This is an automated email from the ASF dual-hosted git repository. aboda pushed a commit to branch NIFIREG-371-RC1 in repository https://gitbox.apache.org/repos/asf/nifi-registry.git
commit 35bcf4371bdadf67f49ab63eaf3aec194f39f17a Author: Endre Zoltan Kovacs <[email protected]> AuthorDate: Fri Oct 18 17:49:34 2019 +0200 NIFIREG-252: adding mavendocker as build profile skip integration test if -DskipTests is set This closes #245. Signed-off-by: Kevin Doran <[email protected]> --- nifi-registry-docker-maven/dockermaven/Dockerfile | 73 +++++++++++++++ .../dockermaven/integration-test.sh | 50 ++++++++++ nifi-registry-docker-maven/dockermaven/pom.xml | 102 +++++++++++++++++++++ .../dockermaven/sh/common.sh | 28 ++++++ .../dockermaven/sh/secure.sh | 56 +++++++++++ nifi-registry-docker-maven/dockermaven/sh/start.sh | 56 +++++++++++ .../dockermaven/sh/update_bundle_provider.sh | 48 ++++++++++ .../dockermaven/sh/update_database.sh | 24 +++++ .../dockermaven/sh/update_flow_provider.sh | 44 +++++++++ .../dockermaven/sh/update_login_providers.sh | 47 ++++++++++ nifi-registry-docker-maven/pom.xml | 33 +++++++ pom.xml | 1 + 12 files changed, 562 insertions(+) diff --git a/nifi-registry-docker-maven/dockermaven/Dockerfile b/nifi-registry-docker-maven/dockermaven/Dockerfile new file mode 100644 index 0000000..945cb80 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/Dockerfile @@ -0,0 +1,73 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +FROM openjdk:8-jre AS artifactbase +LABEL maintainer="Apache NiFi <[email protected]>" + +ARG NIFI_REGISTRY_BINARY +ARG NIFI_REGISTRY_VERSION=1.0.0 + +ENV NIFI_REGISTRY_BASE_DIR /opt/nifi-registry +ENV NIFI_REGISTRY_HOME ${NIFI_REGISTRY_BASE_DIR}/nifi-registry-current + +ADD sh/ ${NIFI_REGISTRY_BASE_DIR}/scripts/ + +COPY $NIFI_REGISTRY_BINARY $NIFI_REGISTRY_BASE_DIR +RUN unzip ${NIFI_REGISTRY_BASE_DIR}/nifi-registry-${NIFI_REGISTRY_VERSION}-bin.zip -d ${NIFI_REGISTRY_BASE_DIR} \ + && rm ${NIFI_REGISTRY_BASE_DIR}/nifi-registry-${NIFI_REGISTRY_VERSION}-bin.zip \ + && mv ${NIFI_REGISTRY_BASE_DIR}/nifi-registry-${NIFI_REGISTRY_VERSION} ${NIFI_REGISTRY_HOME} \ + && ln -s ${NIFI_REGISTRY_HOME} ${NIFI_REGISTRY_BASE_DIR}/nifi-registry-${NIFI_REGISTRY_VERSION} + + +FROM openjdk:8-jre +LABEL maintainer="Apache NiFi Registry <[email protected]>" +LABEL site="https://nifi.apache.org"; + +ARG UID=1000 +ARG GID=1000 + +ENV NIFI_REGISTRY_BASE_DIR /opt/nifi-registry +ENV NIFI_REGISTRY_HOME ${NIFI_REGISTRY_BASE_DIR}/nifi-registry-current + +COPY --chown=${UID}:${GID} --from=artifactbase $NIFI_REGISTRY_BASE_DIR $NIFI_REGISTRY_BASE_DIR + +# Setup NiFi user and create necessary directories +RUN groupadd -g ${GID} nifi || groupmod -n nifi `getent group ${GID} | cut -d: -f1` \ + && useradd --shell /bin/bash -u ${UID} -g ${GID} -m nifi \ + && chown -R nifi:nifi ${NIFI_REGISTRY_BASE_DIR} \ + && apt-get update \ + && apt-get install -y jq xmlstarlet procps + + +USER nifi + +# Web HTTP(s) ports +EXPOSE 18080 18443 + +WORKDIR ${NIFI_REGISTRY_HOME} + +# Apply configuration and start NiFi +# +# We need to use the exec form to avoid running our command in a subshell and omitting signals, +# thus being unable to shut down gracefully: +# https://docs.docker.com/engine/reference/builder/#entrypoint +# +# Also we need to use relative path, because the exec form does not invoke a command shell, +# thus normal shell processing does not happen: +# https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example +ENTRYPOINT ["../scripts/start.sh"] diff --git a/nifi-registry-docker-maven/dockermaven/integration-test.sh b/nifi-registry-docker-maven/dockermaven/integration-test.sh new file mode 100755 index 0000000..54e2672 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/integration-test.