[nifi] branch main updated (efb629e -> dee2fce)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git. from efb629e NIFI- Removed support for Expression Language from Password property Added unit test for no password configured on Zip files add dee2fce NIFI-7871 Correct errors for UUID3, UUID5 and hash functions in EL Guide Added links to UUID function in docs. No new revisions were added by this update. Summary of changes: .../main/asciidoc/expression-language-guide.adoc | 44 +- 1 file changed, 27 insertions(+), 17 deletions(-)
[nifi] branch main updated: NIFI-7777 Removed support for Expression Language from Password property Added unit test for no password configured on Zip files
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new efb629e NIFI- Removed support for Expression Language from
Password property Added unit test for no password configured on Zip files
efb629e is described below
commit efb629e37d487ea72d3e08e1c479e98f7ffc8291
Author: exceptionfactory
AuthorDate: Mon Oct 5 22:02:31 2020 -0400
NIFI- Removed support for Expression Language from Password property
Added unit test for no password configured on Zip files
This closes #4572.
Signed-off-by: Andy LoPresto
---
.../nifi/processors/standard/UnpackContent.java| 4 +-
.../processors/standard/TestUnpackContent.java | 50 +++---
2 files changed, 36 insertions(+), 18 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java
index d6bf5a3..1fc4e9f 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java
@@ -55,7 +55,6 @@ import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
-import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.flowfile.attributes.CoreAttributes;
import org.apache.nifi.flowfile.attributes.FragmentAttributes;
@@ -158,7 +157,6 @@ public class UnpackContent extends AbstractProcessor {
.required(false)
.sensitive(true)
.addValidator(StandardValidators.NON_BLANK_VALIDATOR)
-
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
public static final Relationship REL_SUCCESS = new Relationship.Builder()
@@ -221,7 +219,7 @@ public class UnpackContent extends AbstractProcessor {
char[] password = null;
final PropertyValue passwordProperty =
context.getProperty(PASSWORD);
if (passwordProperty.isSet()) {
-password =
passwordProperty.evaluateAttributeExpressions().getValue().toCharArray();
+password = passwordProperty.getValue().toCharArray();
}
zipUnpacker = new ZipUnpacker(fileFilter, password);
}
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java
index 73635bd..f14759f 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestUnpackContent.java
@@ -237,6 +237,22 @@ public class TestUnpackContent {
}
@Test
+public void testZipEncryptionNoPasswordConfigured() throws IOException {
+final TestRunner runner = TestRunners.newTestRunner(new
UnpackContent());
+runner.setProperty(UnpackContent.PACKAGING_FORMAT,
UnpackContent.PackageFormat.ZIP_FORMAT.toString());
+
+final String password = String.class.getSimpleName();
+final char[] streamPassword = password.toCharArray();
+final String contents = TestRunner.class.getCanonicalName();
+
+final byte[] zipEncrypted = createZipEncrypted(EncryptionMethod.AES,
streamPassword, contents);
+runner.enqueue(zipEncrypted);
+runner.run();
+
+runner.assertTransferCount(UnpackContent.REL_FAILURE, 1);
+}
+
+@Test
public void testZipWithFilter() throws IOException {
final TestRunner unpackRunner = TestRunners.newTestRunner(new
UnpackContent());
final TestRunner autoUnpackRunner = TestRunners.newTestRunner(new
UnpackContent());
@@ -474,12 +490,28 @@ public class TestUnpackContent {
runner.setProperty(UnpackContent.PASSWORD, password);
final char[] streamPassword = password.toCharArray();
+final String contents = TestRunner.class.getCanonicalName();
+
+final byte[] zipEncrypted = createZipEncrypted(encryptionMethod,
streamPassword, contents);
+runner.enqueue(zipEncrypted);
+runner.run();
+
+runner.assertTransferCount
[nifi] branch main updated: NIFI-7777 Added optional Password property to UnpackContent for decrypting Zip archives
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new ea6b011 NIFI- Added optional Password property to UnpackContent for decrypting Zip archives ea6b011 is described below commit ea6b01159d16a1d14e611f3a211caa42fe5577f2 Author: exceptionfactory AuthorDate: Mon Oct 5 20:28:41 2020 -0400 NIFI- Added optional Password property to UnpackContent for decrypting Zip archives This closes #4572. Signed-off-by: Andy LoPresto --- nifi-assembly/NOTICE | 5 ++ .../nifi-standard-processors/pom.xml | 5 ++ .../nifi/processors/standard/UnpackContent.java| 54 ++ .../processors/standard/TestUnpackContent.java | 54 ++ 4 files changed, 108 insertions(+), 10 deletions(-) diff --git a/nifi-assembly/NOTICE b/nifi-assembly/NOTICE index b6ee96c..177f0ea 100644 --- a/nifi-assembly/NOTICE +++ b/nifi-assembly/NOTICE @@ -1946,6 +1946,11 @@ The following binary components are provided under the Apache Software License v Apache FtpServer Core 1.1.1 Copyright 2003-2017 The Apache Software Foundation + (ASLv2) Zip4j +The following NOTICE information applies: + Zip4j 2.6.3. + Copyright 2020 Srikanth Reddy Lingala + Common Development and Distribution License 1.1 diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml index 231e8eb..31d34aa 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml @@ -293,6 +293,11 @@ snappy-java +net.lingala.zip4j +zip4j +2.6.3 + + com.h2database h2 test diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java index f802a5d..d6bf5a3 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java @@ -35,10 +35,11 @@ import java.util.Set; import java.util.UUID; import java.util.concurrent.atomic.AtomicReference; import java.util.regex.Pattern; + +import net.lingala.zip4j.model.LocalFileHeader; import org.apache.commons.compress.archivers.ArchiveEntry; import org.apache.commons.compress.archivers.tar.TarArchiveEntry; import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; -import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; import org.apache.nifi.annotation.behavior.EventDriven; import org.apache.nifi.annotation.behavior.InputRequirement; import org.apache.nifi.annotation.behavior.InputRequirement.Requirement; @@ -53,6 +54,8 @@ import org.apache.nifi.annotation.documentation.Tags; import org.apache.nifi.annotation.lifecycle.OnScheduled; import org.apache.nifi.annotation.lifecycle.OnStopped; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.PropertyValue; +import org.apache.nifi.expression.ExpressionLanguageScope; import org.apache.nifi.flowfile.FlowFile; import org.apache.nifi.flowfile.attributes.CoreAttributes; import org.apache.nifi.flowfile.attributes.FragmentAttributes; @@ -72,6 +75,7 @@ import org.apache.nifi.util.FlowFileUnpackager; import org.apache.nifi.util.FlowFileUnpackagerV1; import org.apache.nifi.util.FlowFileUnpackagerV2; import org.apache.nifi.util.FlowFileUnpackagerV3; +import net.lingala.zip4j.io.inputstream.ZipInputStream; @EventDriven @SideEffectFree @@ -100,7 +104,8 @@ import org.apache.nifi.util.FlowFileUnpackagerV3; @WritesAttribute(attribute = "file.creationTime", description = "The date and time that the file was created. This attribute holds always the same value as file.lastModifiedTime (tar only)."), @WritesAttribute(attribute = "file.owner", description = "The owner of the unpacked file (tar only)"), @WritesAttribute(attribute = "file.group", description = "The group owner of the unpacked file (tar only)"), -@WritesAttribute(attribute = "file.permissions", description = "The read/write/execute permissions of the unpacked file (tar only)")}) +@WritesAttribute(attribute = "file.permission
svn commit: r1882180 - /nifi/site/trunk/security.html
Author: alopresto Date: Thu Oct 1 14:20:02 2020 New Revision: 1882180 URL: http://svn.apache.org/viewvc?rev=1882180=rev Log: Added credit for discovered CVE. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1882180=1882179=1882180=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Thu Oct 1 14:20:02 2020 @@ -197,7 +197,7 @@ Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. -Credit: This issue was discovered by an anonymous community member. +Credit: This issue was discovered by Dennis Detering (IT Security Consultant at Spike Reply). CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487; target="_blank">Mitre Database: CVE-2020-9487 NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385; target="_blank">NIFI-7385 NiFi PR: https://github.com/apache/nifi/pull/4271; target="_blank">PR 4271
[nifi-site] branch main updated: Added credit for CVE reporter.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/main by this push: new 7ecb4d5 Added credit for CVE reporter. 7ecb4d5 is described below commit 7ecb4d5ff24e793fe247b12939e017ca20fbdfbf Author: Andy LoPresto AuthorDate: Thu Oct 1 07:04:16 2020 -0700 Added credit for CVE reporter. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index c25220e..f96af8c 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -92,7 +92,7 @@ title: Apache NiFi Security Reports Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. -Credit: This issue was discovered by an anonymous community member. +Credit: This issue was discovered by Dennis Detering (IT Security Consultant at Spike Reply). CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487; target="_blank">Mitre Database: CVE-2020-9487 NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385; target="_blank">NIFI-7385 NiFi PR: https://github.com/apache/nifi/pull/4271; target="_blank">PR 4271
svn commit: r1882168 - /nifi/site/trunk/security.html
Author: alopresto Date: Wed Sep 30 22:24:14 2020 New Revision: 1882168 URL: http://svn.apache.org/viewvc?rev=1882168=rev Log: Announced 1.12.1 CVEs. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1882168=1882167=1882168=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Wed Sep 30 22:24:14 2020 @@ -157,6 +157,164 @@ + + +Fixed in Apache NiFi 1.12.0 + + + + + +Vulnerabilities + + + + +CVE-2020-9486: Apache NiFi information disclosure in logs +Severity: Important +Versions Affected: + +Apache NiFi 1.10.0 - 1.11.4 + + +Description: The NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. +Mitigation: Implemented Argon2 secure hashing to provide a deterministic loggable value which does not reveal the sensitive value. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Andy LoPresto and Pierre Villard. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9486; target="_blank">Mitre Database: CVE-2020-9486 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7377; target="_blank">NIFI-7377 +NiFi PR: https://github.com/apache/nifi/pull/4222; target="_blank">PR 4222 +Released: August 18, 2020 + + + + +CVE-2020-9487: Apache NiFi denial of service +Severity: Important +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. +Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by an anonymous community member. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487; target="_blank">Mitre Database: CVE-2020-9487 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385; target="_blank">NIFI-7385 +NiFi PR: https://github.com/apache/nifi/pull/4271; target="_blank">PR 4271 +Released: August 18, 2020 + + + + +CVE-2020-9491: Apache NiFi use of weak TLS protocols +Severity: Critical +Versions Affected: + +Apache NiFi 1.2.0 - 1.11.4 + + +Description: The NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. +Mitigation: Refactored disparate internal SSL and TLS code, reducing exposure for extension and framework developers to low-level primitives. Added support for TLS v1.3 on supporting JVMs. Restricted all incoming TLS communications to TLS v1.2+. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Juan Carlos Sequeiros and Andy LoPresto. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9491; target="_blank">Mitre Database: CVE-2020-9491 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7401; target="_blank">NIFI-7401 +NiFi PR: https://github.com/apache/nifi/pull/4263; target="_blank">PR 4263 +Released: August 18, 2020 + + + + +CVE-2020-13940: Apache NiFi information disclosure by XXE +Severity: Low +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE). +Mitigation: An XML validator was introduced to prevent malicious code from being
[nifi-site] branch main updated: Announced 1.12.0 CVEs.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/main by this push: new e004a1c Announced 1.12.0 CVEs. e004a1c is described below commit e004a1c64a557cab307b7a0cfdd6ea57635ef06a Author: Andy LoPresto AuthorDate: Wed Sep 30 15:20:00 2020 -0700 Announced 1.12.0 CVEs. --- src/pages/html/security.hbs | 158 1 file changed, 158 insertions(+) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 7d6ac51..c25220e 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -52,6 +52,164 @@ title: Apache NiFi Security Reports + + +Fixed in Apache NiFi 1.12.0 + + + + + +Vulnerabilities + + + + +CVE-2020-9486: Apache NiFi information disclosure in logs +Severity: Important +Versions Affected: + +Apache NiFi 1.10.0 - 1.11.4 + + +Description: The NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. +Mitigation: Implemented Argon2 secure hashing to provide a deterministic loggable value which does not reveal the sensitive value. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Andy LoPresto and Pierre Villard. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9486; target="_blank">Mitre Database: CVE-2020-9486 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7377; target="_blank">NIFI-7377 +NiFi PR: https://github.com/apache/nifi/pull/4222; target="_blank">PR 4222 +Released: August 18, 2020 + + + + +CVE-2020-9487: Apache NiFi denial of service +Severity: Important +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. +Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by an anonymous community member. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487; target="_blank">Mitre Database: CVE-2020-9487 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7385; target="_blank">NIFI-7385 +NiFi PR: https://github.com/apache/nifi/pull/4271; target="_blank">PR 4271 +Released: August 18, 2020 + + + + +CVE-2020-9491: Apache NiFi use of weak TLS protocols +Severity: Critical +Versions Affected: + +Apache NiFi 1.2.0 - 1.11.4 + + +Description: The NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. +Mitigation: Refactored disparate internal SSL and TLS code, reducing exposure for extension and framework developers to low-level primitives. Added support for TLS v1.3 on supporting JVMs. Restricted all incoming TLS communications to TLS v1.2+. Users running any previous NiFi release should upgrade to the latest release. +Credit: This issue was discovered by Juan Carlos Sequeiros and Andy LoPresto. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9491; target="_blank">Mitre Database: CVE-2020-9491 +NiFi Jira: https://issues.apache.org/jira/browse/NIFI-7401; target="_blank">NIFI-7401 +NiFi PR: https://github.com/apache/nifi/pull/4263; target="_blank">PR 4263 +Released: August 18, 2020 + + + + +CVE-2020-13940: Apache NiFi information disclosure by XXE +Severity: Low +Versions Affected: + +Apache NiFi 1.0.0 - 1.11.4 + + +Description: The notification service manager and various policy authorizer and user group provider objects allow
[nifi] branch main updated: NIFI-7841: Made corrections in the nifi-walkthroughs docs (#4548)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 7e0bcb9 NIFI-7841: Made corrections in the nifi-walkthroughs docs (#4548) 7e0bcb9 is described below commit 7e0bcb98e1ebc3bc64d1a33dbb7d626496f6e1d0 Author: VKadam <56328193+vedaka...@users.noreply.github.com> AuthorDate: Wed Sep 23 16:37:26 2020 -0700 NIFI-7841: Made corrections in the nifi-walkthroughs docs (#4548) Signed-off-by: Andy LoPresto --- nifi-docs/src/main/asciidoc/walkthroughs.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/walkthroughs.adoc b/nifi-docs/src/main/asciidoc/walkthroughs.adoc index 3d23bbf..2301981 100644 --- a/nifi-docs/src/main/asciidoc/walkthroughs.adoc +++ b/nifi-docs/src/main/asciidoc/walkthroughs.adoc @@ -1079,7 +1079,7 @@ The resulting directory will contain 7 new entries: ** `node3.nifi/` -- The directory containing `node3` keystore and related files -- Optional command to execute all steps together using the toolkit pattern syntax: -* `./bin/tls-toolkit.sh -n 'node[1-3].nifi' -C 'CN=my_username' -c 'ca.nifi'` -- Performs all steps listed above simultaneously +* `./bin/tls-toolkit.sh standalone -n 'node[1-3].nifi' -C 'CN=my_username' -c 'ca.nifi'` -- Performs all steps listed above simultaneously . Create a new `nifi_cluster` folder in an appropriate location. In this example, where all three nodes will run on the same machine, the `/etc/nifi_cluster` directory is used. All further instructions occur from this directory. * `mkdir /etc/nifi_cluster` -- Creates the working directory * `cd /etc/nifi_cluster` -- Change to the created directory
[nifi] branch main updated: NIFI-7832 Resetting boolean that indicates password is being used when service is disabled (#4543)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new caf7960 NIFI-7832 Resetting boolean that indicates password is being
used when service is disabled (#4543)
caf7960 is described below
commit caf79601ac54249cd61cf7b69112257764d4cb3f
Author: Bryan Bende
AuthorDate: Tue Sep 22 12:11:46 2020 -0400
NIFI-7832 Resetting boolean that indicates password is being used when
service is disabled (#4543)
Signed-off-by: Andy LoPresto
---
.../nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java | 2 ++
1 file changed, 2 insertions(+)
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
index 317c5e6..f48f250 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
@@ -222,6 +222,7 @@ public class HortonworksSchemaRegistry extends
AbstractControllerService impleme
final String keytab = kerberosCredentialsService.getKeytab();
final String jaasConfigString = getKeytabJaasConfig(principal,
keytab);
schemaRegistryConfig.put(SchemaRegistryClient.Configuration.SASL_JAAS_CONFIG.name(),
jaasConfigString);
+usingKerberosWithPassword = false;
} else if (!StringUtils.isBlank(kerberosPrincipal) &&
!StringUtils.isBlank(kerberosPassword)) {
schemaRegistryConfig.put(SchemaRegistryClientWithKerberosPassword.SCHEMA_REGISTRY_CLIENT_KERBEROS_PRINCIPAL,
kerberosPrincipal);
schemaRegistryConfig.put(SchemaRegistryClientWithKerberosPassword.SCHEMA_REGISTRY_CLIENT_KERBEROS_PASSWORD,
kerberosPassword);
@@ -268,6 +269,7 @@ public class HortonworksSchemaRegistry extends
AbstractControllerService impleme
}
initialized = false;
+usingKerberosWithPassword = false;
}
[nifi] branch main updated: NIFI-7816: Correct documentation example for urlEncode function in Expression Language Guide (#4536)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 4040664 NIFI-7816: Correct documentation example for urlEncode
function in Expression Language Guide (#4536)
4040664 is described below
commit 40406648864240b83ab91a711b8fe70fd3c02d57
Author: Mohammed Nadeem
AuthorDate: Tue Sep 22 00:42:23 2020 +0530
NIFI-7816: Correct documentation example for urlEncode function in
Expression Language Guide (#4536)
Signed-off-by: Andy LoPresto
---
nifi-docs/src/main/asciidoc/expression-language-guide.adoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc
b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc
index 7217f2a..b79629e 100644
--- a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc
@@ -1380,7 +1380,7 @@ Each of the following functions will encode a string
according the rules of the
*Examples*: We can URL-Encode an attribute named "url" by using the Expression
`${url:urlEncode()}`. If
the value of the "url" attribute is "https://nifi.apache.org/some value
with spaces", this
- Expression will then return
"https://nifi.apache.org/some%20value%20with%20spaces;.
+ Expression will then return
"https%3A%2F%2Fnifi.apache.org%2Fsome+value+with+spaces".
@@ -1397,7 +1397,7 @@ Each of the following functions will encode a string
according the rules of the
*Return Type*: [.returnType]#String#
*Examples*: If we have a URL-Encoded attribute named "url" with the value
- "https://nifi.apache.org/some%20value%20with%20spaces;, then the
Expression
+ "https://nifi.apache.org/some%20value%20with%20spaces; or
"https%3A%2F%2Fnifi.apache.org%2Fsome+value+with+spaces", then the Expression
`${url:urlDecode()}` will return "https://nifi.apache.org/some value
with spaces".
[nifi] 05/11: NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate flowfile attributes where possible
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 6aa58d1374129f723dc5130ab88da10d1f755c94
Author: Matthew Burgess
AuthorDate: Fri Sep 11 14:19:38 2020 -0400
NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate flowfile
attributes where possible
Signed-off-by: Pierre Villard
This closes #4523.
