This is an automated email from the ASF dual-hosted git repository. szaszm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
commit ad9f50e92be7dd369c31d9ce146ecc8ffe5b2516 Author: Martin Zink <[email protected]> AuthorDate: Fri Mar 28 15:43:58 2025 +0100 MINIFICPP-2549 Verify package CI with FIPS enabled With this we found a bunch of FIPS related issues with @lordgamez I've checked it on a different branch after merging #1950 #1949 #1947 https://github.com/martinzink/nifi-minifi-cpp/actions/runs/14085441086 The remaining issues seem rather mild - on Rocky8 (both ARM and x86_64) ParseDocument python processor fails due to missing MD5 (it works on other platforms) - on Debian 11, 12 (only on ARM) some Kafka tests became flaky (cant really tell why) Closes #1952 Signed-off-by: Marton Szasz <[email protected]> --- .github/workflows/verify-package.yml | 166 ++++++--------------- cmake/JoltTests.cmake | 5 +- cmake/VerifyPackageWithDocker.cmake | 3 + docker/DockerVerify.sh | 12 ++ docker/python-verify/conda.Dockerfile | 44 ------ docker/python-verify/conda.dockerignore | 1 - docker/python-verify/venv.Dockerfile | 32 ---- docker/python-verify/venv.dockerignore | 1 - docker/test/integration/cluster/ContainerStore.py | 3 + .../test/integration/cluster/DockerTestCluster.py | 9 +- docker/test/integration/cluster/ImageStore.py | 2 +- .../cluster/containers/MinifiContainer.py | 7 +- .../features/MiNiFi_integration_test_driver.py | 3 + docker/test/integration/features/https.feature | 3 +- .../integration/features/minifi_c2_server.feature | 6 +- .../test/integration/features/opensearch.feature | 9 +- .../test/integration/features/prometheus.feature | 3 +- docker/test/integration/features/s2s.feature | 12 +- docker/test/integration/features/splunk.feature | 3 +- docker/test/integration/features/steps/steps.py | 5 + 20 files changed, 98 insertions(+), 231 deletions(-) diff --git a/.github/workflows/verify-package.yml b/.github/workflows/verify-package.yml index 99df50230..42a178f3c 100644 --- a/.github/workflows/verify-package.yml +++ b/.github/workflows/verify-package.yml @@ -1,180 +1,106 @@ name: "MiNiFi-CPP Verify Package" + on: schedule: - cron: '0 0 * * 0' workflow_dispatch: + inputs: + enable_fips: + type: boolean + description: Enable FIPS mode (some tests override this) + default: false + env: DOCKER_CMAKE_FLAGS: -DDOCKER_VERIFY_THREAD=3 -DUSE_SHARED_LIBS= -DSTRICT_GSL_CHECKS=AUDIT -DCI_BUILD=ON -DENABLE_AWS=ON -DENABLE_KAFKA=ON -DENABLE_MQTT=ON -DENABLE_AZURE=ON -DENABLE_SQL=ON \ -DENABLE_SPLUNK=ON -DENABLE_GCP=ON -DENABLE_OPC=ON -DENABLE_PYTHON_SCRIPTING=ON -DENABLE_LUA_SCRIPTING=ON -DENABLE_KUBERNETES=ON -DENABLE_TEST_PROCESSORS=ON -DENABLE_PROMETHEUS=ON \ -DENABLE_ELASTICSEARCH=OFF -DENABLE_GRAFANA_LOKI=ON -DENABLE_COUCHBASE=ON -DDOCKER_BUILD_ONLY=ON + jobs: - rocky-x86-64-build: - name: "Build package (Rocky 8 x86_64)" - runs-on: ubuntu-24.04 + build-packages: + name: "Build package (${{ matrix.platform.arch }})" + runs-on: ${{ matrix.platform.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} timeout-minutes: 180 - steps: - - id: checkout - uses: actions/checkout@v4 - - id: install_deps - run: | - sudo apt update - sudo apt install -y cmake - - id: build - run: | - mkdir build && cd build && cmake ${DOCKER_CMAKE_FLAGS} .. && make rocky - - uses: actions/upload-artifact@v4 - with: - name: minifi-x86-64-tar - path: build/nifi-minifi-cpp-*-bin-rockylinux.tar.gz - if-no-files-found: error + strategy: + fail-fast: false + matrix: + platform: [ + { arch: "x86_64", artifact: "minifi-x86_64-tar" }, + { arch: "aarch64", artifact: "minifi-aarch64-tar" } + ] - rocky-aarch64-build: - name: "Build package (Rocky 8 aarch64)" - runs-on: ubuntu-24.04-arm - timeout-minutes: 180 steps: - id: checkout uses: actions/checkout@v4 + - id: install_deps run: | sudo apt update sudo apt install -y cmake + - id: build run: | mkdir build && cd build && cmake ${DOCKER_CMAKE_FLAGS} .. && make rocky + - uses: actions/upload-artifact@v4 with: - name: minifi-aarch64-tar + name: ${{ matrix.platform.artifact }} path: build/nifi-minifi-cpp-*-bin-rockylinux.tar.gz if-no-files-found: error - docker-x86-64-tests: - name: "${{ matrix.platform.name }}" - runs-on: ubuntu-24.04 + docker-tests: + name: "${{ matrix.platform.name }} (${{ matrix.arch }})${{ inputs.enable_fips && ' (FIPS Mode)' || '' }}" + runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} timeout-minutes: 180 - needs: rocky-x86-64-build + needs: build-packages strategy: fail-fast: false matrix: + arch: [x86_64, aarch64] platform: [ - { name: "Rocky Linux 8 x86-64", - id: "rocky8", - build_cmd: "make rocky8_from_rocky_package", - verify_cmd: "make docker-verify-rocky8" }, - { name: "Rocky Linux 9 x86-64", - id: "rocky9", - build_cmd: "make rocky9_from_rocky_package", - verify_cmd: "make docker-verify-rocky9" }, - { name: "Ubuntu 22.04 x86-64", - id: "ubuntu_jammy", - build_cmd: "make jammy_from_rocky_package", - verify_cmd: "make docker-verify-jammy" }, - { name: "Ubuntu 24.04 x86-64", - id: "ubuntu_noble", - build_cmd: "make noble_from_rocky_package", - verify_cmd: "make docker-verify-noble" }, - { name: "Debian 11 x86-64", - id: "debian_bullseye", - build_cmd: "make bullseye_from_rocky_package", - verify_cmd: "make docker-verify-bullseye" }, - { name: "Debian 12 x86-64", - id: "debian_bookworm", - build_cmd: "make bookworm_from_rocky_package", - verify_cmd: "make docker-verify-bookworm" }, + { name: "Rocky Linux 8", id: "rocky8", build_cmd: "make rocky8_from_rocky_package", verify_cmd: "make docker-verify-rocky8" }, + { name: "Rocky Linux 9", id: "rocky9", build_cmd: "make rocky9_from_rocky_package", verify_cmd: "make docker-verify-rocky9" }, + { name: "Ubuntu 22.04", id: "ubuntu_jammy", build_cmd: "make jammy_from_rocky_package", verify_cmd: "make docker-verify-jammy" }, + { name: "Ubuntu 24.04", id: "ubuntu_noble", build_cmd: "make noble_from_rocky_package", verify_cmd: "make docker-verify-noble" }, + { name: "Debian 11", id: "debian_bullseye", build_cmd: "make bullseye_from_rocky_package", verify_cmd: "make docker-verify-bullseye" }, + { name: "Debian 12", id: "debian_bookworm", build_cmd: "make bookworm_from_rocky_package", verify_cmd: "make docker-verify-bookworm" }, ] steps: - id: checkout uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 with: - name: minifi-x86-64-tar + name: minifi-${{ matrix.arch }}-tar path: build + - id: install_deps run: | sudo apt update sudo apt install -y python3-virtualenv - - run: cd build && cmake ${DOCKER_CMAKE_FLAGS} .. \ - && ${{ matrix.platform.build_cmd }} && ${{ matrix.platform.verify_cmd }} - - name: Test Reporter - if: always() - uses: phoenix-actions/test-reporting@v15 - with: - name: "${{ matrix.platform.name }}" - path: build/behavex_output/behave/*.xml - reporter: java-junit - output-to: 'step-summary' - list-tests: 'failed' - list-suites: 'failed' - - name: Upload artifact - if: failure() - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.platform.id }}_x86_64_behavex_output - path: build/behavex_output + - run: | + cd build && cmake ${DOCKER_CMAKE_FLAGS} .. + VERIFY_CMD="${{ matrix.platform.verify_cmd }}" + if [[ "${{ inputs.enable_fips }}" == "true" ]]; then + VERIFY_CMD="${VERIFY_CMD}-fips" + fi + ${{ matrix.platform.build_cmd }} && $VERIFY_CMD - docker-aarch64-tests: - name: "${{ matrix.platform.name }}" - runs-on: ubuntu-24.04-arm - timeout-minutes: 180 - needs: rocky-aarch64-build - strategy: - fail-fast: false - matrix: - platform: [ - { name: "Rocky Linux 8 aarch64", - id: "rocky8", - build_cmd: "make rocky8_from_rocky_package", - verify_cmd: "make docker-verify-rocky8" }, - { name: "Rocky Linux 9 aarch64", - id: "rocky9", - build_cmd: "make rocky9_from_rocky_package", - verify_cmd: "make docker-verify-rocky9" }, - { name: "Ubuntu 22.04 aarch64", - id: "ubuntu_jammy", - build_cmd: "make jammy_from_rocky_package", - verify_cmd: "make docker-verify-jammy" }, - { name: "Ubuntu 24.04 aarch64", - id: "ubuntu_noble", - build_cmd: "make noble_from_rocky_package", - verify_cmd: "make docker-verify-noble" }, - { name: "Debian 11 aarch64", - id: "debian_bullseye", - build_cmd: "make bullseye_from_rocky_package", - verify_cmd: "make docker-verify-bullseye" }, - { name: "Debian 12 aarch64", - id: "debian_bookworm", - build_cmd: "make bookworm_from_rocky_package", - verify_cmd: "make docker-verify-bookworm" }, - ] - - steps: - - id: checkout - uses: actions/checkout@v4 - - uses: actions/download-artifact@v4 - with: - name: minifi-aarch64-tar - path: build - - id: install_deps - run: | - sudo apt update - sudo apt install -y python3-virtualenv - - run: cd build && cmake ${DOCKER_CMAKE_FLAGS} .. \ - && ${{ matrix.platform.build_cmd }} && ${{ matrix.platform.verify_cmd }} - name: Test Reporter if: always() uses: phoenix-actions/test-reporting@v15 with: - name: "${{ matrix.platform.name }}" + name: "${{ matrix.platform.name }} (${{ matrix.arch }})${{ inputs.enable_fips && ' (FIPS Mode)' || '' }}" path: build/behavex_output/behave/*.xml reporter: java-junit output-to: 'step-summary' list-tests: 'failed' list-suites: 'failed' + - name: Upload artifact if: failure() uses: actions/upload-artifact@v4 with: - name: ${{ matrix.platform.id }}_aarch64_behavex_output + name: ${{ matrix.platform.id }}_${{ matrix.arch }}_behavex_output${{ inputs.enable_fips && '_fips' || '' }} path: build/behavex_output diff --git a/cmake/JoltTests.cmake b/cmake/JoltTests.cmake index 053b1e925..56601fab6 100644 --- a/cmake/JoltTests.cmake +++ b/cmake/JoltTests.cmake @@ -22,7 +22,4 @@ FetchContent_Declare(jolt_tests URL_HASH SHA256=7423c5b98244260f89a975f5e21150c02a6a1fa88e3af07c90d43fef0eebdcbb ) -FetchContent_GetProperties(jolt_tests) -if (NOT jolt_tests_POPULATED) - FetchContent_Populate(jolt_tests) -endif() +FetchContent_MakeAvailable(jolt_tests) diff --git a/cmake/VerifyPackageWithDocker.cmake b/cmake/VerifyPackageWithDocker.cmake index 0a76710f8..32e0abb79 100644 --- a/cmake/VerifyPackageWithDocker.cmake +++ b/cmake/VerifyPackageWithDocker.cmake @@ -33,6 +33,9 @@ function(ADD_PACKAGE_VERIFY TAG_PREFIX) add_custom_target( docker-verify-${TAG_PREFIX} COMMAND ${CMAKE_SOURCE_DIR}/docker/DockerVerify.sh --image-tag-prefix ${TAG_PREFIX} ${MINIFI_VERSION_STR} ${ENABLED_TAGS} --tags_to_exclude=${DISABLED_TAGS} --parallel_processes=${DOCKER_VERIFY_THREADS}) + add_custom_target( + docker-verify-${TAG_PREFIX}-fips + COMMAND ${CMAKE_SOURCE_DIR}/docker/DockerVerify.sh --image-tag-prefix ${TAG_PREFIX} ${MINIFI_VERSION_STR} ${ENABLED_TAGS} --tags_to_exclude=${DISABLED_TAGS} --parallel_processes=${DOCKER_VERIFY_THREADS} --fips) endfunction() diff --git a/docker/DockerVerify.sh b/docker/DockerVerify.sh index 38fdb22fe..501cab174 100755 --- a/docker/DockerVerify.sh +++ b/docker/DockerVerify.sh @@ -39,6 +39,7 @@ print_help() printf '\t%s\n' "--tags_to_exclude: optional tags that should be skipped (no default)" printf '\t%s\n' "--image-tag-prefix: optional prefix to the docker tag (no default)" printf '\t%s\n' "--parallel_processes: optional argument that specifies the number of parallel processes that can be executed simultaneously. (default: 3)" + printf '\t%s\n' "--fips: enables FIPS mode by default" printf '\t%s\n' "-h, --help: Prints help" } @@ -46,6 +47,7 @@ print_help() parse_commandline() { _positionals_count=0 + _arg_fips=false # Default to false while test $# -gt 0 do _key="$1" @@ -74,6 +76,9 @@ parse_commandline() --parallel_processes=*) _arg_parallel_processes="${_key##--parallel_processes=}" ;; + --fips) + _arg_fips=true # Set boolean flag to true when argument is present + ;; -h|--help) print_help exit 0 @@ -93,6 +98,7 @@ parse_commandline() } + handle_passed_args_count() { local _required_args_string="'minifi_version' and 'tags_to_run'" @@ -129,6 +135,12 @@ else export MINIFI_TAG_PREFIX=${_arg_image_tag_prefix}- fi + if [ "$_arg_fips" = true ]; then + export MINIFI_FIPS="true" + else + export MINIFI_FIPS="false" + fi + # Create virtual environment for testing if [[ ! -d ./test-env-py3 ]]; then echo "Creating virtual environment in ./test-env-py3" 1>&2 diff --git a/docker/python-verify/conda.Dockerfile b/docker/python-verify/conda.Dockerfile deleted file mode 100644 index d8bd4b64b..000000000 --- a/docker/python-verify/conda.Dockerfile +++ /dev/null @@ -1,44 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -ARG BASE_IMAGE -FROM ${BASE_IMAGE} as base_image -LABEL maintainer="Apache NiFi <[email protected]>" - -ENV USER minificpp -ENV CONDA_HOME /opt/conda -ENV LD_LIBRARY_PATH /opt/conda/lib -ENV MINIFI_BASE_DIR /opt/minifi -ENV MINIFI_HOME ${MINIFI_BASE_DIR}/minifi-current -ENV PATH ${CONDA_HOME}/bin:${PATH} - -USER root - -RUN wget https://repo.anaconda.com/archive/Anaconda3-2023.09-0-Linux-x86_64.sh -P /tmp \ - && echo "6c8a4abb36fbb711dc055b7049a23bbfd61d356de9468b41c5140f8a11abd851 /tmp/Anaconda3-2023.09-0-Linux-x86_64.sh" | sha256sum -c \ - && bash /tmp/Anaconda3-2023.09-0-Linux-x86_64.sh -b -p /opt/conda \ - && chown -R ${USER}:${USER} /opt/conda - -USER ${USER} - -RUN ${CONDA_HOME}/bin/conda init bash -RUN ${CONDA_HOME}/bin/conda install "langchain<=0.17.0" -c conda-forge - -WORKDIR ${MINIFI_HOME} - -# Start MiNiFi CPP in the foreground -CMD ["/bin/bash", "-c", "/opt/minifi/minifi-current/bin/minifi.sh run"] diff --git a/docker/python-verify/conda.dockerignore b/docker/python-verify/conda.dockerignore deleted file mode 100644 index 72e8ffc0d..000000000 --- a/docker/python-verify/conda.dockerignore +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/docker/python-verify/venv.Dockerfile b/docker/python-verify/venv.Dockerfile deleted file mode 100644 index 470855e04..000000000 --- a/docker/python-verify/venv.Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -ARG BASE_IMAGE -FROM ${BASE_IMAGE} as base_image -LABEL maintainer="Apache NiFi <[email protected]>" - - -ENV USER minificpp - -USER ${USER} -WORKDIR ${MINIFI_HOME} - -RUN python3 -m venv venv -RUN . ./venv/bin/activate && pip install --upgrade pip && pip install numpy "langchain<=0.17.0" - -# Start MiNiFi CPP in the foreground -CMD ["/bin/bash", "-c", "source ./venv/bin/activate && ./bin/minifi.sh run"] diff --git a/docker/python-verify/venv.dockerignore b/docker/python-verify/venv.dockerignore deleted file mode 100644 index 72e8ffc0d..000000000 --- a/docker/python-verify/venv.dockerignore +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/docker/test/integration/cluster/ContainerStore.py