This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 8cf7a54e74 NIFI-15302 Deprecated Restricted SSLContextService for
Removal
8cf7a54e74 is described below
commit 8cf7a54e741df8bad4620536ce20fbdc7dd4fe30
Author: exceptionfactory <[email protected]>
AuthorDate: Fri Dec 5 15:02:10 2025 -0600
NIFI-15302 Deprecated Restricted SSLContextService for Removal
- Deprecated StandardRestrictedSSLContextService implementation for removal
- Replaced references in Kafka integration tests
Signed-off-by: Pierre Villard <[email protected]>
This closes #10609.
---
.../apache/nifi/kafka/processors/PublishKafkaSSLIT.java | 16 ++++++++--------
.../publish/dependency/PublishKafkaMultipleFFIT.java | 16 ++++++++--------
.../nifi/ssl/StandardRestrictedSSLContextService.java | 8 ++++++++
.../org/apache/nifi/ssl/RestrictedSSLContextService.java | 4 ++--
4 files changed, 26 insertions(+), 18 deletions(-)
diff --git
a/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/PublishKafkaSSLIT.java
b/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/PublishKafkaSSLIT.java
index d96f37b3ec..c81ec9af44 100644
---
a/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/PublishKafkaSSLIT.java
+++
b/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/PublishKafkaSSLIT.java
@@ -22,7 +22,7 @@ import org.apache.nifi.kafka.shared.property.SecurityProtocol;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.ssl.SSLContextService;
-import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
+import org.apache.nifi.ssl.StandardSSLContextService;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
import org.junit.jupiter.api.Disabled;
@@ -74,15 +74,15 @@ public class PublishKafkaSSLIT {
private String addSSLContextService(final TestRunner runner) throws
InitializationException {
final String identifier = SSLContextService.class.getSimpleName();
- final SSLContextService service = new
StandardRestrictedSSLContextService();
+ final SSLContextService service = new StandardSSLContextService();
runner.addControllerService(identifier, service);
- runner.setProperty(service,
StandardRestrictedSSLContextService.KEYSTORE, KEYSTORE_PATH);
- runner.setProperty(service,
StandardRestrictedSSLContextService.KEYSTORE_PASSWORD, KEYSTORE_PASSWORD);
- runner.setProperty(service,
StandardRestrictedSSLContextService.KEYSTORE_TYPE, KeystoreType.JKS.name());
- runner.setProperty(service,
StandardRestrictedSSLContextService.TRUSTSTORE, TRUSTSTORE_PATH);
- runner.setProperty(service,
StandardRestrictedSSLContextService.TRUSTSTORE_PASSWORD, TRUSTSTORE_PASSWORD);
- runner.setProperty(service,
StandardRestrictedSSLContextService.TRUSTSTORE_TYPE, KeystoreType.JKS.name());
+ runner.setProperty(service, StandardSSLContextService.KEYSTORE,
KEYSTORE_PATH);
+ runner.setProperty(service,
StandardSSLContextService.KEYSTORE_PASSWORD, KEYSTORE_PASSWORD);
+ runner.setProperty(service, StandardSSLContextService.KEYSTORE_TYPE,
KeystoreType.JKS.name());
+ runner.setProperty(service, StandardSSLContextService.TRUSTSTORE,
TRUSTSTORE_PATH);
+ runner.setProperty(service,
StandardSSLContextService.TRUSTSTORE_PASSWORD, TRUSTSTORE_PASSWORD);
+ runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_TYPE,
KeystoreType.JKS.name());
runner.enableControllerService(service);
return identifier;
diff --git
a/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/publish/dependency/PublishKafkaMultipleFFIT.java
b/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/publish/dependency/PublishKafkaMultipleFFIT.java
index 9e91c1d90b..cdbfd8241e 100644
---
a/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/publish/dependency/PublishKafkaMultipleFFIT.java
+++
b/nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-integration/src/test/java/org/apache/nifi/kafka/processors/publish/dependency/PublishKafkaMultipleFFIT.java
@@ -24,7 +24,7 @@ import org.apache.nifi.kafka.shared.property.SecurityProtocol;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.ssl.SSLContextService;
