NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359) No new revisions were added by this update.
[nifi] branch master updated: NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 239a2e8 NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359) 239a2e8 is described below commit 239a2e884c8a5c8215cf41c55122472e11dc419a Author: VKadam <56328193+vedaka...@users.noreply.github.com> AuthorDate: Wed Jul 1 10:52:22 2020 -0700 NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359) --- nifi-docs/src/main/asciidoc/walkthroughs.adoc | 104 +- 1 file changed, 103 insertions(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/walkthroughs.adoc b/nifi-docs/src/main/asciidoc/walkthroughs.adoc index 22f5801..3d23bbf 100644 --- a/nifi-docs/src/main/asciidoc/walkthroughs.adoc +++ b/nifi-docs/src/main/asciidoc/walkthroughs.adoc @@ -825,6 +825,108 @@ CAUTION: Develop section Apache NiFi can run in either _standalone_ or _clustered_ mode. A standalone node is often sufficient for dataflow operations, but in a production or high-volume environment, a cluster is more performant and resilient. For more information, see link:administration-guide.html#clustering[NiFi Administrator's Guide: Clustering^]. +=== Configuring a Host to Resolve Arbitrary DNS Hostnames + +NOTE: This section provides instructions to configure a single host machine to resolve dynamic hostnames via DNS using a tool called `dnsmasq`. This is useful if deploying a NiFi cluster to a single host machine to logically separate nodes running side-by-side. There are many options to achieve this outcome; this is one approach. + +|=== +|Description| Instructions on installing and configuring dynamic DNS hostname resolution +|Purpose| A NiFi cluster with multiple nodes needs to communicate between them and if all nodes are `localhost`, this is confusing and doesn't support certificates for unique hostnames. +|Starting Point | N/A +|Expected Outcome | The host machine can resolve arbitrary DNS hostnames without impacting normal network connectivity +|Helpful Reading| N/A +|Estimated Duration | 5 minutes +|=== + +Machines resolve DNS hostnames (e.g. `nifi.apache.org`) to IP addresses (`95.216.24.32`). Each node in a NiFi cluster needs a hostname (e.g. `node1.nificluster.com`) to use while serving the UI/API and to communicate with peer nodes. When deploying a cluster of multiple nodes on the same physical/virtual host, each node can receive a different, non-conflicting set of ports, but the hostname (`localhost`) would conflict. By allowing arbitrary hostname resolution, each node can reside side [...] + +For this guide, any hostname which ends in `.nifi` will resolve to `localhost`. + +Prerequisites: + +* A *nix (or similar) operating system +* A package manager (e.g. `apt-get`, `yum`, `brew`). The instructions below use `brew`; substitute the command for the relevant package manager inline + +The end result will resolve `*.nifi` hostnames to the local machine and all other names with the pre-existing DNS resolution services. + +. Install and configure dnsmasq. +.. Install dnsmasq. +* `brew install dnsmasq` ++ +-- +[source] + +host@macbook ~ % brew install dnsmasq +==> Downloading https://homebrew.bintray.com/bottles/dnsmasq-2.81.catalina.bottle.tar.gz +==> Downloading from https://akamai.bintray.com/e4/e46052d3d5ae49135b80d383a9d89... + 100.0% +==> Pouring dnsmasq-2.81.catalina.bottle.tar.gz +==> Caveats +To have launchd start dnsmasq now and restart at startup: +sudo brew services start dnsmasq +==> Summary +/usr/local/Cellar/dnsmasq/2.81: 8 files, 543.9KB + +-- +.. Start dnsmasq using the service manager. +* `sudo brew services start dnsmasq` +.. Make a new file `development.conf` in `/usr/local/etc/dnsmasq.d/`. This file defines the address pattern to resolve. Here, `$EDITOR` is an environment variable defined as path to a text editor. You can use any text editor of your choice (Sublime Text, Atom, vi, emacs, nano, etc.). +* `$EDITOR /usr/local/etc/dnsmasq.d/development.conf` -- creates and opens `development.conf` file for editing +.. Populate the `development.conf` with the address pattern. The `address/` line defines the pattern and the `# Direct` line is a comment describing the pattern. +* Add the following lines to `development.conf`: ++ +-- +[source] + +# Test NiFi instances +address=/.nifi/127.0.0.1 +# Direct any hostnames ending in .nifi to 127.0.0.1 + +-- + +.. Create a directory `resolver` in `/etc` director
[nifi-minifi] branch master updated: MINIFI-533: Add .asf.yaml for Github integrations
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-minifi.git The following commit(s) were added to refs/heads/master by this push: new 421d257 MINIFI-533: Add .asf.yaml for Github integrations new 471a93c Merge pull request #192 from mattyb149/MINIFI-533 421d257 is described below commit 421d257557c5733318b1f8ecf4510e28d092ae28 Author: Matthew Burgess AuthorDate: Wed Jul 1 13:15:04 2020 -0400 MINIFI-533: Add .asf.yaml for Github integrations --- .asf.yaml | 35 +++ 1 file changed, 35 insertions(+) diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 000..48aa0b4 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,35 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +github: + description: "Apache MiNiFi (a subproject of Apache NiFi)" + homepage: https://nifi.apache.org/minifi/index.html + labels: +- minifi +- nifi +- java + features: +wiki: false +issues: false +projects: false + enabled_merge_buttons: +squash: true +merge: true +rebase: true +notifications: +commits: commits@nifi.apache.org +issues: iss...@nifi.apache.org +pullrequests: iss...@nifi.apache.org +jira_options: link label worklog \ No newline at end of file
[nifi-minifi] branch master updated: MINIFI-532: Support more configurable properties for content and provenance repositories
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-minifi.git The following commit(s) were added to refs/heads/master by this push: new 61dbab5 MINIFI-532: Support more configurable properties for content and provenance repositories 61dbab5 is described below commit 61dbab5fa3e7768c84938193ece1514b0ac531f1 Author: Matthew Burgess AuthorDate: Wed Jul 1 12:26:26 2020 -0400 MINIFI-532: Support more configurable properties for content and provenance repositories This closes #191. Signed-off-by: Andy LoPresto --- .../minifi/bootstrap/util/ConfigTransformer.java | 13 +-- .../resources/MINIFI-216/nifi.properties.before| 4 +- .../src/test/resources/MINIFI-277/nifi.properties | 4 +- .../commons/schema/ContentRepositorySchema.java| 31 .../commons/schema/ProvenanceRepositorySchema.java | 43 +- .../src/test/resources/1.5_RPG_Handling.yml| 7 .../src/test/resources/CsvToJson.yml | 7 .../test/resources/DecompressionCircularFlow.yml | 7 .../resources/InvokeHttpMiNiFiTemplateTest.yml | 7 .../resources/MINIFI-521_1.3_TemplateEncoding.yml | 7 .../src/test/resources/MultipleRelationships.yml | 7 .../src/test/resources/MultipleUriRPG.yml | 7 .../test/resources/NestedControllerServices.yml| 7 .../test/resources/NoTemplateEncodingVersion.yml | 7 .../ProcessGroupsAndRemoteProcessGroups.yml| 7 ...eplaceTextExpressionLanguageCSVReformatting.yml | 7 .../test/resources/SimpleRPGToLogAttributes.yml| 7 .../src/test/resources/SimpleTailFileToRPG.yml | 7 .../src/test/resources/StressTestFramework.yml | 7 .../test/resources/StressTestFrameworkFunnel.yml | 7 .../resources/VersionedFlowSnapshot-Simple.yml | 7 .../src/test/resources/config.yml | 7 22 files changed, 205 insertions(+), 9 deletions(-) diff --git a/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java b/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java index 677080c..f42d6ce 100644 --- a/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java +++ b/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java @@ -226,9 +226,9 @@ public final class ConfigTransformer { orderedProperties.setProperty("nifi.content.repository.implementation", "org.apache.nifi.controller.repository.FileSystemRepository", System.lineSeparator() + "# Content Repository"); orderedProperties.setProperty("nifi.content.claim.max.appendable.size", contentRepoProperties.getContentClaimMaxAppendableSize()); orderedProperties.setProperty("nifi.content.claim.max.flow.files", String.valueOf(contentRepoProperties.getContentClaimMaxFlowFiles())); - orderedProperties.setProperty("nifi.content.repository.archive.max.retention.period", ""); - orderedProperties.setProperty("nifi.content.repository.archive.max.usage.percentage", ""); - orderedProperties.setProperty("nifi.content.repository.archive.enabled", "false"); + orderedProperties.setProperty("nifi.content.repository.archive.max.retention.period", contentRepoProperties.getContentRepoArchiveMaxRetentionPeriod()); + orderedProperties.setProperty("nifi.content.repository.archive.max.usage.percentage", contentRepoProperties.getContentRepoArchiveMaxUsagePercentage()); + orderedProperties.setProperty("nifi.content.repository.archive.enabled", Boolean.toString(contentRepoProperties.getContentRepoArchiveEnabled())); orderedProperties.setProperty("nifi.content.repository.directory.default", "./content_repository"); orderedProperties.setProperty("nifi.content.repository.always.sync", Boolean.toString(contentRepoProperties.getAlwaysSync())); @@ -237,7 +237,12 @@ public final class ConfigTransformer { orderedProperties.setProperty("nifi.provenance.repository.rollover.time", provenanceRepositorySchema.getProvenanceRepoRolloverTimeKey()); - orderedProperties.setProperty("nifi.provenance.repository.buffer.size", "1", System.lineSeparator() + "# Volatile Provenance Respository Properties"); + orderedProperties.setProperty("nifi.provenance.repository.index.shard.size", provenanceRepositorySchema.getProvenanceRepoIndexShardSize()); + orderedPr
[nifi] branch master updated: NIFI-7558 Fixed CatchAllFilter init logic by calling super.init(). Renamed legacy terms. Updated documentation.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 94c98c0 NIFI-7558 Fixed CatchAllFilter init logic by calling super.init(). Renamed legacy terms. Updated documentation. 94c98c0 is described below commit 94c98c019f6704bea92ec15c1a5aa71b42e521ab Author: Andy LoPresto AuthorDate: Thu Jun 18 19:57:58 2020 -0700 NIFI-7558 Fixed CatchAllFilter init logic by calling super.init(). Renamed legacy terms. Updated documentation. This closes #4351. Signed-off-by: Mark Payne --- .../java/org/apache/nifi/util/NiFiProperties.java | 20 +-- .../nifi/web/filter/SanitizeContextPathFilter.java | 25 ++-- .../java/org/apache/nifi/web/util/WebUtils.java| 30 ++-- .../filter/SanitizeContextPathFilterTest.groovy| 152 + .../org/apache/nifi/web/util/WebUtilsTest.groovy | 88 ++-- .../src/main/asciidoc/administration-guide.adoc| 6 +- .../StandardNiFiPropertiesGroovyTest.groovy| 26 ++-- .../apache/nifi/web/server/HostHeaderHandler.java | 25 ++-- .../org/apache/nifi/web/server/JettyServer.java| 4 +- .../nifi-jetty/src/test/resources/logback-test.xml | 2 + .../apache/nifi/web/api/ApplicationResource.java | 69 +- .../nifi/web/api/ApplicationResourceTest.groovy| 76 +-- .../org/apache/nifi/web/filter/CatchAllFilter.java | 4 +- .../nifi/web/filter/CatchAllFilterTest.groovy | 152 + 14 files changed, 490 insertions(+), 189 deletions(-) diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java index 0943c87..662f5d0 100644 --- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java +++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java @@ -1559,23 +1559,23 @@ public abstract class NiFiProperties { } /** - * Returns the whitelisted proxy hostnames (and IP addresses) as a comma-delimited string. + * Returns the allowed proxy hostnames (and IP addresses) as a comma-delimited string. * The hosts have been normalized to the form {@code somehost.com}, {@code somehost.com:port}, or {@code 127.0.0.1}. * * Note: Calling {@code NiFiProperties.getProperty(NiFiProperties.WEB_PROXY_HOST)} will not normalize the hosts. * * @return the hostname(s) */ -public String getWhitelistedHosts() { -return StringUtils.join(getWhitelistedHostsAsList(), ","); +public String getAllowedHosts() { +return StringUtils.join(getAllowedHostsAsList(), ","); } /** - * Returns the whitelisted proxy hostnames (and IP addresses) as a List. The hosts have been normalized to the form {@code somehost.com}, {@code somehost.com:port}, or {@code 127.0.0.1}. + * Returns the allowed proxy hostnames (and IP addresses) as a List. The hosts have been normalized to the form {@code somehost.com}, {@code somehost.com:port}, or {@code 127.0.0.1}. * * @return the hostname(s) */ -public List getWhitelistedHostsAsList() { +public List getAllowedHostsAsList() { String rawProperty = getProperty(WEB_PROXY_HOST, ""); List hosts = Arrays.asList(rawProperty.split(",")); return hosts.stream() @@ -1591,22 +1591,22 @@ public abstract class NiFiProperties { } /** - * Returns the whitelisted proxy context paths as a comma-delimited string. The paths have been normalized to the form {@code /some/context/path}. + * Returns the allowed proxy context paths as a comma-delimited string. The paths have been normalized to the form {@code /some/context/path}. * * Note: Calling {@code NiFiProperties.getProperty(NiFiProperties.WEB_PROXY_CONTEXT_PATH)} will not normalize the paths. * * @return the path(s) */ -public String getWhitelistedContextPaths() { -return StringUtils.join(getWhitelistedContextPathsAsList(), ","); +public String getAllowedContextPaths() { +return StringUtils.join(getAllowedContextPathsAsList(), ","); } /** - * Returns the whitelisted proxy context paths as a list of paths. The paths have been normalized to the form {@code /some/context/path}. + * Returns the allowed proxy context paths as a list of paths. The paths have been normalized to the form {@code /some/context/path}. * * @return the path(s) */ -public List getWhitelistedContextPathsAsList() { +public List getAllowedContextPathsAsList() { String rawProperty = getProperty(WEB_PROXY_CONTEXT_PATH, ""); List
[nifi] branch master updated: NIFI-7566: Avoid using Thread.sleep() to wait for Site-to-Site connection to be handled. Instead, use TimeUnit.timedWait and use Object.notifyAll when setting the beingSe