b/docker/test/integration/cluster/ContainerStore.py index baa5e9907..c49314a7a 100644 --- a/docker/test/integration/cluster/ContainerStore.py +++ b/docker/test/integration/cluster/ContainerStore.py @@ -400,6 +400,9 @@ class ContainerStore: def enable_openssl_fips_mode_in_minifi(self): self.minifi_options.enable_openssl_fips_mode = True + def disable_openssl_fips_mode_in_minifi(self): + self.minifi_options.enable_openssl_fips_mode = False + def get_startup_finished_log_entry(self, container_name): container_name = self.get_container_name_with_postfix(container_name) return self.containers[container_name].get_startup_finished_log_entry() diff --git a/docker/test/integration/cluster/DockerTestCluster.py b/docker/test/integration/cluster/DockerTestCluster.py index a758b873f..7e7c6c549 100644 --- a/docker/test/integration/cluster/DockerTestCluster.py +++ b/docker/test/integration/cluster/DockerTestCluster.py @@ -102,6 +102,12 @@ class DockerTestCluster: def enable_prometheus_with_ssl_in_minifi(self): self.container_store.enable_prometheus_with_ssl_in_minifi() + def enable_openssl_fips_mode_in_minifi(self): + self.container_store.enable_openssl_fips_mode_in_minifi() + + def disable_openssl_fips_mode_in_minifi(self): + self.container_store.disable_openssl_fips_mode_in_minifi() + def enable_sql_in_minifi(self): self.container_store.enable_sql_in_minifi() @@ -138,9 +144,6 @@ class DockerTestCluster: def enable_example_minifi_python_processors(self): self.container_store.enable_example_minifi_python_processors() - def enable_openssl_fips_mode_in_minifi(self): - self.container_store.enable_openssl_fips_mode_in_minifi() - def get_app_log(self, container_name): container_name = self.container_store.get_container_name_with_postfix(container_name) log_source = self.container_store.log_source(container_name) diff --git a/docker/test/integration/cluster/ImageStore.py b/docker/test/integration/cluster/ImageStore.py index 7ec5cb27d..d10be12e4 100644 --- a/docker/test/integration/cluster/ImageStore.py +++ b/docker/test/integration/cluster/ImageStore.py @@ -237,7 +237,7 @@ class ImageStore: echo " INSERT INTO test_table2 (int_col, \\"tExT_Col\\") VALUES (5, 'ApPlE');" >> /docker-entrypoint-initdb.d/init-user-db.sh && \ echo " INSERT INTO test_table2 (int_col, \\"tExT_Col\\") VALUES (6, 'BaNaNa');" >> /docker-entrypoint-initdb.d/init-user-db.sh && \ echo "EOSQL" >> /docker-entrypoint-initdb.d/init-user-db.sh - """.format(base_image='postgres:13.2')) + """.format(base_image='postgres:17.4')) return self.__build_image(dockerfile) def __build_mqtt_broker_image(self): diff --git a/docker/test/integration/cluster/containers/MinifiContainer.py b/docker/test/integration/cluster/containers/MinifiContainer.py index b04829396..10bc2e84f 100644 --- a/docker/test/integration/cluster/containers/MinifiContainer.py +++ b/docker/test/integration/cluster/containers/MinifiContainer.py @@ -43,7 +43,10 @@ class MinifiOptions: self.enable_controller_socket = False self.enable_log_metrics_publisher = False self.enable_example_minifi_python_processors = False - self.enable_openssl_fips_mode = False + if "true" in os.environ['MINIFI_FIPS']: + self.enable_openssl_fips_mode = True + else: + self.enable_openssl_fips_mode = False class MinifiContainer(FlowContainer): @@ -161,6 +164,8 @@ class MinifiContainer(FlowContainer): if self.options.enable_openssl_fips_mode: f.write("nifi.openssl.fips.support.enable=true\n") + else: + f.write("nifi.openssl.fips.support.enable=false\n") def _setup_config(self): self._create_properties() diff --git a/docker/test/integration/features/MiNiFi_integration_test_driver.py