Re: [PR] NIFI-11940 Add SSLContextService to GetSplunk processor [nifi]
pvillard31 commented on PR #7668: URL: https://github.com/apache/nifi/pull/7668#issuecomment-1780215965 Do we have plans to do the same for the other Splunk processors (sinks)? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-12273) Incorrect references to command.arguments in ExecuteStreamCommand documentation
[ https://issues.apache.org/jira/browse/NIFI-12273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Burgess updated NIFI-12273: Labels: easy-fix newbie (was: ) > Incorrect references to command.arguments in ExecuteStreamCommand > documentation > --- > > Key: NIFI-12273 > URL: https://issues.apache.org/jira/browse/NIFI-12273 > Project: Apache NiFi > Issue Type: Bug > Components: Documentation & Website >Reporter: Andrew M. Lim >Priority: Minor > Labels: easy-fix, newbie > Fix For: 1.latest, 2.latest > > > In the Additional Details page for this processor > (https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.23.2/org.apache.nifi.processors.standard.ExecuteStreamCommand/additionalDetails.html) > there are references to: > {{command.arguments}} > which is incorrect. The references should be: > {{command.argument}} > which is what is shown on the main page > (https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.23.2/org.apache.nifi.processors.standard.ExecuteStreamCommand/index.html) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12194) Nifi fails when ConsumeKafka_2_6 processor is started with PLAINTEXT securityProtocol
[ https://issues.apache.org/jira/browse/NIFI-12194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779665#comment-17779665 ] Joe Witt commented on NIFI-12194: - slack thread: https://apachenifi.slack.com/archives/C0L9VCD47/p1698242200810429. Guillaume 6 hours ago Hello, I just experienced something bad in NiFi 1.20.0 Let me know if that souds normal to you and if that may have been fixed in newer versions. We're working on switching all our kafka consumers to latest version (2.0 to 2.6 mainly) and also add SSL authentication to the brokers. On one processors, I made a mistake : Used SSL brokers (so with port 9093) but forgot to configure security protocol (left @ plaintext) and SSL context service (left @ No value ) What we observed : The memory usage on all our cluster nodes increased from around 48% to 68% percent (and never went down, even after fix) We reproduced that on a nonprod cluster : the cluster went OOM in less than 1 minute. Question : Is that normal that the connections attempts lead to global outage ? Is it possible to fix a max number of attempts for connection ? Is it normal the memory usage didn't go down after fix (our cluster is something like very stable in term of memory usage, for months now) Has the behaviour changed in latest versions ? > Nifi fails when ConsumeKafka_2_6 processor is started with PLAINTEXT > securityProtocol > - > > Key: NIFI-12194 > URL: https://issues.apache.org/jira/browse/NIFI-12194 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.21.0, 1.23.0 >Reporter: Peter Schmitzer >Priority: Major > Attachments: image-2023-09-27-15-56-02-438.png > > > When starting ConsumeKafka_2_6 processor with sasl mechanism GSSAPI and the > securityProtocol PLAINTEXT (although SSL would be correct) the UI crashed and > nifi was no longer accessible. Not only the frontend was not accessible > anymore, also the other processors in our flow stopped performing well > according to our dashboards. > We were able to reproduce this by using the config as described above. > Our nifi in preprod (where this was detected) runs in a kubernetes cluster. > * version 1.21.0 > * 3 nodes > * jvmMemory: 1536m > * 3G memory (limit) > * 400m cpu (request) > * zookeeper > The logs do not offer any unusual entries when the issue is triggered. > Inspecting the pod metrics we found a spike in memory. > The issue is a bit scary for us because a rather innocent config parameter in > one single processor is able to let our whole cluster break down. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11627) Add Dynamic Schema References to ValidateJSON Processor
[ https://issues.apache.org/jira/browse/NIFI-11627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779657#comment-17779657 ] David Handermann commented on NIFI-11627: - Thanks for the reply [~dstiegli1], I do not recommend that approach unless the implementation is fully compatible with the SchemaRegistry interface. > Add Dynamic Schema References to ValidateJSON Processor > --- > > Key: NIFI-11627 > URL: https://issues.apache.org/jira/browse/NIFI-11627 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.19.1 >Reporter: Chuck Tilly >Assignee: Daniel Stieglitz >Priority: Major > > For the ValidateJSON processor, add support for flowfile attribute references > that will allow for a JSON schema located in the Parameter Contexts, to be > referenced dynamically based on a flowfile attribute. e.g. > {code:java} > #{${schema.name}} {code} > > The benefits of adding support for attribute references are significant. > Adding this capability will allow a single processor to be used for all JSON > schema validation. Unfortunately, the current version of this processor > requires a dedicated processor for every schema, i.e. 12 schemas requires 12 > ValidateJSON processors. This is very laborious to construct and maintain, > and resource expensive. > ValidateJSON processor (https://issues.apache.org/jira/browse/NIFI-7392) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11627) Add Dynamic Schema References to ValidateJSON Processor
[ https://issues.apache.org/jira/browse/NIFI-11627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779656#comment-17779656 ] Daniel Stieglitz commented on NIFI-11627: - [~exceptionfactory] I wasn't planning to actually use the RecordSchema for validating. I was going to use it more as a means to obtain the Json schema. From what I see the SimpleRecordSchema can hold the text of the original schema which is what I could use to build the necessary JSON schema object. > Add Dynamic Schema References to ValidateJSON Processor > --- > > Key: NIFI-11627 > URL: https://issues.apache.org/jira/browse/NIFI-11627 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.19.1 >Reporter: Chuck Tilly >Assignee: Daniel Stieglitz >Priority: Major > > For the ValidateJSON processor, add support for flowfile attribute references > that will allow for a JSON schema located in the Parameter Contexts, to be > referenced dynamically based on a flowfile attribute. e.g. > {code:java} > #{${schema.name}} {code} > > The benefits of adding support for attribute references are significant. > Adding this capability will allow a single processor to be used for all JSON > schema validation. Unfortunately, the current version of this processor > requires a dedicated processor for every schema, i.e. 12 schemas requires 12 > ValidateJSON processors. This is very laborious to construct and maintain, > and resource expensive. > ValidateJSON processor (https://issues.apache.org/jira/browse/NIFI-7392) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-12276) Upgrade OWASP Dependency Check to 8.4.2 and Address Findings
David Handermann created NIFI-12276: --- Summary: Upgrade OWASP Dependency Check to 8.4.2 and Address Findings Key: NIFI-12276 URL: https://issues.apache.org/jira/browse/NIFI-12276 Project: Apache NiFi Issue Type: Improvement Components: Tools and Build Reporter: David Handermann Assignee: David Handermann The OWASP Dependency Check Plugin should be upgraded to 8.4.2. False positive findings should be updated in the suppression configuration and applicable libraries should be upgraded. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12275) Disable SFTP Keepalive in Test Classes
[ https://issues.apache.org/jira/browse/NIFI-12275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chris Sampson updated NIFI-12275: - Fix Version/s: 2.0.0 1.24.0 (was: 1.latest) (was: 2.latest) Resolution: Fixed Status: Resolved (was: Patch Available) > Disable SFTP Keepalive in Test Classes > -- > > Key: NIFI-12275 > URL: https://issues.apache.org/jira/browse/NIFI-12275 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0, 1.24.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Standard SFTP Processors have a Connection Keepalive property that is enabled > in the default configuration. This property should be disabled for unit tests > which have inherently short connection lifespans. Disabling the Keepalive > setting simplifies the initial client configuration handshake process and > could avoid some potential failures. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12275) Disable SFTP Keepalive in Test Classes
[ https://issues.apache.org/jira/browse/NIFI-12275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779649#comment-17779649 ] ASF subversion and git services commented on NIFI-12275: Commit 49eb8c694fd5e8bb8b4e9213402d79cf1f056326 in nifi's branch refs/heads/support/nifi-1.x from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=49eb8c694f ] NIFI-12275 Disabled Keepalive in SFTP Tests This closes #7932 Signed-off-by: Chris Sampson > Disable SFTP Keepalive in Test Classes > -- > > Key: NIFI-12275 > URL: https://issues.apache.org/jira/browse/NIFI-12275 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.latest, 2.latest > > Time Spent: 20m > Remaining Estimate: 0h > > Standard SFTP Processors have a Connection Keepalive property that is enabled > in the default configuration. This property should be disabled for unit tests > which have inherently short connection lifespans. Disabling the Keepalive > setting simplifies the initial client configuration handshake process and > could avoid some potential failures. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12275) Disable SFTP Keepalive in Test Classes
[ https://issues.apache.org/jira/browse/NIFI-12275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779648#comment-17779648 ] ASF subversion and git services commented on NIFI-12275: Commit 2eb5b793536f0feb0f94ada67e3dc6583a426497 in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=2eb5b79353 ] NIFI-12275 Disabled Keepalive in SFTP Tests This closes #7932 Signed-off-by: Chris Sampson > Disable SFTP Keepalive in Test Classes > -- > > Key: NIFI-12275 > URL: https://issues.apache.org/jira/browse/NIFI-12275 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.latest, 2.latest > > Time Spent: 10m > Remaining Estimate: 0h > > Standard SFTP Processors have a Connection Keepalive property that is enabled > in the default configuration. This property should be disabled for unit tests > which have inherently short connection lifespans. Disabling the Keepalive > setting simplifies the initial client configuration handshake process and > could avoid some potential failures. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12275 Disable Keepalive in SFTP Tests [nifi]
asfgit closed pull request #7932: NIFI-12275 Disable Keepalive in SFTP Tests URL: https://github.com/apache/nifi/pull/7932 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-12038) Create processor to package FlowFiles