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 57c7883 NIFI-7566: Avoid using Thread.sleep() to wait for Site-to-Site connection to be handled. Instead, use TimeUnit.timedWait and use Object.notifyAll when setting the beingServiced flag. This significantly reduces latency and improves throughput for small-batch site-to-site communications 57c7883 is described below commit 57c7883f647348aba181440950f01cf1d62846c6 Author: Mark Payne AuthorDate: Fri Jun 19 13:19:17 2020 -0400 NIFI-7566: Avoid using Thread.sleep() to wait for Site-to-Site connection to be handled. Instead, use TimeUnit.timedWait and use Object.notifyAll when setting the beingServiced flag. This significantly reduces latency and improves throughput for small-batch site-to-site communications This closes #4353. Signed-off-by: Andy LoPresto --- .../org/apache/nifi/remote/StandardPublicPort.java | 62 ++ 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java index 66cbc05..d1ee69f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java @@ -454,11 +454,31 @@ public class StandardPublicPort extends AbstractPort implements PublicPort { } public void setServiceBegin() { -this.beingServiced.set(true); +beingServiced.set(true); +synchronized (this) { +notifyAll(); +} } -public boolean isBeingServiced() { -return beingServiced.get(); +public boolean waitForService(final long duration, final TimeUnit timeUnit) throws InterruptedException { +final long latestWaitTime = System.nanoTime() + timeUnit.toNanos(duration); + +while (!beingServiced.get()) { +final long nanosToWait = latestWaitTime - System.nanoTime(); +if (nanosToWait <= 0) { +return false; +} + +if (isExpired()) { +return false; +} + +synchronized (this) { +TimeUnit.NANOSECONDS.timedWait(this, nanosToWait); +} +} + +return true; } public BlockingQueue getResponseQueue() { @@ -515,17 +535,17 @@ public class StandardPublicPort extends AbstractPort implements PublicPort { // wait for the request to start getting serviced... and time out if it doesn't happen // before the request expires -while (!request.isBeingServiced()) { -if (request.isExpired()) { -// Remove expired request, so that it won't block new request to be offered. -this.requestQueue.remove(request); -throw new SocketTimeoutException("Read timed out"); -} else { -try { -Thread.sleep(100L); -} catch (final InterruptedException e) { +try { +while (!request.waitForService(100, TimeUnit.MILLISECONDS)) { +if (request.isExpired()) { +// Remove expired request, so that it won't block new request to be offered. +this.requestQueue.remove(request); +throw new SocketTimeoutException("Read timed out"); } } +} catch (final InterruptedException ie) { +Thread.currentThread().interrupt(); +throw new ProcessException("Interrupted while waiting for site-to-site request to be serviced", ie); } // we've started to service the request. Now just wait until it's finished @@ -571,17 +591,17 @@ public class StandardPublicPort extends AbstractPort implements PublicPort { // wait for the request to start getting serviced... and time out if it doesn't happen // before the request expires -while (!request.isBeingServiced()) { -if (request.isExpired()) { -// Remove expired request, so that it won't block new request to be offered. -this.requestQueue.remove(r
[nifi] branch master updated: NIFI-6094 - Added the X-Content-Type-Options header to all web responses. (#4307)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 27b5bb7 NIFI-6094 - Added the X-Content-Type-Options header to all web responses. (#4307) 27b5bb7 is described below commit 27b5bb7a209bdf12eb14e653d9d4c42f444018be Author: thenatog <3042+thena...@users.noreply.github.com> AuthorDate: Wed Jun 17 20:15:18 2020 -0400 NIFI-6094 - Added the X-Content-Type-Options header to all web responses. (#4307) NIFI-6094 - Added the mime/content type for ttf files. --- .../org/apache/nifi/web/server/JettyServer.java| 10 +++- .../headers/XContentTypeOptionsFilter.java | 58 ++ .../security/headers/HTTPHeaderFiltersTest.java| 16 ++ 3 files changed, 83 insertions(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java index 04df2bf..b9b9c84 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java @@ -85,6 +85,7 @@ import org.apache.nifi.web.NiFiWebConfigurationContext; import org.apache.nifi.web.UiExtensionType; import org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter; import org.apache.nifi.web.security.headers.StrictTransportSecurityFilter; +import org.apache.nifi.web.security.headers.XContentTypeOptionsFilter; import org.apache.nifi.web.security.headers.XFrameOptionsFilter; import org.apache.nifi.web.security.headers.XSSProtectionFilter; import org.apache.nifi.web.security.requests.ContentLengthFilter; @@ -569,6 +570,7 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader { serverClasses.remove("org.slf4j."); webappContext.setServerClasses(serverClasses.toArray(new String[0])); webappContext.setDefaultsDescriptor(WEB_DEFAULTS_XML); +webappContext.getMimeTypes().addMimeMapping("ttf", "font/ttf"); // get the temp directory for this webapp File tempDir = new File(props.getWebWorkingDirectory(), warFile.getName()); @@ -592,7 +594,13 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader { // add HTTP security headers to all responses final String ALL_PATHS = "/*"; -ArrayList> filters = new ArrayList<>(Arrays.asList(XFrameOptionsFilter.class, ContentSecurityPolicyFilter.class, XSSProtectionFilter.class)); +ArrayList> filters = +new ArrayList<>(Arrays.asList( +XFrameOptionsFilter.class, +ContentSecurityPolicyFilter.class, +XSSProtectionFilter.class, +XContentTypeOptionsFilter.class)); + if(props.isHTTPSConfigured()) { filters.add(StrictTransportSecurityFilter.class); } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/headers/XContentTypeOptionsFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/headers/XContentTypeOptionsFilter.java new file mode 100644 index 000..710f5ff --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/headers/XContentTypeOptionsFilter.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.headers; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.Filter; +import javax.servlet.FilterChain;
[nifi] branch master updated: NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build environment (#4341)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new c18b27a NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build environment (#4341) c18b27a is described below commit c18b27af185453816dffe6e9ed22fe9be41646f6 Author: Joey AuthorDate: Tue Jun 16 19:45:37 2020 -0500 NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build environment (#4341) * NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build environment This also fixes NIFI-4760. * NIFI-7540: Remove duplicate mail.smtp.starttls.enable from TestListenSMTP Signed-off-by: Andy LoPresto --- .../apache/nifi/remote/io/socket/NetworkUtils.java | 37 +++- .../nifi-email-processors/pom.xml | 3 +- .../nifi/processors/email/TestListenSMTP.java | 229 ++--- .../nifi/processors/standard/TestListFile.java | 24 ++- 4 files changed, 163 insertions(+), 130 deletions(-) diff --git a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java index b2deecc..6be3293 100644 --- a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java +++ b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java @@ -17,11 +17,12 @@ package org.apache.nifi.remote.io.socket; import java.io.IOException; +import java.net.Socket; import java.net.ServerSocket; +import java.util.concurrent.Executors; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.TimeUnit; -/** - * - */ public class NetworkUtils { /** @@ -43,4 +44,34 @@ public class NetworkUtils { } } } + +public final static boolean isListening(final String hostname, final int port) { +try (final Socket s = new Socket(hostname, port)) { +return s.isConnected(); +} catch (final Exception ignore) {} +return false; +} + +public final static boolean isListening(final String hostname, final int port, final int timeoutMillis) { +Boolean result = false; + +final ExecutorService executor = Executors.newSingleThreadExecutor(); +try { +result = executor.submit(() -> { +while(!isListening(hostname, port)) { +try { +Thread.sleep(100); +} catch (final Exception ignore) {} +} +return true; +}).get(timeoutMillis, TimeUnit.MILLISECONDS); +} catch (final Exception ignore) {} finally { +try { +executor.shutdown(); +} catch (final Exception ignore) {} +} + +return (result != null && result); +} + } diff --git a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml index 2b693d0..29a21d9 100644 --- a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml +++ b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml @@ -54,7 +54,7 @@ com.sun.mail javax.mail -1.5.6 +1.6.2 org.subethamail @@ -125,4 +125,3 @@ - diff --git a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java index 325bfaf..2e6c783 100644 --- a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java +++ b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java @@ -18,12 +18,15 @@ package org.apache.nifi.processors.email; import static org.junit.Assert.assertTrue; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.Executors; -import java.util.concurrent.ScheduledExecutorService; -import java.util.concurrent.TimeUnit; -import org.apache.commons.mail.Email; -import org.apache.commons.mail.SimpleEmail; +import java.util.Properties; + +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeMessage; + import org.apache.nifi.remote.io.socket.NetworkUtils; import org.apache.nifi.security.util.SslContextFactory; import org.apache.nifi.ssl.SSLContextService; @@ -31,77 +34,59 @@ import org.apache.nifi.ssl.StandardRestrictedSSLContextServi
svn commit: r1878865 - in /nifi/site/trunk: people.html security.html
Author: alopresto Date: Mon Jun 15 18:54:08 2020 New Revision: 1878865 URL: http://svn.apache.org/viewvc?rev=1878865&view=rev Log: Moved Jeff Storck to In Memoriam section. Modified: nifi/site/trunk/people.html nifi/site/trunk/security.html Modified: nifi/site/trunk/people.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/people.html?rev=1878865&r1=1878864&r2=1878865&view=diff == --- nifi/site/trunk/people.html (original) +++ nifi/site/trunk/people.html Mon Jun 15 18:54:08 2020 @@ -260,11 +260,6 @@ -jstorck -Jeff Storck - - - phrocker Marc Parisi @@ -393,6 +388,27 @@ + + + +In Memoriam + + + + + + + + +Id +Name + + +jstorck +Jeff Storck (PMC) + + + @@ -412,8 +428,8 @@ bimargulies Benson Margulies - - + + Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1878865&r1=1878864&r2=1878865&view=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Mon Jun 15 18:54:08 2020 @@ -129,7 +129,7 @@ Specifically, please do not: -âï¸ Open a Jira disclosing a security vulnerability to the public +âï¸ Open a Jira disclosing a security vulnerability to the public âï¸ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public âï¸ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public
[nifi] branch master updated: NIFI-7385 Provided reverse-indexed TokenCache implementation. Cleaned up code style. Unit test was failing on Windows 1.8 GitHub Actions build but no other environment. I
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 01e42df NIFI-7385 Provided reverse-indexed TokenCache implementation. Cleaned up code style. Unit test was failing on Windows 1.8 GitHub Actions build but no other environment. Increased artificial delay to avoid timing issues. 01e42df is described below commit 01e42dfb3291c3a3549023edadafd2d8023f3042 Author: Nathan Gough AuthorDate: Mon May 4 12:07:36 2020 -0400 NIFI-7385 Provided reverse-indexed TokenCache implementation. Cleaned up code style. Unit test was failing on Windows 1.8 GitHub Actions build but no other environment. Increased artificial delay to avoid timing issues. Co-authored-by: Andy LoPresto This closes #4271. Signed-off-by: Andy LoPresto --- .../web/security/otp/OtpAuthenticationFilter.java | 9 +- .../security/otp/OtpAuthenticationProvider.java| 2 +- .../apache/nifi/web/security/otp/OtpService.java | 81 --- .../apache/nifi/web/security/otp/TokenCache.java | 144 .../nifi/web/security/otp/TokenCacheTest.groovy| 249 + .../nifi/web/security/otp/OtpServiceTest.java | 176 +-- 6 files changed, 604 insertions(+), 57 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java index 98d8e68..c09a4bb 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java @@ -16,15 +16,18 @@ */ package org.apache.nifi.web.security.otp; +import java.util.regex.Pattern; +import javax.servlet.http.HttpServletRequest; import org.apache.nifi.web.security.NiFiAuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; -import javax.servlet.http.HttpServletRequest; -import java.util.regex.Pattern; - /** + * This filter is used to capture one time passwords (OTP) from requests made to download files through the browser. + * It's required because when we initiate a download in the browser, it must be opened in a new tab. The new tab + * cannot be initialized with authentication headers, so we must add a token as a query parameter instead. As + * tokens in URL strings are visible in various places, this must only be used once - hence our OTP. */ public class OtpAuthenticationFilter extends NiFiAuthenticationFilter { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java index f375df2..bcc42cd 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java @@ -28,7 +28,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; /** - * + * This provider will be used when the request is attempting to authenticate with a download or ui extension OTP/token. */ public class OtpAuthenticationProvider extends NiFiAuthenticationProvider { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java index bcd26a4..e8d96ae 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java @@ -16,22 +16,18 @@ */ package org.apache.nifi.web.security.otp; -import com.google.common.cache.Cache; -import com.google.common.cache.CacheBuilder; -import org.apache.commons.codec.binary.Base64; -i
[nifi] branch master updated: NIFI-7467 Refactored S2S peer selection logic. Removed list structure for peer selection as it was unnecessary and often wasteful (most clusters are 3 - 7 nodes, the list
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 845b66a NIFI-7467 Refactored S2S peer selection logic. Removed list structure for peer selection as it was unnecessary and often wasteful (most clusters are 3 - 7 nodes, the list was always 128 elements). Changed integer percentages to double to allow for better normalization. Removed 80% cap on remote peers as it was due to legacy requirements. Added unit tests for non-deterministic distribution calculations. Added unit tests for edge cases due to rounding errors, single valid [...] 845b66a is described below commit 845b66ab9204cc4e8f2418ee6fd154191c3c3941 Author: Andy LoPresto AuthorDate: Mon May 18 22:33:05 2020 -0700 NIFI-7467 Refactored S2S peer selection logic. Removed list structure for peer selection as it was unnecessary and often wasteful (most clusters are 3 - 7 nodes, the list was always 128 elements). Changed integer percentages to double to allow for better normalization. Removed 80% cap on remote peers as it was due to legacy requirements. Added unit tests for non-deterministic distribution calculations. Added unit tests for edge cases due to rounding errors, single valid remotes, unbalanced clusters, and peer queue consecutive selection tracking. Migrated all legacy PeerSelector unit tests to new API. Removed unused System time manipulation as tests no longer need it. Added class-level Javadoc to PeerSelector. Removed S2S details request replication, as the responses were not being merged, which led to incorrect ports being returned and breaking S2S peer retrieval. Fixed copy/paste error where input ports were being listed as output ports during remote flow refresh. Fixed comments and added unbalanced cluster test scenarios. Removed unnecessary marker interface. Removed commented code. Changed weighting & penalization behavior. Changed dependency scope to test. This closes #4289. Signed-off-by: Mark Payne --- nifi-commons/nifi-site-to-site-client/pom.xml |9 + .../org/apache/nifi/remote/PeerDescription.java|8 + .../java/org/apache/nifi/remote/PeerStatus.java| 20 + .../apache/nifi/remote/client/PeerSelector.java| 659 .../nifi/remote/client/PeerStatusProvider.java |6 +- .../apache/nifi/remote/client/http/HttpClient.java | 55 +- .../client/socket/EndpointConnectionPool.java | 67 +- .../remote/protocol/CommunicationsSession.java |3 +- .../apache/nifi/remote/util/PeerStatusCache.java | 18 +- .../nifi/remote/util/SiteToSiteRestApiClient.java | 109 +- .../nifi/remote/client/PeerSelectorTest.groovy | 1133 .../nifi/remote/client/TestPeerSelector.java | 383 --- .../src/test/resources/logback-test.xml| 11 +- .../nifi/remote/StandardRemoteProcessGroup.java| 65 +- .../src/test/resources/logback-test.xml|2 +- .../apache/nifi/web/api/SiteToSiteResource.java| 42 +- 16 files changed, 1786 insertions(+), 804 deletions(-) diff --git a/nifi-commons/nifi-site-to-site-client/pom.xml b/nifi-commons/nifi-site-to-site-client/pom.xml index dc77921..b2b597f 100644 --- a/nifi-commons/nifi-site-to-site-client/pom.xml +++ b/nifi-commons/nifi-site-to-site-client/pom.xml @@ -77,6 +77,15 @@ 4.1.4 +org.slf4j +slf4j-api + + +ch.qos.logback +logback-classic +test + + com.esotericsoftware.kryo kryo 2.24.0 diff --git a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java index f34c31d..3b20502 100644 --- a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java +++ b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java @@ -16,6 +16,8 @@ */ package org.apache.nifi.remote; +import org.apache.nifi.web.api.dto.remote.PeerDTO; + public class PeerDescription { private final String hostname; @@ -28,6 +30,12 @@ public class PeerDescription { this.secure = secure; } +public PeerDescription(final PeerDTO peerDTO) { +this.hostname = peerDTO.getHostname(); +this.port = peerDTO.getPort(); +this.secure = peerDTO.isSecure(); +} + public String getHostname() { return hostname; } diff --git a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerStatus.java b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/re