b/docker/test/integration/features/MiNiFi_integration_test_driver.py index e7171865e..fbc78112d 100644 --- a/docker/test/integration/features/MiNiFi_integration_test_driver.py +++ b/docker/test/integration/features/MiNiFi_integration_test_driver.py @@ -440,6 +440,9 @@ class MiNiFi_integration_test: def enable_openssl_fips_mode_in_minifi(self): self.cluster.enable_openssl_fips_mode_in_minifi() + def disable_openssl_fips_mode_in_minifi(self): + self.cluster.disable_openssl_fips_mode_in_minifi() + def debug_bundle_can_be_retrieved_through_minifi_controller(self, container_name: str): assert self.cluster.debug_bundle_can_be_retrieved_through_minifi_controller(container_name) or self.cluster.log_app_output() diff --git a/docker/test/integration/features/https.feature b/docker/test/integration/features/https.feature index 6c6f459db..f4ff9d246 100644 --- a/docker/test/integration/features/https.feature +++ b/docker/test/integration/features/https.feature @@ -131,8 +131,7 @@ Feature: Transfer data from and to MiNiFi using HTTPS Scenario: InvokeHTTP to ListenHTTP with mutual TLS, using the system certificate store, requires a server cert signed by a CA - Given OpenSSL FIPS mode is enabled in MiNiFi - And a GenerateFlowFile processor with the "Data Format" property set to "Text" + Given a GenerateFlowFile processor with the "Data Format" property set to "Text" And the "Unique FlowFiles" property of the GenerateFlowFile processor is set to "false" And the "Custom Text" property of the GenerateFlowFile processor is set to "Duis aute irure dolor in reprehenderit in voluptate" And a InvokeHTTP processor with the "Remote URL" property set to "https://server-${feature_id}:4430/contentListener"; diff --git a/docker/test/integration/features/minifi_c2_server.feature b/docker/test/integration/features/minifi_c2_server.feature index b11e63d66..ff6640deb 100644 --- a/docker/test/integration/features/minifi_c2_server.feature +++ b/docker/test/integration/features/minifi_c2_server.feature @@ -30,8 +30,7 @@ Feature: MiNiFi can communicate with Apache NiFi MiNiFi C2 server And the Minifi logs do not contain the following message: "Failed to parse json response: The document is empty. at 0" after 0 seconds Scenario: MiNiFi flow config is updated from MiNiFi C2 server through SSL with SSL controller service - Given OpenSSL FIPS mode is enabled in MiNiFi - And a file with the content "test" is present in "/tmp/input" + Given a file with the content "test" is present in "/tmp/input" And a ssl context service is set up for MiNiFi C2 server And a MiNiFi C2 server is set up with SSL When all instances start up @@ -48,8 +47,7 @@ Feature: MiNiFi can communicate with Apache NiFi MiNiFi C2 server And a flowfile with the content "test" is placed in the monitored directory in less than 10 seconds Scenario: MiNiFi flow config is updated from MiNiFi C2 server through SSL with SSL properties - Given OpenSSL FIPS mode is enabled in MiNiFi - And a file with the content "test" is present in "/tmp/input" + Given a file with the content "test" is present in "/tmp/input" And a GenerateFlowFile processor And ssl properties are set up for MiNiFi C2 server And a MiNiFi C2 server is set up with SSL diff --git a/docker/test/integration/features/opensearch.feature b/docker/test/integration/features/opensearch.feature index 5a6877f49..f4e2fabb8 100644 --- a/docker/test/integration/features/opensearch.feature +++ b/docker/test/integration/features/opensearch.feature @@ -20,8 +20,7 @@ Feature: PostElasticsearch works on Opensearch (Opensearch doesnt