This is an automated email from the ASF dual-hosted git repository. szaszm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
commit 8cb945b10e314f3927d15921265aa0a345fddcea Author: Gabor Gyimesi <[email protected]> AuthorDate: Fri Oct 17 17:01:17 2025 +0200 MINIFICPP-2232 Remove option to load SSL context from flow config Closes #1986 Signed-off-by: Marton Szasz <[email protected]> --- C2.md | 3 - CONFIGURE.md | 11 +- OPS.md | 8 +- conf/minifi-log.properties.in | 1 - conf/minifi.properties.in | 2 - controller/MiNiFiController.cpp | 49 +------- controller/tests/ControllerTests.cpp | 75 +------------ core-framework/include/http/BaseHTTPClient.h | 31 +++++- core-framework/src/http/BaseHTTPClient.cpp | 7 +- core-framework/src/http/HTTPClient.cpp | 10 +- .../cluster/containers/MinifiContainer.py | 1 - .../integration/features/minifi_c2_server.feature | 8 -- docker/test/integration/features/steps/steps.py | 12 -- encrypt-config/tests/ConfigFileEncryptorTests.cpp | 2 +- encrypt-config/tests/ConfigFileTests.cpp | 8 +- encrypt-config/tests/resources/minifi.properties | 1 - ...th-additional-sensitive-props.minifi.properties | 1 - .../aws/tests/MultipartUploadStateStorageTest.cpp | 2 +- extensions/civetweb/tests/ListenHTTPTests.cpp | 124 ++++++++++----------- extensions/elasticsearch/PostElasticsearch.cpp | 2 +- extensions/grafana-loki/PushGrafanaLokiREST.cpp | 2 +- .../tests/SmbConnectionControllerServiceTests.cpp | 1 - extensions/splunk/SplunkHECProcessor.cpp | 2 +- .../standard-processors/processors/InvokeHTTP.cpp | 2 +- .../standard-processors/processors/InvokeHTTP.h | 2 +- .../tests/unit/HttpClientStoreTests.cpp | 12 +- libminifi/include/c2/ControllerSocketProtocol.h | 4 +- .../include/core/logging/LoggerConfiguration.h | 2 +- libminifi/include/core/logging/alert/AlertSink.h | 5 +- libminifi/src/Configuration.cpp | 3 - libminifi/src/FlowController.cpp | 4 +- libminifi/src/RemoteProcessGroupPort.cpp | 8 +- libminifi/src/c2/ControllerSocketProtocol.cpp | 30 ++--- libminifi/src/c2/protocols/RESTSender.cpp | 23 ++-- libminifi/src/core/logging/LoggerConfiguration.cpp | 10 +- libminifi/src/core/logging/alert/AlertSink.cpp | 27 +---- libminifi/src/sitetosite/HttpSiteToSiteClient.cpp | 12 +- libminifi/test/integration/AlertTests.cpp | 9 +- libminifi/test/integration/HTTPClientTests.cpp | 12 +- libminifi/test/libtest/unit/TestBase.h | 1 + .../test/resources/encrypted.minifi.properties | 1 - libminifi/test/unit/ArrayUtilsTests.cpp | 8 +- .../EnvironmentVariableParameterProviderTest.cpp | 12 +- libminifi/test/unit/GeneralUtilsTest.cpp | 60 +++++----- libminifi/test/unit/ParameterTokenParserTest.cpp | 16 +-- .../include/minifi-cpp/properties/Configuration.h | 3 - 46 files changed, 237 insertions(+), 392 deletions(-) diff --git a/C2.md b/C2.md index 2b5a8b2cc..8ec0c9562 100644 --- a/C2.md +++ b/C2.md @@ -106,9 +106,6 @@ be requested via C2 DESCRIBE manifest command. # c2 agent class -- must be defined to run agent nifi.c2.agent.class=<your agent class> - # configure SSL Context service for REST Protocol - #nifi.c2.rest.ssl.context.service - # specify encoding strategy for c2 requests (gzip, none) #nifi.c2.rest.request.encoding=none diff --git a/CONFIGURE.md b/CONFIGURE.md index 886e47939..5773ee47d 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -1071,7 +1071,16 @@ Here's an example of an alert appender with its available properties: appender.alert1.batch.size=100 KB appender.alert1.buffer.limit=1 MB appender.alert1.level=TRACE - appender.alert1.ssl.context.service=<Name of the SSLContextService> + +If you want to use SSL connection for the alert appender, you can set up the certificate configuration properties in the minifi.properties file: + + # setup the client certificate and private key PEM files + nifi.security.client.certificate=./conf/client.pem + nifi.security.client.private.key=./conf/client.pem + # setup the client private key passphrase file + nifi.security.client.pass.phrase=./conf/password + # setup the client CA certificate file + nifi.security.client.ca.certificate=./conf/nifi-cert.pem ### Log levels After the appenders are defined you can set the log level and logging target for each of them. Appenders can be set to log everything on a specific log level, but you can also define some appenders to only write logs from specific namespaces or classes with different log levels. The log level can be set to one of the following values: OFF, TRACE, DEBUG, INFO, WARN, ERROR, CRITICAL. The log levels can be set in the following way: diff --git a/OPS.md b/OPS.md index 32c8c1583..c5a780c8f 100644 --- a/OPS.md +++ b/OPS.md @@ -69,13 +69,9 @@ The executable is stored in the bin directory and is titled minifi-controller. A ### SSL -To use secure connection for the C2 commands, both the MiNiFi C++ agent and the controller have to be started with either of the following configurations. +To use secure connection for the C2 commands, both the MiNiFi C++ agent and the controller have to be started with the following configurations. -To retrieve the SSL configuration properties from the flow config, set the following property to the name of the SSL context service holding the information: - - $ controller.ssl.context.service=SSLContextService - -Otherwise if you prefer to retrieve the SSL configuration properties from the minifi.properties file set the nifi.remote.input.secure property value to true and configure the security properties in the minifi.properties file. +To retrieve the SSL configuration properties from the minifi.properties file set the nifi.remote.input.secure property value to true and configure the security properties in the minifi.properties file. $ nifi.remote.input.secure=true $ nifi.security.client.certificate=/path/to/cert/mycert.crt diff --git a/conf/minifi-log.properties.in b/conf/minifi-log.properties.in index dc6ac9397..9d9946715 100644 --- a/conf/minifi-log.properties.in +++ b/conf/minifi-log.properties.in @@ -47,7 +47,6 @@ appender.rolling.max_file_size=20 MB #appender.alert1.batch.size=100 KB #appender.alert1.buffer.limit=1 MB #appender.alert1.level=TRACE -#appender.alert1.ssl.context.service=<Name of the SSLContextService> # Uncomment if you do not want to include the UUID of the component at the end of log lines #logger.include.uuid=false diff --git a/conf/minifi.properties.in b/conf/minifi.properties.in index 01441816c..7eceafc60 100644 --- a/conf/minifi.properties.in +++ b/conf/minifi.properties.in @@ -93,7 +93,6 @@ nifi.content.repository.class.name=DatabaseContentRepository #nifi.c2.rest.path.base= #nifi.c2.rest.url= #nifi.c2.rest.url.ack= -#nifi.c2.rest.ssl.context.service= nifi.c2.root.classes=DeviceInfoNode,AgentInformation,FlowInformation,AssetInformation ## Minimize heartbeat payload size by excluding agent manifest from the heartbeat nifi.c2.full.heartbeat=false @@ -129,7 +128,6 @@ nifi.c2.full.heartbeat=false #controller.socket.host=localhost #controller.socket.port=9998 #controller.socket.local.any.interface=false -#controller.ssl.context.service=SSLContextService ## specify the destination of c2 directed assets nifi.asset.directory=@MINIFI_PATH_ASSET_DIR@ diff --git a/controller/MiNiFiController.cpp b/controller/MiNiFiController.cpp index 3b52599be..619415c25 100644 --- a/controller/MiNiFiController.cpp +++ b/controller/MiNiFiController.cpp @@ -38,55 +38,14 @@ namespace minifi = org::apache::nifi::minifi; -std::shared_ptr<minifi::core::controller::ControllerService> getControllerService(const std::shared_ptr<minifi::Configure> &configuration, - const std::string &service_name) { - std::string nifi_configuration_class_name = "adaptiveconfiguration"; - - minifi::core::extension::ExtensionManagerImpl::get().initialize(configuration); - - configuration->get(minifi::Configure::nifi_configuration_class_name, nifi_configuration_class_name); - auto flow_configuration = minifi::core::createFlowConfiguration( - minifi::core::ConfigurationContext{ - .flow_file_repo = nullptr, - .content_repo = nullptr, - .configuration = configuration, - .path = configuration->get(minifi::Configure::nifi_flow_configuration_file)}, - nifi_configuration_class_name); - - auto root = flow_configuration->getRoot(); - if (!root) { - return nullptr; - } - auto controller = root->findControllerService(service_name); - if (!controller) { - return nullptr; - } - return controller->getControllerServiceImplementation(); -} - std::shared_ptr<minifi::controllers::SSLContextServiceInterface> getSSLContextService(const std::shared_ptr<minifi::Configure>& configuration) { std::shared_ptr<minifi::controllers::SSLContextServiceInterface> secure_context; - std::string context_name; - // if the user wishes to use a controller service we need to instantiate the flow - if (configuration->get(minifi::Configure::controller_ssl_context_service, context_name) && !context_name.empty()) { - const auto service = getControllerService(configuration, context_name); - if (nullptr != service) { - secure_context = std::dynamic_pointer_cast<minifi::controllers::SSLContextServiceInterface>(service); - } - if (secure_context == nullptr) { - throw minifi::Exception(minifi::GENERAL_EXCEPTION, "SSL Context was set, but the context name '" + context_name + "' could not be found"); - } - } - - if (nullptr == secure_context) { - std::string secureStr; - if (configuration->get(minifi::Configure::nifi_remote_input_secure, secureStr) && minifi::utils::string::toBool(secureStr).value_or(false)) { - secure_context = std::make_shared<minifi::controllers::SSLContextService>("ControllerSocketProtocolSSL", configuration); - secure_context->onEnable(); - } - } else { + std::string secure_str; + if (configuration->get(minifi::Configure::nifi_remote_input_secure, secure_str) && minifi::utils::string::toBool(secure_str).value_or(false)) { + secure_context = std::make_shared<minifi::controllers::SSLContextService>("ControllerSocketProtocolSSL", configuration); secure_context->onEnable(); } + return secure_context; } diff --git a/controller/tests/ControllerTests.cpp b/controller/tests/ControllerTests.cpp index 38f405f9c..778062d42 100644 --- a/controller/tests/ControllerTests.cpp +++ b/controller/tests/ControllerTests.cpp @@ -212,40 +212,10 @@ class TestControllerSocketReporter : public c2::ControllerSocketReporter { } }; -class TestControllerServiceProvider : public core::controller::ControllerServiceProviderImpl { - public: - explicit TestControllerServiceProvider(std::shared_ptr<controllers::SSLContextServiceInterface> ssl_context_service) - : core::controller::ControllerServiceProviderImpl("TestControllerServiceProvider"), - ssl_context_service_(std::move(ssl_context_service)) { - } - std::shared_ptr<core::controller::ControllerService> getControllerService(const std::string&) const override { - return is_ssl_ ? ssl_context_service_ : nullptr; - } - - std::shared_ptr<core::controller::ControllerServiceNode> createControllerService(const std::string&, const std::string&) override { - return nullptr; - } - void clearControllerServices() override { - } - void enableAllControllerServices() override { - } - void disableAllControllerServices() override { - } - - void setSsl() { - is_ssl_ = true; - } - - private: - bool is_ssl_{}; - std::shared_ptr<controllers::SSLContextServiceInterface> ssl_context_service_; -}; - class ControllerTestFixture { public: enum class ConnectionType { UNSECURE, - SSL_FROM_SERVICE_PROVIDER, SSL_FROM_CONFIGURATION }; @@ -259,10 +229,8 @@ class ControllerTestFixture { configuration_->set(minifi::Configure::nifi_security_client_private_key, (minifi::utils::file::FileUtils::get_executable_dir() / "resources" / "minifi-cpp-flow.key").string()); configuration_->set(minifi::Configure::nifi_security_client_pass_phrase, "abcdefgh"); configuration_->set(minifi::Configure::nifi_security_client_ca_certificate, (minifi::utils::file::FileUtils::get_executable_dir() / "resources" / "root-ca.pem").string()); - configuration_->set(minifi::Configure::controller_ssl_context_service, "SSLContextService"); ssl_context_service_ = std::make_shared<controllers::SSLContextService>("SSLContextService", configuration_); ssl_context_service_->onEnable(); - controller_service_provider_ = std::make_unique<TestControllerServiceProvider>(ssl_context_service_); controller_socket_data_.host = "localhost"; controller_socket_data_.port = 9997; } @@ -271,10 +239,7 @@ class ControllerTestFixture { if (connection_type_ == ConnectionType::SSL_FROM_CONFIGURATION) { configuration_->set(minifi::Configure::nifi_remote_input_secure, "true"); } - controller_socket_protocol_ = std::make_unique<minifi::c2::ControllerSocketProtocol>(*controller_service_provider_, *update_sink_, configuration_, reporter); - if (connection_type_ == ConnectionType::SSL_FROM_SERVICE_PROVIDER) { - controller_service_provider_->setSsl(); - } + controller_socket_protocol_ = std::make_unique<minifi::c2::ControllerSocketProtocol>(*update_sink_, configuration_, reporter); controller_socket_protocol_->initialize(); } @@ -294,15 +259,11 @@ class ControllerTestFixture { std::unique_ptr<TestUpdateSink> update_sink_; std::unique_ptr<minifi::c2::ControllerSocketProtocol> controller_socket_protocol_; std::shared_ptr<controllers::SSLContextServiceInterface> ssl_context_service_; - std::unique_ptr<TestControllerServiceProvider> controller_service_provider_; + minifi::utils::net::SocketData controller_socket_data_; }; TEST_CASE_METHOD(ControllerTestFixture, "Test listComponents", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -329,10 +290,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "Test listComponents", "[controllerTests } TEST_CASE_METHOD(ControllerTestFixture, "TestClear", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -356,10 +313,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "TestClear", "[controllerTests]") { } TEST_CASE_METHOD(ControllerTestFixture, "TestUpdate", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -382,10 +335,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "TestUpdate", "[controllerTests]") { } TEST_CASE_METHOD(ControllerTestFixture, "Test connection getters on empty flow", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -422,10 +371,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "Test connection getters on empty flow", } TEST_CASE_METHOD(ControllerTestFixture, "Test connection getters", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -476,10 +421,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "Test connection getters", "[controllerT } TEST_CASE_METHOD(ControllerTestFixture, "Test manifest getter", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -499,10 +440,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "Test manifest getter", "[controllerTest } TEST_CASE_METHOD(ControllerTestFixture, "Test jstack getter", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -527,10 +464,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "Test jstack getter", "[controllerTests] } TEST_CASE_METHOD(ControllerTestFixture, "Test debug bundle getter", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } @@ -581,10 +514,6 @@ TEST_CASE_METHOD(ControllerTestFixture, "Debug bundle retrieval fails if target } TEST_CASE_METHOD(ControllerTestFixture, "Test flow status getter", "[controllerTests]") { - SECTION("With SSL from service provider") { - setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_SERVICE_PROVIDER); - } - SECTION("With SSL from properties") { setConnectionType(ControllerTestFixture::ConnectionType::SSL_FROM_CONFIGURATION); } diff --git a/core-framework/include/http/BaseHTTPClient.h b/core-framework/include/http/BaseHTTPClient.h index a3389571a..ad22ce950 100644 --- a/core-framework/include/http/BaseHTTPClient.h +++ b/core-framework/include/http/BaseHTTPClient.h @@ -29,6 +29,31 @@ #include "utils/ByteArrayCallback.h" #include "utils/gsl.h" +namespace org::apache::nifi::minifi::http { +enum class HttpRequestMethod { + Get, Post, Put, Patch, Delete, Connect, Head, Options, Trace +}; +} // namespace org::apache::nifi::minifi::http + +namespace magic_enum::customize { +using HttpRequestMethod = org::apache::nifi::minifi::http::HttpRequestMethod; +template<> +constexpr customize_t enum_name<HttpRequestMethod>(HttpRequestMethod type) noexcept { + switch (type) { + case HttpRequestMethod::Get: return "GET"; + case HttpRequestMethod::Post: return "POST"; + case HttpRequestMethod::Put: return "PUT"; + case HttpRequestMethod::Patch: return "PATCH"; + case HttpRequestMethod::Delete: return "DELETE"; + case HttpRequestMethod::Connect: return "CONNECT"; + case HttpRequestMethod::Head: return "HEAD"; + case HttpRequestMethod::Options: return "OPTIONS"; + case HttpRequestMethod::Trace: return "TRACE"; + } + return invalid_tag; +} +} // namespace magic_enum::customize + namespace org::apache::nifi::minifi::http { struct HTTPProxy { @@ -177,12 +202,6 @@ namespace HTTPRequestResponse { int seek_callback(void *p, int64_t offset, int); } -#undef DELETE // this is a macro in winnt.h - -enum class HttpRequestMethod { - GET, POST, PUT, PATCH, DELETE, CONNECT, HEAD, OPTIONS, TRACE -}; - class BaseHTTPClient { public: BaseHTTPClient() = default; diff --git a/core-framework/src/http/BaseHTTPClient.cpp b/core-framework/src/http/BaseHTTPClient.cpp index 10b55fb50..b0ce9d382 100644 --- a/core-framework/src/http/BaseHTTPClient.cpp +++ b/core-framework/src/http/BaseHTTPClient.cpp @@ -66,7 +66,7 @@ std::string get_token(BaseHTTPClient* client, const std::string& username, const client->setContentType("application/x-www-form-urlencoded"); - client->set_request_method(HttpRequestMethod::POST); + client->set_request_method(HttpRequestMethod::Post); std::string payload = "username=" + username + "&" + "password=" + password; @@ -110,7 +110,7 @@ URL::URL(const std::string& url_input) { std::string::const_iterator end_of_port = std::find_first_of(current_pos, url_input.end(), std::begin(PORT_TERMINATORS), std::end(PORT_TERMINATORS)); const auto port_number = parsePortNumber(std::string{current_pos, end_of_port}); if (port_number) { - port_ = *port_number; + port_ = port_number; } else { logger_->log_error("Could not parse the port number in URL '{}'", url_input); return; @@ -226,8 +226,7 @@ size_t HTTPUploadByteArrayInputCallback::getDataChunk(char *data, size_t size) { if (ptr == nullptr) { return 0; } - if (len > size) - len = size; + len = std::min(len, size); memcpy(data, ptr, len); pos += len; seek(pos); diff --git a/core-framework/src/http/HTTPClient.cpp b/core-framework/src/http/HTTPClient.cpp index a689d8e3d..cc879f58a 100644 --- a/core-framework/src/http/HTTPClient.cpp +++ b/core-framework/src/http/HTTPClient.cpp @@ -255,7 +255,7 @@ void HTTPClient::setReadCallback(std::unique_ptr<HTTPReadCallback> callback) { void HTTPClient::setUploadCallback(std::unique_ptr<HTTPUploadCallback> callback) { logger_->log_debug("Setting callback for {}", url_); write_callback_ = std::move(callback); - if (method_ == http::HttpRequestMethod::PUT) { + if (method_ == http::HttpRequestMethod::Put) { curl_easy_setopt(http_session_.get(), CURLOPT_INFILESIZE_LARGE, (curl_off_t) write_callback_->size()); } curl_easy_setopt(http_session_.get(), CURLOPT_READFUNCTION, &HTTPRequestResponse::send_write); @@ -412,19 +412,19 @@ void HTTPClient::set_request_method(http::HttpRequestMethod method) { return; method_ = method; switch (*method_) { - case http::HttpRequestMethod::POST: + case http::HttpRequestMethod::Post: curl_easy_setopt(http_session_.get(), CURLOPT_POST, 1L); curl_easy_setopt(http_session_.get(), CURLOPT_CUSTOMREQUEST, nullptr); break; - case http::HttpRequestMethod::HEAD: + case http::HttpRequestMethod::Head: curl_easy_setopt(http_session_.get(), CURLOPT_NOBODY, 1L); curl_easy_setopt(http_session_.get(), CURLOPT_CUSTOMREQUEST, nullptr); break; - case http::HttpRequestMethod::GET: + case http::HttpRequestMethod::Get: curl_easy_setopt(http_session_.get(), CURLOPT_HTTPGET, 1L); curl_easy_setopt(http_session_.get(), CURLOPT_CUSTOMREQUEST, nullptr); break; - case http::HttpRequestMethod::PUT: + case http::HttpRequestMethod::Put: curl_easy_setopt(http_session_.get(), CURLOPT_UPLOAD, 1L); curl_easy_setopt(http_session_.get(), CURLOPT_CUSTOMREQUEST, nullptr); break; diff --git a/docker/test/integration/cluster/containers/MinifiContainer.py b/docker/test/integration/cluster/containers/MinifiContainer.py index dbbdc2143..387a3bd0d 100644 --- a/docker/test/integration/cluster/containers/MinifiContainer.py +++ b/docker/test/integration/cluster/containers/MinifiContainer.py @@ -149,7 +149,6 @@ class MinifiContainer(FlowContainer): f.write("nifi.c2.enable=true\n") f.write(f"nifi.c2.rest.url=https://minifi-c2-server-{self.feature_context.id}:10090/c2/config/heartbeat\n";) f.write(f"nifi.c2.rest.url.ack=https://minifi-c2-server-{self.feature_context.id}:10090/c2/config/acknowledge\n";) - f.write("nifi.c2.rest.ssl.context.service=SSLContextService\n") f.write(f"nifi.c2.flow.base.url=https://minifi-c2-server-{self.feature_context.id}:10090/c2/config/\n";) f.write("nifi.c2.root.classes=DeviceInfoNode,AgentInformation,FlowInformation,AssetInformation\n") f.write("nifi.c2.full.heartbeat=false\n") diff --git a/docker/test/integration/features/minifi_c2_server.feature b/docker/test/integration/features/minifi_c2_server.feature index ff6640deb..2bbffc9f4 100644 --- a/docker/test/integration/features/minifi_c2_server.feature +++ b/docker/test/integration/features/minifi_c2_server.feature @@ -29,14 +29,6 @@ Feature: MiNiFi can communicate with Apache NiFi MiNiFi C2 server And a flowfile with the content "test" is placed in the monitored directory in less than 10 seconds And the Minifi logs do not contain the following message: "Failed to parse json response: The document is empty. at 0" after 0 seconds - Scenario: MiNiFi flow config is updated from MiNiFi C2 server through SSL with SSL controller service - Given a file with the content "test" is present in "/tmp/input" - And a ssl context service is set up for MiNiFi C2 server - And a MiNiFi C2 server is set up with SSL - When all instances start up - Then the MiNiFi C2 SSL server logs contain the following message: "acknowledged with a