[nifi] branch master updated (97a919a -> 45e626f)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from 97a919a NIFI-7482 Changed InvokeHTTP to be extensible. Added unit test. add 45e626f Updated pull request template to separate JDK 8 and 11 questions No new revisions were added by this update. Summary of changes: .github/PULL_REQUEST_TEMPLATE.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
[nifi] branch master updated: NIFI-7482 Changed InvokeHTTP to be extensible. Added unit test.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 97a919a NIFI-7482 Changed InvokeHTTP to be extensible. Added unit test. 97a919a is described below commit 97a919a3be37c8e78b623ffacf9b1f22db534644 Author: Andy LoPresto AuthorDate: Fri May 22 10:55:48 2020 -0700 NIFI-7482 Changed InvokeHTTP to be extensible. Added unit test. This closes #4291. Signed-off-by: Arpad Boda --- .../nifi/processors/standard/InvokeHTTP.java | 2 +- .../nifi/processors/standard/TestInvokeHTTP.java | 27 ++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java index 249fb8e..d0cd858 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java @@ -134,7 +134,7 @@ import org.joda.time.format.DateTimeFormatter; + " where the will be the form data name, will be used to fill out the multipart form parts." + " If send message body is false, the flowfile will not be sent, but any other form data will be.") }) -public final class InvokeHTTP extends AbstractProcessor { +public class InvokeHTTP extends AbstractProcessor { // flowfile attribute keys returned after reading the response public final static String STATUS_CODE = "invokehttp.status.code"; public final static String STATUS_MESSAGE = "invokehttp.status.message"; diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java index c2a68dd..9cabae0 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java @@ -16,6 +16,7 @@ */ package org.apache.nifi.processors.standard; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -273,6 +274,7 @@ public class TestInvokeHTTP extends TestInvokeHttpCommon { assertNull(regexAttributesToSendField.get(processor)); } + @Test public void testEmptyGzipHttpReponse() throws Exception { addHandler(new EmptyGzipResponseHandler()); @@ -300,6 +302,31 @@ public class TestInvokeHTTP extends TestInvokeHttpCommon { bundle.assertAttributeEquals("Content-Type", "text/plain"); } +@Test +public void testShouldAllowExtension() { +// Arrange +class ExtendedInvokeHTTP extends InvokeHTTP { +private int extendedNumber = -1; + +public ExtendedInvokeHTTP(int num) { +super(); +this.extendedNumber = num; +} + +public int extendedMethod() { +return this.extendedNumber; +} +} + +int num = Double.valueOf(Math.random() * 100).intValue(); + +// Act +ExtendedInvokeHTTP eih = new ExtendedInvokeHTTP(num); + +// Assert +assertEquals(num, eih.extendedMethod()); +} + public static class EmptyGzipResponseHandler extends AbstractHandler { @Override
[nifi-site] branch master updated: Fixed spacing in security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/master by this push: new a06a72e Fixed spacing in security page. a06a72e is described below commit a06a72ebffe5ef7b4a7f70d8f2b713fe18019bc0 Author: Andy LoPresto AuthorDate: Fri May 15 10:58:51 2020 -0700 Fixed spacing in security page. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 6328216..7d6ac51 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -24,7 +24,7 @@ title: Apache NiFi Security Reports Specifically, please do not: -⛔️ Open a Jira disclosing a security vulnerability to the public +⛔️ Open a Jira disclosing a security vulnerability to the public ⛔️ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public ⛔️ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public
svn commit: r1877790 - /nifi/site/trunk/security.html
Author: alopresto Date: Fri May 15 17:56:05 2020 New Revision: 1877790 URL: http://svn.apache.org/viewvc?rev=1877790&view=rev Log: Added link to ASF security policy to security page. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1877790&r1=1877789&r2=1877790&view=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Fri May 15 17:56:05 2020 @@ -124,8 +124,15 @@ Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. -Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit -permission of the account holder. +Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder. +Please read the https://www.apache.org/security/committers.html"; target="_blank">Apache Project Security for Committers policy to understand the restrictions around disclosure of security issues in the Apache open source community. + +Specifically, please do not: + +âï¸ Open a Jira disclosing a security vulnerability to the public +âï¸ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public +âï¸ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public + Exclusions
[nifi-site] branch master updated: Added link to ASF security policy to security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/master by this push: new 235c29b Added link to ASF security policy to security page. 235c29b is described below commit 235c29b8b92950335e797ec0385d08372eee4807 Author: Andy LoPresto AuthorDate: Fri May 15 10:55:15 2020 -0700 Added link to ASF security policy to security page. --- src/pages/html/security.hbs | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 21c010f..6328216 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -19,8 +19,15 @@ title: Apache NiFi Security Reports Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. -Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit -permission of the account holder. +Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder. +Please read the https://www.apache.org/security/committers.html"; target="_blank">Apache Project Security for Committers policy to understand the restrictions around disclosure of security issues in the Apache open source community. + +Specifically, please do not: + +⛔️ Open a Jira disclosing a security vulnerability to the public +⛔️ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public +⛔️ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public + Exclusions
[nifi] branch master updated: NIFI-7321 - Allow NiFi admins to configure whether Jetty will send the Jetty server version in responses. Fixed a checkstyle error. Added property to nifi.properties. Cha
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 302a421 NIFI-7321 - Allow NiFi admins to configure whether Jetty will send the Jetty server version in responses. Fixed a checkstyle error. Added property to nifi.properties. Changed property to a variable that is set with the pom.xml. Added setting the version variable to another HTTPConfiguration to fix the version being sent in docs context. Fixed typo error. 302a421 is described below commit 302a42185c0e1e06c7c7869aa6245dfd88ad7338 Author: Nathan Gough AuthorDate: Mon Apr 6 00:08:55 2020 -0400 NIFI-7321 - Allow NiFi admins to configure whether Jetty will send the Jetty server version in responses. Fixed a checkstyle error. Added property to nifi.properties. Changed property to a variable that is set with the pom.xml. Added setting the version variable to another HTTPConfiguration to fix the version being sent in docs context. Fixed typo error. This closes #4192. Signed-off-by: Andy LoPresto --- .../src/main/java/org/apache/nifi/util/NiFiProperties.java | 6 ++ .../nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml | 1 + .../nifi-resources/src/main/resources/conf/nifi.properties | 1 + .../src/main/java/org/apache/nifi/web/server/JettyServer.java | 2 ++ 4 files changed, 10 insertions(+) diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java index 214d178..5643de0 100644 --- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java +++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java @@ -197,6 +197,7 @@ public abstract class NiFiProperties { public static final String WEB_PROXY_HOST = "nifi.web.proxy.host"; public static final String WEB_MAX_CONTENT_SIZE = "nifi.web.max.content.size"; public static final String WEB_MAX_REQUESTS_PER_SECOND = "nifi.web.max.requests.per.second"; +public static final String WEB_SHOULD_SEND_SERVER_VERSION = "nifi.web.should.send.server.version"; // ui properties public static final String UI_BANNER_TEXT = "nifi.ui.banner.text"; @@ -304,6 +305,7 @@ public abstract class NiFiProperties { public static final String DEFAULT_FLOW_CONFIGURATION_ARCHIVE_MAX_STORAGE = "500 MB"; public static final String DEFAULT_SECURITY_USER_OIDC_CONNECT_TIMEOUT = "5 secs"; public static final String DEFAULT_SECURITY_USER_OIDC_READ_TIMEOUT = "5 secs"; +public static final String DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION = "true"; // cluster common defaults public static final String DEFAULT_CLUSTER_PROTOCOL_HEARTBEAT_INTERVAL = "5 sec"; @@ -1017,6 +1019,10 @@ public abstract class NiFiProperties { return getProperty(SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER, "email").trim(); } +public boolean shouldSendServerVersion() { +return Boolean.parseBoolean(getProperty(WEB_SHOULD_SEND_SERVER_VERSION, DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION)); +} + /** * Returns whether Knox SSO is enabled. * diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml index 58b250c..a93552a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml @@ -146,6 +146,7 @@ 20 MB 3 + true diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties index 82174eb..436805a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties @@ -154,6 +154,7 @@ nifi.web.proxy.context.path=${nifi.web.proxy.context.path} nifi.web.proxy.host=${nifi.web.proxy.host} nifi.web.max.content.size=${nifi.web.max.content.size} nifi.web.max.requests.per.second=${nifi.web.max.requests.per.second} +nifi.web.should.send.server.version=${nifi.web.should.send.server.version} # security properties # nifi.sensitive.props.key= diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/Je
[nifi] branch master updated: Added note about unique initial user identity names to walkthrough doc.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7d49401 Added note about unique initial user identity names to walkthrough doc. 7d49401 is described below commit 7d494011eaef030b28f390fd84ba74f664cd2fac Author: Andy LoPresto AuthorDate: Thu Apr 30 12:36:30 2020 -0700 Added note about unique initial user identity names to walkthrough doc. --- nifi-docs/src/main/asciidoc/walkthroughs.adoc | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/walkthroughs.adoc b/nifi-docs/src/main/asciidoc/walkthroughs.adoc index 5ca32f1..22f5801 100644 --- a/nifi-docs/src/main/asciidoc/walkthroughs.adoc +++ b/nifi-docs/src/main/asciidoc/walkthroughs.adoc @@ -1044,7 +1044,10 @@ NOTE: The `nifi.cluster.load.balance.host=` entry must be manually populated her ** `` -> `node1.nifi:2181,node2.nifi:2182,node3.nifi:2183` * `cp node1.nifi/conf/state-management.xml node2.nifi/conf/state-management.xml` -- Copies the modified `state-management.xml` file from `node1` to `node2` * `cp node1.nifi/conf/state-management.xml node3.nifi/conf/state-management.xml` -- Copies the modified `state-management.xml` file from `node1` to `node3` -. Update the `authorizers.xml` file. This file contains the *Initial Node Identities* and *Initial User Identities*. The *users* consist of all human users _and_ all nodes in the cluster. The `authorizers.xml` file can be identical on each node (assuming no other changes were made), so the modified file will be copied to the other nodes. +. Update the `authorizers.xml` file. This file contains the *Initial Node Identities* and *Initial User Identities*. The *users* consist of all human users _and_ all nodes in the cluster. The `authorizers.xml` file can be identical on each node (assuming no other changes were made), so the modified file will be copied to the other nodes. ++ +NOTE: Each `Initial User Identity` must have a **unique** name (`Initial User Identity 1`, `Initial User Identity 2`, etc.). + * `$EDITOR node1.nifi/conf/authorizers.xml` -- Opens the `authorizers.xml` file in a text editor * Update the following lines: ** In the `` section, `` -> `CN=my_username` -- Adds an initial user with the DN generated in the client certificate @@ -1105,4 +1108,4 @@ image::nifi-secure-cluster-status.png["NiFi secure cluster status pane"] _The running cluster with permissions_ image::nifi-secure-cluster-permissions.png["NiFi secure cluster running with Initial Admin Identity permissions"] --- \ No newline at end of file +--
[nifi] branch master updated: NIFI-7377 Cleaned up nifi-stateless logs. Refactored masking logic to CipherUtility and indicated masking with label and Base64 output. Added JSON masking logic to nifi-s