[ https://issues.apache.org/jira/browse/NIFI-12038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779641#comment-17779641 ] ASF subversion and git services commented on NIFI-12038: Commit 9eb20385855f7a5493d038541f421ac971e9eb18 in nifi's branch refs/heads/main from Michael W Moser [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=9eb2038585 ] NIFI-12038 add UseCase documentation to PackageFlowFile This closes #7896 Signed-off-by: Chris Sampson > Create processor to package FlowFiles > - > > Key: NIFI-12038 > URL: https://issues.apache.org/jira/browse/NIFI-12038 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Reporter: Michael W Moser >Assignee: Michael W Moser >Priority: Minor > Fix For: 2.0.0, 1.24.0 > > Time Spent: 2h > Remaining Estimate: 0h > > h4. Design Goals > Provide a simple way to package FlowFile attributes and content into > FlowFileV3 format that can be exported from NiFi and reimported later. > MergeContent can do this, but it is not intuitive that it has this > capability, and it can be complicated to setup perfectly. > h4. Use Cases > * Package FlowFile for external (off-NiFi) storage, for later ingest back > into NiFi using an ingress processor followed by UnpackContent > * Package FlowFile for NiFi-to-NiFi transfer when a direct connection is not > possible, or another transfer mechanism is required > * Package FlowFile then InvokeHTTP directly to another NiFi running > ListenHTTP, which can natively unpack FlowFileV3 format > h4. Other Ideas > * Offer best-effort, no guarantee N FlowFiles to 1 bundling > * Create new FlowFile serialization format to support interoperability with > non-NiFi services, such as core operating system tools -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12038 add UseCase documentation to PackageFlowFile [nifi]
asfgit closed pull request #7896: NIFI-12038 add UseCase documentation to PackageFlowFile URL: https://github.com/apache/nifi/pull/7896 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-11627) Add Dynamic Schema References to ValidateJSON Processor
[ https://issues.apache.org/jira/browse/NIFI-11627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779640#comment-17779640 ] David Handermann commented on NIFI-11627: - [~dstiegli1] implementing the {{SchemaRegistry}} interface would be useful, but the NiFi RecordSchema lacks certain features that JSON Schema provides. So for this particular Jira issue, that would not address the use case. Supporting more JSON Schema features would definitely be useful, and that is a related question. > Add Dynamic Schema References to ValidateJSON Processor > --- > > Key: NIFI-11627 > URL: https://issues.apache.org/jira/browse/NIFI-11627 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.19.1 >Reporter: Chuck Tilly >Assignee: Daniel Stieglitz >Priority: Major > > For the ValidateJSON processor, add support for flowfile attribute references > that will allow for a JSON schema located in the Parameter Contexts, to be > referenced dynamically based on a flowfile attribute. e.g. > {code:java} > #{${schema.name}} {code} > > The benefits of adding support for attribute references are significant. > Adding this capability will allow a single processor to be used for all JSON > schema validation. Unfortunately, the current version of this processor > requires a dedicated processor for every schema, i.e. 12 schemas requires 12 > ValidateJSON processors. This is very laborious to construct and maintain, > and resource expensive. > ValidateJSON processor (https://issues.apache.org/jira/browse/NIFI-7392) -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
rfellows commented on code in PR #7924: URL: https://github.com/apache/nifi/pull/7924#discussion_r1372200220 ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js: ## @@ -1611,60 +1611,6 @@ return loadPolicy().always(showPolicy); }, -/** - * Shows the template policy. - * - * @param d - */ -showTemplatePolicy: function (d) { -initializingComponentPolicy = true; - -// reset the policy message -resetPolicyMessage(); - -// update the policy controls visibility -$('#component-policy-controls').show(); -$('#global-policy-controls').hide(); - -// update the visibility -if (d.permissions.canRead === true) { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.template.name); -} else { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.id); -} -$('#policy-selected-template-container').show(); - -// populate the initial resource -$('#selected-policy-component-id').text(d.id); -$('#selected-policy-component-type').text('templates'); -$('#component-policy-target') -.combo('setOptionEnabled', { -value: 'operate-component' -}, false) -.combo('setOptionEnabled', { -value: 'write-receive-data' -}, false) -.combo('setOptionEnabled', { -value: 'write-send-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-provenance' -}, false) -.combo('setOptionEnabled', { -value: 'write-data' -}, false) -.combo('setSelectedOption', { -value: 'read-component' -}); - -initializingComponentPolicy = false; - -return loadPolicy().always(showPolicy); -}, - Review Comment: OK, I think I was wrong initially. Based on the rest of the surrounding code, i believe this to be showing a policy dialog for an existing template. There are analogous methods named `showControllerServicePolicy`, `showParameterContextPolicy`, ..., and `showComponentPolicy`. It would then make sense that `showTemplatePolicy` would be used to show the policy of a specific template. So, I think it is good that we are deleting this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-2517) Apply ordering to DNs from certificates
[ https://issues.apache.org/jira/browse/NIFI-2517?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779636#comment-17779636 ] Michael W Moser commented on NIFI-2517: --- One use case in favor of this is to input an RFC-2253 formatted DN into authorizers.xml Initial Admin Identity only to have it not match the X500Principal name of the actual certificate because NiFi only accepts RFC-1779 formatting. > Apply ordering to DNs from certificates > --- > > Key: NIFI-2517 > URL: https://issues.apache.org/jira/browse/NIFI-2517 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.0.0, 0.7.0 >Reporter: Bryan Bende >Priority: Minor > > Currently when a user authenticates to NiFi with a certificate, the DN is > extracted with the following code from SubjectDnX509PrincipalExtractor: > {code} > public Object extractPrincipal(X509Certificate cert) { > return cert.getSubjectDN().getName().trim(); > } > {code} > This string ends up being the user identity that needs to line up with > policies. > It is not guaranteed that the subject DN from a certificate will always be in > a known format. For example, one cert can put the CN before the OU, and > another can put the OU before the CN. Different tools can also display the > same DN in different orders, such as openssl vs keytool. > NiFi should be able to apply a re-ordering of the DNs so that after passing > through the X509 authentication code, the app can then assume the DN is in a > known order. We should also consider how this interacts with the identity > mapping concept introduced in 1.0.0. > In addition we are currently using getSubjectDN() from X509 certificate and > the Java Doc says: > {code} > * Denigrated, replaced by {@linkplain > * #getSubjectX500Principal()}. This method returns the {@code subject} > * as an implementation specific Principal object, which should not be > * relied upon by portable code. > {code} > So we may want to look at moving away from that method. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
rfellows commented on PR #7924: URL: https://github.com/apache/nifi/pull/7924#issuecomment-1779867468 > (just to make sure: there is an `icon-template-import` used here: > > https://user-images.githubusercontent.com/1295926/278114642-27d420a0-eaf1-4e19-84eb-c8f43588fa16.png";> > I can still import a complete flow here, so I suppose this is ok as is.) I think this is OK. It is just the icon. You can either select a file to upload or you enter a name to give an empty process group. You can't pick a template here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-12272) Add Standard Certificate Principal Formatting
[ https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chris Sampson updated NIFI-12272: - Resolution: Fixed Status: Resolved (was: Patch Available) > Add Standard Certificate Principal Formatting > - > > Key: NIFI-12272 > URL: https://issues.apache.org/jira/browse/NIFI-12272 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 1h > Remaining Estimate: 0h > > The {{X509Certificate.getSubjectDN()}} is denigrated in favor of > {{getSubjectX500Principal()}} and recent improvements to the main branch > replaced legacy usage. > The getSubjectDN method returns Distinguished Names formatted according to > RFC 1779, which includes separating Relative Distinguished Name elements > using spaces. This impacts configuration properties such as Identity Mapping, > and also impacts flow designs that evaluate Certificate Subject and Issuer > attributes. > The default behavior of {{X500Principal.getName()}} formats Distinguished > Names according to RFC 2253, which does not use space separators. Passing > {{X500Principal.RFC1779}} to the {{getName()}} method follows the same > formatting approach as {{{}getSubjectDN().getName(){}}}. > Existing behavior should be maintained to avoid unexpected changes when > upgrading NiFi versions, and a new utility should be introduced to provide > standardized formatting. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12272) Add Standard Certificate Principal Formatting
[ https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779634#comment-17779634 ] ASF subversion and git services commented on NIFI-12272: Commit f0593a00344a8a1cd59e3dd46a08ac0fb958df2e in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f0593a0034 ] NIFI-12272 Added Formatter for Certificate Distinguished Names - Added standard implementation for formatting Subject and Issuer using RFC 1779 - Replaced direct method references to maintain compatibility with historical getSubjectDN and getIssuerDN methods This closes #7931 Signed-off-by: Chris Sampson > Add Standard Certificate Principal Formatting > - > > Key: NIFI-12272 > URL: https://issues.apache.org/jira/browse/NIFI-12272 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 50m > Remaining Estimate: 0h > > The {{X509Certificate.getSubjectDN()}} is denigrated in favor of > {{getSubjectX500Principal()}} and recent improvements to the main branch > replaced legacy usage. > The getSubjectDN method returns Distinguished Names formatted according to > RFC 1779, which includes separating Relative Distinguished Name elements > using spaces. This impacts configuration properties such as Identity Mapping, > and also impacts flow designs that evaluate Certificate Subject and Issuer > attributes. > The default behavior of {{X500Principal.getName()}} formats Distinguished > Names according to RFC 2253, which does not use space separators. Passing > {{X500Principal.RFC1779}} to the {{getName()}} method follows the same > formatting approach as {{{}getSubjectDN().getName(){}}}. > Existing behavior should be maintained to avoid unexpected changes when > upgrading NiFi versions, and a new utility should be introduced to provide > standardized formatting. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12272 Add Formatter for Certificate Distinguished Names [nifi]
asfgit closed pull request #7931: NIFI-12272 Add Formatter for Certificate Distinguished Names URL: https://github.com/apache/nifi/pull/7931 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12272 Add Formatter for Certificate Distinguished Names [nifi]
ChrisSamo632 commented on code in PR #7931: URL: https://github.com/apache/nifi/pull/7931#discussion_r1372192264 ## nifi-commons/nifi-security-cert/src/main/java/org/apache/nifi/security/cert/StandardPrincipalFormatter.java: ## @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.security.cert; + +import javax.security.auth.x500.X500Principal; +import java.security.cert.X509Certificate; +import java.util.Objects; + +/** + * Standard Principal Formatter implementation returns Subject and Issuer formatted according to RFC 1779 following the convention of getSubjectDN and getIssuerDN methods + */ +public class StandardPrincipalFormatter implements PrincipalFormatter { +private static final PrincipalFormatter INSTANCE = new StandardPrincipalFormatter(); + +private StandardPrincipalFormatter() { + +} + +/** + * Get singleton instance of Principal Formatter + * + * @return Standard Principal Formatter + */ +public static PrincipalFormatter getInstance() { +return INSTANCE; +} + +/** + * Get Subject Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Subject Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getSubject(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getSubjectX500Principal()); +} + +/** + * Get Issuer Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Issuer Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getIssuer(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getIssuerX500Principal()); +} + +private String getFormatted(final X500Principal principal) { +return principal.getName(X500Principal.RFC1779); Review Comment: That makes sense - a separate implementation of the interface for a different formatting if/when needed in future is fine -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-12272) Add Standard Certificate Principal Formatting