state of FULLY_APPLIED(DONE)" in less than 60 seconds - And a flowfile with the content "test" is placed in the monitored directory in less than 10 seconds - Scenario: MiNiFi can get flow config from C2 server through flow url when it is not available at start Given flow configuration path is set up in flow url property And C2 is enabled in MiNiFi diff --git a/docker/test/integration/features/steps/steps.py b/docker/test/integration/features/steps/steps.py index a0b1b532f..129d8df57 100644 --- a/docker/test/integration/features/steps/steps.py +++ b/docker/test/integration/features/steps/steps.py @@ -1009,18 +1009,6 @@ def step_impl(context, doc_id, index, value, field): # MiNiFi C2 Server -@given("a ssl context service is set up for MiNiFi C2 server") -def step_impl(context): - minifi_crt_file = '/tmp/resources/minifi_client.crt' - minifi_key_file = '/tmp/resources/minifi_client.key' - root_ca_crt_file = '/tmp/resources/root_ca.crt' - ssl_context_service = SSLContextService(cert=minifi_crt_file, ca_cert=root_ca_crt_file, key=minifi_key_file) - ssl_context_service.name = "SSLContextService" - container = context.test.acquire_container(context=context, name="minifi-cpp-flow") - container.add_controller(ssl_context_service) - context.test.enable_c2_with_ssl_in_minifi() - - @given("ssl properties are set up for MiNiFi C2 server") def step_impl(context): context.test.enable_c2_with_ssl_in_minifi() diff --git a/encrypt-config/tests/ConfigFileEncryptorTests.cpp b/encrypt-config/tests/ConfigFileEncryptorTests.cpp index f0bd32e0b..4cdebb0bb 100644 --- a/encrypt-config/tests/ConfigFileEncryptorTests.cpp +++ b/encrypt-config/tests/ConfigFileEncryptorTests.cpp @@ -77,7 +77,7 @@ TEST_CASE("ConfigFileEncryptor can encrypt the sensitive properties", "[encrypt- uint32_t initial_num_properties_encrypted = encryptSensitivePropertiesInFile(test_file, KEY); REQUIRE(initial_num_properties_encrypted == 1); - REQUIRE(test_file.size() == 110); + REQUIRE(test_file.size() == 109); REQUIRE(check_encryption(test_file, Configuration::nifi_rest_api_password, original_password.length())); SECTION("calling encryptSensitiveValuesInMinifiProperties a second time does nothing") { diff --git a/encrypt-config/tests/ConfigFileTests.cpp b/encrypt-config/tests/ConfigFileTests.cpp index 4f1c5f1f2..9df4b5762 100644 --- a/encrypt-config/tests/ConfigFileTests.cpp +++ b/encrypt-config/tests/ConfigFileTests.cpp @@ -90,7 +90,7 @@ TEST_CASE("ConfigFile creates an empty object from a nonexistent file", "[encryp TEST_CASE("ConfigFile can parse a simple config file", "[encrypt-config][constructor]") { ConfigFile test_file{std::ifstream{"resources/minifi.properties"}}; - REQUIRE(test_file.size() == 109); + REQUIRE(test_file.size() == 108); } TEST_CASE("ConfigFile can test whether a key is present", "[encrypt-config][hasValue]") { @@ -102,7 +102,7 @@ TEST_CASE("ConfigFile can test whether a key is present", "[encrypt-config][hasV TEST_CASE("ConfigFile can read empty properties correctly", "[encrypt-config][constructor]") { ConfigFile test_file{std::ifstream{"resources/with-additional-sensitive-props.minifi.properties"}}; - REQUIRE(test_file.size() == 105); + REQUIRE(test_file.size() == 104); auto empty_property = test_file.getValue(Configuration::nifi_security_need_ClientAuth); REQUIRE(empty_property); @@ -143,7 +143,7 @@ TEST_CASE("ConfigFile can add a new setting after an existing setting", "[encryp SECTION("valid key") { test_file.insertAfter(Configuration::nifi_rest_api_password, "nifi.rest.api.password.protected", "my-cipher-name"); - REQUIRE(test_file.size() == 110); + REQUIRE(test_file.size() == 109); REQUIRE(test_file.getValue("nifi.rest.api.password.protected") == "my-cipher-name"); } @@ -158,7 +158,7 @@ TEST_CASE("ConfigFile can add a new setting at the end", "[encrypt-config][appen const std::string KEY = "nifi.bootstrap.sensitive.key"; const std::string VALUE = "aa411f289c91685ef9d5a9e5a4fad9393ff4c7a78ab978484323488caed7a9ab"; test_file.append(KEY, VALUE); - REQUIRE(test_file.size() == 110); + REQUIRE(test_file.size() == 109); REQUIRE(test_file.getValue(KEY) == std::make_optional(VALUE)); } diff --git a/encrypt-config/tests/resources/minifi.properties b/encrypt-config/tests/resources/minifi.properties index 898f23435..107aee455 100644 --- a/encrypt-config/tests/resources/minifi.properties +++ b/encrypt-config/tests/resources/minifi.properties @@ -81,7 +81,6 @@ nifi.c2.agent.identifier=EncryptConfigTester-001 #controller.socket.host=localhost #controller.socket.port=9998 #controller.socket.local.any.interface=false -#controller.ssl.context.service=SSLContextService ## specify the destination of c2 directed assets #nifi.asset.directory=${MINIFI_HOME}/asset diff --git a/encrypt-config/tests/resources/with-additional-sensitive-props.minifi.properties b/encrypt-config/tests/resources/with-additional-sensitive-props.minifi.properties index 8f468b2c8..c270aef68 100644 --- a/encrypt-config/tests/resources/with-additional-sensitive-props.minifi.properties +++ b/encrypt-config/tests/resources/with-additional-sensitive-props.minifi.properties @@ -83,7 +83,6 @@ nifi.c2.agent.identifier=EncryptConfigTester-001 #controller.socket.host=localhost #controller.socket.port=9998 #controller.socket.local.any.interface=false -#controller.ssl.context.service=SSLContextService # must be comma separated nifi.c2.flow.id= diff --git a/extensions/aws/tests/MultipartUploadStateStorageTest.cpp b/extensions/aws/tests/MultipartUploadStateStorageTest.cpp index 348e42a59..9e15f63e3 100644 --- a/extensions/aws/tests/MultipartUploadStateStorageTest.cpp +++ b/extensions/aws/tests/MultipartUploadStateStorageTest.cpp @@ -32,7 +32,7 @@ class MultipartUploadStateStorageTestFixture { MultipartUploadStateStorageTestFixture() { LogTestController::getInstance().setDebug<minifi::aws::s3::MultipartUploadStateStorage>(); state_storage_ = std::make_unique<minifi::controllers::VolatileMapStateStorage>("KeyValueStateStorage"); - state_manager_ = std::make_unique<minifi::controllers::KeyValueStateManager>(utils::IdGenerator::getIdGenerator()->generate(), gsl::make_not_null(state_storage_.get())); + state_manager_ = std::make_unique<minifi::controllers::KeyValueStateManager>(minifi::utils::IdGenerator::getIdGenerator()->generate(), gsl::make_not_null(state_storage_.get())); upload_storage_ = std::make_unique<minifi::aws::s3::MultipartUploadStateStorage>(gsl::make_not_null(state_manager_.get())); } diff --git a/extensions/civetweb/tests/ListenHTTPTests.cpp b/extensions/civetweb/tests/ListenHTTPTests.cpp index 0e0b439d2..0f4f80ec8 100644 --- a/extensions/civetweb/tests/ListenHTTPTests.cpp +++ b/extensions/civetweb/tests/ListenHTTPTests.cpp @@ -165,7 +165,7 @@ class ListenHTTPTestsFixture { } void check_response_body(minifi::http::HTTPClient& client) { - if (client.getMethod() != HttpRequestMethod::GET && client.getMethod() != HttpRequestMethod::POST) { + if (client.getMethod() != HttpRequestMethod::Get && client.getMethod() != HttpRequestMethod::Post) { return; } @@ -230,7 +230,7 @@ class ListenHTTPTestsFixture { thread.join(); } - if (expected_committed_requests > 0 && (method == HttpRequestMethod::GET || method == HttpRequestMethod::POST)) { + if (expected_committed_requests > 0 && (method == HttpRequestMethod::Get || method == HttpRequestMethod::Post)) { REQUIRE(LogTestController::getInstance().contains("Size:" + std::to_string(payload.size()) + " Offset:0")); } REQUIRE(LogTestController::getInstance().contains("Logged " + std::to_string(expected_committed_requests) + " flow files")); @@ -243,7 +243,7 @@ class ListenHTTPTestsFixture { for (const auto &header : headers) { client->setRequestHeader(header.first, header.second); } - if (method == HttpRequestMethod::POST) { + if (method == HttpRequestMethod::Post) { client->setPostFields(payload); } return client; @@ -259,7 +259,7 @@ class ListenHTTPTestsFixture { core::Processor* log_attribute = nullptr; std::shared_ptr<minifi::controllers::SSLContextServiceInterface> ssl_context_service; - HttpRequestMethod method = HttpRequestMethod::GET; + HttpRequestMethod method = HttpRequestMethod::Get; std::map<std::string, std::string> headers; std::string payload; std::string endpoint = "test"; @@ -283,7 +283,7 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP GET", "[basic]") { TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP POST", "[basic]") { run_server(); - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; test_connect(); @@ -292,7 +292,7 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP POST", "[basic]") { TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP PUT", "[basic]") { run_server(); - method = HttpRequestMethod::PUT; + method = HttpRequestMethod::Put; test_connect({HttpResponseExpectations{true, 405}}, 0); } @@ -300,7 +300,7 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP PUT", "[basic]") { TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP DELETE", "[basic]") { run_server(); - method = HttpRequestMethod::DELETE; + method = HttpRequestMethod::Delete; test_connect({HttpResponseExpectations{true, 405}}, 0); } @@ -308,7 +308,7 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP DELETE", "[basic]") { TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP HEAD", "[basic]") { run_server(); - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; test_connect({HttpResponseExpectations{}}, 0); } @@ -318,18 +318,18 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP no body", "[basic]") { SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } run_server(); - const std::size_t expected_committed_requests = (method == HttpRequestMethod::POST || method == HttpRequestMethod::GET) ? 1 : 0; + const std::size_t expected_committed_requests = (method == HttpRequestMethod::Post || method == HttpRequestMethod::Get) ? 1 : 0; test_connect({HttpResponseExpectations{}}, expected_committed_requests); } @@ -337,18 +337,18 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP body with different mime type", " plan->setDynamicProperty(update_attribute, "mime.type", "text/plain"); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } run_server(); - const std::size_t expected_committed_requests = (method == HttpRequestMethod::POST || method == HttpRequestMethod::GET) ? 1 : 0; + const std::size_t expected_committed_requests = (method == HttpRequestMethod::Post || method == HttpRequestMethod::Get) ? 