---
.../nifi/processors/standard/AbstractExecuteSQL.java | 15 ---
.../org/apache/nifi/processors/standard/ExecuteSQL.java | 2 +-
.../apache/nifi/processors/standard/ExecuteSQLRecord.java | 2 +-
.../apache/nifi/processors/standard/TestExecuteSQL.java | 6 --
4 files changed, 14 insertions(+), 11 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java
index 845..6481181 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/AbstractExecuteSQL.java
@@ -127,6 +127,7 @@ public abstract class AbstractExecuteSQL extends
AbstractProcessor {
.defaultValue("0 seconds")
.required(true)
.addValidator(StandardValidators.TIME_PERIOD_VALIDATOR)
+
.expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
.sensitive(false)
.build();
@@ -138,7 +139,7 @@ public abstract class AbstractExecuteSQL extends
AbstractProcessor {
.defaultValue("0")
.required(true)
.addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR)
-
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+
.expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
.build();
public static final PropertyDescriptor OUTPUT_BATCH_SIZE = new
PropertyDescriptor.Builder()
@@ -152,7 +153,7 @@ public abstract class AbstractExecuteSQL extends
AbstractProcessor {
.defaultValue("0")
.required(true)
.addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR)
-
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+
.expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
.build();
public static final PropertyDescriptor FETCH_SIZE = new
PropertyDescriptor.Builder()
@@ -163,7 +164,7 @@ public abstract class AbstractExecuteSQL extends
AbstractProcessor {
.defaultValue("0")
.required(true)
.addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR)
-
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+
.expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
.build();
protected List propDescriptors;
@@ -210,11 +211,11 @@ public abstract class AbstractExecuteSQL extends
AbstractProcessor {
final List resultSetFlowFiles = new ArrayList<>();
final ComponentLog logger = getLogger();
-final Integer queryTimeout =
context.getProperty(QUERY_TIMEOUT).asTimePeriod(TimeUnit.SECONDS).intValue();
-final Integer maxRowsPerFlowFile =
context.getProperty(MAX_ROWS_PER_FLOW_FILE).evaluateAttributeExpressions().asInteger();
-final Integer outputBatchSizeField =
context.getProperty(OUTPUT_BATCH_SIZE).evaluateAttributeExpressions().asInteger();
+final int queryTimeout =
context.getProperty(QUERY_TIMEOUT).evaluateAttributeExpressions(fileToProcess).asTimePeriod(TimeUnit.SECONDS).intValue();
+final Integer maxRowsPerFlowFile =
context.getProperty(MAX_ROWS_PER_FLOW_FILE).evaluateAttributeExpressions(fileToProcess).asInteger();
+final Integer outputBatchSizeField =
context.getProperty(OUTPUT_BATCH_SIZE).evaluateAttributeExpressions(fileToProcess).asInteger();
final int outputBatchSize = outputBatchSizeField == null ? 0 :
outputBatchSizeField;
-final Integer fetchSize =
context.getProperty(FETCH_SIZE).evaluateAttributeExpressions().asInteger();
+final Integer fetchSize =
context.getProperty(FETCH_SIZE).evaluateAttributeExpressions(fileToProcess).asInteger();
List preQueries =
getQueries(context.getProperty(SQL_PRE_QUERY).evaluateAttributeExpressions(fileToProcess).getValue());
List postQueries =
getQueries(context.getProperty(SQL_POST_QUERY).evaluateAttributeExpressions(fileToProcess).getValue());
diff --git
a/nifi-
[nifi] 08/11: NIFI-5583: Add cdc processor for MySQL referring to GTID.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 174720104872b43dbaf94a268690d986de7f6b03
Author: yoshiata
AuthorDate: Mon Jul 2 15:55:50 2018 +0900
NIFI-5583: Add cdc processor for MySQL referring to GTID.
Signed-off-by: Pierre Villard
This closes #2997.
---
.../nifi/cdc/mysql/event/BaseBinlogEventInfo.java | 10 ++
.../cdc/mysql/event/BaseBinlogRowEventInfo.java| 6 +
.../cdc/mysql/event/BaseBinlogTableEventInfo.java | 5 +
.../cdc/mysql/event/BeginTransactionEventInfo.java | 5 +
.../nifi/cdc/mysql/event/BinlogEventInfo.java | 3 +
.../mysql/event/CommitTransactionEventInfo.java| 5 +
.../apache/nifi/cdc/mysql/event/DDLEventInfo.java | 5 +
.../nifi/cdc/mysql/event/DeleteRowsEventInfo.java | 4 +
.../nifi/cdc/mysql/event/InsertRowsEventInfo.java | 5 +
.../nifi/cdc/mysql/event/UpdateRowsEventInfo.java | 5 +
.../mysql/event/io/AbstractBinlogEventWriter.java | 19 +-
.../cdc/mysql/processors/CaptureChangeMySQL.java | 177 ++-
.../mysql/processors/CaptureChangeMySQLTest.groovy | 193 +
13 files changed, 393 insertions(+), 49 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java
b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java
index 7089cda..9106e93 100644
---
a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java
+++
b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogEventInfo.java
@@ -25,6 +25,7 @@ public class BaseBinlogEventInfo extends BaseEventInfo
implements BinlogEventInf
private String binlogFilename;
private Long binlogPosition;
+private String binlogGtidSet;
public BaseBinlogEventInfo(String eventType, Long timestamp, String
binlogFilename, Long binlogPosition) {
super(eventType, timestamp);
@@ -32,6 +33,11 @@ public class BaseBinlogEventInfo extends BaseEventInfo
implements BinlogEventInf
this.binlogPosition = binlogPosition;
}
+public BaseBinlogEventInfo(String eventType, Long timestamp, String
binlogGtidSet) {
+super(eventType, timestamp);
+this.binlogGtidSet = binlogGtidSet;
+}
+
public String getBinlogFilename() {
return binlogFilename;
}
@@ -39,4 +45,8 @@ public class BaseBinlogEventInfo extends BaseEventInfo
implements BinlogEventInf
public Long getBinlogPosition() {
return binlogPosition;
}
+
+public String getBinlogGtidSet() {
+return binlogGtidSet;
+}
}
diff --git
a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java
b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java
index 4796947..6517225 100644
---
a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java
+++
b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogRowEventInfo.java
@@ -37,6 +37,12 @@ public class BaseBinlogRowEventInfo
extends BaseBinlogTableEve
this.delegate = new BaseRowEventInfo<>(tableInfo, type, timestamp,
rows);
}
+public BaseBinlogRowEventInfo(TableInfo tableInfo, String type, Long
timestamp, String binlogGtidSet, BitSet includedColumns, List
rows) {
+super(tableInfo, type, timestamp, binlogGtidSet);
+this.includedColumns = includedColumns;
+this.delegate = new BaseRowEventInfo<>(tableInfo, type, timestamp,
rows);
+}
+
public BitSet getIncludedColumns() {
return includedColumns;
}
diff --git
a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java
b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java
index c5d3ddf..ea23023 100644
---
a/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java
+++
b/nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/event/BaseBinlogTableEventInfo.java
@@ -35,6 +35,11 @@ public class BaseBinlogTableEventInfo extends
BaseBin
[nifi] 09/11: NIFI-7580-Add documentation around autoloading NARs
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit 1adb16efb8e976c47e310bc10ac19e5d439b891d Author: abrown AuthorDate: Tue Sep 15 11:55:30 2020 +0100 NIFI-7580-Add documentation around autoloading NARs Signed-off-by: Pierre Villard This closes #4529. --- .../src/main/asciidoc/administration-guide.adoc| 62 ++ 1 file changed, 62 insertions(+) diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index ea2919f..337c60b 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -3676,3 +3676,65 @@ In your new NiFi installation: 3. After confirming your new NiFi instances are stable and working as expected, the old installation can be removed. NOTE: If the original NiFi was setup to run as a service, update any symlinks or service scripts to point to the new NiFi version executables. + + +== Processor Locations + +[[processor-location-options]] +=== Available Configuration Options + +NiFi provides 3 configuration options for processor locations. Namely: + + nifi.nar.library.directory + nifi.nar.library.directory. + nifi.nar.library.autoload.directory + +NOTE: Paths set using these options are relative to the NiFi Home Directory. For example, if the NiFi Home Directory is `/var/lib/nifi`, and the Library Directory is `./lib`, then the final path is `/var/lib/nifi/lib`. + +The `nifi.nar.library.directory` is used for the default location for provided NiFi processors. It is not recommended to use this for custom processors as these could be lost during a NiFi upgrade. For example: + + nifi.nar.library.directory=./lib + +The `nifi.nar.library.directory.` allows the admin to provide multiple arbritary paths for NiFi to locate custom processors. A unique property identifier must append the property for each unique path. For example: + + nifi.nar.library.directory.myCustomLibs=./my-custom-nars/lib + nifi.nar.library.directory.otherCustomLibs=./other-custom-nars/lib + +The `nifi.nar.library.autoload.directory` is used by the autoload feature, where NiFi can automatically load new processors added to the configured path without requiring a restart. For example: + + nifi.nar.library.autoload.directory=./autoload/lib + +=== Installing Custom Processors + +This section describes the original process for installing custom processors that requires a restart to NiFi. To use the Autoloading feature, see the below <> section. + +Firstly, we will configure a directory for the custom processors. See <> for more about these configuration options. + + nifi.nar.library.directory.myCustomLibs=./my-custom-nars/lib + +Ensure that this directory exists and has appropriate permissions for the nifi user and group. + +Now, we must place our custom processor nar in the configured directory. The configured directory is relative to the NiFi Home directory; for example, let us say that our NiFi Home Dir is `/var/lib/nifi`, we would place our custom processor nar in `/var/lib/nifi/my-custom-nars/lib`. + +Ensure that the file has appropriate permissions for the nifi user and group. + +Restart NiFi and the custom processor should now be available when adding a new Processor to your flow. + +[[autoloading-processors]] +=== Autoloading Custom Processors + +This section describes the process to use the Autoloading feature for custom processors. + +To use the autoloading feature, the `nifi.nar.library.autoload.directory` property must be configured to point at the desired directory. By default, this points at `./extensions`. + +For example: + + nifi.nar.library.autoload.directory=./extensions + +Ensure that this directory exists and has appropriate permissions for the nifi user and group. + +Now, we must place our custom processor nar in the configured directory. The configured directory is relative to the NiFi Home directory; for example, let us say that our NiFi Home Dir is `/var/lib/nifi`, we would place our custom processor nar in `/var/lib/nifi/extensions`. + +Ensure that the file has appropriate permissions for the nifi user and group. + +Refresh the browser page and the custom processor should now be available when adding a new Processor to your flow.
[nifi] 02/11: NIFI-7742: update case clause logic
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 57eb740384e7cb9f7268d5660587dc82316d5a52
Author: Shane Ardell
AuthorDate: Fri Sep 11 16:43:24 2020 -0400
NIFI-7742: update case clause logic
---
.../controllers/nf-ng-canvas-flow-status-controller.js | 17 +++--
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
index 2e2ebc5..5595803 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
@@ -321,20 +321,9 @@
var group = item.parentGroup;
if
(nfCommon.isDefinedAndNotNull(group.id)) {
nfProcessGroup.enterGroup(group.id).done(function () {
-if
($('#process-group-configuration').is(':visible')) {
-
nfProcessGroupConfiguration.loadConfiguration(group.id).done(function () {
-
nfProcessGroupConfiguration.selectControllerService(item.id);
-});
-} else {
-
nfProcessGroupConfiguration.showConfiguration(group.id).done(function () {
-
nfSettings.selectControllerService(item.id);
-});
-}
-});
-} else {
-// reload the settings and show
-
nfSettings.showSettings().done(function () {
-
nfSettings.selectControllerService(item.id);
+
nfProcessGroupConfiguration.showConfiguration(group.id).done(function () {
+
nfProcessGroupConfiguration.selectControllerService(item.id);
+});
});
}
break;
[nifi] 11/11: NIFI-7787 fixing version references
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch support/nifi-1.12.x in repository https://gitbox.apache.org/repos/asf/nifi.git commit c18a81dad91fd6b07c084c21f03d57007e2c5731 Author: Joe Witt AuthorDate: Thu Sep 17 15:23:58 2020 -0700 NIFI-7787 fixing version references --- nifi-commons/nifi-security-utils-api/pom.xml | 2 +- nifi-commons/nifi-security-utils/pom.xml | 2 +- .../nifi-extension-utils/nifi-kerberos-test-utils/pom.xml | 8 nifi-nar-bundles/nifi-framework-bundle/pom.xml| 2 +- nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml | 2 +- .../nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml| 2 +- nifi-nar-bundles/pom.xml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/nifi-commons/nifi-security-utils-api/pom.xml b/nifi-commons/nifi-security-utils-api/pom.xml index 02dbe52..c953a2c 100644 --- a/nifi-commons/nifi-security-utils-api/pom.xml +++ b/nifi-commons/nifi-security-utils-api/pom.xml @@ -17,7 +17,7 @@ org.apache.nifi nifi-commons -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT nifi-security-utils-api diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml index 2b7bd58..b4289c2 100644 --- a/nifi-commons/nifi-security-utils/pom.xml +++ b/nifi-commons/nifi-security-utils/pom.xml @@ -40,7 +40,7 @@ org.apache.nifi nifi-security-utils-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT ch.qos.logback diff --git a/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml index a223d03..3801ca9 100644 --- a/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml +++ b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml @@ -18,7 +18,7 @@ org.apache.nifi nifi-extension-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT nifi-kerberos-test-utils @@ -27,17 +27,17 @@ org.apache.nifi nifi-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT org.apache.nifi nifi-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT org.apache.nifi nifi-kerberos-credentials-service-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml index db1e89e..0905d41 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml @@ -56,7 +56,7 @@ org.apache.nifi nifi-security-utils-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT org.apache.nifi diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml index 38a3234..ea6cb8f 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml @@ -150,7 +150,7 @@ org.apache.nifi nifi-kerberos-test-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT test diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml index 83ddffc..5de1149 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml +++ b/nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml @@ -117,7 +117,7 @@ org.apache.nifi nifi-kerberos-test-utils -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT test diff --git a/nifi-nar-bundles/pom.xml b/nifi-nar-bundles/pom.xml index 84b9ccb..5582713 100755 --- a/nifi-nar-bundles/pom.xml +++ b/nifi-nar-bundles/pom.xml @@ -201,7 +201,7 @@ org.apache.nifi nifi-security-utils-api -1.13.0-SNAPSHOT +1.12.1-SNAPSHOT provided
[nifi] 07/11: NIFI-7768 Added support for monogdb+srv connection strings.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 2174af7a3ad7de47f355a7e509d02a09100991af
Author: Mike Thomsen
AuthorDate: Mon Sep 7 20:08:46 2020 -0400
NIFI-7768 Added support for monogdb+srv connection strings.
This closes #4514.
Signed-off-by: Joey Frazee
---
.../apache/nifi/processors/mongodb/GetMongoIT.java | 9 +
.../processors/mongodb/RunMongoAggregationIT.java | 9 +++--
nifi-nar-bundles/nifi-mongodb-bundle/pom.xml | 23 +-
3 files changed, 13 insertions(+), 28 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java
b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java
index ddea9a8..7ec724c 100644
---
a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java
+++
b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/GetMongoIT.java
@@ -311,11 +311,12 @@ public class GetMongoIT {
* Test original behavior; Manually set query of {}, no input
*/
final String attr = "query.attr";
-runner.setProperty(GetMongo.QUERY, "{}");
+final String queryValue = "{}";
+runner.setProperty(GetMongo.QUERY, queryValue);
runner.setProperty(GetMongo.QUERY_ATTRIBUTE, attr);
runner.run();
runner.assertTransferCount(GetMongo.REL_SUCCESS, 3);
-testQueryAttribute(attr, "{ }");
+testQueryAttribute(attr, queryValue);
runner.clearTransferState();
@@ -325,7 +326,7 @@ public class GetMongoIT {
runner.removeProperty(GetMongo.QUERY);
runner.setIncomingConnection(false);
runner.run();
-testQueryAttribute(attr, "{ }");
+testQueryAttribute(attr, queryValue);
runner.clearTransferState();
@@ -336,7 +337,7 @@ public class GetMongoIT {
runner.setIncomingConnection(true);
runner.enqueue("{}");
runner.run();
-testQueryAttribute(attr, "{ }");
+testQueryAttribute(attr, queryValue);
/*
* Input flowfile with invalid query
diff --git
a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java
b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java
index 2aadc5f..24c130f 100644
---
a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java
+++
b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/RunMongoAggregationIT.java
@@ -37,6 +37,7 @@ import org.junit.Test;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -239,12 +240,16 @@ public class RunMongoAggregationIT {
@Test
public void testExtendedJsonSupport() throws Exception {
-String pattern = "-MM-dd'T'HH:mm:ss.SSS";
+String pattern = "-MM-dd'T'HH:mm:ss'Z'";
SimpleDateFormat simpleDateFormat = new SimpleDateFormat(pattern);
+//Let's put this a week from now to make sure that we're not getting
too close to
+//the creation date
+Date nowish = new Date(now.getTime().getTime() + (7 * 24 * 60 * 60 *
1000));
+
final String queryInput = "[\n" +
" {\n" +
"\"$match\": {\n" +
-" \"date\": { \"$gte\": { \"$date\": \"2019-01-01T00:00:00Z\"
}, \"$lte\": { \"$date\": \"" + simpleDateFormat.format(now.getTime()) + "\" }
}\n" +
+" \"date\": { \"$gte\": { \"$date\": \"2019-01-01T00:00:00Z\"
}, \"$lte\": { \"$date\": \"" + simpleDateFormat.format(nowish) + "\" } }\n" +
"}\n" +
" },\n" +
" {\n" +
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml
b/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml
index ba46fde..1f2d7ad 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/pom.xml
@@ -35,30 +35,9 @@
-3.2.2
+3.12.7
-
-
-3.4
-
-3.4.3
-
-
-
-3.6
-
-3.6.4
-
-
-
-3.8
-
-3.8.0
-
-
-
-
[nifi] 04/11: NIFI-7807 Updating in-class documentation to be more clear & adding additionalDetails with examples
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 33d9b8fdcaa787334a8acbd79e961396c9bf2e74
Author: abrown
AuthorDate: Mon Sep 14 13:53:48 2020 +0100
NIFI-7807 Updating in-class documentation to be more clear & adding
additionalDetails with examples
Signed-off-by: Pierre Villard
This closes #4526.
---
.../org/apache/nifi/processors/kudu/PutKudu.java | 2 +-
.../additionalDetails.html | 185 +
2 files changed, 186 insertions(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
index 064e295..3e8e199 100644
---
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
+++
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
@@ -75,7 +75,7 @@ import java.util.stream.Stream;
@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED)
@Tags({"put", "database", "NoSQL", "kudu", "HDFS", "record"})
@CapabilityDescription("Reads records from an incoming FlowFile using the
provided Record Reader, and writes those records " +
-"to the specified Kudu's table. The schema for the table must be
provided in the processor properties or from your source." +
+"to the specified Kudu's table. The schema for the Kudu table is
inferred from the schema of the Record Reader." +
" If any error occurs while reading records from the input, or writing
records to Kudu, the FlowFile will be routed to failure")
@WritesAttribute(attribute = "record.count", description = "Number of records
written to Kudu")
diff --git
a/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/resources/docs/org.apache.nifi.processors.kudu.PutKudu/additionalDetails.html
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/resources/docs/org.apache.nifi.processors.kudu.PutKudu/additionalDetails.html
new file mode 100644
index 000..bb79092
--- /dev/null
+++
b/nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/resources/docs/org.apache.nifi.processors.kudu.PutKudu/additionalDetails.html
@@ -0,0 +1,185 @@
+
+
+
+
+
+PutKudu
+
+
+
+
+
+
+Description:
+
+This processor writes Records to a Kudu table.
+
+A Record Reader must be supplied to read the records from the
FlowFile.
+The schema supplied to the Record Reader is used to match fields
in the Record to the columns of the Kudu table.
+See the Table Schema section for more.
+
+
+Table Name
+When Hive MetaStore integration is enabled for Impala/Kudu, do not
use the "impala::" syntax for the table name. Simply use the Hive
"dbname.tablename" syntax.
+
+
+For example, without HMS integration, you might use
+
+
+
+Table Name: impala::default.testtable
+
+
+
+With HMS integration, you would simply use
+
+
+
+Table Name: default.testtable
+
+
+
+
+Table Schema
+
+
+When writing to Kudu, NiFi must map the fields from the Record to
the columns of the Kudu table. It does this by acquiring the schema of the
table from Kudu and the schema
+provided by the Record Reader. It can now compare the Record field
names against the Kudu table column names. Additionally, it also compares the
field and colunm types, to
+apply the appropriate type conversions.