support API Ke Given the content of "/tmp/output" is monitored Scenario Outline: MiNiFi instance creates a document on Opensearch using Basic Authentication - Given OpenSSL FIPS mode is enabled in MiNiFi - And an Opensearch server is set up and running + Given an Opensearch server is set up and running And a GetFile processor with the "Input Directory" property set to "/tmp/input" And a file with the content "{ "field1" : "value1" }" is present in "/tmp/input" And a PostElasticsearch processor @@ -45,8 +44,7 @@ Feature: PostElasticsearch works on Opensearch (Opensearch doesnt support API Ke | "create" | Scenario: MiNiFi instance deletes a document from Opensearch using Basic Authentication - Given OpenSSL FIPS mode is enabled in MiNiFi - And an Opensearch server is set up and a single document is present with "preloaded_id" in "my_index" + Given an Opensearch server is set up and a single document is present with "preloaded_id" in "my_index" And a GetFile processor with the "Input Directory" property set to "/tmp/input" And a file with the content "hello world" is present in "/tmp/input" And a PostElasticsearch processor @@ -65,8 +63,7 @@ Feature: PostElasticsearch works on Opensearch (Opensearch doesnt support API Ke And Opensearch is empty Scenario: MiNiFi instance partially updates a document in Opensearch using Basic Authentication - Given OpenSSL FIPS mode is enabled in MiNiFi - And an Opensearch server is set up and a single document is present with "preloaded_id" in "my_index" with "value1" in "field1" + Given an Opensearch server is set up and a single document is present with "preloaded_id" in "my_index" with "value1" in "field1" And a GetFile processor with the "Input Directory" property set to "/tmp/input" And a file with the content "{ "field2" : "value2" }" is present in "/tmp/input" And a PostElasticsearch processor diff --git a/docker/test/integration/features/prometheus.feature b/docker/test/integration/features/prometheus.feature index 33a3ea2e7..f336990b5 100644 --- a/docker/test/integration/features/prometheus.feature +++ b/docker/test/integration/features/prometheus.feature @@ -37,8 +37,7 @@ Feature: MiNiFi can publish metrics to Prometheus server And all Prometheus metric types are only defined once Scenario: Published metrics are scraped by Prometheus server through SSL connection - Given OpenSSL FIPS mode is enabled in MiNiFi - And a GetFile processor with the name "GetFile1" and the "Input Directory" property set to "/tmp/input" + Given a GetFile processor with the name "GetFile1" and the "Input Directory" property set to "/tmp/input" And a file with the content "test" is present in "/tmp/input" And a PutFile processor with the "Directory" property set to "/tmp/output" And the "success" relationship of the GetFile1 processor is connected to the PutFile diff --git a/docker/test/integration/features/s2s.feature b/docker/test/integration/features/s2s.feature index f279a4058..80a8eb648 100644 --- a/docker/test/integration/features/s2s.feature +++ b/docker/test/integration/features/s2s.feature @@ -79,8 +79,7 @@ Feature: Sending data from MiNiFi-C++ to NiFi using S2S protocol Then no files are placed in the monitored directory in 50 seconds of running time Scenario: A MiNiFi instance produces and transfers data to a NiFi instance via s2s using SSL - Given OpenSSL FIPS mode is enabled in MiNiFi - And a GetFile processor with the "Input Directory" property set to "/tmp/input" + Given a GetFile processor with the "Input Directory" property set to "/tmp/input" And the "Keep Source File" property of the GetFile processor