This is an automated email from the ASF dual-hosted git repository. joewitt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 55b0b58a577f9b54b09ec8995bec5a39d3729dca Author: exceptionfactory <[email protected]> AuthorDate: Sat Mar 1 22:43:40 2025 -0600 NIFI-14310 Updated System Test Suite to use HTTPS This closes #9760 - Added System Test Authorizer - Added random password generation for system test stores --- .../nifi-system-test-authorizer-nar}/pom.xml | 30 +++++---- .../nifi-system-test-authorizer}/pom.xml | 24 +++---- .../nifi/authorization/SystemTestAuthorizer.java | 43 +++++++++++++ .../org.apache.nifi.authorization.Authorizer | 15 +++++ .../pom.xml | 16 ++--- nifi-system-tests/nifi-system-test-suite/pom.xml | 6 ++ .../src/test/assembly/dependencies.xml | 3 +- .../nifi/tests/system/AggregateNiFiInstance.java | 8 +++ .../apache/nifi/tests/system/NiFiClientUtil.java | 2 +- .../org/apache/nifi/tests/system/NiFiInstance.java | 9 +++ .../nifi/tests/system/NiFiInstanceCache.java | 7 +++ .../org/apache/nifi/tests/system/NiFiSystemIT.java | 16 +++-- .../tests/system/NiFiSystemKeyStoreProvider.java | 47 +++++++++++--- .../SpawnedStandaloneNiFiInstanceFactory.java | 73 ++++++++++------------ .../clustering/RestartWithDifferentPortIT.java | 4 +- .../resources/conf/clustered/node1/authorizers.xml | 21 +++++++ .../resources/conf/clustered/node1/nifi.properties | 20 +++--- .../resources/conf/clustered/node2/authorizers.xml | 21 +++++++ .../resources/conf/clustered/node2/nifi.properties | 20 +++--- .../test/resources/conf/default/authorizers.xml | 21 +++++++ .../test/resources/conf/default/nifi.properties | 20 +++--- .../test/resources/conf/pythonic/authorizers.xml | 21 +++++++ .../src/test/resources/conf/pythonic/logback.xml | 2 + .../test/resources/conf/pythonic/nifi.properties | 20 +++--- nifi-system-tests/pom.xml | 1 + 25 files changed, 331 insertions(+), 139 deletions(-) diff --git a/nifi-system-tests/pom.xml b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer-nar/pom.xml similarity index 58% copy from nifi-system-tests/pom.xml copy to nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer-nar/pom.xml index 5ead4f18b3..4d70d232f4 100644 --- a/nifi-system-tests/pom.xml +++ b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer-nar/pom.xml @@ -1,12 +1,12 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with + contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -15,23 +15,21 @@ --> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd";> <modelVersion>4.0.0</modelVersion> + <parent> - <artifactId>nifi</artifactId> <groupId>org.apache.nifi</groupId> + <artifactId>nifi-system-test-authorizer-bundle</artifactId> <version>2.3.0-SNAPSHOT</version> </parent> - <artifactId>nifi-system-tests</artifactId> - <packaging>pom</packaging> - - <modules> - <module>nifi-system-test-extensions-bundle</module> - <module>nifi-system-test-extensions2-bundle</module> - <module>nifi-alternate-config-extensions-bundle</module> - <module>nifi-system-test-nar-provider-bundles</module> - <module>nifi-python-test-extensions-nar</module> - <module>nifi-system-test-suite</module> - <module>nifi-stateless-system-test-suite</module> - </modules> + <artifactId>nifi-system-test-authorizer-nar</artifactId> + <packaging>nar</packaging> + <dependencies> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-system-test-authorizer</artifactId> + <version>2.3.0-SNAPSHOT</version> + </dependency> + </dependencies> </project> diff --git a/nifi-system-tests/pom.xml b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/pom.xml similarity index 68% copy from nifi-system-tests/pom.xml copy to nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/pom.xml index 5ead4f18b3..41030ffa74 100644 --- a/nifi-system-tests/pom.xml +++ b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/pom.xml @@ -14,24 +14,20 @@ limitations under the License. --> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd";> - <modelVersion>4.0.0</modelVersion> <parent> - <artifactId>nifi</artifactId> + <artifactId>nifi-system-test-authorizer-bundle</artifactId> <groupId>org.apache.nifi</groupId> <version>2.3.0-SNAPSHOT</version> </parent> + <modelVersion>4.0.0</modelVersion> - <artifactId>nifi-system-tests</artifactId> - <packaging>pom</packaging> - - <modules> - <module>nifi-system-test-extensions-bundle</module> - <module>nifi-system-test-extensions2-bundle</module> - <module>nifi-alternate-config-extensions-bundle</module> - <module>nifi-system-test-nar-provider-bundles</module> - <module>nifi-python-test-extensions-nar</module> - <module>nifi-system-test-suite</module> - <module>nifi-stateless-system-test-suite</module> - </modules> + <artifactId>nifi-system-test-authorizer</artifactId> + <dependencies> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-framework-api</artifactId> + <version>2.3.0-SNAPSHOT</version> + </dependency> + </dependencies> </project> diff --git a/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/src/main/java/org/apache/nifi/authorization/SystemTestAuthorizer.java b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/src/main/java/org/apache/nifi/authorization/SystemTestAuthorizer.java new file mode 100644 index 0000000000..278d44c03d --- /dev/null +++ b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/src/main/java/org/apache/nifi/authorization/SystemTestAuthorizer.