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -exuo pipefail + +TAG=$1 +VERSION=$2 + +container_name=nifi-registry-${TAG}-integration-test + +trap "{ docker ps -qaf Name=${container_name} | xargs docker rm -f; }" EXIT + +echo "Checking that all files are owned by NiFi" +test -z $(docker run --rm --entrypoint /bin/bash apache/nifi-registry:${TAG} -c "find /opt/nifi-registry ! -user nifi") + +echo "Checking environment variables" +test "/opt/nifi-registry/nifi-registry-current" = "$(docker run --rm --entrypoint /bin/bash apache/nifi-registry:${TAG} -c 'echo -n $NIFI_REGISTRY_HOME')" +test "/opt/nifi-registry/nifi-registry-current" = "$(docker run --rm --entrypoint /bin/bash apache/nifi-registry:${TAG} -c "readlink \${NIFI_REGISTRY_BASE_DIR}/nifi-registry-${VERSION}")" + +test "/opt/nifi-registry" = "$(docker run --rm --entrypoint /bin/bash apache/nifi-registry:${TAG} -c 'echo -n $NIFI_REGISTRY_BASE_DIR')" + +echo "Starting NiFi Registry container..." + +docker run -d --name ${container_name} apache/nifi-registry:${TAG} + +IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${container_name}) + +for i in $(seq 1 10) :; do + if docker exec ${container_name} bash -c "ss -ntl | grep 18080"; then + break + fi + sleep 10 +done + +echo "Stopping NiFi Registry container" +time docker stop ${container_name} diff --git a/nifi-registry-docker-maven/dockermaven/pom.xml b/nifi-registry-docker-maven/dockermaven/pom.xml new file mode 100644 index 0000000..4b00044 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/pom.xml @@ -0,0 +1,102 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + You under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + + <parent> + <artifactId>nifi-registry-docker-maven</artifactId> + <groupId>org.apache.nifi.registry</groupId> + <version>1.0.0-SNAPSHOT</version> + </parent> + <version>1.0.0-SNAPSHOT</version> + + <artifactId>dockermaven</artifactId> + + <profiles> + <profile> + <id>docker</id> + <build> + <plugins> + <plugin> + <groupId>com.spotify</groupId> + <artifactId>dockerfile-maven-plugin</artifactId> + <version>1.3.5</version> + <executions> + <execution> + <id>default</id> + <goals> + <goal>build</goal> + </goals> + <configuration> + <buildArgs> + <UID>1000</UID> + <GID>1000</GID> + <NIFI_REGISTRY_VERSION>${project.version}</NIFI_REGISTRY_VERSION> + <NIFI_REGISTRY_BINARY>target/nifi-registry-${project.version}-bin.zip</NIFI_REGISTRY_BINARY> + </buildArgs> + <repository>apache/nifi-registry</repository> + <tag>${project.version}-dockermaven</tag> + </configuration> + </execution> + </executions> + </plugin> + <!-- Copy generated artifacts --> + <plugin> + <artifactId>maven-antrun-plugin</artifactId> + <version>1.8</version> + <executions> + <execution> + <id>copy-for-docker</id> + <phase>process-sources</phase> + <configuration> + <target name="copy assembly to nifi-registry-docker for image build"> + <copy todir="${project.basedir}/target" overwrite="true" flatten="true"> + <fileset dir="${project.basedir}/../../nifi-registry-assembly/target" includes="*.zip"> + <include name="*.zip" /> + </fileset> + </copy> + </target> + </configuration> + <goals> + <goal>run</goal> + </goals> + </execution> + </executions> + </plugin> + + <plugin> + <artifactId>exec-maven-plugin</artifactId> + <groupId>org.codehaus.mojo</groupId> + <executions> + <execution> + <id>Docker integration tests</id> + <phase>integration-test</phase> + <goals> + <goal>exec</goal> + </goals> + <configuration> + <skip>${skipTests}</skip> + <arguments> + <argument>${project.version}-dockermaven</argument> + <argument>${project.version}</argument> + </arguments> + <executable>${project.basedir}/integration-test.sh</executable> + </configuration> + </execution> + </executions> + </plugin> + + </plugins> + </build> + </profile> + </profiles> +</project> diff --git a/nifi-registry-docker-maven/dockermaven/sh/common.sh b/nifi-registry-docker-maven/dockermaven/sh/common.sh new file mode 100755 index 0000000..0f594d9 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/sh/common.sh @@ -0,0 +1,28 @@ +#!