+
+
+
+For example, assuming you have the following data:
+
+
+
+
+{
+"forename":"Jessica",
+"surname":"Smith",
+"employee_id":123456789
+}
+
+
+
+
+With the following schema in the Record Reader:
+
+
+
+
+{
+"type": "record",
+"namespace": "nifi",
+"name": "employee",
+"fields": [
+{ "name": "forename", "type": "strin
[nifi] 10/11: NIFI-7799: Relogin with Kerberos on connect exception in DBCPConnectionPool (#4519)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit e952a76e4f9eba5e668ff06af5ff95554b851acf
Author: Matthew Burgess
AuthorDate: Thu Sep 17 13:33:54 2020 -0400
NIFI-7799: Relogin with Kerberos on connect exception in DBCPConnectionPool
(#4519)
---
.../{ => nifi-kerberos-test-utils}/pom.xml | 43 ++-
.../kerberos/MockKerberosCredentialsService.java | 85 ++
nifi-nar-bundles/nifi-extension-utils/pom.xml | 1 +
.../nifi-hive-bundle/nifi-hive3-processors/pom.xml | 6 ++
.../processors/hive/TestPutHive3Streaming.java | 67 ++---
.../nifi-dbcp-service/pom.xml | 19 +
.../org/apache/nifi/dbcp/DBCPConnectionPool.java | 9 +++
.../java/org/apache/nifi/dbcp/DBCPServiceTest.java | 38 ++
.../src/test/resources/fake.keytab | 0
9 files changed, 187 insertions(+), 81 deletions(-)
diff --git a/nifi-nar-bundles/nifi-extension-utils/pom.xml
b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml
similarity index 57%
copy from nifi-nar-bundles/nifi-extension-utils/pom.xml
copy to nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml
index 2980f23..a223d03 100644
--- a/nifi-nar-bundles/nifi-extension-utils/pom.xml
+++ b/nifi-nar-bundles/nifi-extension-utils/nifi-kerberos-test-utils/pom.xml
@@ -1,4 +1,4 @@
-
+
[nifi] branch support/nifi-1.12.x updated (113050a -> c18a81d)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a change to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git.
discard 113050a NIFI-7787 fixing version references
discard 94ad325 NIFI-7799: Relogin with Kerberos on connect exception in
DBCPConnectionPool (#4519)
discard d6d9509 NIFI-7580-Add documentation around autoloading NARs
discard 9de8759 NIFI-5583: Add cdc processor for MySQL referring to GTID.
discard 0873ed5 NIFI-7768 Added support for monogdb+srv connection strings.
discard 57d7ca1 NIFI-7800: Fix line endings for changed files
discard 5499870 NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate
flowfile attributes where possible
discard 3bb414f NIFI-7807 Updating in-class documentation to be more clear &
adding additionalDetails with examples
discard 51a3cf4 NIFI-7742: remove defined and null check
discard 0baf82b NIFI-7742: update case clause logic
discard 3a6915d NIFI-7742: add case for controller service selections
discard f41adc6 NIFI-7802 Remove commons-configuration2 dependency from
nifi-security-utils which ends up nifi-standard-services-api and on the
classpath of any standard services
new c0e7f77 NIFI-7742: add case for controller service selections
new 57eb740 NIFI-7742: update case clause logic
new b9b31b2 NIFI-7742: remove defined and null check
new 33d9b8f NIFI-7807 Updating in-class documentation to be more clear &
adding additionalDetails with examples
new 6aa58d1 NIFI-7803: Allow ExecuteSQL(Record) properties to evaluate
flowfile attributes where possible
new 05d445f NIFI-7800: Fix line endings for changed files
new 2174af7 NIFI-7768 Added support for monogdb+srv connection strings.
new 1747201 NIFI-5583: Add cdc processor for MySQL referring to GTID.
new 1adb16e NIFI-7580-Add documentation around autoloading NARs
new e952a76 NIFI-7799: Relogin with Kerberos on connect exception in
DBCPConnectionPool (#4519)
new c18a81d NIFI-7787 fixing version references
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (113050a)
\
N -- N -- N refs/heads/support/nifi-1.12.x (c18a81d)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 11 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
nifi-commons/nifi-security-utils/pom.xml | 5 ++
.../nifi/security/xml/SafeXMLConfiguration.java| 0
nifi-commons/nifi-security-xml-config/pom.xml | 78 --
nifi-commons/pom.xml | 1 -
4 files changed, 5 insertions(+), 79 deletions(-)
rename nifi-commons/{nifi-security-xml-config =>
nifi-security-utils}/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
(100%)
delete mode 100644 nifi-commons/nifi-security-xml-config/pom.xml
[nifi] 01/11: NIFI-7742: add case for controller service selections
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit c0e7f773f0fdd3af6f6bdf38aada3f4162bdae5f
Author: Shane Ardell
AuthorDate: Fri Sep 11 15:49:51 2020 -0400
NIFI-7742: add case for controller service selections
---
.../nf-ng-canvas-flow-status-controller.js | 39 ++
1 file changed, 33 insertions(+), 6 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
index 8a338fa..2e2ebc5 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
@@ -27,9 +27,11 @@
'nf.ClusterSummary',
'nf.ErrorHandler',
'nf.Settings',
-'nf.ParameterContexts'],
-function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu,
nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts) {
-return (nf.ng.Canvas.FlowStatusCtrl = factory($, nfCommon,
nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler,
nfSettings, nfParameterContexts));
+'nf.ParameterContexts',
+'nf.ProcessGroup',
+'nf.ProcessGroupConfiguration'],
+function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu,
nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts,
nfProcessGroup, nfProcessGroupConfiguration) {
+return (nf.ng.Canvas.FlowStatusCtrl = factory($, nfCommon,
nfDialog, nfCanvasUtils, nfContextMenu, nfClusterSummary, nfErrorHandler,
nfSettings, nfParameterContexts, nfProcessGroup, nfProcessGroupConfiguration));
});
} else if (typeof exports === 'object' && typeof module === 'object') {
module.exports = (nf.ng.Canvas.FlowStatusCtrl =
@@ -41,7 +43,9 @@
require('nf.ClusterSummary'),
require('nf.ErrorHandler'),
require('nf.Settings'),
-require('nf.ParameterContexts')));
+require('nf.ParameterContexts'),
+require('nf.ProcessGroup'),
+require('nf.ProcessGroupConfiguration')));
} else {
nf.ng.Canvas.FlowStatusCtrl = factory(root.$,
root.nf.Common,
@@ -51,9 +55,11 @@
root.nf.ClusterSummary,
root.nf.ErrorHandler,
root.nf.Settings,
-root.nf.ParameterContexts);
+root.nf.ParameterContexts,
+root.nf.ProcessGroup,
+root.nf.ProcessGroupConfiguration);
}
-}(this, function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu,
nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts) {
+}(this, function ($, nfCommon, nfDialog, nfCanvasUtils, nfContextMenu,
nfClusterSummary, nfErrorHandler, nfSettings, nfParameterContexts,
nfProcessGroup, nfProcessGroupConfiguration) {
'use strict';
return function (serviceProvider) {
@@ -311,6 +317,27 @@
var paramContext = item.parentGroup;
nfParameterContexts.showParameterContext(paramContext.id, null, item.name);
break;
+case 'controller service':
+var group = item.parentGroup;
+if
(nfCommon.isDefinedAndNotNull(group.id)) {
+
nfProcessGroup.enterGroup(group.id).done(function () {
+if
($('#process-group-configuration').is(':visible')) {
+
nfProcessGroupConfiguration.loadConfiguration(group.id).done(function () {
+
nfProcessGroupConfiguration.selectControllerService(item.id);
+});
+} else {
+
nfProcessGroupConfiguration.showConfiguration(group.id).done(function () {
+
nfSettings.selectControllerService(item.id);
+});
+}
+});
+} else {
+/
[nifi] 03/11: NIFI-7742: remove defined and null check
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit b9b31b299b6d5c21681d1b1d827f5fba89bb4a40
Author: Shane Ardell
AuthorDate: Fri Sep 11 17:21:20 2020 -0400
NIFI-7742: remove defined and null check
This closes #4524
Signed-off-by: Scott Aslan
---
.../canvas/controllers/nf-ng-canvas-flow-status-controller.js | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
index 5595803..4de9712 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/controllers/nf-ng-canvas-flow-status-controller.js
@@ -319,13 +319,11 @@
break;
case 'controller service':
var group = item.parentGroup;
-if
(nfCommon.isDefinedAndNotNull(group.id)) {
-
nfProcessGroup.enterGroup(group.id).done(function () {
-
nfProcessGroupConfiguration.showConfiguration(group.id).done(function () {
-
nfProcessGroupConfiguration.selectControllerService(item.id);
-});
+
nfProcessGroup.enterGroup(group.id).done(function () {
+
nfProcessGroupConfiguration.showConfiguration(group.id).done(function () {
+
nfProcessGroupConfiguration.selectControllerService(item.id);
});
-}
+});
break;
default:
var group = item.parentGroup;
[nifi] branch main updated: NIFI-7730 Added regression tests for multiple certificate keystores. Cleaned up JettyServer code. Changed test logging severity to include debug statements. Added test reso
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new c3cab48 NIFI-7730 Added regression tests for multiple certificate
keystores. Cleaned up JettyServer code. Changed test logging severity to
include debug statements. Added test resources.
c3cab48 is described below
commit c3cab48325a8c013f267c9ccc3a375ceb0e3c5e9
Author: Kotaro Terada
AuthorDate: Tue Aug 11 18:19:23 2020 +0900
NIFI-7730 Added regression tests for multiple certificate keystores.
Cleaned up JettyServer code.
Changed test logging severity to include debug statements.
Added test resources.
This closes #4498.
Co-authored-by: Kotaro Terada
---
.../nifi/remote/client/http/TestHttpClient.java| 2 +-
.../org/apache/nifi/web/server/JettyServer.java| 14 +--
.../nifi/web/server/JettyServerGroovyTest.groovy | 105 +
.../apache/nifi/web/server/JettyServerTest.java| 56 +--
.../nifi-jetty/src/test/resources/log4j.properties | 1 +
.../src/test/resources/multiple_cert_keystore.jks | Bin 0 -> 4457 bytes
.../src/test/resources/multiple_cert_keystore.p12 | Bin 0 -> 4949 bytes
.../nifi/integration/util/NiFiTestServer.java | 7 +-
.../reporting/prometheus/PrometheusServer.java | 2 +-
.../processors/standard/HandleHttpRequest.java | 7 +-
.../nifi/processors/standard/ListenHTTP.java | 7 +-
.../processors/standard/TestGetHTTPGroovy.groovy | 4 +-
.../processors/standard/TestPostHTTPGroovy.groovy | 4 +-
.../java/org/apache/nifi/web/util/TestServer.java | 7 +-
.../jetty/AbstractJettyWebSocketService.java | 2 +-
.../websocket/example/WebSocketClientExample.java | 2 +-
.../websocket/example/WebSocketServerExample.java | 7 +-
.../server/TlsCertificateAuthorityService.java | 7 +-
18 files changed, 136 insertions(+), 98 deletions(-)
diff --git
a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
index f6bf811..ab71c56 100644
---
a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
+++
b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
@@ -453,7 +453,7 @@ public class TestHttpClient {
final ServletHandler wrongPathServletHandler = new ServletHandler();
wrongPathContextHandler.insertHandler(wrongPathServletHandler);
-final SslContextFactory sslContextFactory = new SslContextFactory();
+final SslContextFactory sslContextFactory = new
SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks");
sslContextFactory.setKeyStorePassword("passwordpassword");
sslContextFactory.setKeyStoreType("JKS");
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
index ca7944f..e53c785 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
@@ -975,19 +975,13 @@ public class JettyServer implements NiFiServer,
ExtensionUiLoader {
}
private SslContextFactory createSslContextFactory() {
-final SslContextFactory contextFactory = new SslContextFactory();
-configureSslContextFactory(contextFactory, props);
-return contextFactory;
+final SslContextFactory.Server serverContextFactory = new
SslContextFactory.Server();
+configureSslContextFactory(serverContextFactory, props);
+return serverContextFactory;
}
-protected static void configureSslContextFactory(SslContextFactory
contextFactory, NiFiProperties props) {
-// Need to set SslContextFactory's endpointIdentificationAlgorithm to
null; this is a server,
-// not a client. Server does not need to perform hostname
verification on the client.
-// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now
defaults to "HTTPS".
-contextFactory.setEndpointIdentificationAlgorithm(null);
-
+protected static void configureSslContextFactory(SslContextFactory.Server
contextFactory, NiFiProperties props) {
// Explicitly exclude legacy TLS protocol ve
[nifi] branch main updated: NIFI-7767 - Fixed issue with tls-toolkit not adding SANs to generated certificates. Added tests. NIFI-7767 - Fixed up TlsCertificateAuthorityTest to include SAN in tests.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 1e6619b NIFI-7767 - Fixed issue with tls-toolkit not adding SANs to
generated certificates. Added tests. NIFI-7767 - Fixed up
TlsCertificateAuthorityTest to include SAN in tests.
1e6619b is described below
commit 1e6619b91f2d9a7af2d7195464d4a0f5b595b93d
Author: Nathan Gough
AuthorDate: Fri Aug 28 16:33:51 2020 -0400
NIFI-7767 - Fixed issue with tls-toolkit not adding SANs to generated
certificates. Added tests.
NIFI-7767 - Fixed up TlsCertificateAuthorityTest to include SAN in tests.
---
.../nifi/security/util/CertificateUtils.java | 3 +-
.../nifi/security/util/CertificateUtilsTest.groovy | 51 +
.../tls/service/TlsCertificateAuthorityTest.java | 27 +++
.../TlsCertificateAuthorityServiceHandlerTest.java | 88 --
4 files changed, 145 insertions(+), 24 deletions(-)
diff --git
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
index ee0c33e..a93c518 100644
---
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
+++
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
@@ -50,6 +50,7 @@ import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -598,7 +599,7 @@ public final class CertificateUtils {
ASN1Encodable extension = attValue.getObjectAt(0);
if (extension instanceof Extensions) {
return (Extensions) extension;
-} else if (extension instanceof DERSequence) {
+} else if (extension instanceof DERSequence || extension
instanceof DLSequence) {
return Extensions.getInstance(extension);
}
}
diff --git
a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
index d20cfeb..a1044ca 100644
---
a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
+++
b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
@@ -16,12 +16,20 @@
*/
package org.apache.nifi.security.util
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
+import org.bouncycastle.asn1.x500.X500Name
+import org.bouncycastle.asn1.x500.style.BCStyle
+import org.bouncycastle.asn1.x500.style.IETFUtils
import org.bouncycastle.asn1.x509.Extension
import org.bouncycastle.asn1.x509.Extensions
import org.bouncycastle.asn1.x509.ExtensionsGenerator
import org.bouncycastle.asn1.x509.GeneralName
import org.bouncycastle.asn1.x509.GeneralNames
import org.bouncycastle.operator.OperatorCreationException
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder
+import org.bouncycastle.util.IPAddress
import org.junit.After
import org.junit.Before
import org.junit.BeforeClass
@@ -68,6 +76,7 @@ class CertificateUtilsTest extends GroovyTestCase {
private static final String SUBJECT_DN = "CN=NiFi Test
Server,OU=Security,O=Apache,ST=CA,C=US"
private static final String ISSUER_DN = "CN=NiFi Test
CA,OU=Security,O=Apache,ST=CA,C=US"
+private static final List SUBJECT_ALT_NAMES = ["127.0.0.1",
"nifi.nifi.apache.org"]
@BeforeClass
static void setUpOnce() {
@@ -655,4 +664,46 @@ class CertificateUtilsTest extends GroovyTestCase {
assert tlsVersion == "TLSv1.3"
}
}
+
+@Test
+void testGetExtensionsFromCSR() {
+// Arrange
+KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA")
+KeyPair keyPair = generator.generateKeyPair()
+Extensions sanExtensions =
createDomainAlternativeNamesExtensions(SUBJECT_ALT_NAMES, SUBJECT_DN)
+
+JcaPKCS10CertificationRequestBuilder
jcaPKCS10CertificationRequestBuilder = new
JcaPKCS10CertificationRequestBuilder(new X500Name(SUBJECT_DN),
keyPair.getPublic())
+
jcaPKCS10CertificationRequestBuilder.addAttribute(PKCS
[nifi] branch main updated: NIFI-7778: Made corrections in descriptions of padLeft, padRight, plus (#4504)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new e884b3c NIFI-7778: Made corrections in descriptions of padLeft, padRight, plus (#4504) e884b3c is described below commit e884b3cdb2bf2df7c00c914edf520394081f3628 Author: VKadam <56328193+vedaka...@users.noreply.github.com> AuthorDate: Tue Sep 1 13:07:47 2020 -0700 NIFI-7778: Made corrections in descriptions of padLeft, padRight, plus (#4504) Signed-off-by: Andy LoPresto --- nifi-docs/src/main/asciidoc/expression-language-guide.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc index 354d1c2..aad0db2 100644 --- a/nifi-docs/src/main/asciidoc/expression-language-guide.adoc +++ b/nifi-docs/src/main/asciidoc/expression-language-guide.adoc @@ -980,7 +980,7 @@ Expressions will provide the following results: [.function] === padLeft -*Description*: [.description]#The `padLeft` function prepends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached. +*Description*: [.description]#The `padLeft` function prepends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached.# It returns the argument as is if its length is already equal or higher than the desired length, if the padding string is `null`, and if the desired length is either negative or greater than `Integer.MAX_VALUE`. It returns `null` if the argument string is not a valid attribute. @@ -1015,7 +1015,7 @@ Expressions will provide the following results: [.function] === padRight -*Description*: [.description]#The `padRight` function appends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached. +*Description*: [.description]#The `padRight` function appends the given padding string (or `'_'`, if nothing is provided) to the argument `String` until the passed desired length is reached.# It returns the argument as is if its length is already equal or higher than the desired length, if the padding string is `null`, and if the desired length is either negative or greater than `Integer.MAX_VALUE`. It returns `null` if the argument string is not a valid attribute. @@ -1981,7 +1981,7 @@ Divide. This is to preserve backwards compatibility and to not force rounding er === plus *Description*: [.description]#Adds a numeric value to the Subject. If either the argument or the Subject cannot be - coerced into a Number, returns `null`. Does not provide handling for overflow. + coerced into a Number, returns `null`. Does not provide handling for overflow.# *Subject Type*: [.subject]#Number or Decimal#
[nifi] branch main updated: NIFI-6666 removing all modifications to the nifi-api and the newly created builder class
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 4417b9d NIFI- removing all modifications to the nifi-api and the
newly created builder class
4417b9d is described below
commit 4417b9d64a48b52927c67e42a7bb278e92403e9c
Author: Joe Witt
AuthorDate: Wed Aug 12 17:11:29 2020 -0700
NIFI- removing all modifications to the nifi-api and the newly created
builder class
This closes #4475.
Signed-off-by: Andy LoPresto
---
nifi-api/pom.xml | 95 --
.../code-gen/NifiBuildProperties.java.template | 93 -
.../org/apache/nifi/registry/VariableRegistry.java | 10 ---
.../org/apache/nifi/build/TestBuildProperties.java | 39 -
.../nifi/util/StandardProcessorTestRunner.java | 32
.../nifi/processors/standard/TestInvokeHTTP.java | 7 +-
.../nifi/text/TestFreeFormTextRecordSetWriter.java | 4 +-
7 files changed, 4 insertions(+), 276 deletions(-)
diff --git a/nifi-api/pom.xml b/nifi-api/pom.xml
index 50bb79d..c710f97 100644
--- a/nifi-api/pom.xml
+++ b/nifi-api/pom.xml
@@ -23,99 +23,4 @@
nifi-api
jar
-
-
-
-
-
-pl.project13.maven
-git-commit-id-plugin
-4.0.0
-
-
-generate-sources
-
-revision
-
-
-
-
-
-
--MM-dd'T'HH:mm:ssZ
-
-
-
-
-com.google.code.maven-replacer-plugin
-replacer
-1.5.3
-
-
-Generate NifiBuildProperties Java class
-generate-sources
-
-replace
-
-
-
${project.basedir}/src/main/code-gen/NifiBuildProperties.java.template
-
${project.build.directory}/generated-sources/java/org/apache/nifi/build/NifiBuildProperties.java
-
-
-
-
-
-
-#maven.build.timestamp#
-${maven.build.timestamp}
-
-
-
-#project.version#
-${project.version}
-
-
-
#git.branch#${git.branch}
-
#git.build.number#${git.build.number}
-
#git.build.number.unique#${git.build.number.unique}
-
#git.build.time#${git.build.time}
-
#git.build.version#${git.build.version}
-
#git.closest.tag.commit.count#${git.closest.tag.commit.count}
-
#git.closest.tag.name#${git.closest.tag.name}
-
#git.commit.id#${git.commit.id}
-
#git.commit.id.abbrev#${git.commit.id.abbrev}
-
#git.commit.id.describe#${git.commit.id.describe}
-
#git.commit.id.describe-short#${git.commit.id.describe-short}
-
#git.commit.time#${git.commit.time}
-
#git.dirty#${git.dirty}
-
#git.total.commit.count#${git.total.commit.count}
-
-
-
-
-
-
-org.codehaus.mojo
-build-helper-maven-plugin
-3.0.0
-
-
-add-source
-generate-sources
-
-add-source
-
-
-
-
${project.build.directory}/generated-sources/java/
-
-
-
-
-
-
-
-
-
-
diff --git a/nifi-api/src/main/code-gen/NifiBuildProperties.java.template
b/nifi-api/src/main/code-gen/NifiBuildProperties.java.template
deleted file mode 100644
index 050bd98..000
--- a/nifi-api/src/main/code-gen/NifiBuildProperties.java.template
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership
[nifi] branch main updated: NIFI-XXXX Fixed typo in documentation.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new a794930 NIFI- Fixed typo in documentation.
a794930 is described below
commit a79493082c8ab90b40e40fd21ffe08008857cac0
Author: Kyle Miracle
AuthorDate: Wed Aug 5 18:45:11 2020 -0400
NIFI- Fixed typo in documentation.