[ https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779633#comment-17779633 ] Michael W Moser commented on NIFI-12272: I have known users that input an RFC-2253 formatted DN into authorizers.xml Initial Admin Identity only to be frustrated that NiFi only accepts RFC-1779 formatting. I'll make this note on that Jira ticket as well. > Add Standard Certificate Principal Formatting > - > > Key: NIFI-12272 > URL: https://issues.apache.org/jira/browse/NIFI-12272 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > The {{X509Certificate.getSubjectDN()}} is denigrated in favor of > {{getSubjectX500Principal()}} and recent improvements to the main branch > replaced legacy usage. > The getSubjectDN method returns Distinguished Names formatted according to > RFC 1779, which includes separating Relative Distinguished Name elements > using spaces. This impacts configuration properties such as Identity Mapping, > and also impacts flow designs that evaluate Certificate Subject and Issuer > attributes. > The default behavior of {{X500Principal.getName()}} formats Distinguished > Names according to RFC 2253, which does not use space separators. Passing > {{X500Principal.RFC1779}} to the {{getName()}} method follows the same > formatting approach as {{{}getSubjectDN().getName(){}}}. > Existing behavior should be maintained to avoid unexpected changes when > upgrading NiFi versions, and a new utility should be introduced to provide > standardized formatting. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
elcsiga commented on PR #7924: URL: https://github.com/apache/nifi/pull/7924#issuecomment-1779849696 (just to make sure: there an `icon-template-import` used here: https://github.com/apache/nifi/assets/1295926/27d420a0-eaf1-4e19-84eb-c8f43588fa16";> I can still import a complete flow here, so I suppose this is ok as is.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-12268) Upgrade OkHttp to 4.12.0
[ https://issues.apache.org/jira/browse/NIFI-12268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chris Sampson updated NIFI-12268: - Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade OkHttp to 4.12.0 > > > Key: NIFI-12268 > URL: https://issues.apache.org/jira/browse/NIFI-12268 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Labels: dependency-upgrade > Fix For: 2.0.0, 1.24.0 > > Time Spent: 20m > Remaining Estimate: 0h > > OkHttp > [4.12.0|https://square.github.io/okhttp/changelogs/changelog_4x/#version-4120] > includes several minor bug fixes for connection handling and other issues. > Transitive dependencies on Okio and Kotlin should also be upgraded. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12268) Upgrade OkHttp to 4.12.0
[ https://issues.apache.org/jira/browse/NIFI-12268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779625#comment-17779625 ] ASF subversion and git services commented on NIFI-12268: Commit 72f05b578d9d2e086de748df19c29e80f72a37ad in nifi's branch refs/heads/support/nifi-1.x from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=72f05b578d ] NIFI-12268 Upgraded OkHttp from 4.11.0 to 4.12.0 - Upgraded Okio from 3.5.0 to 3.6.0 - Upgraded Kotlin from 1.9.0 to 1.9.10 This closes #7927 Signed-off-by: Chris Sampson > Upgrade OkHttp to 4.12.0 > > > Key: NIFI-12268 > URL: https://issues.apache.org/jira/browse/NIFI-12268 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Labels: dependency-upgrade > Fix For: 2.0.0, 1.24.0 > > Time Spent: 20m > Remaining Estimate: 0h > > OkHttp > [4.12.0|https://square.github.io/okhttp/changelogs/changelog_4x/#version-4120] > includes several minor bug fixes for connection handling and other issues. > Transitive dependencies on Okio and Kotlin should also be upgraded. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12268) Upgrade OkHttp to 4.12.0
[ https://issues.apache.org/jira/browse/NIFI-12268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779617#comment-17779617 ] ASF subversion and git services commented on NIFI-12268: Commit e4b74322517d6c586f357eebdfcb8ea747ddce29 in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=e4b7432251 ] NIFI-12268 Upgraded OkHttp from 4.11.0 to 4.12.0 - Upgraded Okio from 3.5.0 to 3.6.0 - Upgraded Kotlin from 1.9.0 to 1.9.10 This closes #7927 Signed-off-by: Chris Sampson > Upgrade OkHttp to 4.12.0 > > > Key: NIFI-12268 > URL: https://issues.apache.org/jira/browse/NIFI-12268 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Labels: dependency-upgrade > Fix For: 2.0.0, 1.24.0 > > Time Spent: 10m > Remaining Estimate: 0h > > OkHttp > [4.12.0|https://square.github.io/okhttp/changelogs/changelog_4x/#version-4120] > includes several minor bug fixes for connection handling and other issues. > Transitive dependencies on Okio and Kotlin should also be upgraded. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
scottyaslan commented on code in PR #7924: URL: https://github.com/apache/nifi/pull/7924#discussion_r1372155960 ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js: ## @@ -1611,60 +1611,6 @@ return loadPolicy().always(showPolicy); }, -/** - * Shows the template policy. - * - * @param d - */ -showTemplatePolicy: function (d) { -initializingComponentPolicy = true; - -// reset the policy message -resetPolicyMessage(); - -// update the policy controls visibility -$('#component-policy-controls').show(); -$('#global-policy-controls').hide(); - -// update the visibility -if (d.permissions.canRead === true) { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.template.name); -} else { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.id); -} -$('#policy-selected-template-container').show(); - -// populate the initial resource -$('#selected-policy-component-id').text(d.id); -$('#selected-policy-component-type').text('templates'); -$('#component-policy-target') -.combo('setOptionEnabled', { -value: 'operate-component' -}, false) -.combo('setOptionEnabled', { -value: 'write-receive-data' -}, false) -.combo('setOptionEnabled', { -value: 'write-send-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-provenance' -}, false) -.combo('setOptionEnabled', { -value: 'write-data' -}, false) -.combo('setSelectedOption', { -value: 'read-component' -}); - -initializingComponentPolicy = false; - -return loadPolicy().always(showPolicy); -}, - Review Comment: I am building main now to see if I can spark some recollection. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12268 Upgrade OkHttp from 4.11.0 to 4.12.0 [nifi]
asfgit closed pull request #7927: NIFI-12268 Upgrade OkHttp from 4.11.0 to 4.12.0 URL: https://github.com/apache/nifi/pull/7927 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
rfellows commented on code in PR #7924: URL: https://github.com/apache/nifi/pull/7924#discussion_r1372143284 ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js: ## @@ -1611,60 +1611,6 @@ return loadPolicy().always(showPolicy); }, -/** - * Shows the template policy. - * - * @param d - */ -showTemplatePolicy: function (d) { -initializingComponentPolicy = true; - -// reset the policy message -resetPolicyMessage(); - -// update the policy controls visibility -$('#component-policy-controls').show(); -$('#global-policy-controls').hide(); - -// update the visibility -if (d.permissions.canRead === true) { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.template.name); -} else { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.id); -} -$('#policy-selected-template-container').show(); - -// populate the initial resource -$('#selected-policy-component-id').text(d.id); -$('#selected-policy-component-type').text('templates'); -$('#component-policy-target') -.combo('setOptionEnabled', { -value: 'operate-component' -}, false) -.combo('setOptionEnabled', { -value: 'write-receive-data' -}, false) -.combo('setOptionEnabled', { -value: 'write-send-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-provenance' -}, false) -.combo('setOptionEnabled', { -value: 'write-data' -}, false) -.combo('setSelectedOption', { -value: 'read-component' -}); - -initializingComponentPolicy = false; - -return loadPolicy().always(showPolicy); -}, - Review Comment: Yeah, i just can't remember if this is a policy for a NiFi Template or a template for a NiFi Policy. If it is the former, we would want to remove it. If it is the later, we would want to keep it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] NIFI-12274 Evaluate conditional ASF self-hosted run-on for ci-workflow [nifi]
exceptionfactory opened a new pull request, #7933: URL: https://github.com/apache/nifi/pull/7933 # Summary [NIFI-12274](https://issues.apache.org/jira/browse/NIFI-12274) Introduces conditional GitHub workflow execution on Apache Infrastructure self-hosted runners. Infrastructure self-hosted runners are still in testing, and standard runner configuration remains necessary for executing workflows on forked repositories. # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0` - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0` ### Pull Request Formatting - [X] Pull Request based on current revision of the `main` branch - [X] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [ ] Build completed using `mvn clean install -P contrib-check` - [ ] JDK 21 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
sardell commented on code in PR #7924: URL: https://github.com/apache/nifi/pull/7924#discussion_r1372133318 ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js: ## @@ -1611,60 +1611,6 @@ return loadPolicy().always(showPolicy); }, -/** - * Shows the template policy. - * - * @param d - */ -showTemplatePolicy: function (d) { -initializingComponentPolicy = true; - -// reset the policy message -resetPolicyMessage(); - -// update the policy controls visibility -$('#component-policy-controls').show(); -$('#global-policy-controls').hide(); - -// update the visibility -if (d.permissions.canRead === true) { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.template.name); -} else { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.id); -} -$('#policy-selected-template-container').show(); - -// populate the initial resource -$('#selected-policy-component-id').text(d.id); -$('#selected-policy-component-type').text('templates'); -$('#component-policy-target') -.combo('setOptionEnabled', { -value: 'operate-component' -}, false) -.combo('setOptionEnabled', { -value: 'write-receive-data' -}, false) -.combo('setOptionEnabled', { -value: 'write-send-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-provenance' -}, false) -.combo('setOptionEnabled', { -value: 'write-data' -}, false) -.combo('setSelectedOption', { -value: 'read-component' -}); - -initializingComponentPolicy = false; - -return loadPolicy().always(showPolicy); -}, - Review Comment: Yeah, apologies if I was heavy handed here. 'Template' the nifi term and html/js 'templates' were causing me some confusion. I'll investigate some more but interested to see what @scottyaslan says. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12272 Add Formatter for Certificate Distinguished Names [nifi]