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 148537d NIFI-7377 Cleaned up nifi-stateless logs. Refactored masking logic to CipherUtility and indicated masking with label and Base64 output. Added JSON masking logic to nifi-stateless module. Added argument masking functionality to Program. Moved groovy unit tests to proper Maven directory structure. Modified plain argument output to use filtering/masking methods in provided utility. Refactored utility methods. Updated unit tests. 148537d is described below commit 148537d64a017b73160b0d49943183c18f883ab0 Author: Andy LoPresto AuthorDate: Mon Apr 20 20:36:45 2020 +0200 NIFI-7377 Cleaned up nifi-stateless logs. Refactored masking logic to CipherUtility and indicated masking with label and Base64 output. Added JSON masking logic to nifi-stateless module. Added argument masking functionality to Program. Moved groovy unit tests to proper Maven directory structure. Modified plain argument output to use filtering/masking methods in provided utility. Refactored utility methods. Updated unit tests. This closes #4222. Co-authored-by: Pierre Villard Signed-off-by: Andy LoPresto --- .../nifi/security/util/crypto/CipherUtility.java | 36 .../nifi/fingerprint/FingerprintFactory.java | 41 ++-- .../FingerprintFactoryGroovyTest.groovy| 3 + .../nifi/fingerprint/FingerprintFactoryTest.java | 2 +- .../nifi-framework/nifi-stateless/pom.xml | 12 +- .../apache/nifi/stateless/core/StatelessFlow.java | 65 +++--- .../nifi/stateless/core/StatelessFlowFile.java | 16 +- .../core/security/StatelessSecurityUtility.java| 174 .../apache/nifi/stateless/runtimes/Program.java| 80 ++-- .../openwhisk/StatelessNiFiOpenWhiskAction.java| 17 +- .../stateless/runtimes/yarn/YARNServiceUtil.java | 10 +- .../security/StatelessSecurityUtilityTest.groovy | 222 + .../nifi/stateless/runtimes/ProgramTest.groovy | 101 ++ 13 files changed, 679 insertions(+), 100 deletions(-) diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java index 369b015..5c1eb27 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java @@ -406,4 +406,40 @@ public class CipherUtility { } return saltLength; } + +/** + * Returns a securely-derived, deterministic value from the provided plaintext property + * value. This is because sensitive values should not be disclosed through the + * logs. However, the equality or difference of the sensitive value can be important, so it cannot be ignored completely. + * + * The specific derivation process is unimportant as long as it is a salted, + * cryptographically-secure hash function with an iteration cost sufficient for password + * storage in other applications. + * + * @param sensitivePropertyValue the plaintext property value + * @return a deterministic string value which represents this input but is safe to print in a log + */ +public static String getLoggableRepresentationOfSensitiveValue(String sensitivePropertyValue) { +// TODO: Use DI/IoC to inject this implementation in the constructor of the FingerprintFactory +// There is little initialization cost, so it doesn't make sense to cache this as a field +SecureHasher secureHasher = new Argon2SecureHasher(); + +// TODO: Extend {@link StringEncryptor} with secure hashing capability and inject? +return getLoggableRepresentationOfSensitiveValue(sensitivePropertyValue, secureHasher); +} + +/** + * Returns a securely-derived, deterministic value from the provided plaintext property + * value. This is because sensitive values should not be disclosed through the + * logs. However, the equality or difference of the sensitive value can be important, so it cannot be ignored completely. + * + * The specific derivation process is determined by the provided {@link SecureHasher} implementation. + * + * @param sensitivePropertyValue the plaintext property value + * @param secureHasher an instance of {@link SecureHasher} which will be used to mask the value + * @return a deterministic string value which represents this input but is safe to print in a log + */ +public static String getLoggableRepresentationOfSensitiveValue(S
[nifi] branch master updated: NIFI-7389 Makes Missable heartbeat counts configurable
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 996688b NIFI-7389 Makes Missable heartbeat counts configurable 996688b is described below commit 996688b4194fbae27b1fca005e9031276487597d Author: Sushil Kumar AuthorDate: Fri Apr 24 14:50:01 2020 -0700 NIFI-7389 Makes Missable heartbeat counts configurable This closes #4236. Signed-off-by: Andy LoPresto --- .../src/main/java/org/apache/nifi/util/NiFiProperties.java| 2 ++ nifi-docs/src/main/asciidoc/administration-guide.adoc | 5 +++-- .../cluster/coordination/heartbeat/AbstractHeartbeatMonitor.java | 8 ++-- .../src/test/resources/int-tests/clustered-nifi.properties| 1 + .../src/test/resources/int-tests/default-nifi.properties | 1 + .../nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml | 1 + .../nifi-resources/src/main/resources/conf/nifi.properties| 1 + 7 files changed, 15 insertions(+), 4 deletions(-) diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java index 6bbc921..f0e8e6b 100644 --- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java +++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java @@ -203,6 +203,7 @@ public abstract class NiFiProperties { // cluster common properties public static final String CLUSTER_PROTOCOL_HEARTBEAT_INTERVAL = "nifi.cluster.protocol.heartbeat.interval"; +public static final String CLUSTER_PROTOCOL_HEARTBEAT_MISSABLE_MAX = "nifi.cluster.protocol.heartbeat.missable.max"; public static final String CLUSTER_PROTOCOL_IS_SECURE = "nifi.cluster.protocol.is.secure"; // cluster node properties @@ -305,6 +306,7 @@ public abstract class NiFiProperties { // cluster common defaults public static final String DEFAULT_CLUSTER_PROTOCOL_HEARTBEAT_INTERVAL = "5 sec"; +public static final int DEFAULT_CLUSTER_PROTOCOL_HEARTBEAT_MISSABLE_MAX = 8; public static final String DEFAULT_CLUSTER_PROTOCOL_MULTICAST_SERVICE_BROADCAST_DELAY = "500 ms"; public static final int DEFAULT_CLUSTER_PROTOCOL_MULTICAST_SERVICE_LOCATOR_ATTEMPTS = 3; public static final String DEFAULT_CLUSTER_PROTOCOL_MULTICAST_SERVICE_LOCATOR_ATTEMPTS_DELAY = "1 sec"; diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index 874b85f..0b941bc 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -1629,8 +1629,8 @@ It just depends on the resources available and how the Administrator decides to *Heartbeats*: The nodes communicate their health and status to the currently elected Cluster Coordinator via "heartbeats", which let the Coordinator know they are still connected to the cluster and working properly. By default, the nodes emit -heartbeats every 5 seconds, and if the Cluster Coordinator does not receive a heartbeat from a node within 40 seconds, it -disconnects the node due to "lack of heartbeat". The 5-second setting is configurable in the _nifi.properties_ file (see +heartbeats every 5 seconds, and if the Cluster Coordinator does not receive a heartbeat from a node within 40 seconds (= 5 seconds * 8), it +disconnects the node due to "lack of heartbeat". The 5-second and 8 times settings are configurable in the _nifi.properties_ file (see the <> section for more information). The reason that the Cluster Coordinator disconnects the node is because the Coordinator needs to ensure that every node in the cluster is in sync, and if a node is not heard from regularly, the Coordinator cannot be sure it is still in sync with the rest of the cluster. If, after @@ -3334,6 +3334,7 @@ When setting up a NiFi cluster, these properties should be configured the same w | |*Property*|*Description* |`nifi.cluster.protocol.heartbeat.interval`|The interval at which nodes should emit heartbeats to the Cluster Coordinator. The default value is `5 sec`. +|`nifi.cluster.protocol.heartbeat.missable.max`|Maximum number of heartbeats a Cluster Coordinator can miss for a node in the cluster before the Cluster Coordinator updates the node status to Disconnected. The default value is `8`. |`nifi.cluster.protocol.is.secure`|This indicates whether cluster communications are secure. The default value is `false`. | diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/heartbeat/Abstra
svn commit: r1876803 - /nifi/site/trunk/security.html
Author: alopresto Date: Tue Apr 21 17:53:08 2020 New Revision: 1876803 URL: http://svn.apache.org/viewvc?rev=1876803&view=rev Log: Fixed HackerOne URL in NiFi Security page. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1876803&r1=1876802&r2=1876803&view=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Tue Apr 21 17:53:08 2020 @@ -142,7 +142,7 @@ Send an email to mailto:secur...@nifi.apache.org";>secur...@nifi.apache.org. This is a private list monitored by the PMC. For sensitive disclosures, the GPG key fingerprint is 1230 3BB8 1F22 E11C 8725 926A AFF2 B368 23B9 44E9. -NiFi has a https://hackerone.com/apache_nifi"; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to +NiFi has a https://hackerone.com/apachenifi"; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to collaboratively report and resolve security vulnerabilities.
[nifi-site] 03/03: Fixed HackerOne URL in security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit e607ee74465c0d66fdc64609bbbcfe6affd34c0d Author: Andy LoPresto AuthorDate: Tue Apr 21 10:44:15 2020 -0700 Fixed HackerOne URL in security page. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index e98d116..21c010f 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -37,7 +37,7 @@ title: Apache NiFi Security Reports Send an email to mailto:secur...@nifi.apache.org";>secur...@nifi.apache.org. This is a private list monitored by the PMC. For sensitive disclosures, the GPG key fingerprint is 1230 3BB8 1F22 E11C 8725 926A AFF2 B368 23B9 44E9. -NiFi has a https://hackerone.com/apache_nifi"; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to +NiFi has a https://hackerone.com/apachenifi"; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to collaboratively report and resolve security vulnerabilities.
[nifi-site] 02/03: Updated heading in NiFi security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit bb04a0cdc58da95fea6fdae26c4b05f207d286f6 Author: Nathan Gough AuthorDate: Tue Apr 21 12:00:42 2020 -0400 Updated heading in NiFi security page. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index a2f4217..e98d116 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -7,7 +7,7 @@ title: Apache NiFi Security Reports -Security Vulnerability Disclosure +NiFi Security Vulnerability Disclosure
[nifi-site] branch master updated (c9b9250 -> e607ee7)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git. from c9b9250 Added NiFi Registry 0.6.0 download links. new 3bf66c7 NIFIREG-371 - Adding the NiFi Registry security/CVE documentation page and release information for NiFi Registry 0.6.0 release. new bb04a0c Updated heading in NiFi security page. new e607ee7 Fixed HackerOne URL in security page. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/includes/topbar.hbs | 3 +- src/pages/html/registry-security.hbs | 167 +++ src/pages/html/security.hbs | 4 +- 3 files changed, 171 insertions(+), 3 deletions(-) create mode 100644 src/pages/html/registry-security.hbs
[nifi-site] 01/03: NIFIREG-371 - Adding the NiFi Registry security/CVE documentation page and release information for NiFi Registry 0.6.0 release.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit 3bf66c72624e24b116150dabd76752f55b2a3a34 Author: Nathan Gough AuthorDate: Tue Apr 21 11:37:17 2020 -0400 NIFIREG-371 - Adding the NiFi Registry security/CVE documentation page and release information for NiFi Registry 0.6.0 release. --- src/includes/topbar.hbs | 3 +- src/pages/html/registry-security.hbs | 167 +++ 2 files changed, 169 insertions(+), 1 deletion(-) diff --git a/src/includes/topbar.hbs b/src/includes/topbar.hbs index 8a20972..7342922 100644 --- a/src/includes/topbar.hbs +++ b/src/includes/topbar.hbs @@ -30,7 +30,8 @@ Videos NiFi Docs https://cwiki.apache.org/confluence/display/NIFI";>Wiki -Security Reports +NiFi Security Reports +NiFi Registry Security Reports diff --git a/src/pages/html/registry-security.hbs b/src/pages/html/registry-security.hbs new file mode 100644 index 000..842697f --- /dev/null +++ b/src/pages/html/registry-security.hbs @@ -0,0 +1,167 @@ +--- +title: Apache NiFi Registry Security Reports +--- + + + + + + +NiFi Registry Security Vulnerability Disclosure + + + + +Apache NiFi Registry welcomes the responsible reporting of security vulnerabilities. The NiFi Registry team believes that working with skilled security researchers across the globe is crucial in identifying +weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We will work with you to resolve the issue +promptly. +Disclosure Policy + +Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. +Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. +Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit +permission of the account holder. + + +Exclusions +While researching, we'd like to ask you to refrain from: + +Denial of service +Spamming +Social engineering (including phishing) of Apache NiFi and NiFi Registry staff or contractors +Any physical attempts against Apache NiFi or NiFi Registry property or data centers + +Reporting Methods +NiFi Registry receives vulnerability reports through the Apache NiFi team via the following means: + +Send an email to mailto:secur...@nifi.apache.org";>secur...@nifi.apache.org. This is a private list monitored by the PMC. For sensitive +disclosures, the GPG key fingerprint is 1230 3BB8 1F22 E11C 8725 926A AFF2 B368 23B9 44E9. + + +Thank you for helping keep Apache NiFi Registry and our users safe! + + + + + +Fixed in Apache NiFi Registry 0.6.0 + + + + + +Vulnerabilities + + + + +CVE-2020-9482: Apache NiFi Registry user log out issue +Severity: Moderate +Versions Affected: + +Apache NiFi Registry 0.1.0 - 0.5.0 + + +Description: If NiFi Registry uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry. +Mitigation: The fix to invalidate the server-side authentication token immediately after the user clicks 'Log Out' was applied in the Apache NiFi Registry 0.6.0 release. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9482"; target="_blank">Mitre Database: CVE-2020-9482 +NiFi Registry Jira: https://issues.apache.org/jira/browse/NIFIREG-387"; target="_blank">NIFIREG-387 +NiFi Registry PR: https://github.com/apache/nifi-registry/pull/277"; target="_blank">PR 277 +Released: April 7, 2020 + + + + + +Dependency Vulnerabilities + + + + +CVE-2019-14540: Apache NiFi Registry's jackson-databind usage +Severity: Critical +Versions Affected: + +Apache NiFi Registry 0.5.0 - 0.5.0 + + +De
[nifi] branch master updated (8340078 -> 2224ace)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from 8340078 NIFI-7292 Preventing file listing from fail because of insufficient privileges add 2224ace Added Jira and security reporting links to README.md No new revisions were added by this update. Summary of changes: README.md | 2 ++ 1 file changed, 2 insertions(+)
svn commit: r1876384 - /nifi/site/trunk/docs/nifi-docs/index.html
Author: alopresto Date: Sat Apr 11 05:37:40 2020 New Revision: 1876384 URL: http://svn.apache.org/viewvc?rev=1876384&view=rev Log: Added walkthroughs link to frame navigation page. Modified: nifi/site/trunk/docs/nifi-docs/index.html Modified: nifi/site/trunk/docs/nifi-docs/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/index.html?rev=1876384&r1=1876383&r2=1876384&view=diff == --- nifi/site/trunk/docs/nifi-docs/index.html (original) +++ nifi/site/trunk/docs/nifi-docs/index.html Sat Apr 11 05:37:40 2020 @@ -49,6 +49,7 @@ RecordPath Guide Admin Guide Toolkit Guide +Walkthroughs No matching guides
svn commit: r1876383 [2/2] - in /nifi/site/trunk/docs/nifi-docs/html: ./ images/