This closes #4455.
Signed-off-by: Andy LoPresto
---
.../main/java/org/apache/nifi/processors/standard/UpdateCounter.java| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java
index e8f3bcf..0edcba6 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UpdateCounter.java
@@ -48,7 +48,7 @@ public class UpdateCounter extends AbstractProcessor {
static final PropertyDescriptor COUNTER_NAME = new
PropertyDescriptor.Builder()
.name("counter-name")
.displayName("Counter Name")
-.description("The name of the counter you want to set the value
off - supports expression language like ${counterName}")
+.description("The name of the counter you want to set the value of
- supports expression language like ${counterName}")
.required(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.addValidator(StandardValidators.ATTRIBUTE_EXPRESSION_LANGUAGE_VALIDATOR)
[nifi] branch main updated: NIFI-7572: Force ScriptedTransformRecord to recompile the script when started
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 6488db1 NIFI-7572: Force ScriptedTransformRecord to recompile the
script when started
6488db1 is described below
commit 6488db13762fd42ce6c51f574e2e47ac29006ab5
Author: Matthew Burgess
AuthorDate: Thu Aug 6 10:54:41 2020 -0400
NIFI-7572: Force ScriptedTransformRecord to recompile the script when
started
This closes #4458.
Signed-off-by: Andy LoPresto
---
.../processors/script/ScriptedTransformRecord.java | 2 +
.../script/TestScriptedTransformRecord.java| 60 ++
2 files changed, 62 insertions(+)
diff --git
a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java
b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java
index d14187e..0adf82c 100644
---
a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java
+++
b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/main/java/org/apache/nifi/processors/script/ScriptedTransformRecord.java
@@ -183,6 +183,8 @@ public class ScriptedTransformRecord extends
AbstractProcessor implements Search
scriptToRun = IOUtils.toString(scriptStream,
Charset.defaultCharset());
}
}
+// Always compile when first run
+compiledScriptRef.set(null);
}
diff --git
a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java
b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java
index 3b15cf3..08676c8 100644
---
a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java
+++
b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/src/test/java/org/apache/nifi/processors/script/TestScriptedTransformRecord.java
@@ -333,6 +333,66 @@ public class TestScriptedTransformRecord {
assertEquals("Unknown Author",
outputRecords.get(1).getAsRecord("book", bookSchema).getValue("author"));
}
+@Test
+public void testRecompileJythonScript() throws InitializationException {
+final RecordSchema schema = createSimpleNumberSchema();
+setup(schema);
+
+testRunner.setProperty(ScriptedTransformRecord.LANGUAGE, "python");
+testRunner.setProperty(ScriptingComponentUtils.SCRIPT_BODY, "_ =
record");
+
+final Map num1 = new HashMap<>();
+num1.put("num", 1);
+final Map num2 = new HashMap<>();
+num2.put("num", 2);
+final Map num3 = new HashMap<>();
+num3.put("num", 3);
+
+recordReader.addRecord(new MapRecord(schema, num1));
+recordReader.addRecord(new MapRecord(schema, num2));
+recordReader.addRecord(new MapRecord(schema, num3));
+
+testRunner.enqueue(new byte[0]);
+
+testRunner.run();
+
testRunner.assertAllFlowFilesTransferred(ScriptedTransformRecord.REL_SUCCESS,
1);
+
+MockFlowFile out =
testRunner.getFlowFilesForRelationship(ScriptedTransformRecord.REL_SUCCESS).get(0);
+out.assertAttributeEquals("record.count", "3");
+assertEquals(3, testRunner.getCounterValue("Records
Transformed").intValue());
+assertEquals(0, testRunner.getCounterValue("Records
Dropped").intValue());
+
+List recordsWritten = recordWriter.getRecordsWritten();
+assertEquals(3, recordsWritten.size());
+
+for (int i = 0; i < 3; i++) {
+assertEquals(i + 1,
recordsWritten.get(i).getAsInt("num").intValue());
+}
+
+testRunner.clearTransferState();
+// reset the writer
+testRunner.removeControllerService(recordWriter);
+recordWriter = new ArrayListRecordWriter(schema);
+testRunner.addControllerService("record-writer", recordWriter);
+testRunner.enableControllerService(recordWriter);
+
+testRunner.setProperty(ScriptingComponentUtils.SCRIPT_BODY,
"record.setValue(\"num\", 5)\n_ = record");
+
+testRunner.enqueue(new byte[0]);
+testRunner.run();
+
testRunner.assertAllFlowFilesTransferred(ScriptedTransformRecord.REL_SUCCESS,
1);
+
+out =
testRunner.getFlowFilesForRelationship(ScriptedTransformRecord.REL_SUCCESS).get(0);
+out.as
[nifi] branch main updated: NIFI-7703 updated all commons codec references to 1.14
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/main by this push: new 536dbb7 NIFI-7703 updated all commons codec references to 1.14 536dbb7 is described below commit 536dbb7213b58ea1cf7dfa538cffdf3a0836 Author: Joe Witt AuthorDate: Tue Aug 4 08:36:00 2020 -0700 NIFI-7703 updated all commons codec references to 1.14 This closes #4448. Signed-off-by: Andy LoPresto --- nifi-commons/nifi-security-utils/pom.xml | 2 +- nifi-commons/nifi-web-utils/pom.xml| 2 +- nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml | 2 +- nifi-nar-bundles/nifi-framework-bundle/pom.xml | 2 +- nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml | 2 +- nifi-nar-bundles/nifi-standard-bundle/pom.xml | 2 +- nifi-toolkit/nifi-toolkit-cli/pom.xml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml index ede0c9b..f705a1e9 100644 --- a/nifi-commons/nifi-security-utils/pom.xml +++ b/nifi-commons/nifi-security-utils/pom.xml @@ -50,7 +50,7 @@ commons-codec commons-codec -1.12 +1.14 org.bouncycastle diff --git a/nifi-commons/nifi-web-utils/pom.xml b/nifi-commons/nifi-web-utils/pom.xml index 40d6455..72e40d9 100644 --- a/nifi-commons/nifi-web-utils/pom.xml +++ b/nifi-commons/nifi-web-utils/pom.xml @@ -34,7 +34,7 @@ commons-codec commons-codec -1.13 +1.14 org.apache.commons diff --git a/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml b/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml index 77c8aa7..fe0298c 100644 --- a/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml +++ b/nifi-nar-bundles/nifi-avro-bundle/nifi-avro-processors/pom.xml @@ -49,7 +49,7 @@ language governing permissions and limitations under the License. --> commons-codec commons-codec -1.13 +1.14 org.apache.nifi diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml index e3cd279..ecf7f7c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml @@ -214,7 +214,7 @@ commons-codec commons-codec -1.12 +1.14 javax.ws.rs diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml index 8bedf5d..f112283 100755 --- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml +++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml @@ -58,7 +58,7 @@ commons-codec commons-codec -1.12 +1.14 org.apache.nifi diff --git a/nifi-nar-bundles/nifi-standard-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/pom.xml index 602bec5..fa82d34 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/pom.xml @@ -199,7 +199,7 @@ commons-codec commons-codec -1.12 +1.14 com.hierynomus diff --git a/nifi-toolkit/nifi-toolkit-cli/pom.xml b/nifi-toolkit/nifi-toolkit-cli/pom.xml index 8db46af..e7cc16e 100644 --- a/nifi-toolkit/nifi-toolkit-cli/pom.xml +++ b/nifi-toolkit/nifi-toolkit-cli/pom.xml @@ -100,7 +100,7 @@ commons-codec commons-codec -1.13 +1.14 org.glassfish.jersey.media
[nifi] branch main updated: NIFI-7605 Removed user-agent default value so no header will be sent by default. Added and updated unit tests.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 0861b2f NIFI-7605 Removed user-agent default value so no header will
be sent by default. Added and updated unit tests.
0861b2f is described below
commit 0861b2f632694435b1d115bbe6e04eb453518728
Author: Mike Thomsen
AuthorDate: Fri Jul 24 07:52:27 2020 -0400
NIFI-7605 Removed user-agent default value so no header will be sent by
default.
Added and updated unit tests.
This closes #4428.
Signed-off-by: Andy LoPresto
Signed-off-by: Joe Witt
---
.../nifi/processors/standard/InvokeHTTP.java | 179 ++---
.../nifi/processors/standard/TestInvokeHTTP.java | 50 --
2 files changed, 129 insertions(+), 100 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
index 374e9fb..4e91cb7 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
@@ -111,29 +111,29 @@ import org.joda.time.format.DateTimeFormatter;
@Tags({"http", "https", "rest", "client"})
@InputRequirement(Requirement.INPUT_ALLOWED)
@CapabilityDescription("An HTTP client processor which can interact with a
configurable HTTP Endpoint. The destination URL and HTTP Method are
configurable."
-+ " FlowFile attributes are converted to HTTP headers and the FlowFile
contents are included as the body of the request (if the HTTP Method is PUT,
POST or PATCH).")
++ " FlowFile attributes are converted to HTTP headers and the FlowFile
contents are included as the body of the request (if the HTTP Method is PUT,
POST or PATCH).")
@WritesAttributes({
-@WritesAttribute(attribute = "invokehttp.status.code", description = "The
status code that is returned"),
-@WritesAttribute(attribute = "invokehttp.status.message", description =
"The status message that is returned"),
-@WritesAttribute(attribute = "invokehttp.response.body", description = "In
the instance where the status code received is not a success (2xx) "
-+ "then the response body will be put to the
'invokehttp.response.body' attribute of the request FlowFile."),
-@WritesAttribute(attribute = "invokehttp.request.url", description = "The
request URL"),
-@WritesAttribute(attribute = "invokehttp.tx.id", description = "The
transaction ID that is returned after reading the response"),
-@WritesAttribute(attribute = "invokehttp.remote.dn", description = "The DN
of the remote server"),
-@WritesAttribute(attribute = "invokehttp.java.exception.class",
description = "The Java exception class raised when the processor fails"),
-@WritesAttribute(attribute = "invokehttp.java.exception.message",
description = "The Java exception message raised when the processor fails"),
-@WritesAttribute(attribute = "user-defined", description = "If the 'Put
Response Body In Attribute' property is set then whatever it is set to "
-+ "will become the attribute key and the value would be the body of
the HTTP response.")})
-@DynamicProperties ({
-@DynamicProperty(name = "Header Name", value = "Attribute Expression
Language", expressionLanguageScope =
ExpressionLanguageScope.FLOWFILE_ATTRIBUTES,
-description =
-"Send request header with a key matching the Dynamic Property Key
and a value created by evaluating "
-+ "the Attribute Expression Language set in the value of the
Dynamic Property."),
-@DynamicProperty(name = "post:form:", value = "Attribute Expression
Language", expressionLanguageScope =
ExpressionLanguageScope.FLOWFILE_ATTRIBUTES,
-description =
-"When the HTTP Method is POST, dynamic properties with the
property name in the form of post:form:,"
-+ " where the will be the form data name, will be used
to fill out the multipart form parts."
-+ " If send message body is false, the flowfile will not be
sent, but any other form data will be.")
+@WritesAttribute(attribute = "invokehttp.status.code", description
[nifi] branch main updated: NIFI-7640 Add documentation: temporary directory (#4414)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 455f48f NIFI-7640 Add documentation: temporary directory (#4414)
455f48f is described below
commit 455f48fce4fbbae19df27a7702d49f1912f8753a
Author: Tamás Bunth
AuthorDate: Wed Jul 29 22:57:34 2020 +0200
NIFI-7640 Add documentation: temporary directory (#4414)
NiFi uses the Java IO temporary directory for storing HTTP multipart
files when using HandleHttpRequest processor. The directory can be
overwritten with Java command line parameter.
---
nifi-docs/src/main/asciidoc/administration-guide.adoc | 2 +-
.../java/org/apache/nifi/processors/standard/HandleHttpRequest.java | 6 --
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc
b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 7e29109..8e5c69d 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -2215,7 +2215,7 @@ take effect only after NiFi has been stopped and
restarted.
if the service is still running, the Bootstrap will
`kill` the process, or terminate it abruptly.
|`java.arg.N`|Any number of JVM arguments can be passed to the NiFi JVM when
the process is started. These arguments are defined by adding properties to
_bootstrap.conf_ that
begin with `java.arg.`. The rest of the property name is not
relevant, other than to differentiate property names, and will be ignored. The
default includes
-properties for minimum and maximum Java Heap size, the garbage
collector to use, etc.
+properties for minimum and maximum Java Heap size, the garbage
collector to use, Java IO temporary directory, etc.
|`nifi.bootstrap.sensitive.key`|The root key (in hexadecimal format) for
encrypted sensitive configuration values. When NiFi is started, this root key
is used to decrypt sensitive values from the _nifi.properties_ file into memory
for later use.
The Encrypt-Config Tool can be used to specify the root key, encrypt sensitive
values in _nifi.properties_ and update _bootstrap.conf_. See the
<> for an example.
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java
index 86ee126..a7d3c89 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java
@@ -94,7 +94,8 @@ import java.util.regex.Pattern;
@InputRequirement(Requirement.INPUT_FORBIDDEN)
@Tags({"http", "https", "request", "listen", "ingress", "web service"})
@CapabilityDescription("Starts an HTTP Server and listens for HTTP Requests.
For each request, creates a FlowFile and transfers to 'success'. "
-+ "This Processor is designed to be used in conjunction with the
HandleHttpResponse Processor in order to create a Web Service")
++ "This Processor is designed to be used in conjunction with the
HandleHttpResponse Processor in order to create a Web Service. In case "
++ " of a multipart request, one FlowFile is generated for each part.")
@WritesAttributes({
@WritesAttribute(attribute = HTTPUtils.HTTP_CONTEXT_ID, description = "An
identifier that allows the HandleHttpRequest and HandleHttpResponse "
+ "to coordinate which FlowFile belongs to which HTTP
Request/Response."),
@@ -131,7 +132,8 @@ import java.util.regex.Pattern;
@WritesAttribute(attribute = "http.multipart.name",
description = "For requests with Content-Type \"multipart/form-data\",
the part's name is recorded into this attribute"),
@WritesAttribute(attribute = "http.multipart.filename",
-description = "For requests with Content-Type \"multipart/form-data\",
when the part contains an uploaded file, the name of the file is recorded into
this attribute"),
+description = "For requests with Content-Type \"multipart/form-data\",
when the part contains an uploaded file, the name of the file is recorded into
this attribute. "
++ "Files are stored temporarily at the default
temporary-file directory specified in \"java.io.File\" Java Docs)"),
@
[nifi] branch main updated: NIFI-7638 Implemented custom nifi.sensitive.props.algorithm for AES-G/CM with Argon2 KDF. Added documentation for encryption of flow sensitive values. Added unit tests.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 7d20c03 NIFI-7638 Implemented custom nifi.sensitive.props.algorithm
for AES-G/CM with Argon2 KDF. Added documentation for encryption of flow
sensitive values. Added unit tests.
7d20c03 is described below
commit 7d20c03f89358a5d5c6db63e631013e1c4be4bc4
Author: Andy LoPresto
AuthorDate: Fri Jul 17 15:33:47 2020 -0700
NIFI-7638 Implemented custom nifi.sensitive.props.algorithm for AES-G/CM
with Argon2 KDF.
Added documentation for encryption of flow sensitive values.
Added unit tests.
This closes #4427.
---
.../util/crypto/RandomIVPBECipherProvider.java | 2 +-
.../src/main/asciidoc/administration-guide.adoc| 14 +-
.../org/apache/nifi/encrypt/StringEncryptor.java | 148 ++--
.../apache/nifi/encrypt/StringEncryptorTest.groovy | 150 -
4 files changed, 240 insertions(+), 74 deletions(-)
diff --git
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java
index 99ad9c6..f536770 100644
---
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java
+++
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/RandomIVPBECipherProvider.java
@@ -46,7 +46,7 @@ public abstract class RandomIVPBECipherProvider implements
PBECipherProvider {
* @return the initialized cipher
* @throws Exception if there is a problem initializing the cipher
*/
-abstract Cipher getCipher(EncryptionMethod encryptionMethod, String
password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws
Exception;
+public abstract Cipher getCipher(EncryptionMethod encryptionMethod, String
password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws
Exception;
abstract Logger getLogger();
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc
b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 86777d2..3c1ebbd 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -1580,7 +1580,19 @@ If on a system where the unlimited strength policies
cannot be installed, it is
If it is not possible to install the unlimited strength jurisdiction policies,
the `Allow Weak Crypto` setting can be changed to `allowed`, but *this is _not_
recommended*. Changing this setting explicitly acknowledges the inherent risk
in using weak cryptographic configurations.
=
-It is preferable to request upstream/downstream systems to switch to
link:https://cwiki.apache.org/confluence/display/NIFI/Encryption+Information[keyed
encryption^] or use a "strong"
link:https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations[Key
Derivation Function (KDF) supported by NiFi^].
+It is preferable to request upstream/downstream systems to switch to
link:https://cwiki.apache.org/confluence/display/NIFI/Encryption+Information[keyed
encryption^] or use a "strong" <>.
+
+[[nifi_sensitive_props_key]]
+== Encrypted Passwords in Flow Definitions
+
+NiFi always stores all sensitive values (passwords, tokens, and other
credentials) populated into a flow in an encrypted format on disk. The
encryption algorithm used is specified by `nifi.sensitive.props.algorithm` and
the password from which the encryption key is derived is specified by
`nifi.sensitive.props.key` in _nifi.properties_ (see
<> for additional information).
Prior to version 1.12.0, the list of available algorithms was all pass [...]
+
+* `NIFI_ARGON2_AES_GCM_256` -- 256-bit key length
+* `NIFI_ARGON2_AES_GCM_128` -- 128-bit key length
+
+Both options require a password (`nifi.sensitive.props.key` value) of *at
least 12 characters*. This means the "default" value (if left empty, a
hard-coded default is used) will not be sufficient.
+
+These options provide a bridge solution to higher security without requiring a
change to the structure of _nifi.properties_. Due to the implementation of flow
synchronization, on every change to the flow definition, all sensitive
properties are re-encrypted during flow serialization, and each encryption
operation requires the derivation of the key. _As Argon2 is intentionally
time-hard, this will introduce an approximately 1 second cost per sensitive
value per flow modification._ This is [...]
[[encrypt-config_tool]]
== Encrypted Passwords in Configuration Files
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-
[nifi] branch main updated: NIFI-7622 Use param context name from inside nested versioned PG when importing
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 5cb8d24 NIFI-7622 Use param context name from inside nested versioned
PG when importing
5cb8d24 is described below
commit 5cb8d246899df914781001415d0e155f90ef6ed3
Author: Bryan Bende
AuthorDate: Fri Jul 10 14:30:20 2020 -0400
NIFI-7622 Use param context name from inside nested versioned PG when
importing
This closes #4401.
Signed-off-by: Andy LoPresto
---
.../main/java/org/apache/nifi/groups/StandardProcessGroup.java | 9 -
.../org/apache/nifi/registry/flow/RestBasedFlowRegistry.java | 1 +
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
index d3b0c9e..99282c7 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
@@ -4211,7 +4211,7 @@ public final class StandardProcessGroup implements
ProcessGroup {
return childSnapshot.getParameterContexts();
} catch (final NiFiRegistryException e) {
throw new IllegalArgumentException("The Flow Registry with ID " +
registryId + " reports that no Flow exists with Bucket "
-+ bucketId + ", Flow " + flowId + ", Version " +
flowVersion);
++ bucketId + ", Flow " + flowId + ", Version " +
flowVersion, e);
} catch (final IOException ioe) {
throw new IllegalStateException(
"Failed to communicate with Flow Registry when attempting
to retrieve a versioned flow");
@@ -4273,6 +4273,13 @@ public final class StandardProcessGroup implements
ProcessGroup {
// Create a new Parameter Context based on the parameters
provided
final VersionedParameterContext versionedParameterContext =
versionedParameterContexts.get(proposedParameterContextName);
+// Protect against NPE in the event somehow the proposed name
is not in the set of contexts
+if (versionedParameterContext == null) {
+final String paramContextNames =
StringUtils.join(versionedParameterContexts.keySet());
+throw new IllegalStateException("Proposed parameter
context name '" + proposedParameterContextName
++ "' does not exist in set of available parameter
contexts [" + paramContextNames + "]");
+}
+
final ParameterContext contextByName =
getParameterContextByName(versionedParameterContext.getName());
final ParameterContext selectedParameterContext;
if (contextByName == null) {
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java
index dc5f28e..0adda02 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/RestBasedFlowRegistry.java
@@ -258,6 +258,7 @@ public class RestBasedFlowRegistry implements FlowRegistry {
group.setProcessors(contents.getProcessors());
group.setRemoteProcessGroups(contents.getRemoteProcessGroups());
group.setVariables(contents.getVariables());
+group.setParameterContextName(contents.getParameterContextName());
group.setFlowFileConcurrency(contents.getFlowFileConcurrency());
group.setFlowFileOutboundPolicy(contents.getFlowFileOutboundPolicy());
coordinates.setLatest(snapshot.isLatest());
[nifi] branch main updated: NIFI-7568 - Applied Kerberos mappings to authentication requests. Kerberos mappings should now be applied correctly in H2 database for username/password based login. Added
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new d846a74 NIFI-7568 - Applied Kerberos mappings to authentication
requests. Kerberos mappings should now be applied correctly in H2 database for
username/password based login. Added tests. Logout now deletes signing key by
key ID rather than identity. Validate token expiration now uses mapped identity
instead, which allows logging of the mapped identity. Updated delete key to
expect only 0 or 1 keys deleted.
d846a74 is described below
commit d846a74730edb4d142e0a3051c60e9fec33f1f09
Author: Nathan Gough
AuthorDate: Mon Jun 29 19:18:22 2020 -0400
NIFI-7568 - Applied Kerberos mappings to authentication requests. Kerberos
mappings should now be applied correctly in H2 database for username/password
based login. Added tests.