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.authorization; + +import org.apache.nifi.authorization.exception.AuthorizationAccessException; +import org.apache.nifi.authorization.exception.AuthorizerCreationException; +import org.apache.nifi.authorization.exception.AuthorizerDestructionException; + +public class SystemTestAuthorizer implements Authorizer { + @Override + public AuthorizationResult authorize(final AuthorizationRequest request) throws AuthorizationAccessException { + return AuthorizationResult.approved(); + } + + @Override + public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException { + + } + + @Override + public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { + + } + + @Override + public void preDestruction() throws AuthorizerDestructionException { + + } +} diff --git a/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/src/main/resources/META-INF/services/org.apache.nifi.authorization.Authorizer b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/src/main/resources/META-INF/services/org.apache.nifi.authorization.Authorizer new file mode 100644 index 0000000000..a9ec929e83 --- /dev/null +++ b/nifi-system-tests/nifi-system-test-authorizer-bundle/nifi-system-test-authorizer/src/main/resources/META-INF/services/org.apache.nifi.authorization.Authorizer @@ -0,0 +1,15 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +org.apache.nifi.authorization.SystemTestAuthorizer diff --git a/nifi-system-tests/pom.xml b/nifi-system-tests/nifi-system-test-authorizer-bundle/pom.xml similarity index 71% copy from nifi-system-tests/pom.xml copy to nifi-system-tests/nifi-system-test-authorizer-bundle/pom.xml index 5ead4f18b3..ac32e8095f 100644 --- a/nifi-system-tests/pom.xml +++ b/nifi-system-tests/nifi-system-test-authorizer-bundle/pom.xml @@ -14,24 +14,18 @@ limitations under the License. --> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd";> - <modelVersion>4.0.0</modelVersion> <parent> - <artifactId>nifi</artifactId> + <artifactId>nifi-system-tests</artifactId> <groupId>org.apache.nifi</groupId> <version>2.3.0-SNAPSHOT</version> </parent> + <modelVersion>4.0.0</modelVersion> - <artifactId>nifi-system-tests</artifactId> + <artifactId>nifi-system-test-authorizer-bundle</artifactId> <packaging>pom</packaging> <modules> - <module>nifi-system-test-extensions-bundle</module> - <module>nifi-system-test-extensions2-bundle</module> - <module>nifi-alternate-config-extensions-bundle</module> - <module>nifi-system-test-nar-provider-bundles</module> - <module>nifi-python-test-extensions-nar</module> - <module>nifi-system-test-suite</module> - <module>nifi-stateless-system-test-suite</module> + <module>nifi-system-test-authorizer</module> + <module>nifi-system-test-authorizer-nar</module> </modules> - </project> diff --git a/nifi-system-tests/nifi-system-test-suite/pom.xml b/nifi-system-tests/nifi-system-test-suite/pom.xml index 23de5b3ac9..31532dd04d 100644 --- a/nifi-system-tests/nifi-system-test-suite/pom.xml +++ b/nifi-system-tests/nifi-system-test-suite/pom.xml @@ -333,6 +333,12 @@ <version>2.3.0-SNAPSHOT</version> <type>nar</type> </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-system-test-authorizer-nar</artifactId> + <version>2.3.0-SNAPSHOT</version> + <type>nar</type> + </dependency> <dependency> <groupId>org.apache.nifi</groupId> <artifactId>nifi-system-test-extensions-nar</artifactId> diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/assembly/dependencies.xml b/nifi-system-tests/nifi-system-test-suite/src/test/assembly/dependencies.xml index 6c8dbf5013..6c1609baa5 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/assembly/dependencies.xml +++ b/nifi-system-tests/nifi-system-test-suite/src/test/assembly/dependencies.xml @@ -35,8 +35,6 @@ <include>*:commons-lang3</include> <include>*:slf4j-api</include> <include>*:nifi-api</include> - <include>*:nifi-property-encryptor</include> - <include>*:nifi-security-crypto-key</include> </includes> </dependencySet> @@ -65,6 +63,7 @@ <include>*:log4j-over-slf4j</include> <include>*:jul-to-slf4j</include> <include>*:slf4j-api</include> + <include>*:nifi-system-test-authorizer-nar</include> <include>*:nifi-system-test-extensions-nar</include> <include>*:nifi-system-test-extensions-services-nar</include> <include>*:nifi-system-test-extensions-services-api-nar</include> diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/AggregateNiFiInstance.