exceptionfactory commented on code in PR #7931: URL: https://github.com/apache/nifi/pull/7931#discussion_r1372130153 ## nifi-commons/nifi-security-cert/src/main/java/org/apache/nifi/security/cert/StandardPrincipalFormatter.java: ## @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.security.cert; + +import javax.security.auth.x500.X500Principal; +import java.security.cert.X509Certificate; +import java.util.Objects; + +/** + * Standard Principal Formatter implementation returns Subject and Issuer formatted according to RFC 1779 following the convention of getSubjectDN and getIssuerDN methods + */ +public class StandardPrincipalFormatter implements PrincipalFormatter { +private static final PrincipalFormatter INSTANCE = new StandardPrincipalFormatter(); + +private StandardPrincipalFormatter() { + +} + +/** + * Get singleton instance of Principal Formatter + * + * @return Standard Principal Formatter + */ +public static PrincipalFormatter getInstance() { +return INSTANCE; +} + +/** + * Get Subject Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Subject Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getSubject(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getSubjectX500Principal()); +} + +/** + * Get Issuer Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Issuer Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getIssuer(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getIssuerX500Principal()); +} + +private String getFormatted(final X500Principal principal) { +return principal.getName(X500Principal.RFC1779); Review Comment: Based on current references, making this configurable would probably create more confusion, given the nature of identity mapping and FlowFile attribute evaluation. However, this certainly doesn't rule out other approaches if needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12272 Add Formatter for Certificate Distinguished Names [nifi]
exceptionfactory commented on code in PR #7931: URL: https://github.com/apache/nifi/pull/7931#discussion_r1372128301 ## nifi-commons/nifi-security-cert/src/main/java/org/apache/nifi/security/cert/StandardPrincipalFormatter.java: ## @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.security.cert; + +import javax.security.auth.x500.X500Principal; +import java.security.cert.X509Certificate; +import java.util.Objects; + +/** + * Standard Principal Formatter implementation returns Subject and Issuer formatted according to RFC 1779 following the convention of getSubjectDN and getIssuerDN methods + */ +public class StandardPrincipalFormatter implements PrincipalFormatter { +private static final PrincipalFormatter INSTANCE = new StandardPrincipalFormatter(); + +private StandardPrincipalFormatter() { + +} + +/** + * Get singleton instance of Principal Formatter + * + * @return Standard Principal Formatter + */ +public static PrincipalFormatter getInstance() { +return INSTANCE; +} + +/** + * Get Subject Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Subject Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getSubject(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getSubjectX500Principal()); +} + +/** + * Get Issuer Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Issuer Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getIssuer(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getIssuerX500Principal()); +} + +private String getFormatted(final X500Principal principal) { +return principal.getName(X500Principal.RFC1779); Review Comment: If there is a need for `RFC2253` in other contexts, that could be a separate implementation of the `PrincipalFormatter` interface. The purpose of the `StandardPrincipalFormatter` was to maintain historical consistency when it comes to string representations, without ruling out the possibility of other options in different contexts. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
rfellows commented on code in PR #7924: URL: https://github.com/apache/nifi/pull/7924#discussion_r1372123443 ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js: ## @@ -1611,60 +1611,6 @@ return loadPolicy().always(showPolicy); }, -/** - * Shows the template policy. - * - * @param d - */ -showTemplatePolicy: function (d) { -initializingComponentPolicy = true; - -// reset the policy message -resetPolicyMessage(); - -// update the policy controls visibility -$('#component-policy-controls').show(); -$('#global-policy-controls').hide(); - -// update the visibility -if (d.permissions.canRead === true) { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.template.name); -} else { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.id); -} -$('#policy-selected-template-container').show(); - -// populate the initial resource -$('#selected-policy-component-id').text(d.id); -$('#selected-policy-component-type').text('templates'); -$('#component-policy-target') -.combo('setOptionEnabled', { -value: 'operate-component' -}, false) -.combo('setOptionEnabled', { -value: 'write-receive-data' -}, false) -.combo('setOptionEnabled', { -value: 'write-send-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-provenance' -}, false) -.combo('setOptionEnabled', { -value: 'write-data' -}, false) -.combo('setSelectedOption', { -value: 'read-component' -}); - -initializingComponentPolicy = false; - -return loadPolicy().always(showPolicy); -}, - Review Comment: Not so sure now, @scottyaslan do you know? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
rfellows commented on code in PR #7924: URL: https://github.com/apache/nifi/pull/7924#discussion_r1372122869 ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/policy-management.jsp: ## @@ -44,16 +44,6 @@ - - - - - - -Template - - - Review Comment: hmm, maybe now that i think about it a bit more... maybe they are the same. @scottyaslan do you know? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12272 Add Formatter for Certificate Distinguished Names [nifi]
ChrisSamo632 commented on code in PR #7931: URL: https://github.com/apache/nifi/pull/7931#discussion_r1372121807 ## nifi-commons/nifi-security-cert/src/main/java/org/apache/nifi/security/cert/StandardPrincipalFormatter.java: ## @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.security.cert; + +import javax.security.auth.x500.X500Principal; +import java.security.cert.X509Certificate; +import java.util.Objects; + +/** + * Standard Principal Formatter implementation returns Subject and Issuer formatted according to RFC 1779 following the convention of getSubjectDN and getIssuerDN methods + */ +public class StandardPrincipalFormatter implements PrincipalFormatter { +private static final PrincipalFormatter INSTANCE = new StandardPrincipalFormatter(); + +private StandardPrincipalFormatter() { + +} + +/** + * Get singleton instance of Principal Formatter + * + * @return Standard Principal Formatter + */ +public static PrincipalFormatter getInstance() { +return INSTANCE; +} + +/** + * Get Subject Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Subject Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getSubject(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getSubjectX500Principal()); +} + +/** + * Get Issuer Distinguished Name formatted as a string according to RFC 1779 with spaces between elements + * + * @param certificate X.509 Certificate + * @return Issuer Distinguished Name formatted according to RFC 1779 + */ +@Override +public String getIssuer(final X509Certificate certificate) { +Objects.requireNonNull(certificate, "Certificate required"); +return getFormatted(certificate.getIssuerX500Principal()); +} + +private String getFormatted(final X500Principal principal) { +return principal.getName(X500Principal.RFC1779); Review Comment: Do you foresee a need for other formats in the future, e.g. `RFC2253`? If so, should we make the format configurable for the client? If there's no apparent need right now (I can't see an immediate one if the LDAP connectivity wouldn't benefit from the new formatter/approach), then happy for this to be something that can be added later if/when the need arises -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12260: Remove templates from frontend [nifi]
rfellows commented on code in PR #7924: URL: https://github.com/apache/nifi/pull/7924#discussion_r1372102017 ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/policy-management.jsp: ## @@ -44,16 +44,6 @@ - - - - - - -Template - - - Review Comment: I don't believe that this policy template has anything to do with flow templates. We should put this back. ## nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js: ## @@ -1611,60 +1611,6 @@ return loadPolicy().always(showPolicy); }, -/** - * Shows the template policy. - * - * @param d - */ -showTemplatePolicy: function (d) { -initializingComponentPolicy = true; - -// reset the policy message -resetPolicyMessage(); - -// update the policy controls visibility -$('#component-policy-controls').show(); -$('#global-policy-controls').hide(); - -// update the visibility -if (d.permissions.canRead === true) { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.template.name); -} else { -$('#policy-selected-template-container div.policy-selected-component-name').text(d.id); -} -$('#policy-selected-template-container').show(); - -// populate the initial resource -$('#selected-policy-component-id').text(d.id); -$('#selected-policy-component-type').text('templates'); -$('#component-policy-target') -.combo('setOptionEnabled', { -value: 'operate-component' -}, false) -.combo('setOptionEnabled', { -value: 'write-receive-data' -}, false) -.combo('setOptionEnabled', { -value: 'write-send-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-data' -}, false) -.combo('setOptionEnabled', { -value: 'read-provenance' -}, false) -.combo('setOptionEnabled', { -value: 'write-data' -}, false) -.combo('setSelectedOption', { -value: 'read-component' -}); - -initializingComponentPolicy = false; - -return loadPolicy().always(showPolicy); -}, - Review Comment: I don't think we should remove this. This isn't the same kind of template that we are trying to remove. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-12272) Add Standard Certificate Principal Formatting
[ https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779589#comment-17779589 ] David Handermann commented on NIFI-12272: - Thanks for taking a look at this [~mosermw]. Reviewing NIFI-2517, we should be very careful making any changes. The RFC 1779 formatting should apply standard ordering for Java, which will be different than other external tools like OpenSSL. If you have particular use case details, it was be great to highlight those on that Jira issue. > Add Standard Certificate Principal Formatting > - > > Key: NIFI-12272 > URL: https://issues.apache.org/jira/browse/NIFI-12272 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > The {{X509Certificate.getSubjectDN()}} is denigrated in favor of > {{getSubjectX500Principal()}} and recent improvements to the main branch > replaced legacy usage. > The getSubjectDN method returns Distinguished Names formatted according to > RFC 1779, which includes separating Relative Distinguished Name elements > using spaces. This impacts configuration properties such as Identity Mapping, > and also impacts flow designs that evaluate Certificate Subject and Issuer > attributes. > The default behavior of {{X500Principal.getName()}} formats Distinguished > Names according to RFC 2253, which does not use space separators. Passing > {{X500Principal.RFC1779}} to the {{getName()}} method follows the same > formatting approach as {{{}getSubjectDN().getName(){}}}. > Existing behavior should be maintained to avoid unexpected changes when > upgrading NiFi versions, and a new utility should be introduced to provide > standardized formatting. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12266) Add Standard Shared NAR for Common Dependencies