Logout now deletes signing key by key ID rather than identity.
Validate token expiration now uses mapped identity instead, which allows
logging of the mapped identity.
Updated delete key to expect only 0 or 1 keys deleted.
This closes #4416.
Signed-off-by: Andy LoPresto
---
.../java/org/apache/nifi/admin/dao/KeyDAO.java | 6 +-
.../apache/nifi/admin/dao/impl/StandardKeyDAO.java | 8 +-
.../org/apache/nifi/admin/service/KeyService.java | 4 +-
...{DeleteKeysAction.java => DeleteKeyAction.java} | 17 +-
.../admin/service/impl/StandardKeyService.java | 26 +--
.../src/main/java/org/apache/nifi/key/Key.java | 9 +
.../org/apache/nifi/web/api/AccessResource.java| 19 +-
.../accesscontrol/ITAccessTokenEndpoint.java | 9 +-
.../nifi/integration/util/NiFiTestAuthorizer.java | 4 +-
.../util/NiFiTestLoginIdentityProvider.java| 1 +
.../apache/nifi/integration/util/NiFiTestUser.java | 8 +
.../nifi-mapped-identities.properties | 144 +++
.../web/security/jwt/JwtAuthenticationFilter.java | 2 +-
.../apache/nifi/web/security/jwt/JwtService.java | 27 ++-
.../jwt/JwtAuthenticationProviderTest.java | 132 ++
.../nifi/web/security/jwt/JwtServiceTest.java | 202 ++---
.../nifi/web/security/jwt/TestKeyService.java | 73
17 files changed, 613 insertions(+), 78 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java
index 9626445..3cfaf2f 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/KeyDAO.java
@@ -48,9 +48,9 @@ public interface KeyDAO {
Key createKey(String identity);
/**
- * Deletes all keys for the specified user identity.
+ * Deletes a key using the key ID.
*
- * @param identity The user identity
+ * @param keyId The key ID
*/
-void deleteKeys(String identity);
+Integer deleteKey(Integer keyId);
}
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
index 44d9716..28d090d 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
@@ -47,7 +47,7 @@ public class StandardKeyDAO implements KeyDAO {
+ ")";
private static final String DELETE_KEYS = "DELETE FROM KEY "
-+ "WHERE IDENTITY = ?";
++ "WHERE ID = ?";
private final Connection connection;
@@ -156,13 +156,13 @@ public class StandardKeyDAO implements KeyDAO {
}
@Override
-public void deleteKeys(String identity) {
+public Integer deleteKey(Integer keyId) {
PreparedStatement statement = null;
try {
// add each authority for the specified user
statement = connection.prepareStatement(DELETE_KEYS);
-statement.setString(1, identity);
-statement.executeUpdate();
+statement.setInt(1, keyId);
+return statement.executeUpdate();
} catch (SQLException sqle) {
throw new DataAccessException(sqle);
} catch (DataAccessException dae) {
diff --git
a/
[nifi] branch main updated: NIFI-7304 Removed default value for nifi.web.max.content.size. Added Bundle#toString() method. Refactored implementation of filter addition logic. Added logging. Added unit
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new dbee774 NIFI-7304 Removed default value for
nifi.web.max.content.size. Added Bundle#toString() method. Refactored
implementation of filter addition logic. Added logging. Added unit tests to
check for filter enablement. Introduced content-length exception handling in
StandardPublicPort. Added filter bypass functionality for framework requests in
ContentLengthFilter. Updated property documentation in Admin Guide. Renamed
methods & added Javadoc to clarify purpose of filters in Jet [...]
dbee774 is described below
commit dbee774c5b95121b2d89621fc66f8a215c15ad7c
Author: Andy LoPresto
AuthorDate: Wed Apr 1 20:20:38 2020 -0700
NIFI-7304 Removed default value for nifi.web.max.content.size.
Added Bundle#toString() method.
Refactored implementation of filter addition logic.
Added logging.
Added unit tests to check for filter enablement.
Introduced content-length exception handling in StandardPublicPort.
Added filter bypass functionality for framework requests in
ContentLengthFilter.
Updated property documentation in Admin Guide.
Renamed methods & added Javadoc to clarify purpose of filters in
JettyServer.
Cleaned up conditional logic in StandardPublicPort.
Moved ContentLengthFilterTest to correct module.
Refactored unit tests for accuracy and clarity.
Fixed remaining merge conflict due to method renaming.
Signed-off-by: Joe Witt
---
.../java/org/apache/nifi/util/NiFiProperties.java | 9 +-
.../org/apache/nifi/util/NiFiPropertiesTest.java | 5 +-
.../src/main/asciidoc/administration-guide.adoc| 2 +-
.../main/java/org/apache/nifi/bundle/Bundle.java | 5 +
.../StandardNiFiPropertiesGroovyTest.groovy| 16 ++
.../nifi-framework/nifi-resources/pom.xml | 2 +-
.../org/apache/nifi/remote/StandardPublicPort.java | 61 +++--
.../remote/StandardPublicPortGroovyTest.groovy | 116
.../org/apache/nifi/web/server/JettyServer.java| 98 +--
.../nifi/web/server/JettyServerGroovyTest.groovy | 81 ++
.../nifi/web/filter/ContentLengthFilterTest.java | 185 -
.../src/test/resources/logback-test.xml| 2 +
.../web/security/requests/ContentLengthFilter.java | 36 +++
.../requests/ContentLengthFilterTest.groovy| 297 +
.../src/test/resources/logback-test.xml| 6 +-
15 files changed, 685 insertions(+), 236 deletions(-)
diff --git
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 662f5d0..5a74f73 100644
---
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -653,8 +653,15 @@ public abstract class NiFiProperties {
return getProperty(WEB_MAX_HEADER_SIZE, DEFAULT_WEB_MAX_HEADER_SIZE);
}
+/**
+ * Returns the {@code nifi.web.max.content.size} value from {@code
nifi.properties}.
+ * Does not provide a default value because the presence of any value here
enables the
+ * {@code ContentLengthFilter}.
+ *
+ * @return the specified max content-length and units for an incoming HTTP
request
+ */
public String getWebMaxContentSize() {
-return getProperty(WEB_MAX_CONTENT_SIZE, DEFAULT_WEB_MAX_CONTENT_SIZE);
+return getProperty(WEB_MAX_CONTENT_SIZE);
}
public String getMaxWebRequestsPerSecond() {
diff --git
a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
index da5e8da..27ced62 100644
---
a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
+++
b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
@@ -17,8 +17,9 @@
package org.apache.nifi.util;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -269,7 +270,7 @@ public class NiFiPropertiesTest {
}});
// Assert defaults match expectations:
-assertEquals(properties.getWebMaxContentSize(), "20 MB");
+assertNull(properties.getWebMaxContentSize());
// Re-arrange with specific values:
final String size = "size value";
diff --git a/nifi-docs/src/main/asciidoc/administration-guid
[nifi-standard-libraries] branch main created (now 790c215)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-standard-libraries.git. at 790c215 NIFILIBS-1 Setup root pom, README, LICENSE, & NOTICE No new revisions were added by this update.
[nifi-container] branch main created (now 3205b9a)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-container.git. at 3205b9a NIFI-4425 - Rename README to include md extension so it is appropriately rendered. No new revisions were added by this update.
[nifi-maven] branch main created (now b81db23)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-maven.git. at b81db23 Merge branch 'nifi-maven-1.3.1-rc1' No new revisions were added by this update.
[nifi-minifi-cpp] branch main created (now ddddb22)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git. at b22 MINIFICPP-1282 Use GNUInstallDirs for more reliable determination of installed lib/lib64 directories No new revisions were added by this update.
[nifi-minifi] branch main created (now b6ec05d)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi.git. at b6ec05d Merge pull request #193 from mattyb149/MINIFI-245 No new revisions were added by this update.
[nifi-registry] branch main created (now eda3f7c)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-registry.git. at eda3f7c NIFIREG-227 GitFlowPersistenceProvider option to clone repo on startup - Remove the extra file creation in clone repo - Fix checkstyle issues - Added documentation and made changes as per suggestions made by HorizonNet - Javadoc and documentation improvements No new revisions were added by this update.
[nifi-fds] branch main created (now 0f99323)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-fds.git. at 0f99323 [NIFI-6646] untheme confirm dialog close button No new revisions were added by this update.
[nifi-site] branch main created (now f447a58)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git. at f447a58 Moved Jeff Storck to In Memoriam section. This branch includes the following new commits: new f447a58 Moved Jeff Storck to In Memoriam section. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[nifi-site] 01/01: Moved Jeff Storck to In Memoriam section.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit f447a588ee06b994d173fb6380f23dd887d48bcf Author: Andy LoPresto AuthorDate: Mon Jun 15 11:47:53 2020 -0700 Moved Jeff Storck to In Memoriam section. --- src/pages/html/people.hbs | 30 +++--- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/src/pages/html/people.hbs b/src/pages/html/people.hbs index a6a0fd7..575a30b 100644 --- a/src/pages/html/people.hbs +++ b/src/pages/html/people.hbs @@ -155,11 +155,6 @@ title: Apache NiFi Team -jstorck -Jeff Storck - - - phrocker Marc Parisi @@ -288,6 +283,27 @@ title: Apache NiFi Team + + + +In Memoriam + + + + + + + + +Id +Name + + +jstorck +Jeff Storck (PMC) + + + @@ -307,8 +323,8 @@ title: Apache NiFi Team bimargulies Benson Margulies - - + +
[nifi] branch main created (now 239a2e8)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git. at 239a2e8 NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359) No new revisions were added by this update.
[nifi] branch master updated: NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 239a2e8 NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359) 239a2e8 is described below commit 239a2e884c8a5c8215cf41c55122472e11dc419a Author: VKadam <56328193+vedaka...@users.noreply.github.com> AuthorDate: Wed Jul 1 10:52:22 2020 -0700 NIFI-7513 Added custom DNS resolution steps to walkthrough (#4359) --- nifi-docs/src/main/asciidoc/walkthroughs.adoc | 104 +- 1 file changed, 103 insertions(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/walkthroughs.adoc b/nifi-docs/src/main/asciidoc/walkthroughs.adoc index 22f5801..3d23bbf 100644 --- a/nifi-docs/src/main/asciidoc/walkthroughs.adoc +++ b/nifi-docs/src/main/asciidoc/walkthroughs.adoc @@ -825,6 +825,108 @@ CAUTION: Develop section Apache NiFi can run in either _standalone_ or _clustered_ mode. A standalone node is often sufficient for dataflow operations, but in a production or high-volume environment, a cluster is more performant and resilient. For more information, see link:administration-guide.html#clustering[NiFi Administrator's Guide: Clustering^]. +=== Configuring a Host to Resolve Arbitrary DNS Hostnames + +NOTE: This section provides instructions to configure a single host machine to resolve dynamic hostnames via DNS using a tool called `dnsmasq`. This is useful if deploying a NiFi cluster to a single host machine to logically separate nodes running side-by-side. There are many options to achieve this outcome; this is one approach. + +|=== +|Description| Instructions on installing and configuring dynamic DNS hostname resolution +|Purpose| A NiFi cluster with multiple nodes needs to communicate between them and if all nodes are `localhost`, this is confusing and doesn't support certificates for unique hostnames. +|Starting Point | N/A +|Expected Outcome | The host machine can resolve arbitrary DNS hostnames without impacting normal network connectivity +|Helpful Reading| N/A +|Estimated Duration | 5 minutes +|=== + +Machines resolve DNS hostnames (e.g. `nifi.apache.org`) to IP addresses (`95.216.24.32`). Each node in a NiFi cluster needs a hostname (e.g. `node1.nificluster.com`) to use while serving the UI/API and to communicate with peer nodes. When deploying a cluster of multiple nodes on the same physical/virtual host, each node can receive a different, non-conflicting set of ports, but the hostname (`localhost`) would conflict. By allowing arbitrary hostname resolution, each node can reside side [...] + +For this guide, any hostname which ends in `.nifi` will resolve to `localhost`. + +Prerequisites: + +* A *nix (or similar) operating system +* A package manager (e.g. `apt-get`, `yum`, `brew`). The instructions below use `brew`; substitute the command for the relevant package manager inline + +The end result will resolve `*.nifi` hostnames to the local machine and all other names with the pre-existing DNS resolution services. + +. Install and configure dnsmasq. +.. Install dnsmasq. +* `brew install dnsmasq` ++ +-- +[source] + +host@macbook ~ % brew install dnsmasq +==> Downloading https://homebrew.bintray.com/bottles/dnsmasq-2.81.catalina.bottle.tar.gz +==> Downloading from https://akamai.bintray.com/e4/e46052d3d5ae49135b80d383a9d89... + 100.0% +==> Pouring dnsmasq-2.81.catalina.bottle.tar.gz +==> Caveats +To have launchd start dnsmasq now and restart at startup: +sudo brew services start dnsmasq +==> Summary +/usr/local/Cellar/dnsmasq/2.81: 8 files, 543.9KB + +-- +.. Start dnsmasq using the service manager. +* `sudo brew services start dnsmasq` +.. Make a new file `development.conf` in `/usr/local/etc/dnsmasq.d/`. This file defines the address pattern to resolve. Here, `$EDITOR` is an environment variable defined as path to a text editor. You can use any text editor of your choice (Sublime Text, Atom, vi, emacs, nano, etc.). +* `$EDITOR /usr/local/etc/dnsmasq.d/development.conf` -- creates and opens `development.conf` file for editing +.. Populate the `development.conf` with the address pattern. The `address/` line defines the pattern and the `# Direct` line is a comment describing the pattern. +* Add the following lines to `development.conf`: ++ +-- +[source] + +# Test NiFi instances +address=/.nifi/127.0.0.1 +# Direct any hostnames ending in .nifi to 127.0.0.1 + +-- + +.. Create a directory `resolver` in `/etc` directory. +* `sud
[nifi-minifi] branch master updated: MINIFI-533: Add .asf.yaml for Github integrations
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-minifi.git The following commit(s) were added to refs/heads/master by this push: new 421d257 MINIFI-533: Add .asf.yaml for Github integrations new 471a93c Merge pull request #192 from mattyb149/MINIFI-533 421d257 is described below commit 421d257557c5733318b1f8ecf4510e28d092ae28 Author: Matthew Burgess AuthorDate: Wed Jul 1 13:15:04 2020 -0400 MINIFI-533: Add .asf.yaml for Github integrations --- .asf.yaml | 35 +++ 1 file changed, 35 insertions(+) diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 000..48aa0b4 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,35 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +github: + description: "Apache MiNiFi (a subproject of Apache NiFi)" + homepage: https://nifi.apache.org/minifi/index.html + labels: +- minifi +- nifi +- java + features: +wiki: false +issues: false +projects: false + enabled_merge_buttons: +squash: true +merge: true +rebase: true +notifications: +commits: commits@nifi.apache.org +issues: iss...@nifi.apache.org +pullrequests: iss...@nifi.apache.org +jira_options: link label worklog \ No newline at end of file
[nifi-minifi] branch master updated: MINIFI-532: Support more configurable properties for content and provenance repositories
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-minifi.git
The following commit(s) were added to refs/heads/master by this push:
new 61dbab5 MINIFI-532: Support more configurable properties for content
and provenance repositories
61dbab5 is described below
commit 61dbab5fa3e7768c84938193ece1514b0ac531f1
Author: Matthew Burgess
AuthorDate: Wed Jul 1 12:26:26 2020 -0400
MINIFI-532: Support more configurable properties for content and provenance
repositories
This closes #191.
Signed-off-by: Andy LoPresto
---
.../minifi/bootstrap/util/ConfigTransformer.java | 13 +--
.../resources/MINIFI-216/nifi.properties.before| 4 +-
.../src/test/resources/MINIFI-277/nifi.properties | 4 +-
.../commons/schema/ContentRepositorySchema.java| 31
.../commons/schema/ProvenanceRepositorySchema.java | 43 +-
.../src/test/resources/1.5_RPG_Handling.yml| 7
.../src/test/resources/CsvToJson.yml | 7
.../test/resources/DecompressionCircularFlow.yml | 7
.../resources/InvokeHttpMiNiFiTemplateTest.yml | 7
.../resources/MINIFI-521_1.3_TemplateEncoding.yml | 7
.../src/test/resources/MultipleRelationships.yml | 7
.../src/test/resources/MultipleUriRPG.yml | 7
.../test/resources/NestedControllerServices.yml| 7
.../test/resources/NoTemplateEncodingVersion.yml | 7
.../ProcessGroupsAndRemoteProcessGroups.yml| 7
...eplaceTextExpressionLanguageCSVReformatting.yml | 7
.../test/resources/SimpleRPGToLogAttributes.yml| 7
.../src/test/resources/SimpleTailFileToRPG.yml | 7
.../src/test/resources/StressTestFramework.yml | 7
.../test/resources/StressTestFrameworkFunnel.yml | 7
.../resources/VersionedFlowSnapshot-Simple.yml | 7
.../src/test/resources/config.yml | 7
22 files changed, 205 insertions(+), 9 deletions(-)
diff --git
a/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java
b/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java
index 677080c..f42d6ce 100644
---
a/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java
+++
b/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/util/ConfigTransformer.java
@@ -226,9 +226,9 @@ public final class ConfigTransformer {
orderedProperties.setProperty("nifi.content.repository.implementation",
"org.apache.nifi.controller.repository.FileSystemRepository",
System.lineSeparator() + "# Content Repository");
orderedProperties.setProperty("nifi.content.claim.max.appendable.size",
contentRepoProperties.getContentClaimMaxAppendableSize());
orderedProperties.setProperty("nifi.content.claim.max.flow.files",
String.valueOf(contentRepoProperties.getContentClaimMaxFlowFiles()));
-
orderedProperties.setProperty("nifi.content.repository.archive.max.retention.period",
"");
-
orderedProperties.setProperty("nifi.content.repository.archive.max.usage.percentage",
"");
-
orderedProperties.setProperty("nifi.content.repository.archive.enabled",
"false");
+
orderedProperties.setProperty("nifi.content.repository.archive.max.retention.period",
contentRepoProperties.getContentRepoArchiveMaxRetentionPeriod());
+
orderedProperties.setProperty("nifi.content.repository.archive.max.usage.percentage",
contentRepoProperties.getContentRepoArchiveMaxUsagePercentage());
+
orderedProperties.setProperty("nifi.content.repository.archive.enabled",
Boolean.toString(contentRepoProperties.getContentRepoArchiveEnabled()));
orderedProperties.setProperty("nifi.content.repository.directory.default",
"./content_repository");
orderedProperties.setProperty("nifi.content.repository.always.sync",
Boolean.toString(contentRepoProperties.getAlwaysSync()));
@@ -237,7 +237,12 @@ public final class ConfigTransformer {
orderedProperties.setProperty("nifi.provenance.repository.rollover.time",
provenanceRepositorySchema.getProvenanceRepoRolloverTimeKey());
-
orderedProperties.setProperty("nifi.provenance.repository.buffer.size",
"1", System.lineSeparator() + "# Volatile Provenance Respository
Properties");
+
orderedProperties.setProperty("nifi.provenance.repository.index.shard.size",
provenanceRepositorySchema.getProvenanceRepoIndexShardSize());
+
orderedPr
[nifi] branch master updated: NIFI-7558 Fixed CatchAllFilter init logic by calling super.init(). Renamed legacy terms. Updated documentation.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 94c98c0 NIFI-7558 Fixed CatchAllFilter init logic by calling
super.init(). Renamed legacy terms. Updated documentation.