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/AggregateNiFiInstance.java index 17202bb2de..c0d0109374 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/AggregateNiFiInstance.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/AggregateNiFiInstance.java @@ -16,11 +16,13 @@ */ package org.apache.nifi.tests.system; +import javax.net.ssl.SSLContext; import java.io.File; import java.io.IOException; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Properties; public class AggregateNiFiInstance implements NiFiInstance { @@ -112,6 +114,12 @@ public class AggregateNiFiInstance implements NiFiInstance { return instances.get(nodeIndex - 1); } + @Override + public Optional<SSLContext> getSslContext() { + final NiFiInstance firstInstance = instances.getFirst(); + return firstInstance.getSslContext(); + } + @Override public Properties getProperties() { return null; diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiClientUtil.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiClientUtil.java index 1c9948912d..3ce5035413 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiClientUtil.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiClientUtil.java @@ -1618,7 +1618,7 @@ public class NiFiClientUtil { public RemoteProcessGroupEntity createRPG(final String parentGroupId, final int httpPort, final SiteToSiteTransportProtocol transportProtocol) throws NiFiClientException, IOException { final RemoteProcessGroupDTO component = new RemoteProcessGroupDTO(); - component.setTargetUri("http://localhost:"; + httpPort); + component.setTargetUri("https://localhost:%d".formatted(httpPort)); component.setName(component.getTargetUri()); component.setTransportProtocol(transportProtocol.name()); diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstance.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstance.java index 9ce8563c51..4c5ada2954 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstance.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstance.java @@ -16,9 +16,11 @@ */ package org.apache.nifi.tests.system; +import javax.net.ssl.SSLContext; import java.io.File; import java.io.IOException; import java.util.Map; +import java.util.Optional; import java.util.Properties; public interface NiFiInstance { @@ -72,6 +74,13 @@ public interface NiFiInstance { */ NiFiInstance getNodeInstance(int nodeIndex); + /** + * Get SSLContext from configured properties + * + * @return SSLContext or empty when not configured + */ + Optional<SSLContext> getSslContext(); + /** * Returns the NiFiProperties for the node * diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstanceCache.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstanceCache.java index 2d5bfa0324..2eb1474f48 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstanceCache.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiInstanceCache.java @@ -20,10 +20,12 @@ package org.apache.nifi.tests.system; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.net.ssl.SSLContext; import java.io.File; import java.io.IOException; import java.util.Map; import java.util.Objects; +import java.util.Optional; import java.util.Properties; public class NiFiInstanceCache { @@ -215,6 +217,11 @@ public class NiFiInstanceCache { return rawInstance.getNumberOfNodes(includeOnlyAutoStartInstances); } + @Override + public Optional<SSLContext> getSslContext() { + return rawInstance.getSslContext(); + } + @Override public NiFiInstance getNodeInstance(final int nodeIndex) { return rawInstance.getNodeInstance(nodeIndex); diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemIT.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemIT.java index 0204128fd2..07041d42fc 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemIT.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemIT.java @@ -44,6 +44,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.net.ssl.SSLContext; import java.io.File; import java.io.IOException; import java.nio.file.Files; @@ -52,6 +53,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; @@ -331,11 +333,15 @@ public abstract class NiFiSystemIT implements NiFiInstanceProvider { } protected NiFiClient createClient(final int port) { - final NiFiClientConfig clientConfig = new NiFiClientConfig.Builder() - .baseUrl("http://localhost:"; + port) - .connectTimeout(30000) - .readTimeout(30000) - .build(); + final NiFiClientConfig.Builder clientConfigBuilder = new NiFiClientConfig.Builder() + .baseUrl("https://localhost:"; + port) + .connectTimeout(15000) + .readTimeout(30000); + + final NiFiInstance nifiInstance = nifiRef.get(); + final Optional<SSLContext> sslContextFound = nifiInstance.getSslContext(); + sslContextFound.ifPresent(clientConfigBuilder::sslContext); + final NiFiClientConfig clientConfig = clientConfigBuilder.build(); return new JerseyNiFiClient.Builder() .config(clientConfig) diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemKeyStoreProvider.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemKeyStoreProvider.java index 55c9a5d4c8..0241175c8e 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemKeyStoreProvider.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/NiFiSystemKeyStoreProvider.java @@ -17,7 +17,9 @@ package org.apache.nifi.tests.system; import org.apache.nifi.security.cert.builder.StandardCertificateBuilder; +import org.apache.nifi.security.ssl.StandardSslContextBuilder; +import javax.net.ssl.SSLContext; import javax.security.auth.x500.X500Principal; import java.io.File; import java.io.FileOutputStream; @@ -32,9 +34,11 @@ import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; +import java.security.SecureRandom; import java.security.cert.X509Certificate; import java.time.Duration; import java.util.Collections; +import java.util.HexFormat; import java.util.List; /** @@ -47,14 +51,16 @@ public class NiFiSystemKeyStoreProvider { private static final X500Principal DISTINGUISHED_NAME = new X500Principal(String.format("CN=%s", HOSTNAME)); - private static final String PASSWORD = NiFiSystemKeyStoreProvider.class.getSimpleName(); - private static final int VALID_DURATION_DAYS = 1; private static final String KEY_ALGORITHM = "RSA"; private static final int KEY_SIZE = 4096; + private static final int PROTECTION_PARAMETER_LENGTH = 32; + + private static final String PROTECTION_PARAMETER = generateProtectionParameter(); + private static final String KEYSTORE_FILE = "keystore.p12"; private static final String TRUSTSTORE_FILE = "truststore.p12"; @@ -65,12 +71,18 @@ public class NiFiSystemKeyStoreProvider { private static Path persistentTrustStorePath; + private static KeyStore keyStore; + + private static KeyStore trustStore; + + private static SSLContext sslContext; + /** * Configure KeyStores in provided directory and reuse existing files after initial generation * * @param keyStoreDirectory Directory where KeyStore and TrustStore should be stored */ - public synchronized static void configureKeyStores(final File keyStoreDirectory) { + public synchronized static SSLContext configureKeyStores(final File keyStoreDirectory) { if (persistentKeyStorePath == null) { createKeyStores(); } @@ -88,6 +100,12 @@ public class NiFiSystemKeyStoreProvider { } catch (final IOException e) { throw new UncheckedIOException("KeyStore configuration failed", e); } + + return sslContext; + } + + public static String getProtectionParameter() { + return PROTECTION_PARAMETER; } private static void createKeyStores() { @@ -102,33 +120,39 @@ public class NiFiSystemKeyStoreProvider { persistentKeyStorePath = writeKeyStore(certificate, keyPair.getPrivate()); persistentKeyStorePath.toFile().deleteOnExit(); + + sslContext = new StandardSslContextBuilder() + .trustStore(trustStore) + .keyStore(keyStore) + .keyPassword(PROTECTION_PARAMETER.toCharArray()) + .build(); } catch (final Exception e) { throw new RuntimeException("KeyStore Creation Failed", e); } } private static Path writeKeyStore(final X509Certificate certificate, final PrivateKey privateKey) throws Exception { - final KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE); + keyStore = KeyStore.getInstance(KEYSTORE_TYPE); keyStore.load(null); final X509Certificate[] certificates = new X509Certificate[]{certificate}; - keyStore.setKeyEntry(HOSTNAME, privateKey, PASSWORD.toCharArray(), certificates); + keyStore.setKeyEntry(HOSTNAME, privateKey, PROTECTION_PARAMETER.toCharArray(), certificates); final Path keyStorePath = Files.createTempFile(KEYSTORE_FILE, KEYSTORE_TYPE); try (final OutputStream outputStream = new FileOutputStream(keyStorePath.toFile())) { - keyStore.store(outputStream, PASSWORD.toCharArray()); + keyStore.store(outputStream, PROTECTION_PARAMETER.toCharArray()); } return keyStorePath; } private static Path writeTrustStore(final X509Certificate certificate) throws Exception { - final KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE); + trustStore = KeyStore.getInstance(KEYSTORE_TYPE); trustStore.load(null); trustStore.setCertificateEntry(HOSTNAME, certificate); final Path trustStorePath = Files.createTempFile(TRUSTSTORE_FILE, KEYSTORE_TYPE); try (final OutputStream outputStream = new FileOutputStream(trustStorePath.toFile())) { - trustStore.store(outputStream, PASSWORD.toCharArray()); + trustStore.store(outputStream, PROTECTION_PARAMETER.toCharArray()); } return trustStorePath; } @@ -138,4 +162,11 @@ public class NiFiSystemKeyStoreProvider { keyPairGenerator.initialize(KEY_SIZE); return keyPairGenerator.generateKeyPair(); } + + private static String generateProtectionParameter() { + final SecureRandom secureRandom = new SecureRandom(); + final byte[] nextBytes = new byte[PROTECTION_PARAMETER_LENGTH]; + secureRandom.nextBytes(nextBytes); + return HexFormat.of().formatHex(nextBytes); + } } diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/SpawnedStandaloneNiFiInstanceFactory.