rg/jira/secure/CreateIssue!default.jspa"; target="_blank">open a Jira (see https://cwiki.apache.org/confluence/display/NIFI/Contributor+Guide#ContributorGuide-WheretoStart?"; target="_blank">further instructions in the Contributor Guide) and https://github.com/apache/nifi/pulls"; target="_blank">submit a pull request (PR). + + + + + + + + +This document is provided with no warranty. All steps have been evaluated for correctness to the extent possible by the Apache NiFi community, but no responsibility is assumed for negative impacts on any computer system where these commands are executed. + + + + + + + +Installing Apache NiFi + + +Apache NiFi is an easy to use, powerful, and reliable system to process and distribute data. It supports powerful and scalable directed graphs of data routing, transformation, and system mediation logic. In addition to NiFi, there is the NiFi Toolkit, a collection of command-line tools which help perform administrative tasks such as interacting with remote services, generating TLS certificates, managing nodes in a cluster, and encrypting sensitive configuration values. + + + + + + + + +Description +Instructions on downloading the Apache NiFi application and Toolkit + + +Purpose +To make the application available to run on the specified machine (e.g. a local development environment) + + +Starting Point +Machine running modern OS + + +Expected Outcome +Latest version of Apache NiFi available to run on host with no configuration + + +Estimated Duration +1 minute + download time + + + + + + + + + + +The following instructions are for installing a single node of NiFi. This guide assumes Mac OS X / macOS 10.11.0+ but should work for any modern operating system. *nix commands are used by default, but Windows equivalents are provided where available. + + + + + + + +Go to the http://nifi.apache.org/download.html"; target="_blank">Apache NiFi Downloads page. + + +Download the latest version of NiFi via the compressed binary files. For example, if the latest version is 1.11.4: + + + +nifi-1.11.4-bin.tar.gz [1.2 GB] + + +nifi-toolkit-1.11.4-bin.tar.gz [42 MB] + + + + + +If you are directed to a mirror page, click the first link on the page to download the respective archive file. + + + + + + + +Note that the nifi-1.11.4-bin.tar.gz and the nifi-toolkit-1.11.4-bin.tar.gz compressed files are downloaded to your Downloads folder. + + +Download the GPG signature and checksums for those files. They are found on the initial download page next to each binary file. + + + +gpg --verify -v nifi-1.11.4-bin.tar.gz.asc — Verifies the GPG signature provided on the binary by the Release Manager (RM). See https://nifi.apache.org/gpg.html#verifying-a-release-signature"; target="_blank">NiFi GPG Guide: Verifying a Release Signature for further details + + +shasum -a 256 nifi-1.11.4-bin.tar.gz — Calculates a SHA-256 checksum over the downloaded artifact. This should be compared with the contents of nifi-1.11.4-bin.tar.gz.sha256 for equality + + +shasum -a 512 nifi-1.11.4-bin.tar.gz — Calculates a SHA-512 checksum over the downloaded artifact. This should be compared with the contents of nifi-1.11.4-bin.tar.gz.sha512 for equality + + + + + + + + + + +Extract the files from each tar.gz file. This can be done by double-clicking on the files in the Finder or running the following commands in the terminal. + + + +tar -xvzf nifi-1.11.4-bin.tar.gz — Uncompresses the gzip file and extracts the tar archive contents to nifi-1.11.4/ + + +tar -xvzf nifi-toolkit-1.11.4-bin.tar.gz — Uncompresses the gzip file and extracts the tar archive contents to nifi-toolkit-1.11.4/ + + + + + +Optionally, move the folders to a more appropriate location. + + + + + + +Building NiFi From Source + + + + + + + + +Description +Instructions on downloading the Apache NiFi source code and building the application locally + + +Purpose +To make the application (with potential code modifications) available to run on the specified machine (e.g. a local development environment) + + +Starting Point +Machine running modern OS + + +Expected Outcome +Latest version of Apache NiFi available to run on host with no configuration + + +Estimated Duration +10 - 35 minutes + download time + + + + + + + + + + +This guide assumes Mac OS X / macOS 10.11.0+ but should work for any modern operating system. *nix commands are used by default, but Windows equivalents are provided where available. + + + + + + + +Go to the http://nifi.apache.org/download.html"; target="_blank">Apache NiFi Downloads page. + + +Download the latest version of NiFi source code via the compressed files. For example, if the latest version is 1.11.4: + + + +nifi-1.11.4-source-release.zip [53 MB] + + + + + +If you are directed to a mirror page, click the first link on the page to download the respective archive file. + + +Note that the ni
svn commit: r1876383 [1/2] - in /nifi/site/trunk/docs/nifi-docs/html: ./ images/
Author: alopresto Date: Sat Apr 11 05:35:53 2020 New Revision: 1876383 URL: http://svn.apache.org/viewvc?rev=1876383&view=rev Log: Added walkthroughs.html doc to site. Added: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/install-download-link.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/keychain-access-certificate-listing.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/keychain-access-trust-certificate.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-app-log-ui-available.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-application-running-browser.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-cluster-tls-toolkit-certificate-diagram.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-home-dir-listing.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-running-tls-client-certificate.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-secure-cluster-no-permissions.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-secure-cluster-permissions.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-secure-cluster-status.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-tls-standalone-external-certificate-diagram.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-tls-toolkit-standalone-cert-diagram.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-toolkit-home-dir-listing.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-trusted-server-certificate.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi_first_launch_screenshot.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/tls-authorizers-file-accessPolicyProvider.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/tls-authorizers-file-userGroupProvider.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/tls-certificate-folder.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/verify-release-gpg-and-checksums.png (with props) nifi/site/trunk/docs/nifi-docs/html/walkthroughs.html Added: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png?rev=1876383&view=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png?rev=1876383&view=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png?rev=1876383&view=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png?rev=1876383&view=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/install-download
[nifi] branch master updated: NIFI-7319 Add walkthrough document (#4193)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 07a8311 NIFI-7319 Add walkthrough document (#4193) 07a8311 is described below commit 07a8311b4cedfc1b45ccc8e1a11324bcd3c71da7 Author: Andy LoPresto AuthorDate: Fri Apr 10 22:25:40 2020 -0700 NIFI-7319 Add walkthrough document (#4193) * NIFI-7319 Added first draft of walkthroughs doc. * NIFI-7319 Added instructions and screenshots for securing standalone NiFi instance. * NIFI-7319 Added instructions and screenshots for instructing OS & browser to trust self-signed certificate. * NIFI-7319 Added instructions and screenshots for securing NiFi with externally-provided certificates. * NIFI-7319 Added instructions and screenshots for building NiFi from source. * NIFI-7319 [WIP] Converting secure cluster instructions to match format. Fixed instructions regarding embedded ZooKeeper configuration. * NIFI-7319 Completed secure cluster walkthrough. * NIFI-7319 Added walkthroughs to documentation navigation list. * NIFI-7319 Incorporated PR feedback on broken links. * NIFI-7319 Removed line number helpers from update sections. * NIFI-7319 Incorporated final PR review items. Co-authored-by: Sandra Pius --- .../authorizers-xml-initial-node-identities.png| Bin 0 -> 229506 bytes .../authorizers-xml-initial-user-identities.png| Bin 0 -> 184724 bytes .../images/browser-present-client-cert.png | Bin 0 -> 653581 bytes .../images/browser-warning-insecure-site.png | Bin 0 -> 539107 bytes .../main/asciidoc/images/install-download-link.png | Bin 0 -> 63965 bytes .../images/keychain-access-certificate-listing.png | Bin 0 -> 604391 bytes .../images/keychain-access-trust-certificate.png | Bin 0 -> 395479 bytes .../asciidoc/images/nifi-app-log-ui-available.png | Bin 0 -> 270149 bytes .../images/nifi-application-running-browser.png| Bin 0 -> 678902 bytes ...ifi-cluster-tls-toolkit-certificate-diagram.png | Bin 0 -> 117853 bytes .../main/asciidoc/images/nifi-home-dir-listing.png | Bin 0 -> 458278 bytes .../images/nifi-running-tls-client-certificate.png | Bin 0 -> 712346 bytes .../images/nifi-secure-cluster-no-permissions.png | Bin 0 -> 776616 bytes .../images/nifi-secure-cluster-permissions.png | Bin 0 -> 763213 bytes .../asciidoc/images/nifi-secure-cluster-status.png | Bin 0 -> 692718 bytes ...tls-standalone-external-certificate-diagram.png | Bin 0 -> 110528 bytes .../nifi-tls-toolkit-standalone-cert-diagram.png | Bin 0 -> 107494 bytes .../images/nifi-toolkit-home-dir-listing.png | Bin 0 -> 239110 bytes .../images/nifi-trusted-server-certificate.png | Bin 0 -> 852121 bytes .../tls-authorizers-file-accessPolicyProvider.png | Bin 0 -> 151488 bytes .../tls-authorizers-file-userGroupProvider.png | Bin 0 -> 124066 bytes .../asciidoc/images/tls-certificate-folder.png | Bin 0 -> 45639 bytes .../images/verify-release-gpg-and-checksums.png| Bin 0 -> 547141 bytes nifi-docs/src/main/asciidoc/walkthroughs.adoc | 1108 .../src/main/webapp/WEB-INF/jsp/documentation.jsp |1 + 25 files changed, 1109 insertions(+) diff --git a/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-node-identities.png b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-node-identities.png new file mode 100644 index 000..80bc959 Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-node-identities.png differ diff --git a/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-user-identities.png b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-user-identities.png new file mode 100644 index 000..7546dff Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-user-identities.png differ diff --git a/nifi-docs/src/main/asciidoc/images/browser-present-client-cert.png b/nifi-docs/src/main/asciidoc/images/browser-present-client-cert.png new file mode 100644 index 000..1db34d7 Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/browser-present-client-cert.png differ diff --git a/nifi-docs/src/main/asciidoc/images/browser-warning-insecure-site.png b/nifi-docs/src/main/asciidoc/images/browser-warning-insecure-site.png new file mode 100644 index 000..a80cc14 Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/browser-warning-insecure-site.png differ diff --git a/nifi-docs/src/main/asciidoc/images/install-download-link.png b/nifi-docs/src/main/asciidoc/images/install-download-link.png new file mode 100644 index 000..6001015 Binary files /dev/null and b
[nifi] branch master updated (84968e7 -> 1ec7e31)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from 84968e7 NIFI-7087: Use FlowManager.findAllConnections() when available add 1ec7e31 NIFI-7341 Updated certificate commands and source code formatting in Toolkit Guide. (#4196) No new revisions were added by this update. Summary of changes: nifi-docs/src/main/asciidoc/toolkit-guide.adoc | 68 +++--- 1 file changed, 40 insertions(+), 28 deletions(-)
[nifi-site] 02/02: Added NiFi Registry 0.6.0 download links.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit c9b92502d32920aaeed656b757255d611a543a1f Author: Andy LoPresto AuthorDate: Thu Apr 9 09:15:28 2020 -0700 Added NiFi Registry 0.6.0 download links. --- src/pages/html/registry.hbs | 56 ++--- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/src/pages/html/registry.hbs b/src/pages/html/registry.hbs index f2a5cdc..c376898 100644 --- a/src/pages/html/registry.hbs +++ b/src/pages/html/registry.hbs @@ -66,61 +66,61 @@ title: Apache NiFi - Registry - 0.5.0 + 0.6.0 Sources - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip";>nifi-registry-0.5.0-source-release.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc";>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256";>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha512";>sha512 ) + https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip";>nifi-registry-0.6.0-source-release.zip ( + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip.asc";>asc, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip.sha256";>sha256, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip.sha512";>sha512 ) Binaries - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz";>nifi-registry-0.5.0-bin.tar.gz ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.asc";>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha256";>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha512";>sha512 ) + https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz";>nifi-registry-0.6.0-bin.tar.gz ( + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz.asc";>asc, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz.sha256";>sha256, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz.sha512";>sha512 ) - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip";>nifi-registry-0.5.0-bin.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.asc";>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha256";>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha512";>sha512 ) + https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.zip";>nifi-registry-0.6.0-bin.zip ( + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.zip.asc";>asc, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0
[nifi-site] branch master updated (51b799e -> c9b9250)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git. from 51b799e NIFI-7238 - Update security.html for NiFi 1.11.4 release. new 05ad860 Updated 1.11.4 security announcement. new c9b9250 Added NiFi Registry 0.6.0 download links. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/pages/html/registry.hbs | 56 ++--- src/pages/html/security.hbs | 4 ++-- 2 files changed, 30 insertions(+), 30 deletions(-)
[nifi-site] 01/02: Updated 1.11.4 security announcement.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit 05ad86063df875c6ddea9ac36a90b4fb78321760 Author: Andy LoPresto AuthorDate: Thu Apr 9 08:52:20 2020 -0700 Updated 1.11.4 security announcement. --- src/pages/html/security.hbs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 01108a9..a2f4217 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -59,10 +59,10 @@ title: Apache NiFi Security Reports CVE-2020-5398: Apache NiFi's spring-data-redis usage -Severity: High +Severity: Moderate Versions Affected: -Apache NiFi 1.8.0 - 1.11.4 +Apache NiFi 1.8.0 - 1.11.3 Description: The org.springframework.data:spring-data-redis dependency in the nifi-redis-bundle had a vulnerable transitive dependency. See https://nvd.nist.gov/vuln/detail/CVE-2020-5398"; target="_blank">NIST NVD CVE-2020-5398 for more information.