is set to "true" And a file with the content "test" is present in "/tmp/input" And a RemoteProcessGroup node opened on "https://nifi-${feature_id}:8443/nifi"; @@ -97,8 +96,7 @@ Feature: Sending data from MiNiFi-C++ to NiFi using S2S protocol And the Minifi logs do not contain the following message: "ProcessSession rollback" after 1 seconds Scenario: A MiNiFi instance produces and transfers data to a NiFi instance via s2s using SSL with YAML config - Given OpenSSL FIPS mode is enabled in MiNiFi - And a MiNiFi CPP server with yaml config + Given a MiNiFi CPP server with yaml config And a GetFile processor with the "Input Directory" property set to "/tmp/input" And the "Keep Source File" property of the GetFile processor is set to "true" And a file with the content "test" is present in "/tmp/input" @@ -116,8 +114,7 @@ Feature: Sending data from MiNiFi-C++ to NiFi using S2S protocol And the Minifi logs do not contain the following message: "ProcessSession rollback" after 1 seconds Scenario: A MiNiFi instance produces and transfers data to a NiFi instance via s2s using SSL config defined in minifi.properties - Given OpenSSL FIPS mode is enabled in MiNiFi - And a GetFile processor with the "Input Directory" property set to "/tmp/input" + Given a GetFile processor with the "Input Directory" property set to "/tmp/input" And the "Keep Source File" property of the GetFile processor is set to "true" And a file with the content "test" is present in "/tmp/input" And a RemoteProcessGroup node opened on "https://nifi-${feature_id}:8443/nifi"; @@ -134,8 +131,7 @@ Feature: Sending data from MiNiFi-C++ to NiFi using S2S protocol And the Minifi logs do not contain the following message: "ProcessSession rollback" after 1 seconds Scenario: A MiNiFi instance produces and transfers data to a NiFi instance via s2s using YAML config and SSL config defined in minifi.properties - Given OpenSSL FIPS mode is enabled in MiNiFi - And a MiNiFi CPP server with yaml config + Given a MiNiFi CPP server with yaml config And a GetFile processor with the "Input Directory" property set to "/tmp/input" And the "Keep Source File" property of the GetFile processor is set to "true" And a file with the content "test" is present in "/tmp/input" diff --git a/docker/test/integration/features/splunk.feature b/docker/test/integration/features/splunk.feature index 3c18654d6..a6f99285e 100644 --- a/docker/test/integration/features/splunk.feature +++ b/docker/test/integration/features/splunk.feature @@ -44,8 +44,7 @@ Feature: Sending data to Splunk HEC using PutSplunkHTTP Scenario: A MiNiFi instance transfers data to a Splunk HEC with SSL enabled - Given OpenSSL FIPS mode is enabled in MiNiFi - And a Splunk HEC is set up and running + Given a Splunk HEC is set up and running And a GetFile processor with the "Input Directory" property set to "/tmp/input" And a file with the content "foobar" is present in "/tmp/input" And a PutSplunkHTTP processor set up to communicate with the Splunk HEC instance diff --git a/docker/test/integration/features/steps/steps.py b/docker/test/integration/features/steps/steps.py index 5d8a7c556..e9b45c2ab 100644 --- a/docker/test/integration/features/steps/steps.py +++ b/docker/test/integration/features/steps/steps.py @@ -377,6 +377,11 @@ def step_impl(context): context.test.enable_openssl_fips_mode_in_minifi() +@given("OpenSSL FIPS mode is disabled in MiNiFi") +def step_impl(context): + context.test.disable_openssl_fips_mode_in_minifi() + + # HTTP proxy setup @given("the http proxy server is set up") @given("a http proxy server is set up accordingly")