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/SpawnedStandaloneNiFiInstanceFactory.java index 7ee8ffd961..9e40a1c00a 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/SpawnedStandaloneNiFiInstanceFactory.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/SpawnedStandaloneNiFiInstanceFactory.java @@ -22,14 +22,15 @@ import org.apache.nifi.bootstrap.command.process.StandardManagementServerAddress import org.apache.nifi.bootstrap.command.process.StandardProcessBuilderProvider; import org.apache.nifi.bootstrap.configuration.ConfigurationProvider; import org.apache.nifi.bootstrap.configuration.StandardConfigurationProvider; -import org.apache.nifi.registry.security.util.KeystoreType; import org.apache.nifi.toolkit.client.NiFiClient; import org.apache.nifi.toolkit.client.NiFiClientConfig; import org.apache.nifi.toolkit.client.impl.JerseyNiFiClient; +import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.util.file.FileUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.net.ssl.SSLContext; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -39,8 +40,10 @@ import java.io.OutputStream; import java.io.PrintWriter; import java.nio.file.Files; import java.util.Collections; +import java.util.HashMap; import java.util.Map; import java.util.Objects; +import java.util.Optional; import java.util.Properties; import java.util.concurrent.TimeUnit; @@ -89,6 +92,7 @@ public class SpawnedStandaloneNiFiInstanceFactory implements NiFiInstanceFactory private final InstanceConfiguration instanceConfiguration; private File bootstrapConfigFile; private Process process; + private SSLContext sslContext; public ProcessNiFiInstance(final InstanceConfiguration instanceConfiguration) { this.instanceDirectory = instanceConfiguration.getInstanceDirectory(); @@ -182,7 +186,7 @@ public class SpawnedStandaloneNiFiInstanceFactory implements NiFiInstanceFactory if (!destinationCertsDir.exists()) { assertTrue(destinationCertsDir.mkdirs()); } - NiFiSystemKeyStoreProvider.configureKeyStores(destinationCertsDir); + sslContext = NiFiSystemKeyStoreProvider.configureKeyStores(destinationCertsDir); final File flowJsonGz = instanceConfiguration.getFlowJsonGz(); if (flowJsonGz != null) { @@ -190,22 +194,28 @@ public class SpawnedStandaloneNiFiInstanceFactory implements NiFiInstanceFactory Files.copy(flowJsonGz.toPath(), destinationFlowJsonGz.toPath()); } - // Write out any Property overrides + final Map<String, String> overrides = new HashMap<>(); + overrides.put(NiFiProperties.SECURITY_KEYSTORE_PASSWD, NiFiSystemKeyStoreProvider.getProtectionParameter()); + overrides.put(NiFiProperties.SECURITY_KEY_PASSWD, NiFiSystemKeyStoreProvider.getProtectionParameter()); + overrides.put(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD, NiFiSystemKeyStoreProvider.getProtectionParameter()); + final Map<String, String> nifiPropertiesOverrides = instanceConfiguration.getNifiPropertiesOverrides(); - if (nifiPropertiesOverrides != null && !nifiPropertiesOverrides.isEmpty()) { - final File destinationNifiProperties = new File(destinationConf, "nifi.properties"); - final File sourceNifiProperties = new File(bootstrapConfigFile.getParentFile(), "nifi.properties"); + if (nifiPropertiesOverrides != null) { + overrides.putAll(nifiPropertiesOverrides); + } - final Properties nifiProperties = new Properties(); - try (final InputStream fis = new FileInputStream(sourceNifiProperties)) { - nifiProperties.load(fis); - } + final File destinationNifiProperties = new File(destinationConf, "nifi.properties"); + final File sourceNifiProperties = new File(bootstrapConfigFile.getParentFile(), "nifi.properties"); + + final Properties nifiProperties = new Properties(); + try (final InputStream fis = new FileInputStream(sourceNifiProperties)) { + nifiProperties.load(fis); + } - nifiPropertiesOverrides.forEach(nifiProperties::setProperty); + overrides.forEach(nifiProperties::setProperty); - try (final OutputStream fos = new FileOutputStream(destinationNifiProperties)) { - nifiProperties.store(fos, null); - } + try (final OutputStream fos = new FileOutputStream(destinationNifiProperties)) { + nifiProperties.store(fos, null); } } @@ -321,6 +331,11 @@ public class SpawnedStandaloneNiFiInstanceFactory implements NiFiInstanceFactory return null; } + @Override + public Optional<SSLContext> getSslContext() { + return Optional.of(sslContext); + } + @Override public Properties getProperties() throws IOException { final File nifiPropsFile = new File(configDir, "nifi.properties"); @@ -378,41 +393,19 @@ public class SpawnedStandaloneNiFiInstanceFactory implements