svn commit: r1876331 - in /nifi/site/trunk: registry.html security.html
Author: alopresto Date: Thu Apr 9 16:18:33 2020 New Revision: 1876331 URL: http://svn.apache.org/viewvc?rev=1876331&view=rev Log: Added NiFi Registry 0.6.0 links to source code. Added NiFi 1.11.4 CVE announcements. Modified: nifi/site/trunk/registry.html nifi/site/trunk/security.html Modified: nifi/site/trunk/registry.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/registry.html?rev=1876331&r1=1876330&r2=1876331&view=diff == --- nifi/site/trunk/registry.html (original) +++ nifi/site/trunk/registry.html Thu Apr 9 16:18:33 2020 @@ -198,62 +198,33 @@ https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.6.0";>Release Notes - - 0.5.0 - - - Sources - - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip";>nifi-registry-0.5.0-source-release.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc";>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256";>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha512";>sha512 ) - - - - Binaries - - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz";>nifi-registry-0.5.0-bin.tar.gz ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.asc";>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha256";>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha512";>sha512 ) - - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip";>nifi-registry-0.5.0-bin.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.asc";>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha256";>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha512";>sha512 ) - - - https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.5.0";>Release Notes - - -0.4.0 +0.5.0 Sources -https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip";>nifi-registry-0.4.0-source-release.zip ( - https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.asc";>asc, - https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.sha256";>sha256, - https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.sha512";>sha512 ) +https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip";>nifi-registry-0.5.0-source-release.zip ( + https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc";>asc, + https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256";>sha256, + https://archive.apache.org/dist/nifi/nifi-registry/n
[nifi-registry] branch master updated: NIFIREG-380 - Allow NiFi Registry admins to configure whether Jetty will send the Jetty server version in responses. NIFIREG-380 Added new property to default ni
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-registry.git The following commit(s) were added to refs/heads/master by this push: new 56a44c8 NIFIREG-380 - Allow NiFi Registry admins to configure whether Jetty will send the Jetty server version in responses. NIFIREG-380 Added new property to default nifi-registry.properties. 56a44c8 is described below commit 56a44c8528ec6f420b4b9d1c7b402da8417f518d Author: Nathan Gough AuthorDate: Mon Apr 6 21:10:25 2020 -0400 NIFIREG-380 - Allow NiFi Registry admins to configure whether Jetty will send the Jetty server version in responses. NIFIREG-380 Added new property to default nifi-registry.properties. This closes #273. Signed-off-by: Andy LoPresto --- nifi-registry-assembly/pom.xml | 1 + .../src/main/java/org/apache/nifi/registry/jetty/JettyServer.java | 1 + .../org/apache/nifi/registry/properties/NiFiRegistryProperties.java | 6 ++ .../src/main/resources/conf/nifi-registry.properties| 1 + 4 files changed, 9 insertions(+) diff --git a/nifi-registry-assembly/pom.xml b/nifi-registry-assembly/pom.xml index 655964c..b4c7acd 100644 --- a/nifi-registry-assembly/pom.xml +++ b/nifi-registry-assembly/pom.xml @@ -152,6 +152,7 @@ ./work/jetty 200 + true diff --git a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java index 387857f..d20fce4 100644 --- a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java +++ b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java @@ -148,6 +148,7 @@ public class JettyServer { final HttpConfiguration httpConfiguration = new HttpConfiguration(); httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE); httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE); + httpConfiguration.setSendServerVersion(properties.shouldSendServerVersion()); if (properties.getPort() != null) { final Integer port = properties.getPort(); diff --git a/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java b/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java index e1e9a39..d3b4a25 100644 --- a/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java +++ b/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java @@ -38,6 +38,7 @@ public class NiFiRegistryProperties extends Properties { public static final String WEB_HTTPS_HOST = "nifi.registry.web.https.host"; public static final String WEB_WORKING_DIR = "nifi.registry.web.jetty.working.directory"; public static final String WEB_THREADS = "nifi.registry.web.jetty.threads"; +public static final String WEB_SHOULD_SEND_SERVER_VERSION = "nifi.registry.web.should.send.server.version"; public static final String SECURITY_KEYSTORE = "nifi.registry.security.keystore"; public static final String SECURITY_KEYSTORE_TYPE = "nifi.registry.security.keystoreType"; @@ -95,6 +96,7 @@ public class NiFiRegistryProperties extends Properties { public static final String DEFAULT_SECURITY_IDENTITY_PROVIDER_CONFIGURATION_FILE = "./conf/identity-providers.xml"; public static final String DEFAULT_AUTHENTICATION_EXPIRATION = "12 hours"; public static final String DEFAULT_EXTENSIONS_WORKING_DIR = "./work/extensions"; +public static final String DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION = "true"; public int getWebThreads() { int webThreads = 200; @@ -122,6 +124,10 @@ public class NiFiRegistryProperties extends Properties { return getSslPort() != null; } +public boolean shouldSendServerVersion() { +return Boolean.parseBoolean(getProperty(WEB_SHOULD_SEND_SERVER_VERSION, DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION)); +} + public String getHttpsHost() { return getProperty(WEB_HTTPS_HOST); } diff --git a/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties b/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties index 2341f38..1b62023 100644 --- a/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties +++ b/nifi-registry-core/nifi-registry-resou
[nifi] branch master updated: NIFI-7326 updated URL to find splunk artifacts (#4188)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 445efcf NIFI-7326 updated URL to find splunk artifacts (#4188) 445efcf is described below commit 445efcfde615e94f03a0a42fab4309313d821046 Author: Joe Witt AuthorDate: Mon Apr 6 23:36:56 2020 -0400 NIFI-7326 updated URL to find splunk artifacts (#4188) Signed-off-by: Andy LoPresto --- nifi-nar-bundles/nifi-splunk-bundle/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nifi-nar-bundles/nifi-splunk-bundle/pom.xml b/nifi-nar-bundles/nifi-splunk-bundle/pom.xml index b11c8d0..73e2432 100644 --- a/nifi-nar-bundles/nifi-splunk-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-splunk-bundle/pom.xml @@ -34,9 +34,9 @@ -splunk -Splunk Artifactory - https://splunk.artifactoryonline.com/splunk/ext-releases-local/ +splunk-artifactory +Splunk Releases +https://splunk.jfrog.io/splunk/ext-releases-local true
[nifi] branch master updated: NIFI-7126 Increased test iterations to 10,000 in Argon2SecureHasherTe… (#4187)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 59c756c NIFI-7126 Increased test iterations to 10,000 in Argon2SecureHasherTe… (#4187) 59c756c is described below commit 59c756c72b756a497003cc59020de229bd45260f Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Mon Apr 6 18:26:32 2020 -0700 NIFI-7126 Increased test iterations to 10,000 in Argon2SecureHasherTe… (#4187) * NIFI-7126 Increased test iterations to 10,000 in Argon2SecureHasherTest#testDefaultCostParamsShouldBeSufficient to avoid JVM warmup issues. Signed-off-by: Andy LoPresto --- .../org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy index 9a8b1ae..2a02a1c 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy @@ -209,10 +209,11 @@ class Argon2SecureHasherTest extends GroovyTestCase { * This test can have the minimum time threshold updated to determine if the performance * is still sufficient compared to the existing threat model. */ +@Ignore("Long running test") @Test void testDefaultCostParamsShouldBeSufficient() { // Arrange -int testIterations = 10 +int testIterations = 10_000 byte[] inputBytes = "This is a sensitive value".bytes Argon2SecureHasher a2sh = new Argon2SecureHasher()
[nifi] branch master updated: NIFI-7153 Adds ContentLengthFilter to enforce configurable maximum length on incoming HTTP requests. Adds DoSFilter to enforce configurable maximum on incoming HTTP reque
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 483f23a NIFI-7153 Adds ContentLengthFilter to enforce configurable maximum length on incoming HTTP requests. Adds DoSFilter to enforce configurable maximum on incoming HTTP requests per second. Redirected log messages for ContentLengthFilter to nifi-app.log in logback.xml. 483f23a is described below commit 483f23a8aac7af780feda4b0193401366172b119 Author: Troy Melhase AuthorDate: Sun Mar 22 13:49:25 2020 -0800 NIFI-7153 Adds ContentLengthFilter to enforce configurable maximum length on incoming HTTP requests. Adds DoSFilter to enforce configurable maximum on incoming HTTP requests per second. Redirected log messages for ContentLengthFilter to nifi-app.log in logback.xml. This closes #4125. Signed-off-by: Andy LoPresto --- .../java/org/apache/nifi/util/NiFiProperties.java | 12 ++ .../org/apache/nifi/util/NiFiPropertiesTest.java | 19 +++ .../src/main/asciidoc/administration-guide.adoc| 2 + .../nifi-framework/nifi-resources/pom.xml | 3 +- .../src/main/resources/conf/logback.xml| 5 + .../src/main/resources/conf/nifi.properties| 2 + .../org/apache/nifi/web/server/JettyServer.java| 43 + .../nifi/web/filter/ContentLengthFilterTest.java | 185 + .../web/security/requests/ContentLengthFilter.java | 149 + .../src/main/webapp/js/nf/nf-error-handler.js | 6 +- 10 files changed, 423 insertions(+), 3 deletions(-) diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java index 4c6a354..3fea5df 100644 --- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java +++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java @@ -193,6 +193,8 @@ public abstract class NiFiProperties { public static final String WEB_MAX_HEADER_SIZE = "nifi.web.max.header.size"; public static final String WEB_PROXY_CONTEXT_PATH = "nifi.web.proxy.context.path"; public static final String WEB_PROXY_HOST = "nifi.web.proxy.host"; +public static final String WEB_MAX_CONTENT_SIZE = "nifi.web.max.content.size"; +public static final String WEB_MAX_REQUESTS_PER_SECOND = "nifi.web.max.requests.per.second"; // ui properties public static final String UI_BANNER_TEXT = "nifi.ui.banner.text"; @@ -266,6 +268,8 @@ public abstract class NiFiProperties { public static final int DEFAULT_WEB_THREADS = 200; public static final String DEFAULT_WEB_MAX_HEADER_SIZE = "16 KB"; public static final String DEFAULT_WEB_WORKING_DIR = "./work/jetty"; +public static final String DEFAULT_WEB_MAX_CONTENT_SIZE = "20 MB"; +public static final String DEFAULT_WEB_MAX_REQUESTS_PER_SECOND = "3"; public static final String DEFAULT_NAR_WORKING_DIR = "./work/nar"; public static final String DEFAULT_COMPONENT_DOCS_DIRECTORY = "./work/docs/components"; public static final String DEFAULT_NAR_LIBRARY_DIR = "./lib"; @@ -643,6 +647,14 @@ public abstract class NiFiProperties { return getProperty(WEB_MAX_HEADER_SIZE, DEFAULT_WEB_MAX_HEADER_SIZE); } +public String getWebMaxContentSize() { +return getProperty(WEB_MAX_CONTENT_SIZE, DEFAULT_WEB_MAX_CONTENT_SIZE); +} + +public String getMaxWebRequestsPerSecond() { +return getProperty(WEB_MAX_REQUESTS_PER_SECOND, DEFAULT_WEB_MAX_REQUESTS_PER_SECOND); +} + public int getWebThreads() { return getIntegerProperty(WEB_THREADS, DEFAULT_WEB_THREADS); } diff --git a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java index 9bc5e90..da5e8da 100644 --- a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java +++ b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java @@ -261,4 +261,23 @@ public class NiFiPropertiesTest { // Expect RuntimeException thrown assertEquals(Integer.parseInt(portValue), clusterProtocolAddress.getPort()); } + +@Test +public void testShouldHaveReasonableMaxContentLengthValues() { +// Arrange with default values: +NiFiProperties properties = NiFiProperties.createBasicNiFiProperties(null, new HashMap() {{ +}}); + +// Assert defaults match expectations: +assertEquals(properties.getWebMaxCont
[nifi] branch master updated: NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new f91d6c4 NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151) f91d6c4 is described below commit f91d6c420d78aa000f1cc894636f56b533b589b8 Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Tue Mar 17 19:49:15 2020 -0700 NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151) * NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.favre.lib.bcrypt library. Updated LICENSE and NOTICE files to reflect changes. Updated unit tests. Co-authored-by: Andy LoPresto * NIFI-7268 Fixed typo in Javadoc. Co-authored-by: Andy LoPresto --- LICENSE| 17 - nifi-assembly/LICENSE | 17 - nifi-assembly/pom.xml | 4 +- nifi-commons/nifi-security-utils/pom.xml | 9 +-- .../security/util/crypto/BcryptCipherProvider.java | 79 +- .../crypto/BcryptCipherProviderGroovyTest.groovy | 45 ++-- .../src/main/resources/META-INF/LICENSE| 17 - .../src/main/resources/META-INF/LICENSE| 19 -- .../src/main/resources/META-INF/LICENSE| 21 -- .../src/main/resources/META-INF/LICENSE| 17 - .../src/main/resources/META-INF/LICENSE| 19 +- .../src/main/resources/META-INF/LICENSE| 17 - .../nifi-standard-processors/pom.xml | 5 +- nifi-nar-bundles/nifi-standard-bundle/pom.xml | 6 +- 14 files changed, 97 insertions(+), 195 deletions(-) diff --git a/LICENSE b/LICENSE index e6f09b4..f1db125 100644 --- a/LICENSE +++ b/LICENSE @@ -298,23 +298,6 @@ This product bundles HexViewJS available under an MIT License TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - -Copyright (c) 2006 Damien Miller - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'Fontello' which is available under an MIT license. Copyright (C) 2011 by Vitaly Puzrin diff --git a/nifi-assembly/LICENSE b/nifi-assembly/LICENSE index d61cb40..345c887 100644 --- a/nifi-assembly/LICENSE +++ b/nifi-assembly/LICENSE @@ -1658,23 +1658,6 @@ information can be found here: OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - -Copyright (c) 2006 Damien Miller - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'js-beautify' which is available under an MIT license. Copyright (c) 2007-2013 Einar Lielmanis and contributors. diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml index ef8d3d0..7ee07c3 100644 --- a/nifi-assembly/pom.xml +++ b/nifi-assembly/pom.xml @@ -1108,7 +1108,7 @@ language governing permissions and limitations under the License. -->
[nifi] branch master updated: NIFI-7267 - Upgrade spring-data-redis in Redis bundle (#4150)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7105bf3 NIFI-7267 - Upgrade spring-data-redis in Redis bundle (#4150) 7105bf3 is described below commit 7105bf36a8e191cacf43ed8ac6171be64a8c2e02 Author: Pierre Villard AuthorDate: Tue Mar 17 23:51:28 2020 +0100 NIFI-7267 - Upgrade spring-data-redis in Redis bundle (#4150) Signed-off-by: Andy LoPresto --- nifi-nar-bundles/nifi-redis-bundle/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-redis-bundle/pom.xml b/nifi-nar-bundles/nifi-redis-bundle/pom.xml index c4cecc4..fc6213e 100644 --- a/nifi-nar-bundles/nifi-redis-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-redis-bundle/pom.xml @@ -27,7 +27,7 @@ pom -2.1.0.RELEASE +2.1.16.RELEASE
[nifi] branch master updated (d687209 -> 290bd37)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from d687209 NIFI-7242: When a Parameter is changed, any property referencing that parameter should have its #onPropertyModified method called. Also renamed Accumulo tests to integration tests because they start embedded servers and connect to them, which caused failures in my environment. Also fixed a bug in TestLengthDelimitedJournal because it was resulting in failures when building locally as well. add 290bd37 NIFI-7119 Implement boundary checking for Argon2 cost parameters (#4111) No new revisions were added by this update. Summary of changes: .../security/util/crypto/Argon2SecureHasher.java | 138 -- .../util/crypto/Argon2SecureHasherTest.groovy | 156 + 2 files changed, 284 insertions(+), 10 deletions(-)
[nifi] branch master updated: NIFI-7179 Documented Download flow option in Process group context menu (#4124)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7b0ae56 NIFI-7179 Documented Download flow option in Process group context menu (#4124) 7b0ae56 is described below commit 7b0ae56a2c08de8898cc55ce8e4d44b2e1767fcd Author: Andrew Lim AuthorDate: Mon Mar 9 19:54:56 2020 -0400 NIFI-7179 Documented Download flow option in Process group context menu (#4124) Signed-off-by: Andy LoPresto --- .../asciidoc/images/nifi-process-group-menu.png | Bin 87194 -> 95017 bytes nifi-docs/src/main/asciidoc/user-guide.adoc | 3 +++ 2 files changed, 3 insertions(+) diff --git a/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png b/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png index 0f3db8e..c7affa3 100644 Binary files a/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png and b/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png differ diff --git a/nifi-docs/src/main/asciidoc/user-guide.adoc b/nifi-docs/src/main/asciidoc/user-guide.adoc index 1bf6c8a..7e173d1 100644 --- a/nifi-docs/src/main/asciidoc/user-guide.adoc +++ b/nifi-docs/src/main/asciidoc/user-guide.adoc @@ -364,11 +364,14 @@ NOTE: It is also possible to double-click on the Process Group to enter it. - *Start*: This option allows the user to start a Process Group. - *Stop*: This option allows the user to stop a Process Group. +- *Enable*: This option allows the user to enable all Processors in the Process Group. +- *Disable*: This option allows the user to disable all Processors in the Process Group. - *View status history*: This option opens a graphical representation of the Process Group's statistical information over time. - *View connections->Upstream*: This option allows the user to see and "jump to" upstream connections that are coming into the Process Group. - *View connections->Downstream*: This option allows the user to see and "jump to" downstream connections that are going out of the Process Group. - *Center in view*: This option centers the view of the canvas on the given Process Group. - *Group*: This option allows the user to create a new Process Group that contains the selected Process Group and any other components selected on the canvas. +- *Download flow*: This option allows the user to download the flow as a JSON file. The file can be used as a backup or imported into a link:https://nifi.apache.org/registry.html[NiFi Registry^] using the <>. (Note: If "Download flow" is selected for a versioned process group, there is no versioning information in the download. In other words, the resulting contents of the JSON file is the same whether the process group is versioned or not.) - *Create template*: This option allows the user to create a template from the selected Process Group. - *Copy*: This option places a copy of the selected Process Group on the clipboard, so that it may be pasted elsewhere on the canvas by right-clicking on the canvas and selecting Paste. The Copy/Paste actions also may be done using the keystrokes Ctrl-C (Command-C) and Ctrl-V (Command-V). - *Delete*: This option allows the DFM to delete a Process Group.