-import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
+import org.apache.nifi.ssl.StandardSSLContextService;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
import org.junit.jupiter.api.Disabled;
@@ -149,15 +149,15 @@ public class PublishKafkaMultipleFFIT {
private String addSSLContextService(final TestRunner runner) throws
InitializationException {
final String identifier = SSLContextService.class.getSimpleName();
- final SSLContextService service = new
StandardRestrictedSSLContextService();
+ final SSLContextService service = new StandardSSLContextService();
runner.addControllerService(identifier, service);
- runner.setProperty(service,
StandardRestrictedSSLContextService.KEYSTORE, KEYSTORE_PATH);
- runner.setProperty(service,
StandardRestrictedSSLContextService.KEYSTORE_PASSWORD, KEYSTORE_PASSWORD);
- runner.setProperty(service,
StandardRestrictedSSLContextService.KEYSTORE_TYPE, KeystoreType.JKS.name());
- runner.setProperty(service,
StandardRestrictedSSLContextService.TRUSTSTORE, TRUSTSTORE_PATH);
- runner.setProperty(service,
StandardRestrictedSSLContextService.TRUSTSTORE_PASSWORD, TRUSTSTORE_PASSWORD);
- runner.setProperty(service,
StandardRestrictedSSLContextService.TRUSTSTORE_TYPE, KeystoreType.JKS.name());
+ runner.setProperty(service, StandardSSLContextService.KEYSTORE,
KEYSTORE_PATH);
+ runner.setProperty(service,
StandardSSLContextService.KEYSTORE_PASSWORD, KEYSTORE_PASSWORD);
+ runner.setProperty(service, StandardSSLContextService.KEYSTORE_TYPE,
KeystoreType.JKS.name());
+ runner.setProperty(service, StandardSSLContextService.TRUSTSTORE,
TRUSTSTORE_PATH);
+ runner.setProperty(service,
StandardSSLContextService.TRUSTSTORE_PASSWORD, TRUSTSTORE_PASSWORD);
+ runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_TYPE,
KeystoreType.JKS.name());
runner.enableControllerService(service);
return identifier;
diff --git
a/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
b/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
index b2c13779aa..3ce71de2cd 100644
---
a/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
+++
b/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
@@ -19,6 +19,7 @@ package org.apache.nifi.ssl;
import java.util.ArrayList;
import java.util.List;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
+import org.apache.nifi.annotation.documentation.DeprecationNotice;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
@@ -30,6 +31,13 @@ import org.apache.nifi.security.util.TlsPlatform;
* This class is functionally the same as {@link StandardSSLContextService},
but it restricts the allowable
* values that can be selected for TLS/SSL protocols.
*/
+@DeprecationNotice(
+ reason = "No longer provides differentiated security features",
+ alternatives = {
+ PEMEncodedSSLContextProvider.class,
+ StandardSSLContextService.class
+ }
+)
@Tags({"tls", "ssl", "secure", "certificate", "keystore", "truststore", "jks",
"p12", "pkcs12", "pkcs"})
@CapabilityDescription("Restricted implementation of the SSLContextService.
Provides the ability to configure "
+ "keystore and/or truststore properties once and reuse that
configuration throughout the application, "
diff --git
a/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
b/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
index 05fd136097..8870d41c54 100644
---
a/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
+++
b/nifi-extension-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
@@ -17,9 +17,9 @@
package org.apache.nifi.ssl;
/**
- * Simple extension of the regular {@link SSLContextService} to allow for
restricted implementations
- * of that interface.
+ * Historical extension of the regular {@link SSLContextService} no longer
providing differentiated capabilities
*/
+@Deprecated(forRemoval = true)
public interface RestrictedSSLContextService extends SSLContextService {
}