NiFiInstanceFactory public NiFiClient createClient() throws IOException { final Properties nifiProperties = getProperties(); - final String httpPort = nifiProperties.getProperty("nifi.web.http.port"); final String httpsPort = nifiProperties.getProperty("nifi.web.https.port"); - final String webPort = (httpsPort == null || httpsPort.trim().isEmpty()) ? httpPort : httpsPort; - - final String keystoreType = nifiProperties.getProperty("nifi.security.keystoreType"); - final String truststoreType = nifiProperties.getProperty("nifi.security.truststoreType"); + final String baseUrl = "https://localhost:%s".formatted(httpsPort); final NiFiClientConfig clientConfig = new NiFiClientConfig.Builder() - .baseUrl("http://localhost:"; + webPort) - .connectTimeout(30000) + .baseUrl(baseUrl) + .connectTimeout(15000) .readTimeout(30000) - .keystoreFilename(getAbsolutePath(nifiProperties.getProperty("nifi.security.keystore"))) - .keystorePassword(nifiProperties.getProperty("nifi.security.keystorePasswd")) - .keystoreType(keystoreType == null ? null : KeystoreType.valueOf(keystoreType)) - .truststoreFilename(getAbsolutePath(nifiProperties.getProperty("nifi.security.truststore"))) - .truststorePassword(nifiProperties.getProperty("nifi.security.truststorePasswd")) - .truststoreType(truststoreType == null ? null : KeystoreType.valueOf(truststoreType)) + .sslContext(sslContext) .build(); return new JerseyNiFiClient.Builder() .config(clientConfig) .build(); } - - private String getAbsolutePath(final String filename) { - if (filename == null) { - return null; - } - - final File file = new File(filename); - if (file.isAbsolute()) { - return file.getAbsolutePath(); - } - - return new File(instanceDirectory, file.getPath()).getAbsolutePath(); - } } } diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/clustering/RestartWithDifferentPortIT.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/clustering/RestartWithDifferentPortIT.java index 9966895f26..b4f1390b18 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/clustering/RestartWithDifferentPortIT.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/clustering/RestartWithDifferentPortIT.java @@ -57,8 +57,8 @@ public class RestartWithDifferentPortIT extends NiFiSystemIT { final NiFiInstance secondNode = getNiFiInstance().getNodeInstance(2); secondNode.stop(); - // Change the value of the nifi.web.http.port property from 5672 to 5673 - secondNode.setProperty("nifi.web.http.port", "5673"); + // Change the value of the nifi.web.https.port property from 5672 to 5673 + secondNode.setProperty("nifi.web.https.port", "5673"); // Restart the second node secondNode.start(); diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node1/authorizers.xml b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node1/authorizers.xml new file mode 100644 index 0000000000..5442525804 --- /dev/null +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node1/authorizers.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<authorizers> + <authorizer> + <identifier>system-test-authorizer</identifier> + <class>org.apache.nifi.authorization.SystemTestAuthorizer</class> + </authorizer> +</authorizers> diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node1/nifi.properties b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node1/nifi.properties index 3ef42c2f32..7f6fc82802 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node1/nifi.properties +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node1/nifi.properties @@ -130,8 +130,8 @@ nifi.nar.persistence.provider.properties.directory=./nar_repository nifi.asset.manager.properties.directory=./assets # Site to Site properties -nifi.remote.input.host= -nifi.remote.input.secure=false +nifi.remote.input.host=localhost +nifi.remote.input.secure=true nifi.remote.input.socket.port=7781 nifi.remote.input.http.enabled=true nifi.remote.input.http.transaction.ttl=30 sec @@ -140,10 +140,10 @@ nifi.remote.contents.cache.expiration=30 secs # web properties # nifi.web.war.directory=./lib nifi.web.http.host= -nifi.web.http.port=5671 +nifi.web.http.port= nifi.web.http.network.interface.default= -nifi.web.https.host= -nifi.web.https.port= +nifi.web.https.host=localhost +nifi.web.https.port=5671 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 @@ -157,12 +157,12 @@ nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 nifi.security.keystore=certs/keystore.p12 nifi.security.keystoreType=PKCS12 -nifi.security.keystorePasswd=NiFiSystemKeyStoreProvider -nifi.security.keyPasswd=NiFiSystemKeyStoreProvider +nifi.security.keystorePasswd= +nifi.security.keyPasswd= nifi.security.truststore=certs/truststore.p12 nifi.security.truststoreType=PKCS12 -nifi.security.truststorePasswd=NiFiSystemKeyStoreProvider -nifi.security.user.authorizer=managed-authorizer +nifi.security.truststorePasswd= +nifi.security.user.authorizer=system-test-authorizer nifi.security.user.login.identity.provider= nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= @@ -197,7 +197,7 @@ nifi.security.user.oidc.preferred.jwsalgorithm= # cluster common properties (all nodes must have same values) # nifi.cluster.protocol.heartbeat.interval=2 sec -nifi.cluster.protocol.is.secure=false +nifi.cluster.protocol.is.secure=true # cluster node properties (only configure for cluster nodes) # nifi.cluster.is.node=true diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node2/authorizers.xml b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node2/authorizers.xml new file mode 100644 index 0000000000..5442525804 --- /dev/null +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node2/authorizers.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<authorizers> + <authorizer> + <identifier>system-test-authorizer</identifier> + <class>org.apache.nifi.authorization.SystemTestAuthorizer</class> + </authorizer> +</authorizers> diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node2/nifi.properties b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node2/nifi.properties index 74e7a3595b..6b3df6197d 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node2/nifi.properties +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/clustered/node2/nifi.properties @@ -130,8 +130,8 @@ nifi.nar.persistence.provider.properties.directory=./nar_repository nifi.asset.manager.properties.directory=./assets # Site to Site properties -nifi.remote.input.host= -nifi.remote.input.secure=false +nifi.remote.input.host=localhost +nifi.remote.input.secure=true nifi.remote.input.socket.port=7782 nifi.remote.input.http.enabled=true nifi.remote.input.http.transaction.ttl=30 sec @@ -140,10 +140,10 @@ nifi.remote.contents.cache.expiration=30 secs # web properties # nifi.web.war.directory=./lib nifi.web.http.host= -nifi.web.http.port=5672 +nifi.web.http.port= nifi.web.http.network.interface.default= -nifi.web.https.host= -nifi.web.https.port= +nifi.web.https.host=localhost +nifi.web.https.port=5672 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 @@ -157,12 +157,12 @@ nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 nifi.security.keystore=certs/keystore.p12 nifi.security.keystoreType=PKCS12 -nifi.security.keystorePasswd=NiFiSystemKeyStoreProvider -nifi.security.keyPasswd=NiFiSystemKeyStoreProvider +nifi.security.keystorePasswd= +nifi.security.keyPasswd= nifi.security.truststore=certs/truststore.p12 nifi.security.truststoreType=PKCS12 -nifi.security.truststorePasswd=NiFiSystemKeyStoreProvider -nifi.security.user.authorizer=managed-authorizer +nifi.security.truststorePasswd= +nifi.security.user.authorizer=system-test-authorizer nifi.security.user.login.identity.provider= nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= @@ -197,7 +197,7 @@ nifi.security.user.oidc.preferred.jwsalgorithm= # cluster common properties (all nodes must have same values) # nifi.cluster.protocol.heartbeat.interval=2 sec -nifi.cluster.protocol.is.secure=false +nifi.cluster.protocol.is.secure=true # cluster node properties (only configure for cluster nodes) # nifi.cluster.is.node=true diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/default/authorizers.xml b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/default/authorizers.xml new file mode 100644 index 0000000000..5442525804 --- /dev/null +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/default/authorizers.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<authorizers> + <authorizer> + <identifier>system-test-authorizer</identifier> + <class>org.apache.nifi.authorization.SystemTestAuthorizer</class> + </authorizer> +</authorizers> diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/default/nifi.properties b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/default/nifi.properties index 3576381fbc..5bfb6ebca3 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/default/nifi.properties +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/default/nifi.properties @@ -131,8 +131,8 @@ nifi.nar.persistence.provider.properties.directory=./nar_repository nifi.asset.manager.properties.directory=./assets # Site to Site properties -nifi.remote.input.host= -nifi.remote.input.secure=false +nifi.remote.input.host=localhost +nifi.remote.input.secure=true nifi.remote.input.socket.port=7780 nifi.remote.input.http.enabled=true nifi.remote.input.http.transaction.ttl=30 sec @@ -141,10 +141,10 @@ nifi.remote.contents.cache.expiration=30 secs # web properties # nifi.web.war.directory=./lib nifi.web.http.host= -nifi.web.http.port=5670 +nifi.web.http.port= nifi.web.http.network.interface.default= -nifi.web.https.host= -nifi.web.https.port= +nifi.web.https.host=localhost +nifi.web.https.port=5670 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 @@ -158,12 +158,12 @@ nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 nifi.security.keystore=certs/keystore.p12 nifi.security.keystoreType=PKCS12 -nifi.security.keystorePasswd=NiFiSystemKeyStoreProvider -nifi.security.keyPasswd=NiFiSystemKeyStoreProvider +nifi.security.keystorePasswd= +nifi.security.keyPasswd= nifi.security.truststore=certs/truststore.p12 nifi.security.truststoreType=PKCS12 -nifi.security.truststorePasswd=NiFiSystemKeyStoreProvider -nifi.security.user.authorizer=managed-authorizer +nifi.security.truststorePasswd= +nifi.security.user.authorizer=system-test-authorizer nifi.security.user.login.identity.provider= nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= @@ -198,7 +198,7 @@ nifi.security.user.oidc.preferred.jwsalgorithm= # cluster common properties (all nodes must have same values) # nifi.cluster.protocol.heartbeat.interval=5 sec -nifi.cluster.protocol.is.secure=false +nifi.cluster.protocol.is.secure=true # cluster node properties (only configure for cluster nodes) # nifi.cluster.is.node=false diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/authorizers.xml b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/authorizers.xml new file mode 100644 index 0000000000..5442525804 --- /dev/null +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/authorizers.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<authorizers> + <authorizer> + <identifier>system-test-authorizer</identifier> + <class>org.apache.nifi.authorization.SystemTestAuthorizer</class> + </authorizer> +</authorizers> diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/logback.xml b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/logback.xml index d387a430b8..a46edc5e07 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/logback.xml +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/logback.xml @@ -100,6 +100,8 @@ <logger name="org.apache.nifi.processors.standard.LogMessage" level="INFO"/> <logger name="org.apache.nifi.controller.repository.StandardProcessSession" level="WARN" /> + <!-- Py4J set to WARN to avoid verbose socket communication messages --> + <logger name="py4j" level="WARN" /> <logger name="org.apache.zookeeper.ClientCnxn" level="ERROR" /> <logger name="org.apache.zookeeper.server.NIOServerCnxn" level="ERROR" /> diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/nifi.properties b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/nifi.properties index 0fdfa37765..a0199e7c12 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/nifi.properties +++ b/nifi-system-tests/nifi-system-test-suite/src/test/resources/conf/pythonic/nifi.properties @@ -18,7 +18,7 @@ # # Core Properties # -nifi.flow.configuration.file=./conf/flow.xml.gz +nifi.flow.configuration.file=./conf/flow.json.gz nifi.flow.configuration.archive.enabled=true nifi.flow.configuration.archive.dir=./conf/archive/ nifi.flow.configuration.archive.max.time=30 days @@ -135,8 +135,8 @@ nifi.nar.persistence.provider.properties.directory=./nar_repository nifi.asset.manager.properties.directory=./assets # Site to Site properties -nifi.remote.input.host= -nifi.remote.input.secure=false +nifi.remote.input.host=localhost +nifi.remote.input.secure=true nifi.remote.input.socket.port=7780 nifi.remote.input.http.enabled=true nifi.remote.input.http.transaction.ttl=30 sec @@ -145,10 +145,10 @@ nifi.remote.contents.cache.expiration=30 secs # web properties # nifi.web.war.directory=./lib nifi.web.http.host= -nifi.web.http.port=5670 +nifi.web.http.port= nifi.web.http.network.interface.default= -nifi.web.https.host= -nifi.web.https.port= +nifi.web.https.host=localhost +nifi.web.https.port=5670 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 @@ -162,12 +162,12 @@ nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 nifi.security.keystore=certs/keystore.p12 nifi.security.keystoreType=PKCS12 -nifi.security.keystorePasswd=NiFiSystemKeyStoreProvider -nifi.security.keyPasswd=NiFiSystemKeyStoreProvider +nifi.security.keystorePasswd= +nifi.security.keyPasswd= nifi.security.truststore=certs/truststore.p12 nifi.security.truststoreType=PKCS12 -nifi.security.truststorePasswd=NiFiSystemKeyStoreProvider -nifi.security.user.authorizer=managed-authorizer +nifi.security.truststorePasswd= +nifi.security.user.authorizer=system-test-authorizer nifi.security.user.login.identity.provider= nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= diff --git a/nifi-system-tests/pom.xml b/nifi-system-tests/pom.xml index 5ead4f18b3..aeea7a6673 100644 --- a/nifi-system-tests/pom.xml +++ b/nifi-system-tests/pom.xml @@ -25,6 +25,7 @@ <packaging>pom</packaging> <modules> + <module>nifi-system-test-authorizer-bundle</module> <module>nifi-system-test-extensions-bundle</module> <module>nifi-system-test-extensions2-bundle</module> <module>nifi-alternate-config-extensions-bundle</module>