[ https://issues.apache.org/jira/browse/NIFI-12266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-12266: Fix Version/s: 2.0.0 (was: 2.latest) > Add Standard Shared NAR for Common Dependencies > --- > > Key: NIFI-12266 > URL: https://issues.apache.org/jira/browse/NIFI-12266 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Numerous extension components share a small number of similar libraries. With > selective version management in the root Maven configuration, these common > dependencies have the same version when bundled into various NAR files. The > current packaging structure has most extension NAR files depending on > {{{}nifi-standard-services-api-nar{}}}, which is scoped to common service API > modules that do not have additional dependencies. > Introducing a new intermediate NAR to package common versions of several > shared dependencies would provide a notable size reduction for binary builds. > A new standard shared NAR should contain a limited set a dependencies that > are broadly applicable to extension components, which will allow these > components to set shared dependencies with the {{provided}} scope, avoiding > direct inclusion in the extension NAR. > The standard shared NAR should depend on > {{{}nifi-standard-services-api-nar{}}}, allowing components to opt out of the > standard shared dependency version if absolutely necessary. > The following libraries are good candidates for inclusion in a standard > shared NAR based on the number of references and the sizes of the > dependencies: > * Apache Commons libraries such as commons-lang3 and commons-io > * Jackson JSON > * Bouncy Castle > * Netty 4 > * OkHttp with Kotlin -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12266) Add Standard Shared NAR for Common Dependencies
[ https://issues.apache.org/jira/browse/NIFI-12266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779588#comment-17779588 ] ASF subversion and git services commented on NIFI-12266: Commit bd4ba343399ddd9f2b722d48b21f3258f34f8401 in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=bd4ba34339 ] NIFI-12266 Added Standard Shared NAR and BOM (#7925) - Added nifi-standard-shared-nar with common dependencies - Added nifi-standard-shared-bom with provided scope for parent module references > Add Standard Shared NAR for Common Dependencies > --- > > Key: NIFI-12266 > URL: https://issues.apache.org/jira/browse/NIFI-12266 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.latest > > Time Spent: 0.5h > Remaining Estimate: 0h > > Numerous extension components share a small number of similar libraries. With > selective version management in the root Maven configuration, these common > dependencies have the same version when bundled into various NAR files. The > current packaging structure has most extension NAR files depending on > {{{}nifi-standard-services-api-nar{}}}, which is scoped to common service API > modules that do not have additional dependencies. > Introducing a new intermediate NAR to package common versions of several > shared dependencies would provide a notable size reduction for binary builds. > A new standard shared NAR should contain a limited set a dependencies that > are broadly applicable to extension components, which will allow these > components to set shared dependencies with the {{provided}} scope, avoiding > direct inclusion in the extension NAR. > The standard shared NAR should depend on > {{{}nifi-standard-services-api-nar{}}}, allowing components to opt out of the > standard shared dependency version if absolutely necessary. > The following libraries are good candidates for inclusion in a standard > shared NAR based on the number of references and the sizes of the > dependencies: > * Apache Commons libraries such as commons-lang3 and commons-io > * Jackson JSON > * Bouncy Castle > * Netty 4 > * OkHttp with Kotlin -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12266) Add Standard Shared NAR for Common Dependencies
[ https://issues.apache.org/jira/browse/NIFI-12266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Payne updated NIFI-12266: -- Resolution: Fixed Status: Resolved (was: Patch Available) > Add Standard Shared NAR for Common Dependencies > --- > > Key: NIFI-12266 > URL: https://issues.apache.org/jira/browse/NIFI-12266 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.latest > > Time Spent: 0.5h > Remaining Estimate: 0h > > Numerous extension components share a small number of similar libraries. With > selective version management in the root Maven configuration, these common > dependencies have the same version when bundled into various NAR files. The > current packaging structure has most extension NAR files depending on > {{{}nifi-standard-services-api-nar{}}}, which is scoped to common service API > modules that do not have additional dependencies. > Introducing a new intermediate NAR to package common versions of several > shared dependencies would provide a notable size reduction for binary builds. > A new standard shared NAR should contain a limited set a dependencies that > are broadly applicable to extension components, which will allow these > components to set shared dependencies with the {{provided}} scope, avoiding > direct inclusion in the extension NAR. > The standard shared NAR should depend on > {{{}nifi-standard-services-api-nar{}}}, allowing components to opt out of the > standard shared dependency version if absolutely necessary. > The following libraries are good candidates for inclusion in a standard > shared NAR based on the number of references and the sizes of the > dependencies: > * Apache Commons libraries such as commons-lang3 and commons-io > * Jackson JSON > * Bouncy Castle > * Netty 4 > * OkHttp with Kotlin -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12266 Add Standard Shared NAR and BOM [nifi]
markap14 commented on PR #7925: URL: https://github.com/apache/nifi/pull/7925#issuecomment-1779729409 Thanks @exceptionfactory I think that's a great approach, and it yields some pretty huge savings! Did some quick testing and all appears to still work as expected. +1 will merge to main -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12266 Add Standard Shared NAR and BOM [nifi]
markap14 merged PR #7925: URL: https://github.com/apache/nifi/pull/7925 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-12272) Add Standard Certificate Principal Formatting
[ https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779586#comment-17779586 ] Michael W Moser commented on NIFI-12272: Thanks for finding and resolving this, [~exceptionfactory]. It certainly would have caused complications upgrading to 2.0.0 I still would like to see NIFI-2517 implemented (I'll put it on my TODO list) to relax the matching of certificate DNs in the various places in NiFi that user identities can be configured. > Add Standard Certificate Principal Formatting > - > > Key: NIFI-12272 > URL: https://issues.apache.org/jira/browse/NIFI-12272 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > The {{X509Certificate.getSubjectDN()}} is denigrated in favor of > {{getSubjectX500Principal()}} and recent improvements to the main branch > replaced legacy usage. > The getSubjectDN method returns Distinguished Names formatted according to > RFC 1779, which includes separating Relative Distinguished Name elements > using spaces. This impacts configuration properties such as Identity Mapping, > and also impacts flow designs that evaluate Certificate Subject and Issuer > attributes. > The default behavior of {{X500Principal.getName()}} formats Distinguished > Names according to RFC 2253, which does not use space separators. Passing > {{X500Principal.RFC1779}} to the {{getName()}} method follows the same > formatting approach as {{{}getSubjectDN().getName(){}}}. > Existing behavior should be maintained to avoid unexpected changes when > upgrading NiFi versions, and a new utility should be introduced to provide > standardized formatting. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (NIFI-5779) TransformXml: Missing Property Validate DTD
[ https://issues.apache.org/jira/browse/NIFI-5779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann reassigned NIFI-5779: -- Assignee: (was: David Handermann) > TransformXml: Missing Property Validate DTD > --- > > Key: NIFI-5779 > URL: https://issues.apache.org/jira/browse/NIFI-5779 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.5.0, 1.8.0 >Reporter: Nag Arvind Gudiseva >Priority: Major > Attachments: transform_error.png > > > Processor: TransformXml > Property "*Validate DTD*" is missing > This property "_Specifies whether or not the XML content should be validated > against the DTD_". > As this property is not available, we are unable to set the DTD validation to > FALSE. Due to this we are getting the following error: > {color:#d04437}ERROR: TransformXml - Unable to transform > StandardFlowFileRecord due to > org.apache.nifi.processor.exception.ProcessException: IOException thrown from > TransformXml: java.io.IOException: net.sf.saxon.trans.XPathException: I/O > error reported by XML parser processing null: > /usr/hdf/3.1.0.0-564/nifi/mxml.dtd (No such file or directory){color} > > {color:#33}Attached is the screen-print of the error.{color} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12275) Disable SFTP Keepalive in Test Classes
[ https://issues.apache.org/jira/browse/NIFI-12275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-12275: Status: Patch Available (was: Open) > Disable SFTP Keepalive in Test Classes > -- > > Key: NIFI-12275 > URL: https://issues.apache.org/jira/browse/NIFI-12275 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.latest, 2.latest > > Time Spent: 10m > Remaining Estimate: 0h > > Standard SFTP Processors have a Connection Keepalive property that is enabled > in the default configuration. This property should be disabled for unit tests > which have inherently short connection lifespans. Disabling the Keepalive > setting simplifies the initial client configuration handshake process and > could avoid some potential failures. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] NIFI-12275 Disable Keepalive in SFTP Tests [nifi]
exceptionfactory opened a new pull request, #7932: URL: https://github.com/apache/nifi/pull/7932 # Summary [NIFI-12275](https://issues.apache.org/jira/browse/NIFI-12275) Disables the Keepalive setting for SFTP Processor test classes. Enabling connection keepalive is not necessary for test methods, and disabling keepalive simplifies internal client connection handling in SSHJ, reducing the potential for test failures. # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0` - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0` ### Pull Request Formatting - [X] Pull Request based on current revision of the `main` branch - [X] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [X] Build completed using `mvn clean install -P contrib-check` - [X] JDK 21 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (NIFI-12275) Disable SFTP Keepalive in Test Classes
David Handermann created NIFI-12275: --- Summary: Disable SFTP Keepalive in Test Classes Key: NIFI-12275 URL: https://issues.apache.org/jira/browse/NIFI-12275 Project: Apache NiFi Issue Type: Improvement Components: Extensions Reporter: David Handermann Assignee: David Handermann Fix For: 1.latest, 2.latest Standard SFTP Processors have a Connection Keepalive property that is enabled in the default configuration. This property should be disabled for unit tests which have inherently short connection lifespans. Disabling the Keepalive setting simplifies the initial client configuration handshake process and could avoid some potential failures. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12273) Incorrect references to command.arguments in ExecuteStreamCommand documentation
[ https://issues.apache.org/jira/browse/NIFI-12273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Burgess updated NIFI-12273: Fix Version/s: 1.latest 2.latest > Incorrect references to command.arguments in ExecuteStreamCommand > documentation > --- > > Key: NIFI-12273 > URL: https://issues.apache.org/jira/browse/NIFI-12273 > Project: Apache NiFi > Issue Type: Bug > Components: Documentation & Website >Reporter: Andrew M. Lim >Priority: Minor > Fix For: 1.latest, 2.latest > > > In the Additional Details page for this processor > (https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.23.2/org.apache.nifi.processors.standard.ExecuteStreamCommand/additionalDetails.html) > there are references to: > {{command.arguments}} > which is incorrect. The references should be: > {{command.argument}} > which is what is shown on the main page > (https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.23.2/org.apache.nifi.processors.standard.ExecuteStreamCommand/index.html) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-12274) Evaluate Apache Infrastructure Hosted GitHub Runners