1 : 0; test_connect({HttpResponseExpectations{}}, expected_committed_requests); } @@ -359,10 +359,10 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP all headers", "[basic][headers]") {"bar", "2"}}; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } @@ -380,10 +380,10 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP filtered headers", "[headers]") { {"bar", "2"}}; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } @@ -412,10 +412,10 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP Batch tests", "[batch]") { expected_processed_request_count = 5; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } } @@ -426,10 +426,10 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP Batch tests", "[batch]") { expected_processed_request_count = 4; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } } @@ -441,10 +441,10 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTP Batch tests", "[batch]") { expected_processed_request_count = 3; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } } @@ -459,18 +459,18 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS without CA", "[basic][https]") { create_ssl_context_service("goodCA.crt", nullptr); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } run_server(); - const std::size_t expected_committed_requests = (method == HttpRequestMethod::POST || method == HttpRequestMethod::GET) ? 1 : 0; + const std::size_t expected_committed_requests = (method == HttpRequestMethod::Post || method == HttpRequestMethod::Get) ? 1 : 0; test_connect({HttpResponseExpectations{}}, expected_committed_requests); } @@ -482,18 +482,18 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS without client cert", "[basic][h create_ssl_context_service("goodCA.crt", nullptr); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } run_server(); - const std::size_t expected_committed_requests = (method == HttpRequestMethod::POST || method == HttpRequestMethod::GET) ? 1 : 0; + const std::size_t expected_committed_requests = (method == HttpRequestMethod::Post || method == HttpRequestMethod::Get) ? 1 : 0; test_connect({HttpResponseExpectations{}}, expected_committed_requests); } @@ -506,18 +506,18 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS with client cert from good CA", create_ssl_context_service("goodCA.crt", "goodCA_goodClient.pem"); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } run_server(); - const std::size_t expected_committed_requests = (method == HttpRequestMethod::POST || method == HttpRequestMethod::GET) ? 1 : 0; + const std::size_t expected_committed_requests = (method == HttpRequestMethod::Post || method == HttpRequestMethod::Get) ? 1 : 0; test_connect({HttpResponseExpectations{}}, expected_committed_requests); } @@ -530,18 +530,18 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS with PKCS12 client cert from goo create_ssl_context_service("goodCA.crt", "goodCA_goodClient.p12"); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } run_server(); - const std::size_t expected_committed_requests = (method == HttpRequestMethod::POST || method == HttpRequestMethod::GET) ? 1 : 0; + const std::size_t expected_committed_requests = (method == HttpRequestMethod::Post || method == HttpRequestMethod::Get) ? 1 : 0; test_connect({HttpResponseExpectations{}}, expected_committed_requests); } @@ -558,14 +558,14 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS with client cert from bad CA", " plan->setProperty(listen_http, minifi::processors::ListenHTTP::SSLVerifyPeer, "yes"); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } } SECTION("do not verify peer") { @@ -573,16 +573,16 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS with client cert from bad CA", " response_code = 200; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; expected_committed_requests = 1; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; expected_committed_requests = 1; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } } @@ -602,18 +602,18 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS with client cert with matching D create_ssl_context_service("goodCA.crt", "goodCA_goodClient.pem"); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } run_server(); - const std::size_t expected_committed_requests = (method == HttpRequestMethod::POST || method == HttpRequestMethod::GET) ? 1 : 0; + const std::size_t expected_committed_requests = (method == HttpRequestMethod::Post || method == HttpRequestMethod::Get) ? 1 : 0; test_connect({HttpResponseExpectations{}}, expected_committed_requests); } @@ -630,30 +630,30 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS with client cert with non-matchi response_code = 403; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } } SECTION("do not verify peer") { response_code = 200; SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; expected_committed_requests = 1; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; expected_committed_requests = 1; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } } @@ -669,14 +669,14 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS minimum SSL version", "[https]") plan->setProperty(listen_http, minifi::processors::ListenHTTP::SSLCertificateAuthority, (executable_dir / "resources" / "goodCA.crt").string()); SECTION("GET") { - method = HttpRequestMethod::GET; + method = HttpRequestMethod::Get; } SECTION("POST") { - method = HttpRequestMethod::POST; + method = HttpRequestMethod::Post; payload = "Test payload"; } SECTION("HEAD") { - method = HttpRequestMethod::HEAD; + method = HttpRequestMethod::Head; } create_ssl_context_service("goodCA.crt", "goodCA_goodClient.pem"); @@ -686,7 +686,7 @@ TEST_CASE_METHOD(ListenHTTPTestsFixture, "HTTPS minimum SSL version", "[https]") auto client = std::make_unique<minifi::http::HTTPClient>(); client->setVerbose(false); client->initialize(method, url, ssl_context_service); - if (method == HttpRequestMethod::POST) { + if (method == HttpRequestMethod::Post) { client->setPostFields(payload); } REQUIRE(client->setSpecificSSLVersion(minifi::http::SSLVersion::TLSv1_1)); diff --git a/extensions/elasticsearch/PostElasticsearch.cpp b/extensions/elasticsearch/PostElasticsearch.cpp index ca6e1c747..8424ba35a 100644 --- a/extensions/elasticsearch/PostElasticsearch.cpp +++ b/extensions/elasticsearch/PostElasticsearch.cpp @@ -56,7 +56,7 @@ void PostElasticsearch::onSchedule(core::ProcessContext& context, core::ProcessS throw Exception(PROCESS_SCHEDULE_EXCEPTION, "Missing Elasticsearch credentials service"); auto ssl_context_service = utils::parseOptionalControllerService<minifi::controllers::SSLContextServiceInterface>(context, PostElasticsearch::SSLContext, getUUID()); - client_.initialize(http::HttpRequestMethod::POST, host_url_ + "/_bulk", ssl_context_service); + client_.initialize(http::HttpRequestMethod::Post, host_url_ + "/_bulk", ssl_context_service); client_.setContentType("application/json"); credentials_service_->authenticateClient(client_); } diff --git a/extensions/grafana-loki/PushGrafanaLokiREST.cpp b/extensions/grafana-loki/PushGrafanaLokiREST.cpp index 1feb11d9c..8b421dbb7 100644 --- a/extensions/grafana-loki/PushGrafanaLokiREST.cpp +++ b/extensions/grafana-loki/PushGrafanaLokiREST.cpp @@ -83,7 +83,7 @@ void PushGrafanaLokiREST::initializeHttpClient(core::ProcessContext& context) { } logger_->log_debug("PushGrafanaLokiREST push url is set to: {}", url); auto ssl_context_service = utils::parseOptionalControllerService<minifi::controllers::SSLContextServiceInterface>(context, PushGrafanaLoki::SSLContextService, getUUID()); - client_.initialize(http::HttpRequestMethod::POST, url, ssl_context_service); + client_.initialize(http::HttpRequestMethod::Post, url, ssl_context_service); } void PushGrafanaLokiREST::onSchedule(core::ProcessContext& context, core::ProcessSessionFactory& session_factory) { diff --git a/extensions/smb/tests/SmbConnectionControllerServiceTests.cpp b/extensions/smb/tests/SmbConnectionControllerServiceTests.cpp index 217122fa3..557810e6c 100644 --- a/extensions/smb/tests/SmbConnectionControllerServiceTests.cpp +++ b/extensions/smb/tests/SmbConnectionControllerServiceTests.cpp @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - #include "unit/TestBase.h" #include "unit/Catch.h" #include "SmbConnectionControllerService.h" diff --git a/extensions/splunk/SplunkHECProcessor.cpp b/extensions/splunk/SplunkHECProcessor.cpp index eae24f31b..4427668aa 100644 --- a/extensions/splunk/SplunkHECProcessor.cpp +++ b/extensions/splunk/SplunkHECProcessor.cpp @@ -41,7 +41,7 @@ std::string SplunkHECProcessor::getNetworkLocation() const { } void SplunkHECProcessor::initializeClient(http::HTTPClient& client, const std::string &url, std::shared_ptr<minifi::controllers::SSLContextServiceInterface> ssl_context_service) const { - client.initialize(http::HttpRequestMethod::POST, url, std::move(ssl_context_service)); + client.initialize(http::HttpRequestMethod::Post, url, std::move(ssl_context_service)); client.setRequestHeader("Authorization", token_); client.setRequestHeader("X-Splunk-Request-Channel", request_channel_); } diff --git a/extensions/standard-processors/processors/InvokeHTTP.cpp b/extensions/standard-processors/processors/InvokeHTTP.cpp index 7ca018fd4..1e037730d 100644 --- a/extensions/standard-processors/processors/InvokeHTTP.cpp +++ b/extensions/standard-processors/processors/InvokeHTTP.cpp @@ -200,7 +200,7 @@ void InvokeHTTP::onSchedule(core::ProcessContext& context, core::ProcessSessionF } bool InvokeHTTP::shouldEmitFlowFile() const { - return (http::HttpRequestMethod::POST == method_ || http::HttpRequestMethod::PUT == method_ || http::HttpRequestMethod::PATCH == method_); + return (http::HttpRequestMethod::Post == method_ || http::HttpRequestMethod::Put == method_ || http::HttpRequestMethod::Patch == method_); } /** diff --git a/extensions/standard-processors/processors/InvokeHTTP.h b/extensions/standard-processors/processors/InvokeHTTP.h index 744f9781f..cec9a2fd3 100644 --- a/extensions/standard-processors/processors/InvokeHTTP.h +++ b/extensions/standard-processors/processors/InvokeHTTP.h @@ -139,7 +139,7 @@ class InvokeHTTP : public core::ProcessorImpl { EXTENSIONAPI static constexpr auto Method = core::PropertyDefinitionBuilder<magic_enum::enum_count<http::HttpRequestMethod>()>::createProperty("HTTP Method") .withDescription("HTTP request method. Methods other than POST, PUT and PATCH will be sent without a message body.") .withAllowedValues(magic_enum::enum_names<http::HttpRequestMethod>()) - .withDefaultValue(magic_enum::enum_name(http::HttpRequestMethod::GET)) + .withDefaultValue(magic_enum::enum_name(http::HttpRequestMethod::Get)) .build(); EXTENSIONAPI static constexpr auto URL = core::PropertyDefinitionBuilder<>::createProperty("Remote URL") .withDescription("Remote URL which will be connected to, including scheme, host, port, path.") diff --git a/extensions/standard-processors/tests/unit/HttpClientStoreTests.cpp b/extensions/standard-processors/tests/unit/HttpClientStoreTests.cpp index c3bc7f985..7ecb0433c 100644 --- a/extensions/standard-processors/tests/unit/HttpClientStoreTests.cpp +++ b/extensions/standard-processors/tests/unit/HttpClientStoreTests.cpp @@ -44,7 +44,7 @@ class HttpClientStoreTestAccessor { TEST_CASE("HttpClientStore can create new client for a url and is returned after it's not used anymore") { minifi::processors::invoke_http::HttpClientStore store(2, [](const std::string& url) { auto client = std::make_unique<minifi::http::HTTPClient>(); - client->initialize(minifi::http::HttpRequestMethod::GET, url, nullptr); + client->initialize(minifi::http::HttpRequestMethod::Get, url, nullptr); return gsl::make_not_null(std::move(client)); }); REQUIRE(HttpClientStoreTestAccessor::getMaxSize(store) == 2); @@ -65,7 +65,7 @@ TEST_CASE("HttpClientStore can create new client for a url and is returned after TEST_CASE("A http client can be reused") { minifi::processors::invoke_http::HttpClientStore store(2, [](const std::string& url) { auto client = std::make_unique<minifi::http::HTTPClient>(); - client->initialize(minifi::http::HttpRequestMethod::GET, url, nullptr); + client->initialize(minifi::http::HttpRequestMethod::Get, url, nullptr); return gsl::make_not_null(std::move(client)); }); minifi::http::HTTPClient* client_ptr = nullptr; @@ -89,7 +89,7 @@ TEST_CASE("A http client can be reused") { TEST_CASE("A new url always creates a new client") { minifi::processors::invoke_http::HttpClientStore store(3, [](const std::string& url) { auto client = std::make_unique<minifi::http::HTTPClient>(); - client->initialize(minifi::http::HttpRequestMethod::GET, url, nullptr); + client->initialize(minifi::http::HttpRequestMethod::Get, url, nullptr); return gsl::make_not_null(std::move(client)); }); const auto& used_clients = HttpClientStoreTestAccessor::getUsedClients(store); @@ -114,7 +114,7 @@ TEST_CASE("A new url always creates a new client") { TEST_CASE("If a store is full, the first unused client is replaced by the newly requested one") { minifi::processors::invoke_http::HttpClientStore store(3, [](const std::string& url) { auto client = std::make_unique<minifi::http::HTTPClient>(); - client->initialize(minifi::http::HttpRequestMethod::GET, url, nullptr); + client->initialize(minifi::http::HttpRequestMethod::Get, url, nullptr); return gsl::make_not_null(std::move(client)); }); const auto& used_clients = HttpClientStoreTestAccessor::getUsedClients(store); @@ -148,7 +148,7 @@ TEST_CASE("If a store is full, the first unused client is replaced by the newly TEST_CASE("Multiple unused clients are present the oldest one is replaced") { minifi::processors::invoke_http::HttpClientStore store(4, [](const std::string& url) { auto client = std::make_unique<minifi::http::HTTPClient>(); - client->initialize(minifi::http::HttpRequestMethod::GET, url, nullptr); + client->initialize(minifi::http::HttpRequestMethod::Get, url, nullptr); return gsl::make_not_null(std::move(client)); }); const auto& used_clients = HttpClientStoreTestAccessor::getUsedClients(store); @@ -185,7 +185,7 @@ TEST_CASE("Multiple unused clients are present the oldest one is replaced") { TEST_CASE("If all clients are in use, the call will block until a client is returned") { minifi::processors::invoke_http::HttpClientStore store(2, [](const std::string& url) { auto client = std::make_unique<minifi::http::HTTPClient>(); - client->initialize(minifi::http::HttpRequestMethod::GET, url, nullptr); + client->initialize(minifi::http::HttpRequestMethod::Get, url, nullptr); return gsl::make_not_null(std::move(client)); }); bool client2_created{false}; diff --git a/libminifi/include/c2/ControllerSocketProtocol.h b/libminifi/include/c2/ControllerSocketProtocol.h index a1644d380..abb15cb31 100644 --- a/libminifi/include/c2/ControllerSocketProtocol.h +++ b/libminifi/include/c2/ControllerSocketProtocol.h @@ -42,8 +42,7 @@ namespace org::apache::nifi::minifi::c2 { */ class ControllerSocketProtocol { public: - ControllerSocketProtocol(core::controller::ControllerServiceProvider& controller, state::StateMonitor& update_sink, - std::shared_ptr<Configure> configuration, const std::shared_ptr<ControllerSocketReporter>& controller_socket_reporter); + ControllerSocketProtocol(state::StateMonitor& update_sink, std::shared_ptr<Configure> configuration, const std::shared_ptr<ControllerSocketReporter>& controller_socket_reporter); ~ControllerSocketProtocol(); void initialize(); void setRoot(core::ProcessGroup* root); @@ -70,7 +69,6 @@ class ControllerSocketProtocol { asio::awaitable<void> startAcceptSsl(std::shared_ptr<minifi::controllers::SSLContextServiceInterface> ssl_context_service); void stopListener(); - core::controller::ControllerServiceProvider& controller_; state::StateMonitor& update_sink_; asio::io_context io_context_; diff --git a/libminifi/include/core/logging/LoggerConfiguration.h b/libminifi/include/core/logging/LoggerConfiguration.h index ffe5b64ea..4b4d6eb63 100644 --- a/libminifi/include/core/logging/LoggerConfiguration.h +++ b/libminifi/include/core/logging/LoggerConfiguration.h @@ -100,7 +100,7 @@ class LoggerConfiguration { return getCompressedLogs(std::chrono::milliseconds{0}); } - void initializeAlertSinks(core::controller::ControllerServiceProvider* controller, const std::shared_ptr<AgentIdentificationProvider>& agent_id); + void initializeAlertSinks(const std::shared_ptr<Configure>& config); template<class Rep, class Period> static std::vector<std::unique_ptr<io::InputStream>> getCompressedLogs(const std::chrono::duration<Rep, Period>& time) { diff --git a/libminifi/include/core/logging/alert/AlertSink.h b/libminifi/include/core/logging/alert/AlertSink.h index 909574089..9487a61e3 100644 --- a/libminifi/include/core/logging/alert/AlertSink.h +++ b/libminifi/include/core/logging/alert/AlertSink.h @@ -25,13 +25,13 @@ #include <string> #include <memory> -#include "core/controller/ControllerServiceProvider.h" #include "core/logging/LoggerProperties.h" #include "utils/ThreadPool.h" #include "utils/StagingQueue.h" #include "utils/RegexUtils.h" #include "properties/Configure.h" #include "spdlog/sinks/base_sink.h" +#include "minifi-cpp/controllers/SSLContextServiceInterface.h" namespace org::apache::nifi::minifi::controllers { class SSLContextServiceInterface; @@ -48,14 +48,13 @@ class AlertSink : public spdlog::sinks::base_sink<std::mutex> { static std::shared_ptr<AlertSink> create(const std::string& prop_name_prefix, const std::shared_ptr<LoggerProperties>& logger_properties, std::shared_ptr<Logger> logger); - void initialize(core::controller::ControllerServiceProvider* controller, std::shared_ptr<AgentIdentificationProvider> agent_id); + void initialize(std::shared_ptr<AgentIdentificationProvider> agent_id, std::shared_ptr<controllers::SSLContextServiceInterface> ssl_service); ~AlertSink() override; private: struct Config { std::string url; - std::optional<std::string> ssl_service_name; int batch_size; std::chrono::milliseconds flush_period; std::chrono::milliseconds rate_limit; diff --git a/libminifi/src/Configuration.cpp b/libminifi/src/Configuration.cpp index d16401719..b8881c0b0 100644 --- a/libminifi/src/Configuration.cpp +++ b/libminifi/src/Configuration.cpp @@ -96,7 +96,6 @@ const std::unordered_map<std::string_view, gsl::not_null<const core::PropertyVal {Configuration::nifi_c2_rest_path_base, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_c2_rest_url, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_c2_rest_url_ack, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, - {Configuration::nifi_c2_rest_ssl_context_service, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_c2_rest_request_encoding, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_c2_rest_heartbeat_minimize_updates, gsl::make_not_null(&core::StandardPropertyValidators::BOOLEAN_VALIDATOR)}, {Configuration::nifi_c2_flow_info_processor_bulletin_limit, gsl::make_not_null(&core::StandardPropertyValidators::UNSIGNED_INTEGER_VALIDATOR)}, @@ -130,7 +129,6 @@ const std::unordered_map<std::string_view, gsl::not_null<const core::PropertyVal {Configuration::nifi_log_compression_compressed_log_max_size, gsl::make_not_null(&core::StandardPropertyValidators::DATA_SIZE_VALIDATOR)}, {Configuration::nifi_log_max_log_entry_length, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_log_alert_url, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, - {Configuration::nifi_log_alert_ssl_context_service, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_log_alert_batch_size, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_log_alert_flush_period, gsl::make_not_null(&core::StandardPropertyValidators::TIME_PERIOD_VALIDATOR)}, {Configuration::nifi_log_alert_filter, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, @@ -152,7 +150,6 @@ const std::unordered_map<std::string_view, gsl::not_null<const core::PropertyVal {Configuration::controller_socket_local_any_interface, gsl::make_not_null(&core::StandardPropertyValidators::BOOLEAN_VALIDATOR)}, {Configuration::controller_socket_host, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::controller_socket_port, gsl::make_not_null(&core::StandardPropertyValidators::PORT_VALIDATOR)}, - {Configuration::controller_ssl_context_service, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_flow_file_repository_check_health, gsl::make_not_null(&core::StandardPropertyValidators::BOOLEAN_VALIDATOR)}, {Configuration::nifi_python_virtualenv_directory, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, {Configuration::nifi_python_env_setup_binary, gsl::make_not_null(&core::StandardPropertyValidators::ALWAYS_VALID_VALIDATOR)}, diff --git a/libminifi/src/FlowController.cpp b/libminifi/src/FlowController.cpp index 7bb67caf1..ac875ff19 100644 --- a/libminifi/src/FlowController.cpp +++ b/libminifi/src/FlowController.cpp @@ -92,7 +92,7 @@ FlowController::FlowController(std::shared_ptr<core::Repository> provenance_repo controller_socket_metrics_publisher = std::dynamic_pointer_cast<c2::ControllerSocketMetricsPublisher>(publisher); controller_socket_metrics_publisher->setFlowStatusDependencies(bulletin_store, flow_file_repo_->getDirectory(), content_repo_->getStoragePath()); } - controller_socket_protocol_ = std::make_unique<c2::ControllerSocketProtocol>(*this, *this, configuration_, controller_socket_metrics_publisher); + controller_socket_protocol_ = std::make_unique<c2::ControllerSocketProtocol>(*this, configuration_, controller_socket_metrics_publisher); root_wrapper_.setControllerSocketProtocol(controller_socket_protocol_.get()); } } @@ -345,7 +345,7 @@ int16_t FlowController::start() { start_time_ = std::chrono::steady_clock::now(); } - core::logging::LoggerConfiguration::getConfiguration().initializeAlertSinks(this, configuration_); + core::logging::LoggerConfiguration::getConfiguration().initializeAlertSinks(configuration_); running_ = true; content_repo_->start(); provenance_repo_->start(); diff --git a/libminifi/src/RemoteProcessGroupPort.cpp b/libminifi/src/RemoteProcessGroupPort.cpp index 98fdc08cd..73443412d 100644 --- a/libminifi/src/RemoteProcessGroupPort.cpp +++ b/libminifi/src/RemoteProcessGroupPort.cpp @@ -94,7 +94,7 @@ std::unique_ptr<sitetosite::SiteToSiteClient> RemoteProcessGroupPort::getNextPro auto& peer_status = peers_[peer_index_]; sitetosite::SiteToSiteClientConfiguration config(peer_status.getPortId(), peer_status.getHost(), peer_status.getPort(), local_network_interface_, client_type_); peer_index_++; - if (peer_index_ >= static_cast<int>(peers_.size())) { + if (peer_index_ >= gsl::narrow<int>(peers_.size())) { peer_index_ = 0; } next_protocol = initializeProtocol(config); @@ -161,7 +161,7 @@ void RemoteProcessGroupPort::onSchedule(core::ProcessContext& context, core::Pro auto peer_status = peers_[peer_index_]; sitetosite::SiteToSiteClientConfiguration