/bin/sh -e +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# 1 - value to search for +# 2 - value to replace +# 3 - file to perform replacement inline +prop_replace () { + target_file=${3:-${nifi_registry_props_file}} + echo 'replacing target file ' ${target_file} + sed -i -e "s|^$1=.*$|$1=$2|" ${target_file} +} + +# NIFI_REGISTRY_HOME is defined by an ENV command in the backing Dockerfile +export nifi_registry_props_file=${NIFI_REGISTRY_HOME}/conf/nifi-registry.properties +export hostname=$(hostname) diff --git a/nifi-registry-docker-maven/dockermaven/sh/secure.sh b/nifi-registry-docker-maven/dockermaven/sh/secure.sh new file mode 100644 index 0000000..352dfad --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/sh/secure.sh @@ -0,0 +1,56 @@ +#!/bin/sh -e + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +scripts_dir='/opt/nifi-registry/scripts' + +[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" + +# Perform idempotent changes of configuration to support secure environments +echo 'Configuring environment with SSL settings' + +: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."} +if [ ! -f "${KEYSTORE_PATH}" ]; then + echo "Keystore file specified (${KEYSTORE_PATH}) does not exist." + exit 1 +fi +: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."} +: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."} + +: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."} +if [ ! -f "${TRUSTSTORE_PATH}" ]; then + echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist." + exit 1 +fi +: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."} +: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."} + +prop_replace 'nifi.registry.security.keystore' "${KEYSTORE_PATH}" +prop_replace 'nifi.registry.security.keystoreType' "${KEYSTORE_TYPE}" +prop_replace 'nifi.registry.security.keystorePasswd' "${KEYSTORE_PASSWORD}" +prop_replace 'nifi.registry.security.truststore' "${TRUSTSTORE_PATH}" +prop_replace 'nifi.registry.security.truststoreType' "${TRUSTSTORE_TYPE}" +prop_replace 'nifi.registry.security.truststorePasswd' "${TRUSTSTORE_PASSWORD}" + +# Disable HTTP and enable HTTPS +prop_replace 'nifi.registry.web.http.port' '' +prop_replace 'nifi.registry.web.http.host' '' +prop_replace 'nifi.registry.web.https.port' "${NIFI_REGISTRY_WEB_HTTPS_PORT:-18443}" +prop_replace 'nifi.registry.web.https.host' "${NIFI_REGISTRY_WEB_HTTPS_HOST:-$HOSTNAME}" + +# Establish initial user and an associated admin identity +sed -i -e 's|<property name="Initial User Identity 1">.*</property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_REGISTRY_HOME}/conf/authorizers.xml +sed -i -e 's|<property name="Initial Admin Identity">.*</property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_REGISTRY_HOME}/conf/authorizers.xml diff --git a/nifi-registry-docker-maven/dockermaven/sh/start.sh b/nifi-registry-docker-maven/dockermaven/sh/start.sh new file mode 100755 index 0000000..c65f3ea --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/sh/start.sh @@ -0,0 +1,56 @@ +#!/bin/sh -e + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +scripts_dir='/opt/nifi-registry/scripts' + +[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh" + +# Establish baseline properties +prop_replace 'nifi.registry.web.http.port' "${NIFI_REGISTRY_WEB_HTTP_PORT:-18080}" +prop_replace 'nifi.registry.web.http.host' "${NIFI_REGISTRY_WEB_HTTP_HOST:-$HOSTNAME}" + +. ${scripts_dir}/update_database.sh + +# Check if we are secured or unsecured +case ${AUTH} in + tls) + echo 'Enabling Two-Way SSL user authentication' + . "${scripts_dir}/secure.sh" + ;; + ldap) + echo 'Enabling LDAP user