David Handermann created NIFI-12274: --- Summary: Evaluate Apache Infrastructure Hosted GitHub Runners Key: NIFI-12274 URL: https://issues.apache.org/jira/browse/NIFI-12274 Project: Apache NiFi Issue Type: Improvement Components: Tools and Build Reporter: David Handermann Assignee: David Handermann The Apache Infrastructure Team has begun testing self-hosted runners for GitHub Action workflows that provide better performance than standard runners. The self-hosted runners require specific run configuration settings that apply to workflows within the context of the project repository, as opposed to forks. The workflow configuration should support targeted execution on self-hosted runners for testing and comparison of results. https://cwiki.apache.org/confluence/pages/viewpage.action?spaceKey=INFRA&title=ASF+Infra+provided+self-hosted+runners -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12269) Resolve Maven Build Warnings for Plugin Versions
[ https://issues.apache.org/jira/browse/NIFI-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Payne updated NIFI-12269: -- Resolution: Fixed Status: Resolved (was: Patch Available) > Resolve Maven Build Warnings for Plugin Versions > > > Key: NIFI-12269 > URL: https://issues.apache.org/jira/browse/NIFI-12269 > Project: Apache NiFi > Issue Type: Bug > Components: Tools and Build >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Recent Maven builds log the following warnings related to missing plugin > version information. Specific plugin versions should be set in the plugin > management section to remove these warnings: > {noformat} > Warning: Some problems were encountered while building the effective model > for org.apache.nifi:nifi-build:jar:2.0.0-SNAPSHOT > Warning: 'build.plugins.plugin.version' for > org.apache.nifi:nifi-nar-maven-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 875, column 21 > Warning: 'build.plugins.plugin.version' for > org.sonatype.plugins:nexus-staging-maven-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 883, column 21 > Warning: 'build.plugins.plugin.version' for > org.apache.maven.plugins:maven-checkstyle-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 971, column 21 > Warning: 'build.plugins.plugin.version' for > org.jvnet.jaxb2.maven2:maven-jaxb2-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 893, column 21 > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12269) Resolve Maven Build Warnings for Plugin Versions
[ https://issues.apache.org/jira/browse/NIFI-12269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779555#comment-17779555 ] ASF subversion and git services commented on NIFI-12269: Commit 28b75c78a6fd4557e8997c2eeb2bef782d89fc4f in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=28b75c78a6 ] NIFI-12269 Resolved Maven Build Warnings for Plugins (#7928) - Set plugin versions in root configuration for plugin management across modules > Resolve Maven Build Warnings for Plugin Versions > > > Key: NIFI-12269 > URL: https://issues.apache.org/jira/browse/NIFI-12269 > Project: Apache NiFi > Issue Type: Bug > Components: Tools and Build >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Recent Maven builds log the following warnings related to missing plugin > version information. Specific plugin versions should be set in the plugin > management section to remove these warnings: > {noformat} > Warning: Some problems were encountered while building the effective model > for org.apache.nifi:nifi-build:jar:2.0.0-SNAPSHOT > Warning: 'build.plugins.plugin.version' for > org.apache.nifi:nifi-nar-maven-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 875, column 21 > Warning: 'build.plugins.plugin.version' for > org.sonatype.plugins:nexus-staging-maven-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 883, column 21 > Warning: 'build.plugins.plugin.version' for > org.apache.maven.plugins:maven-checkstyle-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 971, column 21 > Warning: 'build.plugins.plugin.version' for > org.jvnet.jaxb2.maven2:maven-jaxb2-plugin is missing. @ > org.apache.nifi:nifi:2.0.0-SNAPSHOT, /home/runner/work/nifi/nifi/pom.xml, > line 893, column 21 > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-12269 Resolve Maven Build Warnings for Plugins [nifi]
markap14 commented on PR #7928: URL: https://github.com/apache/nifi/pull/7928#issuecomment-1779543314 Thanks @exceptionfactory I've been meaning to get to this! +1 will merge -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12269 Resolve Maven Build Warnings for Plugins [nifi]
markap14 merged PR #7928: URL: https://github.com/apache/nifi/pull/7928 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-12272) Add Standard Certificate Principal Formatting
[ https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-12272: Status: Patch Available (was: In Progress) > Add Standard Certificate Principal Formatting > - > > Key: NIFI-12272 > URL: https://issues.apache.org/jira/browse/NIFI-12272 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework, Extensions >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > The {{X509Certificate.getSubjectDN()}} is denigrated in favor of > {{getSubjectX500Principal()}} and recent improvements to the main branch > replaced legacy usage. > The getSubjectDN method returns Distinguished Names formatted according to > RFC 1779, which includes separating Relative Distinguished Name elements > using spaces. This impacts configuration properties such as Identity Mapping, > and also impacts flow designs that evaluate Certificate Subject and Issuer > attributes. > The default behavior of {{X500Principal.getName()}} formats Distinguished > Names according to RFC 2253, which does not use space separators. Passing > {{X500Principal.RFC1779}} to the {{getName()}} method follows the same > formatting approach as {{{}getSubjectDN().getName(){}}}. > Existing behavior should be maintained to avoid unexpected changes when > upgrading NiFi versions, and a new utility should be introduced to provide > standardized formatting. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12249) FetchSFTP needs failure attributes
[ https://issues.apache.org/jira/browse/NIFI-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Anna Nys updated NIFI-12249: Status: Patch Available (was: In Progress) > FetchSFTP needs failure attributes > -- > > Key: NIFI-12249 > URL: https://issues.apache.org/jira/browse/NIFI-12249 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework >Affects Versions: 2.0.0 >Reporter: Anna Nys >Assignee: Anna Nys >Priority: Minor > Time Spent: 10m > Remaining Estimate: 0h > > The FetchSFTP processor has several failure relationships: > comms.failure > not.found > permission.denied > While these relationships can help route files that fail for different > reasons, it would be helpful to have the failure reason written to a flowfile > attribute, so that the reason can be automatically included in an automated > notification message. > The value of the flowfile attribute could be used in an UpdateAttribute > advanced rules to generate error-specific email notifications to the > customer. Otherwise, we need separate processors for each failure > relationship. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] NIFI-12272 Add Formatter for Certificate Distinguished Names [nifi]
exceptionfactory opened a new pull request, #7931: URL: https://github.com/apache/nifi/pull/7931 # Summary [NIFI-12272](https://issues.apache.org/jira/browse/NIFI-12272) Adds a `PrincipalFormatter` interface and `StandardPrincipalFormatter` implementation that retrieves and formats Certificate Subject and Issuer Distinguished Names according to [RFC 1779](https://www.rfc-editor.org/rfc/rfc1779). This approach preserves compatibility with the historical `getSubjectDN()` and `getIssuerDN()` methods from `X509Certificate` while using the recommended `getSubjectX500Principal()` and `getIssuerX500Principal()` methods. These changes restore compatibility with existing NiFi versions, recently changed for [NIFI-12142](https://issues.apache.org/jira/browse/NIFI-12142). # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0` - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0` ### Pull Request Formatting - [X] Pull Request based on current revision of the `main` branch - [X] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [X] Build completed using `mvn clean install -P contrib-check` - [X] JDK 21 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-12271: Fix PutAzureBlobStorage - FileResourceService - FileNotFo… [nifi]
exceptionfactory commented on code in PR #7930: URL: https://github.com/apache/nifi/pull/7930#discussion_r1371904153 ## nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/processors/azure/storage/PutAzureBlobStorage_v12.java: ## @@ -231,6 +231,7 @@ public void onTrigger(final ProcessContext context, final ProcessSession session getLogger().error("Failed to create blob on Azure Blob Storage", e); flowFile = session.penalize(flowFile); session.transfer(flowFile, REL_FAILURE); +session.getProvenanceReporter().send(flowFile, "/error/" + blobName); Review Comment: The general purpose of provenance event reporting is to track successful operations as opposed to errors, so creating this event does not seem like the right approach. Is there a particular reason for this addition? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (NIFI-12273) Incorrect references to command.arguments in ExecuteStreamCommand documentation
Andrew M. Lim created NIFI-12273: Summary: Incorrect references to command.arguments in ExecuteStreamCommand documentation Key: NIFI-12273 URL: https://issues.apache.org/jira/browse/NIFI-12273 Project: Apache NiFi Issue Type: Bug Components: Documentation & Website Reporter: Andrew M. Lim In the Additional Details page for this processor (https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.23.2/org.apache.nifi.processors.standard.ExecuteStreamCommand/additionalDetails.html) there are references to: {{command.arguments}} which is incorrect. The references should be: {{command.argument}} which is what is shown on the main page (https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.23.2/org.apache.nifi.processors.standard.ExecuteStreamCommand/index.html) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-12272) Add Standard Certificate Principal Formatting
David Handermann created NIFI-12272: --- Summary: Add Standard Certificate Principal Formatting Key: NIFI-12272 URL: https://issues.apache.org/jira/browse/NIFI-12272 Project: Apache NiFi Issue Type: Bug Components: Core Framework, Extensions Reporter: David Handermann Assignee: David Handermann Fix For: 2.0.0 The {{X509Certificate.getSubjectDN()}} is denigrated in favor of {{getSubjectX500Principal()}} and recent improvements to the main branch replaced legacy usage. The getSubjectDN method returns Distinguished Names formatted according to RFC 1779, which includes separating Relative Distinguished Name elements using spaces. This impacts configuration properties such as Identity Mapping, and also impacts flow designs that evaluate Certificate Subject and Issuer attributes. The default behavior of {{X500Principal.getName()}} formats Distinguished Names according to RFC 2253, which does not use space separators. Passing {{X500Principal.RFC1779}} to the {{getName()}} method follows the same formatting approach as {{{}getSubjectDN().getName(){}}}. Existing behavior should be maintained to avoid unexpected changes when upgrading NiFi versions, and a new utility should be introduced to provide standardized formatting. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] MINIFICPP-1951 - Prevent append overwriting resource [nifi-minifi-cpp]