94c98c0 is described below
commit 94c98c019f6704bea92ec15c1a5aa71b42e521ab
Author: Andy LoPresto
AuthorDate: Thu Jun 18 19:57:58 2020 -0700
NIFI-7558 Fixed CatchAllFilter init logic by calling super.init().
Renamed legacy terms.
Updated documentation.
This closes #4351.
Signed-off-by: Mark Payne
---
.../java/org/apache/nifi/util/NiFiProperties.java | 20 +--
.../nifi/web/filter/SanitizeContextPathFilter.java | 25 ++--
.../java/org/apache/nifi/web/util/WebUtils.java| 30 ++--
.../filter/SanitizeContextPathFilterTest.groovy| 152 +
.../org/apache/nifi/web/util/WebUtilsTest.groovy | 88 ++--
.../src/main/asciidoc/administration-guide.adoc| 6 +-
.../StandardNiFiPropertiesGroovyTest.groovy| 26 ++--
.../apache/nifi/web/server/HostHeaderHandler.java | 25 ++--
.../org/apache/nifi/web/server/JettyServer.java| 4 +-
.../nifi-jetty/src/test/resources/logback-test.xml | 2 +
.../apache/nifi/web/api/ApplicationResource.java | 69 +-
.../nifi/web/api/ApplicationResourceTest.groovy| 76 +--
.../org/apache/nifi/web/filter/CatchAllFilter.java | 4 +-
.../nifi/web/filter/CatchAllFilterTest.groovy | 152 +
14 files changed, 490 insertions(+), 189 deletions(-)
diff --git
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 0943c87..662f5d0 100644
---
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -1559,23 +1559,23 @@ public abstract class NiFiProperties {
}
/**
- * Returns the whitelisted proxy hostnames (and IP addresses) as a
comma-delimited string.
+ * Returns the allowed proxy hostnames (and IP addresses) as a
comma-delimited string.
* The hosts have been normalized to the form {@code somehost.com}, {@code
somehost.com:port}, or {@code 127.0.0.1}.
*
* Note: Calling {@code
NiFiProperties.getProperty(NiFiProperties.WEB_PROXY_HOST)} will not normalize
the hosts.
*
* @return the hostname(s)
*/
-public String getWhitelistedHosts() {
-return StringUtils.join(getWhitelistedHostsAsList(), ",");
+public String getAllowedHosts() {
+return StringUtils.join(getAllowedHostsAsList(), ",");
}
/**
- * Returns the whitelisted proxy hostnames (and IP addresses) as a List.
The hosts have been normalized to the form {@code somehost.com}, {@code
somehost.com:port}, or {@code 127.0.0.1}.
+ * Returns the allowed proxy hostnames (and IP addresses) as a List. The
hosts have been normalized to the form {@code somehost.com}, {@code
somehost.com:port}, or {@code 127.0.0.1}.
*
* @return the hostname(s)
*/
-public List getWhitelistedHostsAsList() {
+public List getAllowedHostsAsList() {
String rawProperty = getProperty(WEB_PROXY_HOST, "");
List hosts = Arrays.asList(rawProperty.split(","));
return hosts.stream()
@@ -1591,22 +1591,22 @@ public abstract class NiFiProperties {
}
/**
- * Returns the whitelisted proxy context paths as a comma-delimited
string. The paths have been normalized to the form {@code /some/context/path}.
+ * Returns the allowed proxy context paths as a comma-delimited string.
The paths have been normalized to the form {@code /some/context/path}.
*
* Note: Calling {@code
NiFiProperties.getProperty(NiFiProperties.WEB_PROXY_CONTEXT_PATH)} will not
normalize the paths.
*
* @return the path(s)
*/
-public String getWhitelistedContextPaths() {
-return StringUtils.join(getWhitelistedContextPathsAsList(), ",");
+public String getAllowedContextPaths() {
+return StringUtils.join(getAllowedContextPathsAsList(), ",");
}
/**
- * Returns the whitelisted proxy context paths as a list of paths. The
paths have been normalized to the form {@code /some/context/path}.
+ * Returns the allowed proxy context paths as a list of paths. The paths
have been normalized to the form {@code /some/context/path}.
*
* @return the path(s)
*/
-public List getWhitelistedContextPathsAsList() {
+public List getAllowedContextPathsAsList() {
String rawProperty = getProperty(WEB_PROXY_CONTEXT_PATH, "");
List
[nifi] branch master updated: NIFI-7566: Avoid using Thread.sleep() to wait for Site-to-Site connection to be handled. Instead, use TimeUnit.timedWait and use Object.notifyAll when setting the beingSe
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 57c7883 NIFI-7566: Avoid using Thread.sleep() to wait for
Site-to-Site connection to be handled. Instead, use TimeUnit.timedWait and use
Object.notifyAll when setting the beingServiced flag. This significantly
reduces latency and improves throughput for small-batch site-to-site
communications
57c7883 is described below
commit 57c7883f647348aba181440950f01cf1d62846c6
Author: Mark Payne
AuthorDate: Fri Jun 19 13:19:17 2020 -0400
NIFI-7566: Avoid using Thread.sleep() to wait for Site-to-Site connection
to be handled. Instead, use TimeUnit.timedWait and use Object.notifyAll when
setting the beingServiced flag. This significantly reduces latency and improves
throughput for small-batch site-to-site communications
This closes #4353.
Signed-off-by: Andy LoPresto
---
.../org/apache/nifi/remote/StandardPublicPort.java | 62 ++
1 file changed, 41 insertions(+), 21 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java
index 66cbc05..d1ee69f 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardPublicPort.java
@@ -454,11 +454,31 @@ public class StandardPublicPort extends AbstractPort
implements PublicPort {
}
public void setServiceBegin() {
-this.beingServiced.set(true);
+beingServiced.set(true);
+synchronized (this) {
+notifyAll();
+}
}
-public boolean isBeingServiced() {
-return beingServiced.get();
+public boolean waitForService(final long duration, final TimeUnit
timeUnit) throws InterruptedException {
+final long latestWaitTime = System.nanoTime() +
timeUnit.toNanos(duration);
+
+while (!beingServiced.get()) {
+final long nanosToWait = latestWaitTime - System.nanoTime();
+if (nanosToWait <= 0) {
+return false;
+}
+
+if (isExpired()) {
+return false;
+}
+
+synchronized (this) {
+TimeUnit.NANOSECONDS.timedWait(this, nanosToWait);
+}
+}
+
+return true;
}
public BlockingQueue getResponseQueue() {
@@ -515,17 +535,17 @@ public class StandardPublicPort extends AbstractPort
implements PublicPort {
// wait for the request to start getting serviced... and time out
if it doesn't happen
// before the request expires
-while (!request.isBeingServiced()) {
-if (request.isExpired()) {
-// Remove expired request, so that it won't block new
request to be offered.
-this.requestQueue.remove(request);
-throw new SocketTimeoutException("Read timed out");
-} else {
-try {
-Thread.sleep(100L);
-} catch (final InterruptedException e) {
+try {
+while (!request.waitForService(100, TimeUnit.MILLISECONDS)) {
+if (request.isExpired()) {
+// Remove expired request, so that it won't block new
request to be offered.
+this.requestQueue.remove(request);
+throw new SocketTimeoutException("Read timed out");
}
}
+} catch (final InterruptedException ie) {
+Thread.currentThread().interrupt();
+throw new ProcessException("Interrupted while waiting for
site-to-site request to be serviced", ie);
}
// we've started to service the request. Now just wait until it's
finished
@@ -571,17 +591,17 @@ public class StandardPublicPort extends AbstractPort
implements PublicPort {
// wait for the request to start getting serviced... and time out
if it doesn't happen
// before the request expires
-while (!request.isBeingServiced()) {
-if (request.isExpired()) {
-// Remove expired request, so that it won't block new
request to be offered.
-this.requestQueue.remove(request);
-throw
[nifi] branch master updated: NIFI-6094 - Added the X-Content-Type-Options header to all web responses. (#4307)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 27b5bb7 NIFI-6094 - Added the X-Content-Type-Options header to all
web responses. (#4307)
27b5bb7 is described below
commit 27b5bb7a209bdf12eb14e653d9d4c42f444018be
Author: thenatog <3042+thena...@users.noreply.github.com>
AuthorDate: Wed Jun 17 20:15:18 2020 -0400
NIFI-6094 - Added the X-Content-Type-Options header to all web responses.
(#4307)
NIFI-6094 - Added the mime/content type for ttf files.
---
.../org/apache/nifi/web/server/JettyServer.java| 10 +++-
.../headers/XContentTypeOptionsFilter.java | 58 ++
.../security/headers/HTTPHeaderFiltersTest.java| 16 ++
3 files changed, 83 insertions(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
index 04df2bf..b9b9c84 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
@@ -85,6 +85,7 @@ import org.apache.nifi.web.NiFiWebConfigurationContext;
import org.apache.nifi.web.UiExtensionType;
import org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter;
import org.apache.nifi.web.security.headers.StrictTransportSecurityFilter;
+import org.apache.nifi.web.security.headers.XContentTypeOptionsFilter;
import org.apache.nifi.web.security.headers.XFrameOptionsFilter;
import org.apache.nifi.web.security.headers.XSSProtectionFilter;
import org.apache.nifi.web.security.requests.ContentLengthFilter;
@@ -569,6 +570,7 @@ public class JettyServer implements NiFiServer,
ExtensionUiLoader {
serverClasses.remove("org.slf4j.");
webappContext.setServerClasses(serverClasses.toArray(new String[0]));
webappContext.setDefaultsDescriptor(WEB_DEFAULTS_XML);
+webappContext.getMimeTypes().addMimeMapping("ttf", "font/ttf");
// get the temp directory for this webapp
File tempDir = new File(props.getWebWorkingDirectory(),
warFile.getName());
@@ -592,7 +594,13 @@ public class JettyServer implements NiFiServer,
ExtensionUiLoader {
// add HTTP security headers to all responses
final String ALL_PATHS = "/*";
-ArrayList> filters = new
ArrayList<>(Arrays.asList(XFrameOptionsFilter.class,
ContentSecurityPolicyFilter.class, XSSProtectionFilter.class));
+ArrayList> filters =
+new ArrayList<>(Arrays.asList(
+XFrameOptionsFilter.class,
+ContentSecurityPolicyFilter.class,
+XSSProtectionFilter.class,
+XContentTypeOptionsFilter.class));
+
if(props.isHTTPSConfigured()) {
filters.add(StrictTransportSecurityFilter.class);
}
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/headers/XContentTypeOptionsFilter.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/headers/XContentTypeOptionsFilter.java
new file mode 100644
index 000..710f5ff
--- /dev/null
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/headers/XContentTypeOptionsFilter.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.headers;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
[nifi] branch master updated: NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build environment (#4341)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new c18b27a NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build
environment (#4341)
c18b27a is described below
commit c18b27af185453816dffe6e9ed22fe9be41646f6
Author: Joey
AuthorDate: Tue Jun 16 19:45:37 2020 -0500
NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build environment
(#4341)
* NIFI-7540: Fix TestListenSMTP and TestListFile on macOS build environment
This also fixes NIFI-4760.
* NIFI-7540: Remove duplicate mail.smtp.starttls.enable from TestListenSMTP
Signed-off-by: Andy LoPresto
---
.../apache/nifi/remote/io/socket/NetworkUtils.java | 37 +++-
.../nifi-email-processors/pom.xml | 3 +-
.../nifi/processors/email/TestListenSMTP.java | 229 ++---
.../nifi/processors/standard/TestListFile.java | 24 ++-
4 files changed, 163 insertions(+), 130 deletions(-)
diff --git
a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java
b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java
index b2deecc..6be3293 100644
---
a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java
+++
b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/remote/io/socket/NetworkUtils.java
@@ -17,11 +17,12 @@
package org.apache.nifi.remote.io.socket;
import java.io.IOException;
+import java.net.Socket;
import java.net.ServerSocket;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.TimeUnit;
-/**
- *
- */
public class NetworkUtils {
/**
@@ -43,4 +44,34 @@ public class NetworkUtils {
}
}
}
+
+public final static boolean isListening(final String hostname, final int
port) {
+try (final Socket s = new Socket(hostname, port)) {
+return s.isConnected();
+} catch (final Exception ignore) {}
+return false;
+}
+
+public final static boolean isListening(final String hostname, final int
port, final int timeoutMillis) {
+Boolean result = false;
+
+final ExecutorService executor = Executors.newSingleThreadExecutor();
+try {
+result = executor.submit(() -> {
+while(!isListening(hostname, port)) {
+try {
+Thread.sleep(100);
+} catch (final Exception ignore) {}
+}
+return true;
+}).get(timeoutMillis, TimeUnit.MILLISECONDS);
+} catch (final Exception ignore) {} finally {
+try {
+executor.shutdown();
+} catch (final Exception ignore) {}
+}
+
+return (result != null && result);
+}
+
}
diff --git a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
index 2b693d0..29a21d9 100644
--- a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
@@ -54,7 +54,7 @@
com.sun.mail
javax.mail
-1.5.6
+1.6.2
org.subethamail
@@ -125,4 +125,3 @@
-
diff --git
a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
index 325bfaf..2e6c783 100644
---
a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
+++
b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
@@ -18,12 +18,15 @@ package org.apache.nifi.processors.email;
import static org.junit.Assert.assertTrue;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import org.apache.commons.mail.Email;
-import org.apache.commons.mail.SimpleEmail;
+import java.util.Properties;
+
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
+
import org.apache.nifi.remote.io.socket.NetworkUtils;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.ssl.SSLContextService;
@@ -31,77 +34,59 @@ import
org.apache.nifi.ssl.StandardRestrictedSSLContextServi
svn commit: r1878865 - in /nifi/site/trunk: people.html security.html
Author: alopresto Date: Mon Jun 15 18:54:08 2020 New Revision: 1878865 URL: http://svn.apache.org/viewvc?rev=1878865=rev Log: Moved Jeff Storck to In Memoriam section. Modified: nifi/site/trunk/people.html nifi/site/trunk/security.html Modified: nifi/site/trunk/people.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/people.html?rev=1878865=1878864=1878865=diff == --- nifi/site/trunk/people.html (original) +++ nifi/site/trunk/people.html Mon Jun 15 18:54:08 2020 @@ -260,11 +260,6 @@ -jstorck -Jeff Storck - - - phrocker Marc Parisi @@ -393,6 +388,27 @@ + + + +In Memoriam + + + + + + + + +Id +Name + + +jstorck +Jeff Storck (PMC) + + + @@ -412,8 +428,8 @@ bimargulies Benson Margulies - - + + Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1878865=1878864=1878865=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Mon Jun 15 18:54:08 2020 @@ -129,7 +129,7 @@ Specifically, please do not: -âï¸ Open a Jira disclosing a security vulnerability to the public +âï¸ Open a Jira disclosing a security vulnerability to the public âï¸ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public âï¸ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public
[nifi] branch master updated: NIFI-7385 Provided reverse-indexed TokenCache implementation. Cleaned up code style. Unit test was failing on Windows 1.8 GitHub Actions build but no other environment. I
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 01e42df NIFI-7385 Provided reverse-indexed TokenCache implementation.
Cleaned up code style. Unit test was failing on Windows 1.8 GitHub Actions
build but no other environment. Increased artificial delay to avoid timing
issues.
01e42df is described below
commit 01e42dfb3291c3a3549023edadafd2d8023f3042
Author: Nathan Gough
AuthorDate: Mon May 4 12:07:36 2020 -0400
NIFI-7385 Provided reverse-indexed TokenCache implementation.
Cleaned up code style.
Unit test was failing on Windows 1.8 GitHub Actions build but no other
environment. Increased artificial delay to avoid timing issues.
Co-authored-by: Andy LoPresto
This closes #4271.
Signed-off-by: Andy LoPresto
---
.../web/security/otp/OtpAuthenticationFilter.java | 9 +-
.../security/otp/OtpAuthenticationProvider.java| 2 +-
.../apache/nifi/web/security/otp/OtpService.java | 81 ---
.../apache/nifi/web/security/otp/TokenCache.java | 144
.../nifi/web/security/otp/TokenCacheTest.groovy| 249 +
.../nifi/web/security/otp/OtpServiceTest.java | 176 +--
6 files changed, 604 insertions(+), 57 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
index 98d8e68..c09a4bb 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
@@ -16,15 +16,18 @@
*/
package org.apache.nifi.web.security.otp;
+import java.util.regex.Pattern;
+import javax.servlet.http.HttpServletRequest;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
-import javax.servlet.http.HttpServletRequest;
-import java.util.regex.Pattern;
-
/**
+ * This filter is used to capture one time passwords (OTP) from requests made
to download files through the browser.
+ * It's required because when we initiate a download in the browser, it must
be opened in a new tab. The new tab
+ * cannot be initialized with authentication headers, so we must add a token
as a query parameter instead. As
+ * tokens in URL strings are visible in various places, this must only be used
once - hence our OTP.
*/
public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
index f375df2..bcc42cd 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
@@ -28,7 +28,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
/**
- *
+ * This provider will be used when the request is attempting to authenticate
with a download or ui extension OTP/token.
*/
public class OtpAuthenticationProvider extends NiFiAuthenticationProvider {
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java
index bcd26a4..e8d96ae 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpService.java
@@ -16,22 +16,18 @@
*/
package org.apache.nifi.web.security.otp;
-import com.google.common.cache.Cache;
-import com.google.common.cache.CacheBuilder;
-import org.apache.commons.codec.binary.Base64;
-import
[nifi] branch master updated: NIFI-7467 Refactored S2S peer selection logic. Removed list structure for peer selection as it was unnecessary and often wasteful (most clusters are 3 - 7 nodes, the list
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 845b66a NIFI-7467 Refactored S2S peer selection logic. Removed list
structure for peer selection as it was unnecessary and often wasteful (most
clusters are 3 - 7 nodes, the list was always 128 elements). Changed integer
percentages to double to allow for better normalization. Removed 80% cap on
remote peers as it was due to legacy requirements. Added unit tests for
non-deterministic distribution calculations. Added unit tests for edge cases
due to rounding errors, single valid [...]
845b66a is described below
commit 845b66ab9204cc4e8f2418ee6fd154191c3c3941
Author: Andy LoPresto
AuthorDate: Mon May 18 22:33:05 2020 -0700
NIFI-7467 Refactored S2S peer selection logic.
Removed list structure for peer selection as it was unnecessary and often
wasteful (most clusters are 3 - 7 nodes, the list was always 128 elements).
Changed integer percentages to double to allow for better normalization.
Removed 80% cap on remote peers as it was due to legacy requirements.
Added unit tests for non-deterministic distribution calculations.
Added unit tests for edge cases due to rounding errors, single valid
remotes, unbalanced clusters, and peer queue consecutive selection tracking.
Migrated all legacy PeerSelector unit tests to new API.
Removed unused System time manipulation as tests no longer need it.
Added class-level Javadoc to PeerSelector.
Removed S2S details request replication, as the responses were not being
merged, which led to incorrect ports being returned and breaking S2S peer
retrieval.
Fixed copy/paste error where input ports were being listed as output ports
during remote flow refresh.
Fixed comments and added unbalanced cluster test scenarios.
Removed unnecessary marker interface.
Removed commented code.
Changed weighting & penalization behavior.
Changed dependency scope to test.
This closes #4289.
Signed-off-by: Mark Payne
---
nifi-commons/nifi-site-to-site-client/pom.xml |9 +
.../org/apache/nifi/remote/PeerDescription.java|8 +
.../java/org/apache/nifi/remote/PeerStatus.java| 20 +
.../apache/nifi/remote/client/PeerSelector.java| 659
.../nifi/remote/client/PeerStatusProvider.java |6 +-
.../apache/nifi/remote/client/http/HttpClient.java | 55 +-
.../client/socket/EndpointConnectionPool.java | 67 +-
.../remote/protocol/CommunicationsSession.java |3 +-
.../apache/nifi/remote/util/PeerStatusCache.java | 18 +-
.../nifi/remote/util/SiteToSiteRestApiClient.java | 109 +-
.../nifi/remote/client/PeerSelectorTest.groovy | 1133
.../nifi/remote/client/TestPeerSelector.java | 383 ---
.../src/test/resources/logback-test.xml| 11 +-
.../nifi/remote/StandardRemoteProcessGroup.java| 65 +-
.../src/test/resources/logback-test.xml|2 +-
.../apache/nifi/web/api/SiteToSiteResource.java| 42 +-
16 files changed, 1786 insertions(+), 804 deletions(-)
diff --git a/nifi-commons/nifi-site-to-site-client/pom.xml
b/nifi-commons/nifi-site-to-site-client/pom.xml
index dc77921..b2b597f 100644
--- a/nifi-commons/nifi-site-to-site-client/pom.xml
+++ b/nifi-commons/nifi-site-to-site-client/pom.xml
@@ -77,6 +77,15 @@
4.1.4
+org.slf4j
+slf4j-api
+
+
+ch.qos.logback
+logback-classic
+test
+
+
com.esotericsoftware.kryo
kryo
2.24.0
diff --git
a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java
b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java
index f34c31d..3b20502 100644
---
a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java
+++
b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerDescription.java
@@ -16,6 +16,8 @@
*/
package org.apache.nifi.remote;
+import org.apache.nifi.web.api.dto.remote.PeerDTO;
+
public class PeerDescription {
private final String hostname;
@@ -28,6 +30,12 @@ public class PeerDescription {
this.secure = secure;
}
+public PeerDescription(final PeerDTO peerDTO) {
+this.hostname = peerDTO.getHostname();
+this.port = peerDTO.getPort();
+this.secure = peerDTO.isSecure();
+}
+
public String getHostname() {
return hostname;
}
diff --git
a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/PeerStatus.java
b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/re
[nifi] branch master updated (97a919a -> 45e626f)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from 97a919a NIFI-7482 Changed InvokeHTTP to be extensible. Added unit test. add 45e626f Updated pull request template to separate JDK 8 and 11 questions No new revisions were added by this update. Summary of changes: .github/PULL_REQUEST_TEMPLATE.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
[nifi] branch master updated: NIFI-7482 Changed InvokeHTTP to be extensible. Added unit test.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 97a919a NIFI-7482 Changed InvokeHTTP to be extensible. Added unit
test.