[nifi] branch master updated: NIFI-7227 Fixed typo in Global Access Policy table (#4112)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7773681 NIFI-7227 Fixed typo in Global Access Policy table (#4112) 7773681 is described below commit 7773681eeaa82f9c4099a3191d1f7f784f91bf7a Author: Andy LoPresto AuthorDate: Wed Mar 4 12:59:05 2020 -0800 NIFI-7227 Fixed typo in Global Access Policy table (#4112) Co-authored-by: spius <57421336+sp...@users.noreply.github.com> Signed-off-by: Andy LoPresto --- nifi-docs/src/main/asciidoc/administration-guide.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index 7093fbd..5c90725 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -1104,7 +1104,7 @@ Global access policies govern the following system level authorizations: |Policy |Privilege |Global Menu Selection |Resource Descriptor |view the UI -|Allow users to view the UI +|Allows users to view the UI |N/A |`/flow`
svn commit: r1874805 - /nifi/site/trunk/download.html
Author: alopresto Date: Wed Mar 4 16:08:29 2020 New Revision: 1874805 URL: http://svn.apache.org/viewvc?rev=1874805&view=rev Log: Updated download links to new domain. Modified: nifi/site/trunk/download.html Modified: nifi/site/trunk/download.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/download.html?rev=1874805&r1=1874804&r2=1874805&view=diff == --- nifi/site/trunk/download.html (original) +++ nifi/site/trunk/download.html Wed Mar 4 16:08:29 2020 @@ -119,7 +119,7 @@ To verify the downloads please follow these https://www.apache.org/info/verification.html";>procedures -using these https://www.apache.org/dist/nifi/KEYS";>KEYS +using these https://downloads.apache.org/nifi/KEYS";>KEYS If a download is not found please allow up to 24 hours for the mirrors to sync. @@ -133,20 +133,20 @@ Sources: -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip";>nifi-1.11.3-source-release.zip [53 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip";>nifi-1.11.3-source-release.zip [53 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512";>sha512 ) Binaries -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz";>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz";>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512";>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip";>nifi-1.11.3-bin.zip [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip";>nifi-1.11.3-bin.zip [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512";>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz";>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz";>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512";>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip";>nifi-toolkit-1.11.3-bin.zip [42 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip.sha256&
[nifi-site] branch master updated: Changed old download links to downloads.apache.org.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/master by this push: new ddab941 Changed old download links to downloads.apache.org. ddab941 is described below commit ddab941a5eb971ba482b46cfee299add354205a2 Author: Andy LoPresto AuthorDate: Wed Mar 4 07:59:47 2020 -0800 Changed old download links to downloads.apache.org. --- src/pages/html/download.hbs | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/pages/html/download.hbs b/src/pages/html/download.hbs index 16a2806..772eeb7 100644 --- a/src/pages/html/download.hbs +++ b/src/pages/html/download.hbs @@ -15,7 +15,7 @@ title: Apache NiFi Downloads To verify the downloads please follow these https://www.apache.org/info/verification.html";>procedures -using these https://www.apache.org/dist/nifi/KEYS";>KEYS +using these https://downloads.apache.org/nifi/KEYS";>KEYS If a download is not found please allow up to 24 hours for the mirrors to sync. @@ -29,20 +29,20 @@ title: Apache NiFi Downloads Sources: -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip";>nifi-1.11.3-source-release.zip [53 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip";>nifi-1.11.3-source-release.zip [53 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512";>sha512 ) Binaries -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz";>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz";>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512";>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip";>nifi-1.11.3-bin.zip [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip";>nifi-1.11.3-bin.zip [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512";>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz";>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc";>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256";>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512";>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz";>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc";>asc, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256";>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512";>sha512 ) -https://www.apac
[nifi] branch master updated: NIFI-7121 Updated comment to state a 'static' salt is used in the constructor. (#4098)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 0b2816b NIFI-7121 Updated comment to state a 'static' salt is used in the constructor. (#4098) 0b2816b is described below commit 0b2816baa4a44ac8e2128e4730796cc193d8bced Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Tue Mar 3 15:50:49 2020 -0800 NIFI-7121 Updated comment to state a 'static' salt is used in the constructor. (#4098) Signed-off-by: Andy LoPresto --- .../java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java index 0697f3d..22e618c 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java @@ -70,7 +70,7 @@ public class Argon2SecureHasher implements SecureHasher { } /** - * Instantiates an Argon2 secure hasher using the provided cost parameters. A unique + * Instantiates an Argon2 secure hasher using the provided cost parameters. A static * {@link #DEFAULT_SALT_LENGTH} byte salt will be generated on every hash request. * * @param hashLength the output length in bytes ({@code 4 to 2^32 - 1})
[nifi] branch master updated: NIFI-7218 Fixed typo in Overview docs. (#4107)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new cb08382 NIFI-7218 Fixed typo in Overview docs. (#4107) cb08382 is described below commit cb08382da4cb888c1d8cdfab078a57c0c2986501 Author: Andy LoPresto AuthorDate: Tue Mar 3 15:47:42 2020 -0800 NIFI-7218 Fixed typo in Overview docs. (#4107) --- nifi-docs/src/main/asciidoc/overview.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/overview.adoc b/nifi-docs/src/main/asciidoc/overview.adoc index 594d9a3..78ab665 100644 --- a/nifi-docs/src/main/asciidoc/overview.adoc +++ b/nifi-docs/src/main/asciidoc/overview.adoc @@ -20,7 +20,7 @@ Apache NiFi Team :linkattrs: == What is Apache NiFi? -Put simply NiFi was built to automate the flow of data between systems. While +Put simply, NiFi was built to automate the flow of data between systems. While the term 'dataflow' is used in a variety of contexts, we use it here to mean the automated and managed flow of information between systems. This problem space has been around ever since enterprises had more than one system,
[nifi] branch master updated: NIFI-7152 Added custom ExceptionMappers to handle invalid Remote Process Group port value - (#4085)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 815e4cf NIFI-7152 Added custom ExceptionMappers to handle invalid Remote Process Group port value - (#4085) 815e4cf is described below commit 815e4cf51f913645352899837f702c7cd4f3a246 Author: Andy LoPresto AuthorDate: Tue Feb 25 13:14:52 2020 -0800 NIFI-7152 Added custom ExceptionMappers to handle invalid Remote Process Group port value - (#4085) JsonContentConversionExceptionMapper, JsonMappingExceptionMapper, JsonParseExceptionMapper. Registered the custom ExceptionMappers. Added unit tests to throw Exception for string port value and sanitize script input. Handled null or empty JsonMappingException reference path. Added the Apache license to Groovy Test. Signed-off-by: Andy LoPresto --- .../apache/nifi/web/NiFiWebApiResourceConfig.java | 6 +- .../JsonContentConversionExceptionMapper.java | 67 + .../web/api/config/JsonMappingExceptionMapper.java | 47 ++ .../web/api/config/JsonParseExceptionMapper.java | 46 + ...JsonContentConversionExceptionMapperTest.groovy | 104 + 5 files changed, 268 insertions(+), 2 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java index 4f19596..7569b37 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java @@ -30,6 +30,9 @@ import org.apache.nifi.web.api.config.IllegalNodeReconnectionExceptionMapper; import org.apache.nifi.web.api.config.IllegalStateExceptionMapper; import org.apache.nifi.web.api.config.InvalidAuthenticationExceptionMapper; import org.apache.nifi.web.api.config.InvalidRevisionExceptionMapper; +import org.apache.nifi.web.api.config.JsonMappingExceptionMapper; +import org.apache.nifi.web.api.config.JsonParseExceptionMapper; +import org.apache.nifi.web.api.config.JsonContentConversionExceptionMapper; import org.apache.nifi.web.api.config.MutableRequestExceptionMapper; import org.apache.nifi.web.api.config.NiFiCoreExceptionMapper; import org.apache.nifi.web.api.config.NoClusterCoordinatorExceptionMapper; @@ -46,8 +49,6 @@ import org.apache.nifi.web.api.config.WebApplicationExceptionMapper; import org.apache.nifi.web.api.filter.RedirectResourceFilter; import org.apache.nifi.web.util.ObjectMapperResolver; import org.glassfish.jersey.jackson.JacksonFeature; -import org.glassfish.jersey.jackson.internal.jackson.jaxrs.base.JsonMappingExceptionMapper; -import org.glassfish.jersey.jackson.internal.jackson.jaxrs.base.JsonParseExceptionMapper; import org.glassfish.jersey.media.multipart.MultiPartFeature; import org.glassfish.jersey.message.GZipEncoder; import org.glassfish.jersey.server.ResourceConfig; @@ -118,6 +119,7 @@ public class NiFiWebApiResourceConfig extends ResourceConfig { register(InvalidRevisionExceptionMapper.class); register(JsonMappingExceptionMapper.class); register(JsonParseExceptionMapper.class); +register(JsonContentConversionExceptionMapper.class); register(MutableRequestExceptionMapper.class); register(NiFiCoreExceptionMapper.class); register(NoConnectedNodesExceptionMapper.class); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/JsonContentConversionExceptionMapper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/JsonContentConversionExceptionMapper.java new file mode 100644 index 000..51109ca --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/JsonContentConversionExceptionMapper.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * d
[nifi] branch master updated: NIFI-7175 Fixed core attributes formatting in Developer Guide. (#4066)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new eef0470 NIFI-7175 Fixed core attributes formatting in Developer Guide. (#4066) eef0470 is described below commit eef04709b97f41a9c27cca82a9b885d03cb43784 Author: Andy LoPresto AuthorDate: Fri Feb 21 10:41:41 2020 -0800 NIFI-7175 Fixed core attributes formatting in Developer Guide. (#4066) * NIFI-7175 Fixed core attributes formatting in Developer Guide. * NIFI-7175 Made core attribute names more consistent. --- nifi-docs/src/main/asciidoc/developer-guide.adoc | 30 ++-- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/developer-guide.adoc b/nifi-docs/src/main/asciidoc/developer-guide.adoc index 2a2c93c..aca8b69 100644 --- a/nifi-docs/src/main/asciidoc/developer-guide.adoc +++ b/nifi-docs/src/main/asciidoc/developer-guide.adoc @@ -127,30 +127,34 @@ can change, the FlowFile object is immutable. Modifications to a FlowFile are made possible by the ProcessSession. The core attributes for FlowFiles are defined in the `org.apache.nifi.flowfile.attributes.CoreAttributes` enum. -The most common attributes you'll see are filename, path and uuid. The string in quotes is the value of the -attribute within the `CoreAttributes` enum. +The most common attributes you'll see are `filename`, `path` and `uuid`. The string in parentheses is the value of the +attribute within the `CoreAttributes` enum and how it appears in the UI/API. -- Filename ("filename"): The filename of the FlowFile. The filename should not contain any directory structure. +- Filename (`filename`): The filename of the FlowFile. The filename should not contain any directory structure. -- File Size ("fileSize"): The file size of the FlowFile in bytes. +- UUID (`uuid`): A Universally Unique Identifier assigned to this FlowFile that distinguishes the FlowFile from other FlowFiles in the system. -- UUID ("uuid"): A Universally Unique Identifier assigned to this FlowFile that distinguishes the FlowFile from other FlowFiles in the system. +- Path (`path`): The FlowFile's path indicates the relative directory to which a FlowFile belongs and does not contain the filename. -- Path ("path"): The FlowFile's path indicates the relative directory to which a FlowFile belongs and does not contain the filename. +- Absolute Path (`absolute.path`): The FlowFile's absolute path indicates the absolute directory to which a FlowFile belongs and does not contain the filename. -- Absolute Path ("absolute.path"): The FlowFile's absolute path indicates the absolute directory to which a FlowFile belongs and does not contain the filename. +- Priority (`priority`): A numeric value indicating the FlowFile priority. -- Entry Date ("entryDate"): The date and time at which the FlowFile entered the system (i.e., was created). The value of this attribute is a number that represents the number of milliseconds since midnight, Jan. 1, 1970 (UTC). +- MIME Type (`mime.type`): The MIME Type of this FlowFile. -- Lineage Start Date ("lineageStartDate"): Any time that a FlowFile is cloned, merged, or split, this results in a "child" FlowFile being created. As those children are then cloned, merged, or split, a chain of ancestors is built. This value represents the date and time at which the oldest ancestor entered the system. Another way to think about this is that this attribute represents the latency of the FlowFile through the system. The value is a number that represents the number of millis [...] +- Discard Reason (`discard.reason`): Specifies the reason that a FlowFile is being discarded. -- Priority ("priority"): A numeric value indicating the FlowFile priority. +- Alternate Identifier (`alternate.identifier`): Indicates an identifier other than the FlowFile's UUID that is known to refer to this FlowFile. -- MIME Type ("mime.type"): The MIME Type of this FlowFile. += Additional Common Attributes -- Discard Reason ("discard.reason"): Specifies the reason that a FlowFile is being discarded. +While these attributes are not members of the `CoreAttributes` enum, they are de facto standards across the system and found on most FlowFiles. -- Alternative Identifier ("alternate.identifier"): Indicates an identifier other than the FlowFile's UUID that is known to refer to this FlowFile. +- File Size (`fileSize`): The size of the FlowFile content in bytes. + +- Entry Date (`entryDate`): The date and time at which the FlowFile entered the system (i.e., was created). The value of this attribute is a number that represents the number of milliseconds s