authentication' + # Reference ldap-provider in properties + prop_replace 'nifi.registry.security.identity.provider' 'ldap-identity-provider' + prop_replace 'nifi.registry.security.needClientAuth' 'false' + + . "${scripts_dir}/secure.sh" + . "${scripts_dir}/update_login_providers.sh" + ;; +esac + +. "${scripts_dir}/update_flow_provider.sh" +. "${scripts_dir}/update_bundle_provider.sh" + +# Continuously provide logs so that 'docker logs' can produce them +tail -F "${NIFI_REGISTRY_HOME}/logs/nifi-registry-app.log" & +"${NIFI_REGISTRY_HOME}/bin/nifi-registry.sh" run & +nifi_registry_pid="$!" + +trap "echo Received trapped signal, beginning shutdown...;" KILL TERM HUP INT EXIT; + +echo NiFi-Registry running with PID ${nifi_registry_pid}. +wait ${nifi_registry_pid} \ No newline at end of file diff --git a/nifi-registry-docker-maven/dockermaven/sh/update_bundle_provider.sh b/nifi-registry-docker-maven/dockermaven/sh/update_bundle_provider.sh new file mode 100644 index 0000000..27d5c94 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/sh/update_bundle_provider.sh @@ -0,0 +1,48 @@ +#!/bin/sh -e + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +providers_file=${NIFI_REGISTRY_HOME}/conf/providers.xml +property_xpath='/providers/extensionBundlePersistenceProvider' + +add_property() { + property_name=$1 + property_value=$2 + + if [ -n "${property_value}" ]; then + xmlstarlet ed --inplace --subnode "${property_xpath}" --type elem -n property -v "${property_value}" \ + -i \$prev --type attr -n name -v "${property_name}" \ + "${providers_file}" + fi +} + +xmlstarlet ed --inplace -u "${property_xpath}/property[@name='Extension Bundle Storage Directory']" -v "${NIFI_REGISTRY_BUNDLE_STORAGE_DIR:-./extension_bundles}" "${providers_file}" + +case ${NIFI_REGISTRY_BUNDLE_PROVIDER} in + file) + xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider" "${providers_file}" + ;; + s3) + xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.aws.S3BundlePersistenceProvider" "${providers_file}" + add_property "Region" "${NIFI_REGISTRY_S3_REGION:-}" + add_property "Bucket Name" "${NIFI_REGISTRY_S3_BUCKET_NAME:-}" + add_property "Key Prefix" "${NIFI_REGISTRY_S3_KEY_PREFIX:-}" + add_property "Credentials Provider" "${NIFI_REGISTRY_S3_CREDENTIALS_PROVIDER:-DEFAULT_CHAIN}" + add_property "Access Key" "${NIFI_REGISTRY_S3_ACCESS_KEY:-}" + add_property "Secret Access Key" "${NIFI_REGISTRY_S3_SECRET_ACCESS_KEY:-}" + add_property "Endpoint URL" "${NIFI_REGISTRY_S3_ENDPOINT_URL:-}" + ;; +esac diff --git a/nifi-registry-docker-maven/dockermaven/sh/update_database.sh b/nifi-registry-docker-maven/dockermaven/sh/update_database.sh new file mode 100644 index 0000000..59d94d7 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/sh/update_database.sh @@ -0,0 +1,24 @@ +#!/bin/sh -e + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +prop_replace 'nifi.registry.db.url' "${NIFI_REGISTRY_DB_URL:-jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE}" +prop_replace 'nifi.registry.db.driver.class' "${NIFI_REGISTRY_DB_CLASS:-org.h2.Driver}" +prop_replace 'nifi.registry.db.driver.directory' "${NIFI_REGISTRY_DB_DIR:-}" +prop_replace 'nifi.registry.db.username' "${NIFI_REGISTRY_DB_USER:-nifireg}" +prop_replace 'nifi.registry.db.password' "${NIFI_REGISTRY_DB_PASS:-nifireg}" +prop_replace 'nifi.registry.db.maxConnections' "${NIFI_REGISTRY_DB_MAX_CONNS:-5}" +prop_replace 'nifi.registry.db.sql.debug' "${NIFI_REGISTRY_DB_DEBUG_SQL:-false}" diff --git a/nifi-registry-docker-maven/dockermaven/sh/update_flow_provider.sh b/nifi-registry-docker-maven/dockermaven/sh/update_flow_provider.sh new file mode 100644 index 0000000..c903323 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/sh/update_flow_provider.sh @@ -0,0 +1,44 @@ +#!