97a919a is described below
commit 97a919a3be37c8e78b623ffacf9b1f22db534644
Author: Andy LoPresto
AuthorDate: Fri May 22 10:55:48 2020 -0700
NIFI-7482 Changed InvokeHTTP to be extensible.
Added unit test.
This closes #4291.
Signed-off-by: Arpad Boda
---
.../nifi/processors/standard/InvokeHTTP.java | 2 +-
.../nifi/processors/standard/TestInvokeHTTP.java | 27 ++
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
index 249fb8e..d0cd858 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
@@ -134,7 +134,7 @@ import org.joda.time.format.DateTimeFormatter;
+ " where the will be the form data name, will be used
to fill out the multipart form parts."
+ " If send message body is false, the flowfile will not be
sent, but any other form data will be.")
})
-public final class InvokeHTTP extends AbstractProcessor {
+public class InvokeHTTP extends AbstractProcessor {
// flowfile attribute keys returned after reading the response
public final static String STATUS_CODE = "invokehttp.status.code";
public final static String STATUS_MESSAGE = "invokehttp.status.message";
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java
index c2a68dd..9cabae0 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestInvokeHTTP.java
@@ -16,6 +16,7 @@
*/
package org.apache.nifi.processors.standard;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -273,6 +274,7 @@ public class TestInvokeHTTP extends TestInvokeHttpCommon {
assertNull(regexAttributesToSendField.get(processor));
}
+
@Test
public void testEmptyGzipHttpReponse() throws Exception {
addHandler(new EmptyGzipResponseHandler());
@@ -300,6 +302,31 @@ public class TestInvokeHTTP extends TestInvokeHttpCommon {
bundle.assertAttributeEquals("Content-Type", "text/plain");
}
+@Test
+public void testShouldAllowExtension() {
+// Arrange
+class ExtendedInvokeHTTP extends InvokeHTTP {
+private int extendedNumber = -1;
+
+public ExtendedInvokeHTTP(int num) {
+super();
+this.extendedNumber = num;
+}
+
+public int extendedMethod() {
+return this.extendedNumber;
+}
+}
+
+int num = Double.valueOf(Math.random() * 100).intValue();
+
+// Act
+ExtendedInvokeHTTP eih = new ExtendedInvokeHTTP(num);
+
+// Assert
+assertEquals(num, eih.extendedMethod());
+}
+
public static class EmptyGzipResponseHandler extends AbstractHandler {
@Override
[nifi-site] branch master updated: Fixed spacing in security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/master by this push: new a06a72e Fixed spacing in security page. a06a72e is described below commit a06a72ebffe5ef7b4a7f70d8f2b713fe18019bc0 Author: Andy LoPresto AuthorDate: Fri May 15 10:58:51 2020 -0700 Fixed spacing in security page. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 6328216..7d6ac51 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -24,7 +24,7 @@ title: Apache NiFi Security Reports Specifically, please do not: -⛔️ Open a Jira disclosing a security vulnerability to the public +⛔️ Open a Jira disclosing a security vulnerability to the public ⛔️ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public ⛔️ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public
svn commit: r1877790 - /nifi/site/trunk/security.html
Author: alopresto Date: Fri May 15 17:56:05 2020 New Revision: 1877790 URL: http://svn.apache.org/viewvc?rev=1877790=rev Log: Added link to ASF security policy to security page. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1877790=1877789=1877790=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Fri May 15 17:56:05 2020 @@ -124,8 +124,15 @@ Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. -Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit -permission of the account holder. +Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder. +Please read the https://www.apache.org/security/committers.html; target="_blank">Apache Project Security for Committers policy to understand the restrictions around disclosure of security issues in the Apache open source community. + +Specifically, please do not: + +âï¸ Open a Jira disclosing a security vulnerability to the public +âï¸ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public +âï¸ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public + Exclusions
[nifi-site] branch master updated: Added link to ASF security policy to security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/master by this push: new 235c29b Added link to ASF security policy to security page. 235c29b is described below commit 235c29b8b92950335e797ec0385d08372eee4807 Author: Andy LoPresto AuthorDate: Fri May 15 10:55:15 2020 -0700 Added link to ASF security policy to security page. --- src/pages/html/security.hbs | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 21c010f..6328216 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -19,8 +19,15 @@ title: Apache NiFi Security Reports Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. -Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit -permission of the account holder. +Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder. +Please read the https://www.apache.org/security/committers.html; target="_blank">Apache Project Security for Committers policy to understand the restrictions around disclosure of security issues in the Apache open source community. + +Specifically, please do not: + +⛔️ Open a Jira disclosing a security vulnerability to the public +⛔️ Send a message to the d...@nifi.apache.org or us...@nifi.apache.org mailing lists disclosing a security vulnerability to the public +⛔️ Send a message to the Apache NiFi Slack instance disclosing a security vulnerability to the public + Exclusions
[nifi] branch master updated: NIFI-7321 - Allow NiFi admins to configure whether Jetty will send the Jetty server version in responses. Fixed a checkstyle error. Added property to nifi.properties. Cha
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 302a421 NIFI-7321 - Allow NiFi admins to configure whether Jetty will
send the Jetty server version in responses. Fixed a checkstyle error. Added
property to nifi.properties. Changed property to a variable that is set with
the pom.xml. Added setting the version variable to another HTTPConfiguration to
fix the version being sent in docs context. Fixed typo error.
302a421 is described below
commit 302a42185c0e1e06c7c7869aa6245dfd88ad7338
Author: Nathan Gough
AuthorDate: Mon Apr 6 00:08:55 2020 -0400
NIFI-7321 - Allow NiFi admins to configure whether Jetty will send the
Jetty server version in responses.
Fixed a checkstyle error.
Added property to nifi.properties.
Changed property to a variable that is set with the pom.xml.
Added setting the version variable to another HTTPConfiguration to fix the
version being sent in docs context.
Fixed typo error.
This closes #4192.
Signed-off-by: Andy LoPresto
---
.../src/main/java/org/apache/nifi/util/NiFiProperties.java | 6 ++
.../nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml | 1 +
.../nifi-resources/src/main/resources/conf/nifi.properties | 1 +
.../src/main/java/org/apache/nifi/web/server/JettyServer.java | 2 ++
4 files changed, 10 insertions(+)
diff --git
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 214d178..5643de0 100644
---
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -197,6 +197,7 @@ public abstract class NiFiProperties {
public static final String WEB_PROXY_HOST = "nifi.web.proxy.host";
public static final String WEB_MAX_CONTENT_SIZE =
"nifi.web.max.content.size";
public static final String WEB_MAX_REQUESTS_PER_SECOND =
"nifi.web.max.requests.per.second";
+public static final String WEB_SHOULD_SEND_SERVER_VERSION =
"nifi.web.should.send.server.version";
// ui properties
public static final String UI_BANNER_TEXT = "nifi.ui.banner.text";
@@ -304,6 +305,7 @@ public abstract class NiFiProperties {
public static final String DEFAULT_FLOW_CONFIGURATION_ARCHIVE_MAX_STORAGE
= "500 MB";
public static final String DEFAULT_SECURITY_USER_OIDC_CONNECT_TIMEOUT = "5
secs";
public static final String DEFAULT_SECURITY_USER_OIDC_READ_TIMEOUT = "5
secs";
+public static final String DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION = "true";
// cluster common defaults
public static final String DEFAULT_CLUSTER_PROTOCOL_HEARTBEAT_INTERVAL =
"5 sec";
@@ -1017,6 +1019,10 @@ public abstract class NiFiProperties {
return getProperty(SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER,
"email").trim();
}
+public boolean shouldSendServerVersion() {
+return
Boolean.parseBoolean(getProperty(WEB_SHOULD_SEND_SERVER_VERSION,
DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION));
+}
+
/**
* Returns whether Knox SSO is enabled.
*
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
index 58b250c..a93552a 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
@@ -146,6 +146,7 @@
20 MB
3
+
true
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
index 82174eb..436805a 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
@@ -154,6 +154,7 @@ nifi.web.proxy.context.path=${nifi.web.proxy.context.path}
nifi.web.proxy.host=${nifi.web.proxy.host}
nifi.web.max.content.size=${nifi.web.max.content.size}
nifi.web.max.requests.per.second=${nifi.web.max.requests.per.second}
+nifi.web.should.send.server.version=${nifi.web.should.send.server.version}
# security properties #
nifi.sensitive.props.key=
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/Je
[nifi] branch master updated: Added note about unique initial user identity names to walkthrough doc.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7d49401 Added note about unique initial user identity names to walkthrough doc. 7d49401 is described below commit 7d494011eaef030b28f390fd84ba74f664cd2fac Author: Andy LoPresto AuthorDate: Thu Apr 30 12:36:30 2020 -0700 Added note about unique initial user identity names to walkthrough doc. --- nifi-docs/src/main/asciidoc/walkthroughs.adoc | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/walkthroughs.adoc b/nifi-docs/src/main/asciidoc/walkthroughs.adoc index 5ca32f1..22f5801 100644 --- a/nifi-docs/src/main/asciidoc/walkthroughs.adoc +++ b/nifi-docs/src/main/asciidoc/walkthroughs.adoc @@ -1044,7 +1044,10 @@ NOTE: The `nifi.cluster.load.balance.host=` entry must be manually populated her ** `` -> `node1.nifi:2181,node2.nifi:2182,node3.nifi:2183` * `cp node1.nifi/conf/state-management.xml node2.nifi/conf/state-management.xml` -- Copies the modified `state-management.xml` file from `node1` to `node2` * `cp node1.nifi/conf/state-management.xml node3.nifi/conf/state-management.xml` -- Copies the modified `state-management.xml` file from `node1` to `node3` -. Update the `authorizers.xml` file. This file contains the *Initial Node Identities* and *Initial User Identities*. The *users* consist of all human users _and_ all nodes in the cluster. The `authorizers.xml` file can be identical on each node (assuming no other changes were made), so the modified file will be copied to the other nodes. +. Update the `authorizers.xml` file. This file contains the *Initial Node Identities* and *Initial User Identities*. The *users* consist of all human users _and_ all nodes in the cluster. The `authorizers.xml` file can be identical on each node (assuming no other changes were made), so the modified file will be copied to the other nodes. ++ +NOTE: Each `Initial User Identity` must have a **unique** name (`Initial User Identity 1`, `Initial User Identity 2`, etc.). + * `$EDITOR node1.nifi/conf/authorizers.xml` -- Opens the `authorizers.xml` file in a text editor * Update the following lines: ** In the `` section, `` -> `CN=my_username` -- Adds an initial user with the DN generated in the client certificate @@ -1105,4 +1108,4 @@ image::nifi-secure-cluster-status.png["NiFi secure cluster status pane"] _The running cluster with permissions_ image::nifi-secure-cluster-permissions.png["NiFi secure cluster running with Initial Admin Identity permissions"] --- \ No newline at end of file +--
[nifi] branch master updated: NIFI-7377 Cleaned up nifi-stateless logs. Refactored masking logic to CipherUtility and indicated masking with label and Base64 output. Added JSON masking logic to nifi-s
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 148537d NIFI-7377 Cleaned up nifi-stateless logs. Refactored masking
logic to CipherUtility and indicated masking with label and Base64 output.
Added JSON masking logic to nifi-stateless module. Added argument masking
functionality to Program. Moved groovy unit tests to proper Maven directory
structure. Modified plain argument output to use filtering/masking methods in
provided utility. Refactored utility methods. Updated unit tests.
148537d is described below
commit 148537d64a017b73160b0d49943183c18f883ab0
Author: Andy LoPresto
AuthorDate: Mon Apr 20 20:36:45 2020 +0200
NIFI-7377 Cleaned up nifi-stateless logs.
Refactored masking logic to CipherUtility and indicated masking with label
and Base64 output.
Added JSON masking logic to nifi-stateless module.
Added argument masking functionality to Program.
Moved groovy unit tests to proper Maven directory structure.
Modified plain argument output to use filtering/masking methods in provided
utility.
Refactored utility methods.
Updated unit tests.
This closes #4222.
Co-authored-by: Pierre Villard
Signed-off-by: Andy LoPresto
---
.../nifi/security/util/crypto/CipherUtility.java | 36
.../nifi/fingerprint/FingerprintFactory.java | 41 ++--
.../FingerprintFactoryGroovyTest.groovy| 3 +
.../nifi/fingerprint/FingerprintFactoryTest.java | 2 +-
.../nifi-framework/nifi-stateless/pom.xml | 12 +-
.../apache/nifi/stateless/core/StatelessFlow.java | 65 +++---
.../nifi/stateless/core/StatelessFlowFile.java | 16 +-
.../core/security/StatelessSecurityUtility.java| 174
.../apache/nifi/stateless/runtimes/Program.java| 80 ++--
.../openwhisk/StatelessNiFiOpenWhiskAction.java| 17 +-
.../stateless/runtimes/yarn/YARNServiceUtil.java | 10 +-
.../security/StatelessSecurityUtilityTest.groovy | 222 +
.../nifi/stateless/runtimes/ProgramTest.groovy | 101 ++
13 files changed, 679 insertions(+), 100 deletions(-)
diff --git
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java
index 369b015..5c1eb27 100644
---
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java
+++
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/CipherUtility.java
@@ -406,4 +406,40 @@ public class CipherUtility {
}
return saltLength;
}
+
+/**
+ * Returns a securely-derived, deterministic value from the provided
plaintext property
+ * value. This is because sensitive values should not be disclosed through
the
+ * logs. However, the equality or difference of the sensitive value can be
important, so it cannot be ignored completely.
+ *
+ * The specific derivation process is unimportant as long as it is a
salted,
+ * cryptographically-secure hash function with an iteration cost
sufficient for password
+ * storage in other applications.
+ *
+ * @param sensitivePropertyValue the plaintext property value
+ * @return a deterministic string value which represents this input but is
safe to print in a log
+ */
+public static String getLoggableRepresentationOfSensitiveValue(String
sensitivePropertyValue) {
+// TODO: Use DI/IoC to inject this implementation in the constructor
of the FingerprintFactory
+// There is little initialization cost, so it doesn't make sense to
cache this as a field
+SecureHasher secureHasher = new Argon2SecureHasher();
+
+// TODO: Extend {@link StringEncryptor} with secure hashing capability
and inject?
+return
getLoggableRepresentationOfSensitiveValue(sensitivePropertyValue, secureHasher);
+}
+
+/**
+ * Returns a securely-derived, deterministic value from the provided
plaintext property
+ * value. This is because sensitive values should not be disclosed through
the
+ * logs. However, the equality or difference of the sensitive value can be
important, so it cannot be ignored completely.
+ *
+ * The specific derivation process is determined by the provided {@link
SecureHasher} implementation.
+ *
+ * @param sensitivePropertyValue the plaintext property value
+ * @param secureHasher an instance of {@link SecureHasher} which will be
used to mask the value
+ * @return a deterministic string value which represents this input but is
safe to print in a log
+ */
+public static String getLoggableRepresentationOfSensitiveValue(String
[nifi] branch master updated: NIFI-7389 Makes Missable heartbeat counts configurable
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 996688b NIFI-7389 Makes Missable heartbeat counts configurable
996688b is described below
commit 996688b4194fbae27b1fca005e9031276487597d
Author: Sushil Kumar
AuthorDate: Fri Apr 24 14:50:01 2020 -0700
NIFI-7389 Makes Missable heartbeat counts configurable
This closes #4236.
Signed-off-by: Andy LoPresto
---
.../src/main/java/org/apache/nifi/util/NiFiProperties.java| 2 ++
nifi-docs/src/main/asciidoc/administration-guide.adoc | 5 +++--
.../cluster/coordination/heartbeat/AbstractHeartbeatMonitor.java | 8 ++--
.../src/test/resources/int-tests/clustered-nifi.properties| 1 +
.../src/test/resources/int-tests/default-nifi.properties | 1 +
.../nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml | 1 +
.../nifi-resources/src/main/resources/conf/nifi.properties| 1 +
7 files changed, 15 insertions(+), 4 deletions(-)
diff --git
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 6bbc921..f0e8e6b 100644
---
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -203,6 +203,7 @@ public abstract class NiFiProperties {
// cluster common properties
public static final String CLUSTER_PROTOCOL_HEARTBEAT_INTERVAL =
"nifi.cluster.protocol.heartbeat.interval";
+public static final String CLUSTER_PROTOCOL_HEARTBEAT_MISSABLE_MAX =
"nifi.cluster.protocol.heartbeat.missable.max";
public static final String CLUSTER_PROTOCOL_IS_SECURE =
"nifi.cluster.protocol.is.secure";
// cluster node properties
@@ -305,6 +306,7 @@ public abstract class NiFiProperties {
// cluster common defaults
public static final String DEFAULT_CLUSTER_PROTOCOL_HEARTBEAT_INTERVAL =
"5 sec";
+public static final int DEFAULT_CLUSTER_PROTOCOL_HEARTBEAT_MISSABLE_MAX =
8;
public static final String
DEFAULT_CLUSTER_PROTOCOL_MULTICAST_SERVICE_BROADCAST_DELAY = "500 ms";
public static final int
DEFAULT_CLUSTER_PROTOCOL_MULTICAST_SERVICE_LOCATOR_ATTEMPTS = 3;
public static final String
DEFAULT_CLUSTER_PROTOCOL_MULTICAST_SERVICE_LOCATOR_ATTEMPTS_DELAY = "1 sec";
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc
b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 874b85f..0b941bc 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -1629,8 +1629,8 @@ It just depends on the resources available and how the
Administrator decides to
*Heartbeats*: The nodes communicate their health and status to the currently
elected Cluster Coordinator via "heartbeats",
which let the Coordinator know they are still connected to the cluster and
working properly. By default, the nodes emit
-heartbeats every 5 seconds, and if the Cluster Coordinator does not receive a
heartbeat from a node within 40 seconds, it
-disconnects the node due to "lack of heartbeat". The 5-second setting is
configurable in the _nifi.properties_ file (see
+heartbeats every 5 seconds, and if the Cluster Coordinator does not receive a
heartbeat from a node within 40 seconds (= 5 seconds * 8), it
+disconnects the node due to "lack of heartbeat". The 5-second and 8 times
settings are configurable in the _nifi.properties_ file (see
the <> section for more information). The reason
that the Cluster Coordinator
disconnects the node is because the Coordinator needs to ensure that every
node in the cluster is in sync, and if a node
is not heard from regularly, the Coordinator cannot be sure it is still in
sync with the rest of the cluster. If, after
@@ -3334,6 +3334,7 @@ When setting up a NiFi cluster, these properties should
be configured the same w
|
|*Property*|*Description*
|`nifi.cluster.protocol.heartbeat.interval`|The interval at which nodes should
emit heartbeats to the Cluster Coordinator. The default value is `5 sec`.
+|`nifi.cluster.protocol.heartbeat.missable.max`|Maximum number of heartbeats a
Cluster Coordinator can miss for a node in the cluster before the Cluster
Coordinator updates the node status to Disconnected. The default value is `8`.
|`nifi.cluster.protocol.is.secure`|This indicates whether cluster
communications are secure. The default value is `false`.
|
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/heartbeat/Abstra
svn commit: r1876803 - /nifi/site/trunk/security.html
Author: alopresto Date: Tue Apr 21 17:53:08 2020 New Revision: 1876803 URL: http://svn.apache.org/viewvc?rev=1876803=rev Log: Fixed HackerOne URL in NiFi Security page. Modified: nifi/site/trunk/security.html Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1876803=1876802=1876803=diff == --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Tue Apr 21 17:53:08 2020 @@ -142,7 +142,7 @@ Send an email to mailto:secur...@nifi.apache.org;>secur...@nifi.apache.org. This is a private list monitored by the PMC. For sensitive disclosures, the GPG key fingerprint is 1230 3BB8 1F22 E11C 8725 926A AFF2 B368 23B9 44E9. -NiFi has a https://hackerone.com/apache_nifi; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to +NiFi has a https://hackerone.com/apachenifi; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to collaboratively report and resolve security vulnerabilities.