config(peer_status.getPortId(), peer_status.getHost(), peer_status.getPort(), local_network_interface_, client_type_); peer_index_++; - if (peer_index_ >= static_cast<int>(peers_.size())) { + if (peer_index_ >= gsl::narrow<int>(peers_.size())) { peer_index_ = 0; } logger_->log_trace("Creating client"); @@ -235,7 +235,7 @@ std::optional<std::string> RemoteProcessGroupPort::getRestApiToken(const RPG& ni return std::nullopt; } auto client = std::unique_ptr<http::BaseHTTPClient>(dynamic_cast<http::BaseHTTPClient*>(client_ptr)); - client->initialize(http::HttpRequestMethod::GET, login_url.str(), ssl_service_); + client->initialize(http::HttpRequestMethod::Get, login_url.str(), ssl_service_); // use a connection timeout. if this times out we will simply attempt re-connection // so no need for configuration parameter that isn't already defined in Processor client->setConnectionTimeout(10s); @@ -296,7 +296,7 @@ std::optional<std::pair<std::string, uint16_t>> RemoteProcessGroupPort::tryRefre auto client = std::unique_ptr<http::BaseHTTPClient>(dynamic_cast<http::BaseHTTPClient*>(client_ptr)); auto full_url = buildFullSiteToSiteUrl(nifi); - client->initialize(http::HttpRequestMethod::GET, full_url, ssl_service_); + client->initialize(http::HttpRequestMethod::Get, full_url, ssl_service_); // use a connection timeout. if this times out we will simply attempt re-connection // so no need for configuration parameter that isn't already defined in Processor client->setConnectionTimeout(10s); diff --git a/libminifi/src/c2/ControllerSocketProtocol.cpp b/libminifi/src/c2/ControllerSocketProtocol.cpp index 7068af38e..d5bb7074d 100644 --- a/libminifi/src/c2/ControllerSocketProtocol.cpp +++ b/libminifi/src/c2/ControllerSocketProtocol.cpp @@ -69,13 +69,12 @@ ControllerSocketProtocol::SocketRestartCommandProcessor::~SocketRestartCommandPr } } -ControllerSocketProtocol::ControllerSocketProtocol(core::controller::ControllerServiceProvider& controller, state::StateMonitor& update_sink, - std::shared_ptr<Configure> configuration, const std::shared_ptr<ControllerSocketReporter>& controller_socket_reporter) - : controller_(controller), - update_sink_(update_sink), - controller_socket_reporter_(controller_socket_reporter), - configuration_(std::move(configuration)), - socket_restart_processor_(update_sink_, logger_) { +ControllerSocketProtocol::ControllerSocketProtocol(state::StateMonitor& update_sink, std::shared_ptr<Configure> configuration, + const std::shared_ptr<ControllerSocketReporter>& controller_socket_reporter) + : update_sink_(update_sink), + controller_socket_reporter_(controller_socket_reporter), + configuration_(std::move(configuration)), + socket_restart_processor_(update_sink_, logger_) { gsl_Expects(configuration_); } @@ -145,19 +144,10 @@ asio::awaitable<void> ControllerSocketProtocol::startAcceptSsl(std::shared_ptr<m void ControllerSocketProtocol::initialize() { std::unique_lock<std::mutex> lock(initialization_mutex_); std::shared_ptr<minifi::controllers::SSLContextServiceInterface> secure_context; - std::string context_name; - if (configuration_->get(Configure::controller_ssl_context_service, context_name)) { - std::shared_ptr<core::controller::ControllerService> service = controller_.getControllerService(context_name); - if (nullptr != service) { - secure_context = std::dynamic_pointer_cast<minifi::controllers::SSLContextServiceInterface>(service); - } - } - if (nullptr == secure_context) { - std::string secure_str; - if (configuration_->get(Configure::nifi_remote_input_secure, secure_str) && org::apache::nifi::minifi::utils::string::toBool(secure_str).value_or(false)) { - secure_context = std::make_shared<minifi::controllers::SSLContextService>("ControllerSocketProtocolSSL", configuration_); - secure_context->onEnable(); - } + std::string secure_str; + if (configuration_->get(Configure::nifi_remote_input_secure, secure_str) && org::apache::nifi::minifi::utils::string::toBool(secure_str).value_or(false)) { + secure_context = std::make_shared<minifi::controllers::SSLContextService>("ControllerSocketProtocolSSL", configuration_); + secure_context->onEnable(); } std::string limit_str; diff --git a/libminifi/src/c2/protocols/RESTSender.cpp b/libminifi/src/c2/protocols/RESTSender.cpp index 56da8b607..a9835663e 100644 --- a/libminifi/src/c2/protocols/RESTSender.cpp +++ b/libminifi/src/c2/protocols/RESTSender.cpp @@ -44,8 +44,6 @@ void RESTSender::initialize(core::controller::ControllerServiceProvider* control // base URL when one is not specified. if (nullptr != configure) { std::optional<std::string> rest_base_path = configure->get(Configuration::nifi_c2_rest_path_base); - std::string update_str; - std::string ssl_context_service_str; configure->get(Configuration::nifi_c2_rest_url, "c2.rest.url", rest_uri_); configure->get(Configuration::nifi_c2_rest_url_ack, "c2.rest.url.ack", ack_uri_); if (rest_uri_.starts_with("/")) { @@ -60,17 +58,10 @@ void RESTSender::initialize(core::controller::ControllerServiceProvider* control } ack_uri_ = rest_base_path.value() + ack_uri_; } - if (controller && configure->get(Configuration::nifi_c2_rest_ssl_context_service, "c2.rest.ssl.context.service", ssl_context_service_str)) { - if (auto service = controller->getControllerService(ssl_context_service_str)) { - ssl_context_service_ = std::dynamic_pointer_cast<minifi::controllers::SSLContextServiceInterface>(service); - } - } - if (nullptr == ssl_context_service_) { - std::string ssl_context_str; - if (configure->get(Configure::nifi_remote_input_secure, ssl_context_str) && org::apache::nifi::minifi::utils::string::toBool(ssl_context_str).value_or(false)) { - ssl_context_service_ = std::make_shared<minifi::controllers::SSLContextService>("RESTSenderSSL", configure); - ssl_context_service_->onEnable(); - } + std::string ssl_context_str; + if (configure->get(Configure::nifi_remote_input_secure, ssl_context_str) && org::apache::nifi::minifi::utils::string::toBool(ssl_context_str).value_or(false)) { + ssl_context_service_ = std::make_shared<minifi::controllers::SSLContextService>("RESTSenderSSL", configure); + ssl_context_service_->onEnable(); } if (auto req_encoding_str = configure->get(Configuration::nifi_c2_rest_request_encoding)) { if (auto req_encoding = magic_enum::enum_cast<RequestEncoding>(*req_encoding_str, magic_enum::case_insensitive)) { @@ -128,7 +119,7 @@ C2Payload RESTSender::sendPayload(const std::string& url, const Direction direct auto setUpHttpRequest = [&](http::HttpRequestMethod http_method) { client.set_request_method(http_method); - if (url.find("https://";) == 0) { + if (url.starts_with("https://";)) { if (!ssl_context_service_) { setSecurityContext(client, http_method, url); } else { @@ -137,7 +128,7 @@ C2Payload RESTSender::sendPayload(const std::string& url, const Direction direct } }; if (direction == Direction::TRANSMIT) { - setUpHttpRequest(http::HttpRequestMethod::POST); + setUpHttpRequest(http::HttpRequestMethod::Post); if (payload.getOperation() == Operation::transfer) { // treat nested payloads as files for (const auto& file : payload.getNestedPayloads()) { @@ -178,7 +169,7 @@ C2Payload RESTSender::sendPayload(const std::string& url, const Direction direct } else { // we do not need to set the upload callback // since we are not uploading anything on a get - setUpHttpRequest(http::HttpRequestMethod::GET); + setUpHttpRequest(http::HttpRequestMethod::Get); } if (payload.getOperation() == Operation::transfer) { diff --git a/libminifi/src/core/logging/LoggerConfiguration.cpp b/libminifi/src/core/logging/LoggerConfiguration.cpp index 6a9e7428a..cb3a74c0a 100644 --- a/libminifi/src/core/logging/LoggerConfiguration.cpp +++ b/libminifi/src/core/logging/LoggerConfiguration.cpp @@ -38,6 +38,7 @@ #include "utils/Literals.h" #include "core/TypedValues.h" #include "core/logging/Utils.h" +#include "controllers/SSLContextService.h" #include "spdlog/spdlog.h" #include "spdlog/sinks/stdout_sinks.h" @@ -346,10 +347,15 @@ void LoggerConfiguration::initializeCompression(const std::lock_guard<std::mutex } } -void LoggerConfiguration::initializeAlertSinks(core::controller::ControllerServiceProvider* controller, const std::shared_ptr<AgentIdentificationProvider>& agent_id) { +void LoggerConfiguration::initializeAlertSinks(const std::shared_ptr<Configure>& config) { + auto ssl_service = std::make_shared<controllers::SSLContextService>("AlertSinkSSLContextService", config); + ssl_service->onEnable(); + if (ssl_service->getCertificateFile().empty()) { + ssl_service.reset(); + } std::lock_guard guard(mutex_); for (auto& sink : alert_sinks_) { - sink->initialize(controller, agent_id); + sink->initialize(config, ssl_service); } } diff --git a/libminifi/src/core/logging/alert/AlertSink.cpp b/libminifi/src/core/logging/alert/AlertSink.cpp index 86745e88e..e728ff970 100644 --- a/libminifi/src/core/logging/alert/AlertSink.cpp +++ b/libminifi/src/core/logging/alert/AlertSink.cpp @@ -21,7 +21,6 @@ #include "http/BaseHTTPClient.h" #include "utils/Hash.h" #include "core/logging/Utils.h" -#include "minifi-cpp/controllers/SSLContextServiceInterface.h" #include "rapidjson/rapidjson.h" #include "rapidjson/document.h" @@ -87,33 +86,15 @@ std::shared_ptr<AlertSink> AlertSink::create(const std::string& prop_name_prefix config.rate_limit = readPropertyOr(".rate.limit", TimePeriodValue::fromString, "10 min").getMilliseconds(); config.buffer_limit = readPropertyOr(".buffer.limit", datasize_parser, "1 MB"); config.level = readPropertyOr(".level", utils::parse_log_level, "trace"); - config.ssl_service_name = logger_properties->getString(prop_name_prefix + ".ssl.context.service"); return std::shared_ptr<AlertSink>(new AlertSink(std::move(config), std::move(logger))); } -void AlertSink::initialize(core::controller::ControllerServiceProvider* controller, std::shared_ptr<AgentIdentificationProvider> agent_id) { +void AlertSink::initialize(std::shared_ptr<AgentIdentificationProvider> agent_id, std::shared_ptr<controllers::SSLContextServiceInterface> ssl_service) { auto services = std::make_unique<Services>(); services->agent_id = std::move(agent_id); - - if (config_.ssl_service_name) { - if (!controller) { - logger_->log_error("Could not find service '{}': no service provider", config_.ssl_service_name.value()); - return; - } - if (auto service = controller->getControllerService(config_.ssl_service_name.value())) { - if (auto ssl_service = std::dynamic_pointer_cast<controllers::SSLContextServiceInterface>(service)) { - services->ssl_service = ssl_service; - } else { - logger_->log_error("Service '{}' is not an SSLContextService", config_.ssl_service_name.value()); - return; - } - } else { - logger_->log_error("Could not find service '{}'", config_.ssl_service_name.value()); - return; - } - } + services->ssl_service = std::move(ssl_service); services.reset(services_.exchange(services.release())); } @@ -170,7 +151,7 @@ void AlertSink::run() { Services* expected{nullptr}; // only restore the services pointer if no initialize set it to something else meanwhile if (services_.compare_exchange_strong(expected, services.get())) { - (void)services.release(); + std::ignore = services.release(); } } } @@ -199,7 +180,7 @@ void AlertSink::send(Services& services) { logger_->log_error("Could not instantiate a HTTPClient object"); return; } - client->initialize(http::HttpRequestMethod::PUT, config_.url, services.ssl_service); + client->initialize(http::HttpRequestMethod::Put, config_.url, services.ssl_service); rapidjson::Document doc(rapidjson::kObjectType); std::string agent_id = services.agent_id->getAgentIdentifier(); diff --git a/libminifi/src/sitetosite/HttpSiteToSiteClient.cpp b/libminifi/src/sitetosite/HttpSiteToSiteClient.cpp index b8fcbaf86..9cdbd8b08 100644 --- a/libminifi/src/sitetosite/HttpSiteToSiteClient.cpp +++ b/libminifi/src/sitetosite/HttpSiteToSiteClient.cpp @@ -35,8 +35,6 @@ #include "rapidjson/document.h" #include "rapidjson/error/en.h" -#undef DELETE // macro on windows - namespace org::apache::nifi::minifi::sitetosite { namespace { @@ -97,7 +95,7 @@ std::shared_ptr<Transaction> HttpSiteToSiteClient::createTransaction(TransferDir std::string dir_str = direction == TransferDirection::SEND ? "input-ports" : "output-ports"; std::stringstream uri; uri << getBaseURI() << "data-transfer/" << dir_str << "/" << getPortId().to_string() << "/transactions"; - auto client = createHttpClient(uri.str(), http::HttpRequestMethod::POST); + auto client = createHttpClient(uri.str(), http::HttpRequestMethod::Post); setSiteToSiteHeaders(*client); client->setConnectionTimeout(std::chrono::milliseconds(5000)); client->setContentType("application/json"); @@ -241,7 +239,7 @@ std::optional<std::vector<PeerStatus>> HttpSiteToSiteClient::getPeerList() { std::stringstream uri; uri << getBaseURI() << "site-to-site/peers"; - auto client = createHttpClient(uri.str(), http::HttpRequestMethod::GET); + auto client = createHttpClient(uri.str(), http::HttpRequestMethod::Get); setSiteToSiteHeaders(*client); @@ -256,7 +254,7 @@ std::optional<std::vector<PeerStatus>> HttpSiteToSiteClient::getPeerList() { std::shared_ptr<minifi::http::HTTPClient> HttpSiteToSiteClient::openConnectionForSending(const std::shared_ptr<HttpTransaction> &transaction) { std::stringstream uri; uri << transaction->getTransactionUrl() << "/flow-files"; - std::shared_ptr<minifi::http::HTTPClient> client = createHttpClient(uri.str(), http::HttpRequestMethod::POST); + std::shared_ptr<minifi::http::HTTPClient> client = createHttpClient(uri.str(), http::HttpRequestMethod::Post); client->setContentType("application/octet-stream"); client->setRequestHeader("Accept", "text/plain"); client->setRequestHeader("Transfer-Encoding", "chunked"); @@ -266,7 +264,7 @@ std::shared_ptr<minifi::http::HTTPClient> HttpSiteToSiteClient::openConnectionFo std::shared_ptr<minifi::http::HTTPClient> HttpSiteToSiteClient::openConnectionForReceive(const std::shared_ptr<HttpTransaction> &transaction) { std::stringstream uri; uri << transaction->getTransactionUrl() << "/flow-files"; - return createHttpClient(uri.str(), http::HttpRequestMethod::GET); + return createHttpClient(uri.str(), http::HttpRequestMethod::Get); } std::string HttpSiteToSiteClient::getBaseURI() { @@ -346,7 +344,7 @@ void HttpSiteToSiteClient::closeTransaction(const utils::Identifier &transaction uri << "&checksum=" << transaction->getCRC(); } - auto client = createHttpClient(uri.str(), http::HttpRequestMethod::DELETE); + auto client = createHttpClient(uri.str(), http::HttpRequestMethod::Delete); setSiteToSiteHeaders(*client); client->setConnectionTimeout(std::chrono::milliseconds(5000)); client->setRequestHeader("Accept", "application/json"); diff --git a/libminifi/test/integration/AlertTests.cpp b/libminifi/test/integration/AlertTests.cpp index 73fa202d1..49d59dacc 100644 --- a/libminifi/test/integration/AlertTests.cpp +++ b/libminifi/test/integration/AlertTests.cpp @@ -79,7 +79,14 @@ TEST_CASE("Alert system forwards logs") { std::string agent_id = "test-agent-1"; VerifyAlerts harness(flow_config_file.string(), dir.getPath()); AlertHandler handler(agent_id); - harness.setUrl("http://localhost:0/api/alerts";, &handler); + + SECTION("Secure") { + harness.setKeyDir(TEST_RESOURCES); + harness.setUrl("https://localhost:0/api/alerts";, &handler); + } + SECTION("Unsecure") { + harness.setUrl("http://localhost:0/api/alerts";, &handler); + } harness.getConfiguration()->set(minifi::Configuration::nifi_c2_agent_identifier, agent_id); auto log_props = std::make_shared<logging::LoggerProperties>(dir.getPath() / "logs"); diff --git a/libminifi/test/integration/HTTPClientTests.cpp b/libminifi/test/integration/HTTPClientTests.cpp index 688beb734..05d309e6a 100644 --- a/libminifi/test/integration/HTTPClientTests.cpp +++ b/libminifi/test/integration/HTTPClientTests.cpp @@ -82,7 +82,7 @@ TEST_CASE("HTTPClientTestChunkedResponse", "[basic]") { const std::string port = std::to_string(vec.at(0)); HTTPClient client; - client.initialize(http::HttpRequestMethod::GET, "http://localhost:"; + port + "/testytesttest", nullptr); + client.initialize(http::HttpRequestMethod::Get, "http://localhost:"; + port + "/testytesttest", nullptr); REQUIRE(client.submit()); @@ -126,15 +126,15 @@ TEST_CASE("HTTPClient should be reusable", "[basic]") { HTTPClient client; client.setKeepAliveProbe(KeepAliveProbeData{2s, 2s}); - client.initialize(http::HttpRequestMethod::GET, "http://localhost:"; + keep_alive_server_.getPort() + "/method", nullptr); + client.initialize(http::HttpRequestMethod::Get, "http://localhost:"; + keep_alive_server_.getPort() + "/method", nullptr); std::vector<http::HttpRequestMethod> methods = { - http::HttpRequestMethod::GET, http::HttpRequestMethod::GET, http::HttpRequestMethod::PUT, http::HttpRequestMethod::GET, - http::HttpRequestMethod::GET, http::HttpRequestMethod::POST, http::HttpRequestMethod::POST, http::HttpRequestMethod::PUT }; + http::HttpRequestMethod::Get, http::HttpRequestMethod::Get, http::HttpRequestMethod::Put, http::HttpRequestMethod::Get, + http::HttpRequestMethod::Get, http::HttpRequestMethod::Post, http::HttpRequestMethod::Post, http::HttpRequestMethod::Put }; uint64_t request_number = 0; for (const auto& method: methods) { client.set_request_method(method); - if (method != http::HttpRequestMethod::GET) { + if (method != http::HttpRequestMethod::Get) { auto callback = std::make_unique<org::apache::nifi::minifi::http::HTTPUploadByteArrayInputCallback>(); std::string content = R"({ "content": "a" })"; callback->write(content); @@ -162,7 +162,7 @@ TEST_CASE("HTTPClient should be reusable", "[basic]") { #ifdef __linux__ TEST_CASE("SSL without SSLContextService", "[HTTPClient]") { HTTPClient client; - client.initialize(http::HttpRequestMethod::GET, "https://apache.org";, nullptr); + client.initialize(http::HttpRequestMethod::Get, "https://apache.org";, nullptr); REQUIRE(client.submit()); } #endif diff --git a/libminifi/test/libtest/unit/TestBase.h b/libminifi/test/libtest/unit/TestBase.h index b410f9fae..d87178ec0 100644 --- a/libminifi/test/libtest/unit/TestBase.h +++ b/libminifi/test/libtest/unit/TestBase.h @@ -41,6 +41,7 @@ #include "utils/file/FileUtils.h" #include "properties/Configuration.h" #include "core/Processor.h" +#include "core/ProcessGroup.h" namespace minifi = org::apache::nifi::minifi; namespace utils = minifi::utils; diff --git a/libminifi/test/resources/encrypted.minifi.properties b/libminifi/test/resources/encrypted.minifi.properties index dc1bf5272..79d5a550a 100644 --- a/libminifi/test/resources/encrypted.minifi.properties +++ b/libminifi/test/resources/encrypted.minifi.properties @@ -84,7 +84,6 @@ c2.agent.identifier.protected=xsalsa20poly1305 #controller.socket.host=localhost #controller.socket.port=9998 #controller.socket.local.any.interface=false -#controller.ssl.context.service=SSLContextService # must be comma separated diff --git a/libminifi/test/unit/ArrayUtilsTests.cpp b/libminifi/test/unit/ArrayUtilsTests.cpp index 481e1d945..e56fb58f4 100644 --- a/libminifi/test/unit/ArrayUtilsTests.cpp +++ b/libminifi/test/unit/ArrayUtilsTests.cpp @@ -45,8 +45,8 @@ TEST_CASE("getKeys() works correctly and is constexpr") { inline constexpr std::array<std::pair<int, int>, 3> global_mapping{{ {1, 1}, {2, 4}, {3, 27} }}; template<int> struct is_usable_as_constant_expression {}; -template<int key> concept does_compile = requires { is_usable_as_constant_expression<utils::at(global_mapping, key)>(); }; -template<int key> concept does_not_compile = !does_compile<key>; +template<int key> concept compiles_as_a_constant_expression = requires { is_usable_as_constant_expression<utils::at(global_mapping, key)>(); }; +template<int key> concept does_not_compile_as_a_constant_expression = !compiles_as_a_constant_expression<key>; TEST_CASE("at() works correctly and is constexpr") { static constexpr std::array<std::pair<int, std::string_view>, 3> mapping{{ {1, "one"}, {2, "two"}, {3, "three"} }}; @@ -56,8 +56,8 @@ TEST_CASE("at() works correctly and is constexpr") { int one = 1; CHECK(utils::at(mapping, one) == "one"); // non-constexpr argument is OK, but the result is not constexpr - static_assert(does_compile<3>); - static_assert(does_not_compile<4>); + static_assert(compiles_as_a_constant_expression<3>); + static_assert(does_not_compile_as_a_constant_expression<4>); CHECK_THROWS(utils::at(mapping, 4)); } diff --git a/libminifi/test/unit/EnvironmentVariableParameterProviderTest.cpp b/libminifi/test/unit/EnvironmentVariableParameterProviderTest.cpp index 39036f5ff..45f5a70a6 100644 --- a/libminifi/test/unit/EnvironmentVariableParameterProviderTest.cpp +++ b/libminifi/test/unit/EnvironmentVariableParameterProviderTest.cpp @@ -23,7 +23,7 @@ namespace org::apache::nifi::minifi::test { TEST_CASE("Parameter Group Name is required", "[parameterProviders]") { - utils::Environment::setEnvironmentVariable("MINIFI_DATA", "minifi_data_value"); + minifi::utils::Environment::setEnvironmentVariable("MINIFI_DATA", "minifi_data_value"); parameter_providers::EnvironmentVariableParameterProvider provider("EnvironmentVariableParameterProvider"); provider.initialize(); REQUIRE(provider.setProperty(parameter_providers::EnvironmentVariableParameterProvider::ParameterGroupName.name, "")); @@ -31,7 +31,7 @@ TEST_CASE("Parameter Group Name is required", "[parameterProviders]") { } TEST_CASE("Test EnvironmentVariableParameterProvider with default options", "[parameterProviders]") { - utils::Environment::setEnvironmentVariable("MINIFI_DATA", "minifi_data_value"); + minifi::utils::Environment::setEnvironmentVariable("MINIFI_DATA", "minifi_data_value"); parameter_providers::EnvironmentVariableParameterProvider provider("EnvironmentVariableParameterProvider"); provider.initialize(); REQUIRE(provider.setProperty(parameter_providers::EnvironmentVariableParameterProvider::ParameterGroupName.name, "environment-variable-parameter-context")); @@ -45,8 +45,8 @@ TEST_CASE("Test EnvironmentVariableParameterProvider with default options", "[pa } TEST_CASE("Create parameter context with selected environment