szaszm commented on code in PR #1640: URL: https://github.com/apache/nifi-minifi-cpp/pull/1640#discussion_r1371610858 ## libminifi/include/core/StreamAppendLock.h: ## @@ -0,0 +1,27 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + + +namespace org::apache::nifi::minifi::core { + +class StreamAppendLock { Review Comment: Either that or just a normal top level class in the same file. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINIFICPP-1951 - Prevent append overwriting resource [nifi-minifi-cpp]
szaszm commented on code in PR #1640: URL: https://github.com/apache/nifi-minifi-cpp/pull/1640#discussion_r1371608435 ## libminifi/include/core/ContentRepository.h: ## @@ -62,15 +73,24 @@ class ContentRepository : public core::CoreComponent, public StreamManager append(const ResourceClaim& claim, size_t offset) override; Review Comment: You're right, it only works with pointers and references, but not `unique_ptr`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-12271) PuAzureBlobStorage with FileResourceService - FileNotFound should not rollback
[ https://issues.apache.org/jira/browse/NIFI-12271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lehel Boér updated NIFI-12271: -- Status: Patch Available (was: In Progress) > PuAzureBlobStorage with FileResourceService - FileNotFound should not rollback > -- > > Key: NIFI-12271 > URL: https://issues.apache.org/jira/browse/NIFI-12271 > Project: Apache NiFi > Issue Type: Bug >Reporter: Lehel Boér >Assignee: Lehel Boér >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Currently when FileResourceService is used and the file is not found, the > upstream FlowFile is rolled back. It should be sent to the FAILURE > relationship. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] NIFI-12271: Fix PutAzureBlobStorage - FileResourceService - FileNotFo… [nifi]
Lehel44 opened a new pull request, #7930: URL: https://github.com/apache/nifi/pull/7930 …und rollbacks # Summary [NIFI-12271](https://issues.apache.org/jira/browse/NIFI-12271) # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [ ] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [ ] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0` - [ ] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0` ### Pull Request Formatting - [ ] Pull Request based on current revision of the `main` branch - [ ] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [ ] Build completed using `mvn clean install -P contrib-check` - [ ] JDK 21 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (NIFI-12271) PuAzureBlobStorage with FileResourceService - FileNotFound should not rollback
Lehel Boér created NIFI-12271: - Summary: PuAzureBlobStorage with FileResourceService - FileNotFound should not rollback Key: NIFI-12271 URL: https://issues.apache.org/jira/browse/NIFI-12271 Project: Apache NiFi Issue Type: Bug Reporter: Lehel Boér Assignee: Lehel Boér Currently when FileResourceService is used and the file is not found, the upstream FlowFile is rolled back. It should be sent to the FAILURE relationship. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-12270) PuAzureBlobStorage with FileResourceService sends 0 byte PROVENANCE event
Lehel Boér created NIFI-12270: - Summary: PuAzureBlobStorage with FileResourceService sends 0 byte PROVENANCE event Key: NIFI-12270 URL: https://issues.apache.org/jira/browse/NIFI-12270 Project: Apache NiFi Issue Type: Bug Reporter: Lehel Boér Assignee: Lehel Boér The content of the local file is added into the original flowfile. We should have an extra MODIFY_CONTENT event with the new size. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-12270) PuAzureBlobStorage with FileResourceService sends 0 byte PROVENANCE event
[ https://issues.apache.org/jira/browse/NIFI-12270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lehel Boér updated NIFI-12270: -- Description: The content of the local file is added into the original flowfile. An extra MODIFY_CONTENT event should be added with the new size. (was: The content of the local file is added into the original flowfile. We should have an extra MODIFY_CONTENT event with the new size.) > PuAzureBlobStorage with FileResourceService sends 0 byte PROVENANCE event > - > > Key: NIFI-12270 > URL: https://issues.apache.org/jira/browse/NIFI-12270 > Project: Apache NiFi > Issue Type: Bug >Reporter: Lehel Boér >Assignee: Lehel Boér >Priority: Major > > The content of the local file is added into the original flowfile. An extra > MODIFY_CONTENT event should be added with the new size. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MINIFICPP-2258) Libarchive download fails with SSL connect error on Windows in CI
[ https://issues.apache.org/jira/browse/MINIFICPP-2258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gábor Gyimesi updated MINIFICPP-2258: - Epic Link: MINIFICPP-1324 > Libarchive download fails with SSL connect error on Windows in CI > - > > Key: MINIFICPP-2258 > URL: https://issues.apache.org/jira/browse/MINIFICPP-2258 > Project: Apache NiFi MiNiFi C++ > Issue Type: Bug >Reporter: Gábor Gyimesi >Priority: Major > Attachments: xz_download_ssl_connect_error.log > > > Lately the Windows job fails transiently in Github Actions while building the > libarchive extension. The build fails with a download error of the xz > library, the download failing with SSL connect error. > Logs attached with more information. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MINIFICPP-2258) Libarchive download fails with SSL connect error on Windows in CI
Gábor Gyimesi created MINIFICPP-2258: Summary: Libarchive download fails with SSL connect error on Windows in CI Key: MINIFICPP-2258 URL: https://issues.apache.org/jira/browse/MINIFICPP-2258 Project: Apache NiFi MiNiFi C++ Issue Type: Bug Reporter: Gábor Gyimesi Attachments: xz_download_ssl_connect_error.log Lately the Windows job fails transiently in Github Actions while building the libarchive extension. The build fails with a download error of the xz library, the download failing with SSL connect error. Logs attached with more information. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] MINIFICPP-1415 Pass references to onTrigger and onSchedule instead of… [nifi-minifi-cpp]
martinzink commented on code in PR #1693: URL: https://github.com/apache/nifi-minifi-cpp/pull/1693#discussion_r1371429026 ## libminifi/include/core/Processor.h: ## @@ -180,25 +180,24 @@ class Processor : public Connectable, public ConfigurableComponent, public state bool addConnection(Connectable* connection); - virtual void onTrigger(const std::shared_ptr &context, const std::shared_ptr &sessionFactory); - void onTrigger(ProcessContext *context, ProcessSessionFactory *sessionFactory); - bool canEdit() override { return !isRunning(); } - virtual void onTrigger(const std::shared_ptr &context, const std::shared_ptr &session) { -onTrigger(context.get(), session.get()); - } - virtual void onTrigger(ProcessContext* /*context*/, ProcessSession* /*session*/) { - } void initialize() override { } - virtual void onSchedule(const std::shared_ptr &context, const std::shared_ptr &sessionFactory) { -onSchedule(context.get(), sessionFactory.get()); + + virtual void onTrigger(const std::shared_ptr& context, const std::shared_ptr& session_factory); + + virtual void onTrigger_2(const std::shared_ptr& context, const std::shared_ptr& session) { Review Comment: I couldnt come up with a better name yet, I've changed it from onTrigger so its easier to find the remaining occurences where we rely on shared_ptr-s We could either revert this back to onTrigger or come up with a slightly better name? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] MINIFICPP-1415 Pass references to onTrigger and onSchedule instead of… [nifi-minifi-cpp]
martinzink opened a new pull request, #1693: URL: https://github.com/apache/nifi-minifi-cpp/pull/1693 … shared_ptr Thank you for submitting a contribution to Apache NiFi - MiNiFi C++. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with MINIFICPP- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically main)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file? - [ ] If applicable, have you updated the NOTICE file? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] MINIFICPP-2217 - Implement jolt processor shift operation [nifi-minifi-cpp]
adamdebreceni opened a new pull request, #1692: URL: https://github.com/apache/nifi-minifi-cpp/pull/1692 Thank you for submitting a contribution to Apache NiFi - MiNiFi C++. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with MINIFICPP- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically main)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file? - [ ] If applicable, have you updated the NOTICE file? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-12187) MergeContent"relaxFullnessConstraint && bin.isFullEnough() "can never be reached.
[ https://issues.apache.org/jira/browse/NIFI-12187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779401#comment-17779401 ] sky commented on NIFI-12187: [~mosermw] Hello, the problem I have is that when I have 100 data in the queue in front of mergecontent, but I set the mergecontent 'Maximum Number of Records' to 200, When the timer arrives, 'relaxFullnessConstraint && bin.isFullEnough()' fails to meet the condition and fails to merge, and then waits until the data in the queue reaches 200, which is inconsistent with the business expectation. The business expects to merge when the timer arrives, regardless of whether the 'Maximum Number of Records' is met. > MergeContent"relaxFullnessConstraint && bin.isFullEnough() "can never be > reached. > - > > Key: NIFI-12187 > URL: https://issues.apache.org/jira/browse/NIFI-12187 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.16.0, 1.17.0, 1.16.1, 1.16.2, 1.16.3, 1.18.0, 1.19.0, > 1.20.0, 1.19.1, 1.21.0, 1.22.0, 1.23.0, 1.23.1, 1.23.2 >Reporter: sky >Priority: Critical > > In MergeContent, "binContents.size() < maximumEntries" does not work, but it > does work in 1.15.3. At that time in the "migrateBins" method of > "BinFiles.java", "BinManager. RemoveReadyBins (true)" in the subsequent > version into "binManager. RemoveReadyBins (relaxFullnessConstraint)", As a > result, "relaxFullnessConstraint && bin.isFullEnough() "can never be achieved. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] (NIFI-12187) MergeContent"relaxFullnessConstraint && bin.isFullEnough() "can never be reached.
[ https://issues.apache.org/jira/browse/NIFI-12187 ] sky deleted comment on NIFI-12187: was (Author: c8679...@163.com): Hello, the problem I have is that when I have 100 data in the queue in front of mergecontent, but I set the mergecontent 'Maximum Number of Records' to 200, When the timer arrives, 'relaxFullnessConstraint && bin.isFullEnough()' fails to meet the condition and fails to merge, and then waits until the data in the queue reaches 200, which is inconsistent with the business expectation. The business expects to merge when the timer arrives, regardless of whether the 'Maximum Number of Records' is met. > MergeContent"relaxFullnessConstraint && bin.isFullEnough() "can never be > reached. > - > > Key: NIFI-12187 > URL: https://issues.apache.org/jira/browse/NIFI-12187 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.16.0, 1.17.0, 1.16.1, 1.16.2, 1.16.3, 1.18.0, 1.19.0, > 1.20.0, 1.19.1, 1.21.0, 1.22.0, 1.23.0, 1.23.1, 1.23.2 >Reporter: sky >Priority: Critical > > In MergeContent, "binContents.size() < maximumEntries" does not work, but it > does work in 1.15.3. At that time in the "migrateBins" method of > "BinFiles.java", "BinManager. RemoveReadyBins (true)" in the subsequent > version into "binManager. RemoveReadyBins (relaxFullnessConstraint)", As a > result, "relaxFullnessConstraint && bin.isFullEnough() "can never be achieved. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-12187) MergeContent"relaxFullnessConstraint && bin.isFullEnough() "can never be reached.
