[
https://issues.apache.org/jira/browse/NIFI-7819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17229542#comment-17229542
]
ASF subversion and git services commented on NIFI-7819:
-------------------------------------------------------
Commit 479ee6e3db58ee22dc1c7f4510eed5767c4458a0 in nifi's branch
refs/heads/main from Nathan Gough
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=479ee6e ]
NIFI-7819 - Added ZooKeeperStateProvider TLS properties.
- Added tests for TLS with ZooKeeperStateProvider.
- Added docs to administration guide.
- Small fixes for PR comments.
- Changed the ZooKeeperStateProvider to receive configuration from the
nifi.properties file. Uses the Zookeeper TLS properties or if they are not
declared, uses the standard NiFi TLS properties.
- Updated administration-guide.
- Fixed some boolean literalsl. Set the ZooKeeper watcher to null. Removed
stacktrace prints to standard out. Added getPreferredProperty for
key/truststore types.
- Removing some unused code. Fixing up NiFi properties methods. Removed
whitespace.
- Added some tests for getPreferredProperty().
- Checkstyle fixes.
- Passing through nifi properties to the state provider using an annotation to
avoid ZooKeeper references in the StateManagerProvider.
- Fixed comment.
- Added CLIENT_SECURE property to isZooKeeperTlsConfigurationPresent() check.
- Small change to getPreferredProperty, added more tests.
- Added checkstyle fix.
- Moved StateProviderContext to nifi-framework-api.
- Changed combine properties to handle null NiFiProperties. Inject
NiFiProperties object for tests.
- Checkstyle fix.
- Changed the connect string in state-management.xml to be required. Rearranged
order of property validation to validate before initialization.
- Rearranged the way ZooKeeperClientConfig is initialized and added a non blank
validator to connect string.
- Minor change to ZooKeeperClientConfig member variable set and get.
This closes #4613.
Signed-off-by: Bryan Bende <bbe...@apache.org>
> Add Zookeeper client TLS (external zookeeper) for cluster state management
> --------------------------------------------------------------------------
>
> Key: NIFI-7819
> URL: https://issues.apache.org/jira/browse/NIFI-7819
> Project: Apache NiFi
> Issue Type: Sub-task
> Affects Versions: 1.12.0
> Reporter: Nathan Gough
> Assignee: Nathan Gough
> Priority: Major
> Labels: security, tls, zookeeper
>
> When NiFi is configured to use an external Zookeeper, configuration on the
> NiFi side should allow cluster state management to use TLS. If configured
> with TLS, it should not allow any connections/communication to operate
> unsecured (an all or nothing approach).
> This ticket, in combination with NIFI-7115, should allow NiFi to completely
> use an external Zookeeper securely.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