variables", "[parameterProviders]") { - utils::Environment::setEnvironmentVariable("MINIFI_DATA", "minifi_data_value"); - utils::Environment::setEnvironmentVariable("MINIFI_NEW_DATA", "minifi_new_data_value"); + minifi::utils::Environment::setEnvironmentVariable("MINIFI_DATA", "minifi_data_value"); + minifi::utils::Environment::setEnvironmentVariable("MINIFI_NEW_DATA", "minifi_new_data_value"); parameter_providers::EnvironmentVariableParameterProvider provider("EnvironmentVariableParameterProvider"); provider.initialize(); REQUIRE(provider.setProperty(parameter_providers::EnvironmentVariableParameterProvider::ParameterGroupName.name, "environment-variable-parameter-context")); @@ -73,8 +73,8 @@ TEST_CASE("Environment variable list must be defined if Comma-Separated inclusio } TEST_CASE("Create parameter context with regex matching environment variables", "[parameterProviders]") { - utils::Environment::setEnvironmentVariable("MINIFI_DATA_1", "minifi_data_value"); - utils::Environment::setEnvironmentVariable("MINIFI_NEW_DATA", "minifi_new_data_value"); + minifi::utils::Environment::setEnvironmentVariable("MINIFI_DATA_1", "minifi_data_value"); + minifi::utils::Environment::setEnvironmentVariable("MINIFI_NEW_DATA", "minifi_new_data_value"); parameter_providers::EnvironmentVariableParameterProvider provider("EnvironmentVariableParameterProvider"); provider.initialize(); REQUIRE(provider.setProperty(parameter_providers::EnvironmentVariableParameterProvider::ParameterGroupName.name, "environment-variable-parameter-context")); diff --git a/libminifi/test/unit/GeneralUtilsTest.cpp b/libminifi/test/unit/GeneralUtilsTest.cpp index 3adf57d82..e1ac2f544 100644 --- a/libminifi/test/unit/GeneralUtilsTest.cpp +++ b/libminifi/test/unit/GeneralUtilsTest.cpp @@ -27,55 +27,55 @@ namespace org::apache::nifi::minifi::test { // intdiv_ceil -static_assert(0 == utils::intdiv_ceil(0, 1)); -static_assert(0 == utils::intdiv_ceil(0, 2)); -static_assert(1 == utils::intdiv_ceil(1, 2)); -static_assert(1 == utils::intdiv_ceil(1, 3)); -static_assert(1 == utils::intdiv_ceil(3, 3)); -static_assert(2 == utils::intdiv_ceil(4, 3)); -static_assert(2 == utils::intdiv_ceil(5, 3)); -static_assert(0 == utils::intdiv_ceil(-1, 3)); -static_assert(-1 == utils::intdiv_ceil(-3, 3)); -static_assert(-1 == utils::intdiv_ceil(-4, 3)); -static_assert(2 == utils::intdiv_ceil(-4, -3)); -static_assert(2 == utils::intdiv_ceil(-5, -3)); -static_assert(0 == utils::intdiv_ceil(1, -3)); -static_assert(-1 == utils::intdiv_ceil(5, -3)); -static_assert(3 == utils::intdiv_ceil(6, 2)); -static_assert(-3 == utils::intdiv_ceil(-6, 2)); -static_assert(-3 == utils::intdiv_ceil(6, -2)); -static_assert(3 == utils::intdiv_ceil(-6, -2)); -static_assert(0 == utils::intdiv_ceil(0, -10)); +static_assert(0 == minifi::utils::intdiv_ceil(0, 1)); +static_assert(0 == minifi::utils::intdiv_ceil(0, 2)); +static_assert(1 == minifi::utils::intdiv_ceil(1, 2)); +static_assert(1 == minifi::utils::intdiv_ceil(1, 3)); +static_assert(1 == minifi::utils::intdiv_ceil(3, 3)); +static_assert(2 == minifi::utils::intdiv_ceil(4, 3)); +static_assert(2 == minifi::utils::intdiv_ceil(5, 3)); +static_assert(0 == minifi::utils::intdiv_ceil(-1, 3)); +static_assert(-1 == minifi::utils::intdiv_ceil(-3, 3)); +static_assert(-1 == minifi::utils::intdiv_ceil(-4, 3)); +static_assert(2 == minifi::utils::intdiv_ceil(-4, -3)); +static_assert(2 == minifi::utils::intdiv_ceil(-5, -3)); +static_assert(0 == minifi::utils::intdiv_ceil(1, -3)); +static_assert(-1 == minifi::utils::intdiv_ceil(5, -3)); +static_assert(3 == minifi::utils::intdiv_ceil(6, 2)); +static_assert(-3 == minifi::utils::intdiv_ceil(-6, 2)); +static_assert(-3 == minifi::utils::intdiv_ceil(6, -2)); +static_assert(3 == minifi::utils::intdiv_ceil(-6, -2)); +static_assert(0 == minifi::utils::intdiv_ceil(0, -10)); template<int N, int D, typename = void> -struct does_compile : std::false_type {}; +struct compiles_as_a_constant_expression : std::false_type {}; template<int N, int D> -struct does_compile<N, D, +struct compiles_as_a_constant_expression<N, D, // we must force evaluation so decltype won't do - typename std::enable_if<(utils::intdiv_ceil(N, D), true)>::type> : std::true_type {}; + std::enable_if_t<(minifi::utils::intdiv_ceil(N, D), true)>> : std::true_type {}; -static_assert(does_compile<2, 3>::value, "does_compile should work"); -static_assert(!does_compile<1, 0>::value, "constexpr division by zero shouldn't compile"); +static_assert(compiles_as_a_constant_expression<2, 3>::value, "compiles_as_a_constant_expression should work"); +static_assert(!compiles_as_a_constant_expression<1, 0>::value, "constexpr division by zero shouldn't compile"); TEST_CASE("GeneralUtils::dereference", "[dereference]") { const int a = 42; const auto pa = gsl::make_not_null(&a); - REQUIRE(42 == utils::dereference(pa)); - REQUIRE(&a == &utils::dereference(pa)); + REQUIRE(42 == minifi::utils::dereference(pa)); + REQUIRE(&a == &minifi::utils::dereference(pa)); const auto uniq_a = gsl::make_not_null(std::make_unique<int>(99)); - REQUIRE(99 == utils::dereference(uniq_a)); + REQUIRE(99 == minifi::utils::dereference(uniq_a)); } TEST_CASE("GeneralUtils::unsafe_dereference", "[unsafe_dereference]") { const int a = 42; const int* const pa = &a; - REQUIRE(42 == utils::unsafe_dereference(pa)); - REQUIRE(&a == &utils::unsafe_dereference(pa)); + REQUIRE(42 == minifi::utils::unsafe_dereference(pa)); + REQUIRE(&a == &minifi::utils::unsafe_dereference(pa)); const auto uniq_a = std::make_unique<int>(99); - REQUIRE(99 == utils::unsafe_dereference(uniq_a)); + REQUIRE(99 == minifi::utils::unsafe_dereference(uniq_a)); } } // namespace org::apache::nifi::minifi::test diff --git a/libminifi/test/unit/ParameterTokenParserTest.cpp b/libminifi/test/unit/ParameterTokenParserTest.cpp index 8f21a2cb2..92dd87821 100644 --- a/libminifi/test/unit/ParameterTokenParserTest.cpp +++ b/libminifi/test/unit/ParameterTokenParserTest.cpp @@ -124,8 +124,8 @@ TEST_CASE("Test replacement with missing token in context") { } TEST_CASE("Sensitive property parameter replacement is not supported") { - utils::crypto::Bytes secret_key = utils::string::from_hex("cb76fe6fe4cbfdc3770c0cb0afc910f81ced4d436b11f691395fc2a9dbea27ca"); - utils::crypto::EncryptionProvider encryption_provider{secret_key}; + minifi::utils::crypto::Bytes secret_key = minifi::utils::string::from_hex("cb76fe6fe4cbfdc3770c0cb0afc910f81ced4d436b11f691395fc2a9dbea27ca"); + minifi::utils::crypto::EncryptionProvider encryption_provider{secret_key}; core::SensitiveParameterTokenParser parser("What is #{what}, baby don't hurt #{who}, don't hurt #{who}, no more", encryption_provider); core::ParameterContext context("test_context"); context.addParameter(core::Parameter{"what", "", false, false, "love"}); @@ -141,19 +141,19 @@ TEST_CASE("Parameter context is not provided when parameter is referenced") { TEST_CASE("Replace only escaped tokens") { core::NonSensitiveParameterTokenParser non_sensitive_parser("No ##{parameters} are ####{present}"); REQUIRE(non_sensitive_parser.replaceParameters(nullptr) == "No #{parameters} are ##{present}"); - utils::crypto::Bytes secret_key = utils::string::from_hex("cb76fe6fe4cbfdc3770c0cb0afc910f81ced4d436b11f691395fc2a9dbea27ca"); - utils::crypto::EncryptionProvider encryption_provider{secret_key}; + minifi::utils::crypto::Bytes secret_key = minifi::utils::string::from_hex("cb76fe6fe4cbfdc3770c0cb0afc910f81ced4d436b11f691395fc2a9dbea27ca"); + minifi::utils::crypto::EncryptionProvider encryption_provider{secret_key}; core::SensitiveParameterTokenParser sensitive_parser("No ##{parameters} are ####{present}", encryption_provider); REQUIRE(sensitive_parser.replaceParameters(nullptr) == "No #{parameters} are ##{present}"); } TEST_CASE("Test sensitive token replacement") { core::ParameterContext context("test_context"); - utils::crypto::Bytes secret_key = utils::string::from_hex("cb76fe6fe4cbfdc3770c0cb0afc910f81ced4d436b11f691395fc2a9dbea27ca"); - utils::crypto::EncryptionProvider encryption_provider{secret_key}; + minifi::utils::crypto::Bytes secret_key = minifi::utils::string::from_hex("cb76fe6fe4cbfdc3770c0cb0afc910f81ced4d436b11f691395fc2a9dbea27ca"); + minifi::utils::crypto::EncryptionProvider encryption_provider{secret_key}; core::SensitiveParameterTokenParser parser("What is #{what}, baby don't hurt #{who}, don't hurt #{who}, no more", encryption_provider); - auto value1 = utils::crypto::property_encryption::encrypt("love", encryption_provider); - auto value2 = utils::crypto::property_encryption::encrypt("me", encryption_provider); + auto value1 = minifi::utils::crypto::property_encryption::encrypt("love", encryption_provider); + auto value2 = minifi::utils::crypto::property_encryption::encrypt("me", encryption_provider); context.addParameter(core::Parameter{"what", "", true, false, value1}); context.addParameter(core::Parameter{"who", "", true, false, value2}); REQUIRE(parser.replaceParameters(&context) == "What is love, baby don't hurt me, don't hurt me, no more"); diff --git a/minifi-api/include/minifi-cpp/properties/Configuration.h b/minifi-api/include/minifi-cpp/properties/Configuration.h index 373ea9772..a5872be6f 100644 --- a/minifi-api/include/minifi-cpp/properties/Configuration.h +++ b/minifi-api/include/minifi-cpp/properties/Configuration.h @@ -124,7 +124,6 @@ class Configuration : public virtual Properties { static constexpr const char *nifi_c2_rest_path_base = "nifi.c2.rest.path.base"; static constexpr const char *nifi_c2_rest_url = "nifi.c2.rest.url"; static constexpr const char *nifi_c2_rest_url_ack = "nifi.c2.rest.url.ack"; - static constexpr const char *nifi_c2_rest_ssl_context_service = "nifi.c2.rest.ssl.context.service"; static constexpr const char *nifi_c2_rest_heartbeat_minimize_updates = "nifi.c2.rest.heartbeat.minimize.updates"; static constexpr const char *nifi_c2_rest_request_encoding = "nifi.c2.rest.request.encoding"; static constexpr const char *nifi_c2_flow_info_processor_bulletin_limit = "nifi.c2.flow.info.processor.bulletin.limit"; @@ -166,7 +165,6 @@ class Configuration : public virtual Properties { // alert options static constexpr const char *nifi_log_alert_url = "nifi.log.alert.url"; - static constexpr const char *nifi_log_alert_ssl_context_service = "nifi.log.alert.ssl.context.service"; static constexpr const char *nifi_log_alert_batch_size = "nifi.log.alert.batch.size"; static constexpr const char *nifi_log_alert_flush_period = "nifi.log.alert.flush.period"; static constexpr const char *nifi_log_alert_filter = "nifi.log.alert.filter"; @@ -193,7 +191,6 @@ class Configuration : public virtual Properties { static constexpr const char *controller_socket_local_any_interface = "controller.socket.local.any.interface"; static constexpr const char *controller_socket_host = "controller.socket.host"; static constexpr const char *controller_socket_port = "controller.socket.port"; - static constexpr const char *controller_ssl_context_service = "controller.ssl.context.service"; static constexpr const char *nifi_flow_file_repository_check_health = "nifi.flowfile.repository.check.health"; static constexpr const char *nifi_python_virtualenv_directory = "nifi.python.virtualenv.directory";