[ https://issues.apache.org/jira/browse/NIFI-12187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779400#comment-17779400 ] sky commented on NIFI-12187: Hello, the problem I have is that when I have 100 data in the queue in front of mergecontent, but I set the mergecontent 'Maximum Number of Records' to 200, When the timer arrives, 'relaxFullnessConstraint && bin.isFullEnough()' fails to meet the condition and fails to merge, and then waits until the data in the queue reaches 200, which is inconsistent with the business expectation. The business expects to merge when the timer arrives, regardless of whether the 'Maximum Number of Records' is met. > MergeContent"relaxFullnessConstraint && bin.isFullEnough() "can never be > reached. > - > > Key: NIFI-12187 > URL: https://issues.apache.org/jira/browse/NIFI-12187 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.16.0, 1.17.0, 1.16.1, 1.16.2, 1.16.3, 1.18.0, 1.19.0, > 1.20.0, 1.19.1, 1.21.0, 1.22.0, 1.23.0, 1.23.1, 1.23.2 >Reporter: sky >Priority: Critical > > In MergeContent, "binContents.size() < maximumEntries" does not work, but it > does work in 1.15.3. At that time in the "migrateBins" method of > "BinFiles.java", "BinManager. RemoveReadyBins (true)" in the subsequent > version into "binManager. RemoveReadyBins (relaxFullnessConstraint)", As a > result, "relaxFullnessConstraint && bin.isFullEnough() "can never be achieved. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] MINIFICPP-1951 - Prevent append overwriting resource [nifi-minifi-cpp]
adamdebreceni commented on code in PR #1640: URL: https://github.com/apache/nifi-minifi-cpp/pull/1640#discussion_r1371324651 ## libminifi/include/core/ContentSession.h: ## @@ -39,6 +52,12 @@ class ContentSession { virtual void rollback() = 0; virtual ~ContentSession() = default; + + protected: + virtual std::shared_ptr append(const std::shared_ptr& resource_id) = 0; + + std::map, ExtensionData> extensions_; Review Comment: managing the append lock and the belonging append stream is now the responsibility of the ContentSession -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINIFICPP-1951 - Prevent append overwriting resource [nifi-minifi-cpp]
adamdebreceni commented on code in PR #1640: URL: https://github.com/apache/nifi-minifi-cpp/pull/1640#discussion_r1371323656 ## libminifi/test/unit/FileSystemRepositoryTests.cpp: ## @@ -177,4 +177,46 @@ TEST_CASE("FileSystemRepository removes non-existing resource file from purge li REQUIRE(content_repo->getPurgeList().empty()); } +TEST_CASE("Append Claim") { + TestController testController; + auto dir = testController.createTempDirectory(); + auto content_repo = std::make_shared(); + + auto configuration = std::make_shared(); + configuration->set(minifi::Configure::nifi_dbcontent_repository_directory_default, dir.string()); + REQUIRE(content_repo->initialize(configuration)); + + + const std::string content = "well hello there"; + + auto claim = std::make_shared(content_repo); + content_repo->write(*claim)->write(as_bytes(std::span(content))); + + // requesting append before content end fails + CHECK(content_repo->append(*claim, 0) == nullptr); + auto lock = content_repo->append(*claim, content.length()); + // trying to append to the end succeeds + CHECK(lock != nullptr); + // simultaneously trying to append to the same claim fails + CHECK(content_repo->append(*claim, content.length()) == nullptr); Review Comment: the newly modified ContentSession::append does just that, this only checks if we can simultaneously lock for the resource for append -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINIFICPP-1951 - Prevent append overwriting resource [nifi-minifi-cpp]
adamdebreceni commented on code in PR #1640: URL: https://github.com/apache/nifi-minifi-cpp/pull/1640#discussion_r1371318101 ## libminifi/src/io/FileStream.cpp: ## @@ -74,6 +74,7 @@ FileStream::FileStream(std::filesystem::path path, uint32_t offset, bool write_e } else { file_stream_->open(path_, std::fstream::in | std::fstream::binary); } + length_ = 0; Review Comment: moved -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINIFICPP-1951 - Prevent append overwriting resource [nifi-minifi-cpp]
adamdebreceni commented on code in PR #1640: URL: https://github.com/apache/nifi-minifi-cpp/pull/1640#discussion_r1371306531 ## libminifi/include/core/StreamAppendLock.h: ## @@ -0,0 +1,27 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + + +namespace org::apache::nifi::minifi::core { + +class StreamAppendLock { Review Comment: do you mean an inner class? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINIFICPP-1951 - Prevent append overwriting resource [nifi-minifi-cpp]
adamdebreceni commented on code in PR #1640: URL: https://github.com/apache/nifi-minifi-cpp/pull/1640#discussion_r1371306139 ## libminifi/include/core/ContentRepository.h: ## @@ -62,15 +73,24 @@ class ContentRepository : public core::CoreComponent, public StreamManager append(const ResourceClaim& claim, size_t offset) override; Review Comment: I don't think we can override with a different return type even if they are convertible -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINIFICPP-1891 Integrate google clang-tidy checks in CI [nifi-minifi-cpp]
lordgamez commented on code in PR #1671: URL: https://github.com/apache/nifi-minifi-cpp/pull/1671#discussion_r1371279027 ## libminifi/src/provenance/Provenance.cpp: ## @@ -249,17 +249,17 @@ bool ProvenanceEventRecord::deserialize(io::InputStream &input_stream) { } } - uint32_t eventType; + uint32_t eventType = 0; { const auto ret = input_stream.read(eventType); if (ret != 4) { return false; } } - this->_eventType = (ProvenanceEventRecord::ProvenanceEventType) eventType; + _eventType = static_cast(eventType); Review Comment: Good point, updated in ff1c274db7dd0e6646c1fa4d25317f7552f5f157 ## libminifi/src/core/flow/StructuredConfiguration.cpp: ## @@ -266,10 +266,10 @@ void StructuredConfiguration::parseProcessorNode(const Node& processors_node, co logger_->log_debug("setting scheduling strategy as {}", procCfg.schedulingStrategy); } -int32_t maxConcurrentTasks; +int32_t maxConcurrentTasks = 0; if (core::Property::StringToInt(procCfg.maxConcurrentTasks, maxConcurrentTasks)) { logger_->log_debug("parseProcessorNode: maxConcurrentTasks => [{}]", maxConcurrentTasks); - processor->setMaxConcurrentTasks((uint8_t) maxConcurrentTasks); + processor->setMaxConcurrentTasks(static_cast(maxConcurrentTasks)); } Review Comment: Yes, good idea, updated in ff1c274db7dd0e6646c1fa4d25317f7552f5f157 ## libminifi/src/core/ProcessSession.cpp: ## @@ -175,7 +175,7 @@ std::shared_ptr ProcessSession::cloneDuringTransfer(const std::s } std::shared_ptr ProcessSession::clone(const std::shared_ptr &parent, int64_t offset, int64_t size) { - if ((uint64_t) (offset + size) > parent->getSize()) { + if (static_cast(offset + size) > parent->getSize()) { Review Comment: Updated in ff1c274db7dd0e6646c1fa4d25317f7552f5f157 ## extensions/sftp/tests/PutSFTPTests.cpp: ## @@ -201,7 +201,7 @@ class PutSFTPTestsFixture { namespace { std::size_t directoryContentCount(const std::filesystem::path& dir) { - return (std::size_t)std::distance(std::filesystem::directory_iterator{dir}, std::filesystem::directory_iterator{}); + return static_cast(std::distance(std::filesystem::directory_iterator{dir}, std::filesystem::directory_iterator{})); Review Comment: Updated in ff1c274db7dd0e6646c1fa4d25317f7552f5f157 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINIFICPP-1891 Integrate google clang-tidy checks in CI [nifi-minifi-cpp]
lordgamez commented on code in PR #1671: URL: https://github.com/apache/nifi-minifi-cpp/pull/1671#discussion_r1371278925 ## extensions/sftp/tests/PutSFTPTests.cpp: ## @@ -201,7 +201,7 @@ class PutSFTPTestsFixture { namespace { std::size_t directoryContentCount(const std::filesystem::path& dir) { - return (std::size_t)std::distance(std::filesystem::directory_iterator{dir}, std::filesystem::directory_iterator{}); + return static_cast(std::distance(std::filesystem::directory_iterator{dir}, std::filesystem::directory_iterator{})); Review Comment: Updated in fdbd40841b88732109b084214e3cb027492d4bac ## libminifi/src/core/ProcessSession.cpp: ## @@ -175,7 +175,7 @@ std::shared_ptr ProcessSession::cloneDuringTransfer(const std::s } std::shared_ptr ProcessSession::clone(const std::shared_ptr &parent, int64_t offset, int64_t size) { - if ((uint64_t) (offset + size) > parent->getSize()) { + if (static_cast(offset + size) > parent->getSize()) { Review Comment: Updated in fdbd40841b88732109b084214e3cb027492d4bac ## libminifi/src/core/flow/StructuredConfiguration.cpp: ## @@ -266,10 +266,10 @@ void StructuredConfiguration::parseProcessorNode(const Node& processors_node, co logger_->log_debug("setting scheduling strategy as {}", procCfg.schedulingStrategy); } -int32_t maxConcurrentTasks; +int32_t maxConcurrentTasks = 0; if (core::Property::StringToInt(procCfg.maxConcurrentTasks, maxConcurrentTasks)) { logger_->log_debug("parseProcessorNode: maxConcurrentTasks => [{}]", maxConcurrentTasks); - processor->setMaxConcurrentTasks((uint8_t) maxConcurrentTasks); + processor->setMaxConcurrentTasks(static_cast(maxConcurrentTasks)); } Review Comment: Yes, good idea, updated in fdbd40841b88732109b084214e3cb027492d4bac ## libminifi/src/provenance/Provenance.cpp: ## @@ -249,17 +249,17 @@ bool ProvenanceEventRecord::deserialize(io::InputStream &input_stream) { } } - uint32_t eventType; + uint32_t eventType = 0; { const auto ret = input_stream.read(eventType); if (ret != 4) { return false; } } - this->_eventType = (ProvenanceEventRecord::ProvenanceEventType) eventType; + _eventType = static_cast(eventType); Review Comment: Good point, updated in fdbd40841b88732109b084214e3cb027492d4bac -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org