/bin/sh -e + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +providers_file=${NIFI_REGISTRY_HOME}/conf/providers.xml +property_xpath='/providers/flowPersistenceProvider' + +add_property() { + property_name=$1 + property_value=$2 + + if [ -n "${property_value}" ]; then + xmlstarlet ed --inplace --subnode "${property_xpath}" --type elem -n property -v "${property_value}" \ + -i \$prev --type attr -n name -v "${property_name}" \ + "${providers_file}" + fi +} + +xmlstarlet ed --inplace -u "${property_xpath}/property[@name='Flow Storage Directory']" -v "${NIFI_REGISTRY_FLOW_STORAGE_DIR:-./flow_storage}" "${providers_file}" + +case ${NIFI_REGISTRY_FLOW_PROVIDER} in + file) + xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider" "${providers_file}" + ;; + git) + xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider" "${providers_file}" + add_property "Remote To Push" "${NIFI_REGISTRY_GIT_REMOTE:-}" + add_property "Remote Access User" "${NIFI_REGISTRY_GIT_USER:-}" + add_property "Remote Access Password" "${NIFI_REGISTRY_GIT_PASSWORD:-}" + ;; +esac diff --git a/nifi-registry-docker-maven/dockermaven/sh/update_login_providers.sh b/nifi-registry-docker-maven/dockermaven/sh/update_login_providers.sh new file mode 100755 index 0000000..e3280b5 --- /dev/null +++ b/nifi-registry-docker-maven/dockermaven/sh/update_login_providers.sh @@ -0,0 +1,47 @@ +#!/bin/sh -e + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +login_providers_file=${NIFI_REGISTRY_HOME}/conf/identity-providers.xml +property_xpath='//identityProviders/provider/property' + +# Update a given property in the login-identity-providers file if a value is specified +edit_property() { + property_name=$1 + property_value=$2 + + if [ -n "${property_value}" ]; then + xmlstarlet ed --inplace -u "${property_xpath}[@name='${property_name}']" -v "${property_value}" "${login_providers_file}" + fi +} + +# Remove comments to enable the ldap-provider +sed -i '/To enable the ldap-identity-provider remove/d' "${login_providers_file}" + +edit_property 'Authentication Strategy' "${LDAP_AUTHENTICATION_STRATEGY}" +edit_property 'Manager DN' "${LDAP_MANAGER_DN}" +edit_property 'Manager Password' "${LDAP_MANAGER_PASSWORD}" +edit_property 'TLS - Keystore' "${LDAP_TLS_KEYSTORE}" +edit_property 'TLS - Keystore Password' "${LDAP_TLS_KEYSTORE_PASSWORD}" +edit_property 'TLS - Keystore Type' "${LDAP_TLS_KEYSTORE_TYPE}" +edit_property 'TLS - Truststore' "${LDAP_TLS_TRUSTSTORE}" +edit_property 'TLS - Truststore Password' "${LDAP_TLS_TRUSTSTORE_PASSWORD}" +edit_property 'TLS - Truststore Type' "${LDAP_TLS_TRUSTSTORE_TYPE}" +edit_property 'TLS - Protocol' "${LDAP_TLS_PROTOCOL}" +edit_property 'Url' "${LDAP_URL}" +edit_property 'User Search Base' "${LDAP_USER_SEARCH_BASE}" +edit_property 'User Search Filter' "${LDAP_USER_SEARCH_FILTER}" +edit_property 'Identity Strategy' "${LDAP_IDENTITY_STRATEGY}" diff --git a/nifi-registry-docker-maven/pom.xml b/nifi-registry-docker-maven/pom.xml new file mode 100644 index 0000000..3e9b405 --- /dev/null +++ b/nifi-registry-docker-maven/pom.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd";> + <parent> + <groupId>org.apache.nifi.registry</groupId> + <artifactId>nifi-registry</artifactId> + <version>1.0.0-SNAPSHOT</version> + </parent> + + <modelVersion>4.0.0</modelVersion> + <packaging>pom</packaging> + + <artifactId>nifi-registry-docker-maven</artifactId> + <groupId>org.apache.nifi.registry</groupId> + <version>1.0.0-SNAPSHOT</version> + + <modules> + <module>dockermaven</module> + </modules> +</project> diff --git a/pom.xml b/pom.xml index c02025c..74067bd 100644 --- a/pom.xml +++ b/pom.xml @@ -34,6 +34,7 @@ <module>nifi-registry-extensions</module> <module>nifi-registry-assembly</module> <module>nifi-registry-toolkit</module> + <module>nifi-registry-docker-maven</module> </modules> <url>https://nifi.apache.org/registry.html</url> <organization>