[nifi] branch master updated: NIFI-7135 - Fix Java 11 build with com.puppycrawl.tools:checkstyle:jar:8.29 dependency
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 41518d9 NIFI-7135 - Fix Java 11 build with com.puppycrawl.tools:checkstyle:jar:8.29 dependency 41518d9 is described below commit 41518d953cde9776451a7f395747acd7cc8beb7a Author: Pierre Villard AuthorDate: Tue Feb 11 19:06:14 2020 -0800 NIFI-7135 - Fix Java 11 build with com.puppycrawl.tools:checkstyle:jar:8.29 dependency This closes #4050. Signed-off-by: Andy LoPresto --- .travis.yml | 21 +++-- pom.xml | 27 +++ 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/.travis.yml b/.travis.yml index c6e431c..a5fd764 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,8 +28,10 @@ matrix: echo "Cached Maven repository exists, skipping dependency cache" fi - stage: "Cache" - name: "Cache Dependencies - openjdk8" - jdk: openjdk8 + name: "Cache Dependencies - openjdk8 & openjdk11" + jdk: +- openjdk8 +- openjdk11 script: >- if [ ! -d "$HOME"/.m2/repository ] || [ ! "$(ls -A "$HOME"/.m2/repository)" ] ; then echo "Cached Maven repository does not exist, downloading dependencies..." @@ -38,6 +40,7 @@ matrix: else echo "Cached Maven repository exists, skipping dependency cache" fi + # For the build stages, use -pl to exclude the following from the build to reduce build time: # non-api nar modules # assembly modules @@ -74,18 +77,8 @@ matrix: && test ${PIPESTATUS[0]} -eq 0 - stage: "Build" name: "Build Java 11 EN" - # Do not specify "jdk:" here, install-jdk.sh will download the JDK set JAVA_HOME appropriately - before_script: -# Download the newest version of sormuras' install-jdk.sh to /tmp -# install-jdk.sh is used by Travis internally, sormoras is the maintainer of that script -- wget -O /tmp/install-jdk.sh https://github.com/sormuras/bach/raw/master/install-jdk.sh -# Need to specifically install AdoptOpenJDK 11.0.4 (Linux, HotSpot) since Travis does not offer it by default -# The link to the AdoptOpenJDK 11.0.4 .tar.gz is taken directly from AdoptOpenJDK's website -- >- - source /tmp/install-jdk.sh - --url 'https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jdk_x64_linux_hotspot_11.0.4_11.tar.gz' - script: -- >- + jdk: openjdk11 + script: >- mvn clean install -V -T 1C -pl `find . -type d \( -name "*-nar" -or -name "*-assembly" -or -name "*hive3*" -or -name "nifi-system-test*" \) -and -not -name "*api-nar" -and -not -path "*/target/*" -and -not -name "*__*" -printf "!./%P,"` -Pcontrib-check,include-grpc -Ddir-only diff --git a/pom.xml b/pom.xml index fb42ca4..fb3972b 100644 --- a/pom.xml +++ b/pom.xml @@ -143,6 +143,33 @@ +gcs-maven-central-mirror + +GCS Maven Central mirror + https://maven-central.storage-download.googleapis.com/repos/central/data/ + +true + + +false + + + +central +Central Repository +https://repo.maven.apache.org/maven2 +default + +false + + +never + + + bintray Groovy Bintray https://dl.bintray.com/groovy/maven
[nifi-registry] branch master updated (8c1c585 -> d021507)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi-registry.git. from 8c1c585 NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances. new e2e9220 [NIFIREG-352] update frontend deps new d653c60 update package-lock new d021507 Merge pull request #252 from scottyaslan/NIFIREG-352 The 298 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../src/main/package-lock.json | 919 +++-- .../nifi-registry-web-ui/src/main/package.json | 4 +- 2 files changed, 677 insertions(+), 246 deletions(-)
[nifi-registry] branch master updated: NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-registry.git The following commit(s) were added to refs/heads/master by this push: new 8c1c585 NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances. 8c1c585 is described below commit 8c1c585e4845f815bc3c586e640b66d8f7997d94 Author: Nathan Gough AuthorDate: Fri Feb 14 12:57:15 2020 -0500 NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances. This closes #260. Signed-off-by: Andy LoPresto --- nifi-registry-core/nifi-registry-framework/pom.xml | 2 +- pom.xml| 8 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nifi-registry-core/nifi-registry-framework/pom.xml b/nifi-registry-core/nifi-registry-framework/pom.xml index 67f77c4..e8ef77b 100644 --- a/nifi-registry-core/nifi-registry-framework/pom.xml +++ b/nifi-registry-core/nifi-registry-framework/pom.xml @@ -300,7 +300,7 @@ org.eclipse.jgit org.eclipse.jgit -4.11.8.201904181247-r +4.11.9.201909030838-r commons-codec diff --git a/pom.xml b/pom.xml index 2ac512a..5e6108b 100644 --- a/pom.xml +++ b/pom.xml @@ -96,14 +96,14 @@ 2.1 2.27 2.9.9 -2.9.9.1 -2.1.6.RELEASE -5.1.5.RELEASE +2.9.10.2 +2.1.12.RELEASE +5.1.8.RELEASE 5.2.4 5.1.0 3.12.0 1.11.2 - 1.4.197 + 1.4.200 2.5.4 3.4.0-01 2.3.2
[nifi-registry] branch master updated: NIFIREG-357 Added autocomplete="off" to login password input.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-registry.git The following commit(s) were added to refs/heads/master by this push: new b5d70d1 NIFIREG-357 Added autocomplete="off" to login password input. new 4a46e92 Merge pull request #261 from mtien-apache/NIFIREG-357 b5d70d1 is described below commit b5d70d153b0a0720e19573061f498bba73417462 Author: mtien AuthorDate: Tue Feb 18 13:24:39 2020 -0800 NIFIREG-357 Added autocomplete="off" to login password input. --- .../main/webapp/components/login/dialogs/nf-registry-user-login.html| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html b/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html index eee4614..e873e47 100644 --- a/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html +++ b/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html @@ -32,7 +32,7 @@ limitations under the License. - +
[nifi] branch master updated: NIFI-6927 Consolidate SSL context and trust managers for OkHttp on JDK9. Fixes name conflicts.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 0de8945 NIFI-6927 Consolidate SSL context and trust managers for OkHttp on JDK9. Fixes name conflicts. 0de8945 is described below commit 0de89452f1975c5724e75e5f9d5865bb814cf4de Author: Troy Melhase AuthorDate: Mon Feb 10 11:56:09 2020 -0900 NIFI-6927 Consolidate SSL context and trust managers for OkHttp on JDK9. Fixes name conflicts. This closes #4047. Signed-off-by: Andy LoPresto --- .../notification/http/HttpNotificationService.java | 69 .../nifi/security/util/SslContextFactory.java | 71 + .../nifi-elasticsearch-processors/pom.xml | 2 +- .../AbstractElasticsearchHttpProcessor.java| 31 +++- .../TestQueryElasticsearchHttpNoHits.java | 2 +- .../okhttp/OkHttpReplicationClient.java| 84 +++- .../security/util/SslServerSocketFactory.java | 82 --- .../framework/security/util/SslSocketFactory.java | 92 -- .../nifi/processors/standard/InvokeHTTP.java | 20 - .../org/apache/nifi/lookup/RestLookupService.java | 38 - 10 files changed, 184 insertions(+), 307 deletions(-) diff --git a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java index 1405625..2ab7c72 100644 --- a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java +++ b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java @@ -28,16 +28,13 @@ import org.apache.nifi.bootstrap.notification.NotificationFailedException; import org.apache.nifi.bootstrap.notification.NotificationInitializationContext; import org.apache.nifi.bootstrap.notification.NotificationType; import org.apache.nifi.components.PropertyDescriptor; -import org.apache.nifi.components.PropertyValue; import org.apache.nifi.expression.AttributeExpression; import org.apache.nifi.expression.ExpressionLanguageScope; -import org.apache.nifi.processor.exception.ProcessException; import org.apache.nifi.processor.util.StandardValidators; import org.apache.nifi.security.util.SslContextFactory; import org.apache.nifi.util.Tuple; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.util.ArrayList; @@ -196,12 +193,25 @@ public class HttpNotificationService extends AbstractNotificationService { // check if the keystore is set and add the factory if so if (url.toLowerCase().startsWith("https")) { try { -Tuple sslSocketFactoryWithTrustManagers = getSslSocketFactory(context); +Tuple sslContextTuple = SslContextFactory.createTrustSslContextWithTrustManagers( + context.getProperty(HttpNotificationService.PROP_KEYSTORE).getValue(), + context.getProperty(HttpNotificationService.PROP_KEYSTORE_PASSWORD).isSet() +? context.getProperty(HttpNotificationService.PROP_KEYSTORE_PASSWORD).getValue().toCharArray() : null, + context.getProperty(HttpNotificationService.PROP_KEY_PASSWORD).isSet() +? context.getProperty(HttpNotificationService.PROP_KEY_PASSWORD).getValue().toCharArray() : null, + context.getProperty(HttpNotificationService.PROP_KEYSTORE_TYPE).getValue(), + context.getProperty(HttpNotificationService.PROP_TRUSTSTORE).getValue(), + context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_PASSWORD).isSet() +? context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_PASSWORD).getValue().toCharArray() : null, + context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_TYPE).getValue(), +SslContextFactory.ClientAuth.REQUIRED, + context.getProperty(HttpNotificationService.SSL_ALGORITHM).getValue() +); // Find the first X509TrustManager -List x509TrustManagers = Arrays.stream(sslSocketFactoryWithTrustManagers.getValue()) +List x509TrustManagers = Arrays.stream(sslContextTuple.getValue()) .filter(trustManager -> trustManager instanceof X509TrustManager) .map(trustManager -> (X509TrustManager) trustManager).collect(Collectors.toList()); - okHttpClientBuilder.
[nifi] branch master updated: NIFI-7136 Added autocomplete="off" to login password input (#4055)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 37614d0 NIFI-7136 Added autocomplete="off" to login password input (#4055) 37614d0 is described below commit 37614d02cd6721a33504ac2918b28243700632d1 Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Fri Feb 14 20:46:08 2020 -0800 NIFI-7136 Added autocomplete="off" to login password input (#4055) NIFI-7136 Added autocomplete="off" to login password input Updated nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp Co-authored-by: Pierre Villard Signed-off-by: Andy LoPresto --- .../nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp index 9f9a660..6339664 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp @@ -26,7 +26,7 @@ Password - + - \ No newline at end of file +
[nifi] branch master updated: NIFI-7082 Updated tls-toolkit default server and client certificates validity days to 825 days. (#4046)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 8faea04 NIFI-7082 Updated tls-toolkit default server and client certificates validity days to 825 days. (#4046) 8faea04 is described below commit 8faea04ff13b847fa2065ed127273d706be89064 Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Mon Feb 10 20:22:49 2020 -0500 NIFI-7082 Updated tls-toolkit default server and client certificates validity days to 825 days. (#4046) Signed-off-by: Andy LoPresto --- .../nifi-toolkit-assembly/src/main/resources/conf/config-client.json| 2 +- .../nifi-toolkit-assembly/src/main/resources/conf/config-server.json| 2 +- .../main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json index e572bc1..ea0d333 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json @@ -7,7 +7,7 @@ "caHostname" : "localhost", "trustStore" : "clientTrustStore", "trustStoreType" : "jks", - "days" : 1095, + "days" : 825, "keySize" : 2048, "keyPairAlgorithm" : "RSA", "signingAlgorithm" : "SHA256WITHRSA" diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json index fae89ed..8044a6d 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json @@ -4,7 +4,7 @@ "token" : "myTestTokenUseSomethingStronger", "caHostname" : "localhost", "port" : 8443, - "days" : 1095, + "days" : 825, "keySize" : 2048, "keyPairAlgorithm" : "RSA", "signingAlgorithm" : "SHA256WITHRSA" diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java index 5e440a7..2b7f8a1 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java @@ -28,7 +28,7 @@ public class TlsConfig { public static final String DEFAULT_HOSTNAME = "localhost"; public static final String DEFAULT_KEY_STORE_TYPE = "jks"; public static final int DEFAULT_PORT = 8443; -public static final int DEFAULT_DAYS = 3 * 365; +public static final int DEFAULT_DAYS = 825; public static final int DEFAULT_KEY_SIZE = 2048; public static final String DEFAULT_KEY_PAIR_ALGORITHM = "RSA"; public static final String DEFAULT_SIGNING_ALGORITHM = "SHA256WITHRSA";