[nifi-site] 03/03: Fixed HackerOne URL in security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit e607ee74465c0d66fdc64609bbbcfe6affd34c0d Author: Andy LoPresto AuthorDate: Tue Apr 21 10:44:15 2020 -0700 Fixed HackerOne URL in security page. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index e98d116..21c010f 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -37,7 +37,7 @@ title: Apache NiFi Security Reports Send an email to mailto:secur...@nifi.apache.org;>secur...@nifi.apache.org. This is a private list monitored by the PMC. For sensitive disclosures, the GPG key fingerprint is 1230 3BB8 1F22 E11C 8725 926A AFF2 B368 23B9 44E9. -NiFi has a https://hackerone.com/apache_nifi; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to +NiFi has a https://hackerone.com/apachenifi; target="_blank">HackerOne project page. HackerOne provides a triaged process for researchers and organizations to collaboratively report and resolve security vulnerabilities.
[nifi-site] 02/03: Updated heading in NiFi security page.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit bb04a0cdc58da95fea6fdae26c4b05f207d286f6 Author: Nathan Gough AuthorDate: Tue Apr 21 12:00:42 2020 -0400 Updated heading in NiFi security page. --- src/pages/html/security.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index a2f4217..e98d116 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -7,7 +7,7 @@ title: Apache NiFi Security Reports -Security Vulnerability Disclosure +NiFi Security Vulnerability Disclosure
[nifi-site] branch master updated (c9b9250 -> e607ee7)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git. from c9b9250 Added NiFi Registry 0.6.0 download links. new 3bf66c7 NIFIREG-371 - Adding the NiFi Registry security/CVE documentation page and release information for NiFi Registry 0.6.0 release. new bb04a0c Updated heading in NiFi security page. new e607ee7 Fixed HackerOne URL in security page. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/includes/topbar.hbs | 3 +- src/pages/html/registry-security.hbs | 167 +++ src/pages/html/security.hbs | 4 +- 3 files changed, 171 insertions(+), 3 deletions(-) create mode 100644 src/pages/html/registry-security.hbs
[nifi-site] 01/03: NIFIREG-371 - Adding the NiFi Registry security/CVE documentation page and release information for NiFi Registry 0.6.0 release.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit 3bf66c72624e24b116150dabd76752f55b2a3a34 Author: Nathan Gough AuthorDate: Tue Apr 21 11:37:17 2020 -0400 NIFIREG-371 - Adding the NiFi Registry security/CVE documentation page and release information for NiFi Registry 0.6.0 release. --- src/includes/topbar.hbs | 3 +- src/pages/html/registry-security.hbs | 167 +++ 2 files changed, 169 insertions(+), 1 deletion(-) diff --git a/src/includes/topbar.hbs b/src/includes/topbar.hbs index 8a20972..7342922 100644 --- a/src/includes/topbar.hbs +++ b/src/includes/topbar.hbs @@ -30,7 +30,8 @@ Videos NiFi Docs https://cwiki.apache.org/confluence/display/NIFI;>Wiki -Security Reports +NiFi Security Reports +NiFi Registry Security Reports diff --git a/src/pages/html/registry-security.hbs b/src/pages/html/registry-security.hbs new file mode 100644 index 000..842697f --- /dev/null +++ b/src/pages/html/registry-security.hbs @@ -0,0 +1,167 @@ +--- +title: Apache NiFi Registry Security Reports +--- + + + + + + +NiFi Registry Security Vulnerability Disclosure + + + + +Apache NiFi Registry welcomes the responsible reporting of security vulnerabilities. The NiFi Registry team believes that working with skilled security researchers across the globe is crucial in identifying +weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We will work with you to resolve the issue +promptly. +Disclosure Policy + +Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. +Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. +Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit +permission of the account holder. + + +Exclusions +While researching, we'd like to ask you to refrain from: + +Denial of service +Spamming +Social engineering (including phishing) of Apache NiFi and NiFi Registry staff or contractors +Any physical attempts against Apache NiFi or NiFi Registry property or data centers + +Reporting Methods +NiFi Registry receives vulnerability reports through the Apache NiFi team via the following means: + +Send an email to mailto:secur...@nifi.apache.org;>secur...@nifi.apache.org. This is a private list monitored by the PMC. For sensitive +disclosures, the GPG key fingerprint is 1230 3BB8 1F22 E11C 8725 926A AFF2 B368 23B9 44E9. + + +Thank you for helping keep Apache NiFi Registry and our users safe! + + + + + +Fixed in Apache NiFi Registry 0.6.0 + + + + + +Vulnerabilities + + + + +CVE-2020-9482: Apache NiFi Registry user log out issue +Severity: Moderate +Versions Affected: + +Apache NiFi Registry 0.1.0 - 0.5.0 + + +Description: If NiFi Registry uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry. +Mitigation: The fix to invalidate the server-side authentication token immediately after the user clicks 'Log Out' was applied in the Apache NiFi Registry 0.6.0 release. +CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9482; target="_blank">Mitre Database: CVE-2020-9482 +NiFi Registry Jira: https://issues.apache.org/jira/browse/NIFIREG-387; target="_blank">NIFIREG-387 +NiFi Registry PR: https://github.com/apache/nifi-registry/pull/277; target="_blank">PR 277 +Released: April 7, 2020 + + + + + +Dependency Vulnerabilities + + + + +CVE-2019-14540: Apache NiFi Registry's jackson-databind usage +Severity: Critical +Versions Affected: + +Apache NiFi Registry 0.5.0 - 0.5.0 + + +Description: The com.fasterxml.jackson.core:jackson-databind dependency
[nifi] branch master updated (8340078 -> 2224ace)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from 8340078 NIFI-7292 Preventing file listing from fail because of insufficient privileges add 2224ace Added Jira and security reporting links to README.md No new revisions were added by this update. Summary of changes: README.md | 2 ++ 1 file changed, 2 insertions(+)
svn commit: r1876384 - /nifi/site/trunk/docs/nifi-docs/index.html
Author: alopresto Date: Sat Apr 11 05:37:40 2020 New Revision: 1876384 URL: http://svn.apache.org/viewvc?rev=1876384=rev Log: Added walkthroughs link to frame navigation page. Modified: nifi/site/trunk/docs/nifi-docs/index.html Modified: nifi/site/trunk/docs/nifi-docs/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/index.html?rev=1876384=1876383=1876384=diff == --- nifi/site/trunk/docs/nifi-docs/index.html (original) +++ nifi/site/trunk/docs/nifi-docs/index.html Sat Apr 11 05:37:40 2020 @@ -49,6 +49,7 @@ RecordPath Guide Admin Guide Toolkit Guide +Walkthroughs No matching guides
svn commit: r1876383 [2/2] - in /nifi/site/trunk/docs/nifi-docs/html: ./ images/
e/CreateIssue!default.jspa; target="_blank">open a Jira (see https://cwiki.apache.org/confluence/display/NIFI/Contributor+Guide#ContributorGuide-WheretoStart?; target="_blank">further instructions in the Contributor Guide) and https://github.com/apache/nifi/pulls; target="_blank">submit a pull request (PR). + + + + + + + + +This document is provided with no warranty. All steps have been evaluated for correctness to the extent possible by the Apache NiFi community, but no responsibility is assumed for negative impacts on any computer system where these commands are executed. + + + + + + + +Installing Apache NiFi + + +Apache NiFi is an easy to use, powerful, and reliable system to process and distribute data. It supports powerful and scalable directed graphs of data routing, transformation, and system mediation logic. In addition to NiFi, there is the NiFi Toolkit, a collection of command-line tools which help perform administrative tasks such as interacting with remote services, generating TLS certificates, managing nodes in a cluster, and encrypting sensitive configuration values. + + + + + + + + +Description +Instructions on downloading the Apache NiFi application and Toolkit + + +Purpose +To make the application available to run on the specified machine (e.g. a local development environment) + + +Starting Point +Machine running modern OS + + +Expected Outcome +Latest version of Apache NiFi available to run on host with no configuration + + +Estimated Duration +1 minute + download time + + + + + + + + + + +The following instructions are for installing a single node of NiFi. This guide assumes Mac OS X / macOS 10.11.0+ but should work for any modern operating system. *nix commands are used by default, but Windows equivalents are provided where available. + + + + + + + +Go to the http://nifi.apache.org/download.html; target="_blank">Apache NiFi Downloads page. + + +Download the latest version of NiFi via the compressed binary files. For example, if the latest version is 1.11.4: + + + +nifi-1.11.4-bin.tar.gz [1.2 GB] + + +nifi-toolkit-1.11.4-bin.tar.gz [42 MB] + + + + + +If you are directed to a mirror page, click the first link on the page to download the respective archive file. + + + + + + + +Note that the nifi-1.11.4-bin.tar.gz and the nifi-toolkit-1.11.4-bin.tar.gz compressed files are downloaded to your Downloads folder. + + +Download the GPG signature and checksums for those files. They are found on the initial download page next to each binary file. + + + +gpg --verify -v nifi-1.11.4-bin.tar.gz.ascVerifies the GPG signature provided on the binary by the Release Manager (RM). See https://nifi.apache.org/gpg.html#verifying-a-release-signature; target="_blank">NiFi GPG Guide: Verifying a Release Signature for further details + + +shasum -a 256 nifi-1.11.4-bin.tar.gzCalculates a SHA-256 checksum over the downloaded artifact. This should be compared with the contents of nifi-1.11.4-bin.tar.gz.sha256 for equality + + +shasum -a 512 nifi-1.11.4-bin.tar.gzCalculates a SHA-512 checksum over the downloaded artifact. This should be compared with the contents of nifi-1.11.4-bin.tar.gz.sha512 for equality + + + + + + + + + + +Extract the files from each tar.gz file. This can be done by double-clicking on the files in the Finder or running the following commands in the terminal. + + + +tar -xvzf nifi-1.11.4-bin.tar.gzUncompresses the gzip file and extracts the tar archive contents to nifi-1.11.4/ + + +tar -xvzf nifi-toolkit-1.11.4-bin.tar.gzUncompresses the gzip file and extracts the tar archive contents to nifi-toolkit-1.11.4/ + + + + + +Optionally, move the folders to a more appropriate location. + + + + + + +Building NiFi From Source + + + + + + + + +Description +Instructions on downloading the Apache NiFi source code and building the application locally + + +Purpose +To make the application (with potential code modifications) available to run on the specified machine (e.g. a local development environment) + + +Starting Point +Machine running modern OS + + +Expected Outcome +Latest version of Apache NiFi available to run on host with no configuration + + +Estimated Duration +10 - 35 minutes + download time + + + + + + + + + + +This guide assumes Mac OS X / macOS 10.11.0+ but should work for any modern operating system. *nix commands are used by default, but Windows equivalents are provided where available. + + + + + + + +Go to the http://nifi.apache.org/download.html; target="_blank">Apache NiFi Downloads page. + + +Download the latest version of NiFi source code via the compressed files. For example, if the latest version is 1.11.4: + + + +nifi-1.11.4-source-release.zip [53 MB] + + + + + +If you are directed to a mirror page, click the first link on the page to download the respective archive file. + + +Note that the nifi-1.11.4-source-release.zip compressed file is downloaded to your
svn commit: r1876383 [1/2] - in /nifi/site/trunk/docs/nifi-docs/html: ./ images/
Author: alopresto Date: Sat Apr 11 05:35:53 2020 New Revision: 1876383 URL: http://svn.apache.org/viewvc?rev=1876383=rev Log: Added walkthroughs.html doc to site. Added: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/install-download-link.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/keychain-access-certificate-listing.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/keychain-access-trust-certificate.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-app-log-ui-available.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-application-running-browser.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-cluster-tls-toolkit-certificate-diagram.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-home-dir-listing.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-running-tls-client-certificate.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-secure-cluster-no-permissions.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-secure-cluster-permissions.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-secure-cluster-status.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-tls-standalone-external-certificate-diagram.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-tls-toolkit-standalone-cert-diagram.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-toolkit-home-dir-listing.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi-trusted-server-certificate.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/nifi_first_launch_screenshot.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/tls-authorizers-file-accessPolicyProvider.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/tls-authorizers-file-userGroupProvider.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/tls-certificate-folder.png (with props) nifi/site/trunk/docs/nifi-docs/html/images/verify-release-gpg-and-checksums.png (with props) nifi/site/trunk/docs/nifi-docs/html/walkthroughs.html Added: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png?rev=1876383=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-node-identities.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png?rev=1876383=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/authorizers-xml-initial-user-identities.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png?rev=1876383=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/browser-present-client-cert.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png?rev=1876383=auto == Binary file - no diff available. Propchange: nifi/site/trunk/docs/nifi-docs/html/images/browser-warning-insecure-site.png -- svn:mime-type = application/octet-stream Added: nifi/site/trunk/docs/nifi-docs/html/images/install-download-link.png URL: http://svn.apache.org/viewvc/nifi
[nifi] branch master updated: NIFI-7319 Add walkthrough document (#4193)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 07a8311 NIFI-7319 Add walkthrough document (#4193) 07a8311 is described below commit 07a8311b4cedfc1b45ccc8e1a11324bcd3c71da7 Author: Andy LoPresto AuthorDate: Fri Apr 10 22:25:40 2020 -0700 NIFI-7319 Add walkthrough document (#4193) * NIFI-7319 Added first draft of walkthroughs doc. * NIFI-7319 Added instructions and screenshots for securing standalone NiFi instance. * NIFI-7319 Added instructions and screenshots for instructing OS & browser to trust self-signed certificate. * NIFI-7319 Added instructions and screenshots for securing NiFi with externally-provided certificates. * NIFI-7319 Added instructions and screenshots for building NiFi from source. * NIFI-7319 [WIP] Converting secure cluster instructions to match format. Fixed instructions regarding embedded ZooKeeper configuration. * NIFI-7319 Completed secure cluster walkthrough. * NIFI-7319 Added walkthroughs to documentation navigation list. * NIFI-7319 Incorporated PR feedback on broken links. * NIFI-7319 Removed line number helpers from update sections. * NIFI-7319 Incorporated final PR review items. Co-authored-by: Sandra Pius --- .../authorizers-xml-initial-node-identities.png| Bin 0 -> 229506 bytes .../authorizers-xml-initial-user-identities.png| Bin 0 -> 184724 bytes .../images/browser-present-client-cert.png | Bin 0 -> 653581 bytes .../images/browser-warning-insecure-site.png | Bin 0 -> 539107 bytes .../main/asciidoc/images/install-download-link.png | Bin 0 -> 63965 bytes .../images/keychain-access-certificate-listing.png | Bin 0 -> 604391 bytes .../images/keychain-access-trust-certificate.png | Bin 0 -> 395479 bytes .../asciidoc/images/nifi-app-log-ui-available.png | Bin 0 -> 270149 bytes .../images/nifi-application-running-browser.png| Bin 0 -> 678902 bytes ...ifi-cluster-tls-toolkit-certificate-diagram.png | Bin 0 -> 117853 bytes .../main/asciidoc/images/nifi-home-dir-listing.png | Bin 0 -> 458278 bytes .../images/nifi-running-tls-client-certificate.png | Bin 0 -> 712346 bytes .../images/nifi-secure-cluster-no-permissions.png | Bin 0 -> 776616 bytes .../images/nifi-secure-cluster-permissions.png | Bin 0 -> 763213 bytes .../asciidoc/images/nifi-secure-cluster-status.png | Bin 0 -> 692718 bytes ...tls-standalone-external-certificate-diagram.png | Bin 0 -> 110528 bytes .../nifi-tls-toolkit-standalone-cert-diagram.png | Bin 0 -> 107494 bytes .../images/nifi-toolkit-home-dir-listing.png | Bin 0 -> 239110 bytes .../images/nifi-trusted-server-certificate.png | Bin 0 -> 852121 bytes .../tls-authorizers-file-accessPolicyProvider.png | Bin 0 -> 151488 bytes .../tls-authorizers-file-userGroupProvider.png | Bin 0 -> 124066 bytes .../asciidoc/images/tls-certificate-folder.png | Bin 0 -> 45639 bytes .../images/verify-release-gpg-and-checksums.png| Bin 0 -> 547141 bytes nifi-docs/src/main/asciidoc/walkthroughs.adoc | 1108 .../src/main/webapp/WEB-INF/jsp/documentation.jsp |1 + 25 files changed, 1109 insertions(+) diff --git a/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-node-identities.png b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-node-identities.png new file mode 100644 index 000..80bc959 Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-node-identities.png differ diff --git a/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-user-identities.png b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-user-identities.png new file mode 100644 index 000..7546dff Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/authorizers-xml-initial-user-identities.png differ diff --git a/nifi-docs/src/main/asciidoc/images/browser-present-client-cert.png b/nifi-docs/src/main/asciidoc/images/browser-present-client-cert.png new file mode 100644 index 000..1db34d7 Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/browser-present-client-cert.png differ diff --git a/nifi-docs/src/main/asciidoc/images/browser-warning-insecure-site.png b/nifi-docs/src/main/asciidoc/images/browser-warning-insecure-site.png new file mode 100644 index 000..a80cc14 Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/browser-warning-insecure-site.png differ diff --git a/nifi-docs/src/main/asciidoc/images/install-download-link.png b/nifi-docs/src/main/asciidoc/images/install-download-link.png new file mode 100644 index 000..6001015 Binary files /dev/null and b
[nifi] branch master updated (84968e7 -> 1ec7e31)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from 84968e7 NIFI-7087: Use FlowManager.findAllConnections() when available add 1ec7e31 NIFI-7341 Updated certificate commands and source code formatting in Toolkit Guide. (#4196) No new revisions were added by this update. Summary of changes: nifi-docs/src/main/asciidoc/toolkit-guide.adoc | 68 +++--- 1 file changed, 40 insertions(+), 28 deletions(-)
[nifi-site] 02/02: Added NiFi Registry 0.6.0 download links.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit c9b92502d32920aaeed656b757255d611a543a1f Author: Andy LoPresto AuthorDate: Thu Apr 9 09:15:28 2020 -0700 Added NiFi Registry 0.6.0 download links. --- src/pages/html/registry.hbs | 56 ++--- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/src/pages/html/registry.hbs b/src/pages/html/registry.hbs index f2a5cdc..c376898 100644 --- a/src/pages/html/registry.hbs +++ b/src/pages/html/registry.hbs @@ -66,61 +66,61 @@ title: Apache NiFi - Registry - 0.5.0 + 0.6.0 Sources - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip;>nifi-registry-0.5.0-source-release.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc;>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256;>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha512;>sha512 ) + https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip;>nifi-registry-0.6.0-source-release.zip ( + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip.asc;>asc, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip.sha256;>sha256, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-source-release.zip.sha512;>sha512 ) Binaries - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz;>nifi-registry-0.5.0-bin.tar.gz ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.asc;>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha256;>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha512;>sha512 ) + https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz;>nifi-registry-0.6.0-bin.tar.gz ( + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz.asc;>asc, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz.sha256;>sha256, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.tar.gz.sha512;>sha512 ) - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip;>nifi-registry-0.5.0-bin.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.asc;>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha256;>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha512;>sha512 ) + https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.zip;>nifi-registry-0.6.0-bin.zip ( + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.zip.asc;>asc, + https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.6.0/nifi-registry-0.6.0-bin.zip.sha256;>sha256, + https://downloads.apache.org/nifi/nifi-re
[nifi-site] branch master updated (51b799e -> c9b9250)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git. from 51b799e NIFI-7238 - Update security.html for NiFi 1.11.4 release. new 05ad860 Updated 1.11.4 security announcement. new c9b9250 Added NiFi Registry 0.6.0 download links. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/pages/html/registry.hbs | 56 ++--- src/pages/html/security.hbs | 4 ++-- 2 files changed, 30 insertions(+), 30 deletions(-)
[nifi-site] 01/02: Updated 1.11.4 security announcement.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git commit 05ad86063df875c6ddea9ac36a90b4fb78321760 Author: Andy LoPresto AuthorDate: Thu Apr 9 08:52:20 2020 -0700 Updated 1.11.4 security announcement. --- src/pages/html/security.hbs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 01108a9..a2f4217 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -59,10 +59,10 @@ title: Apache NiFi Security Reports CVE-2020-5398: Apache NiFi's spring-data-redis usage -Severity: High +Severity: Moderate Versions Affected: -Apache NiFi 1.8.0 - 1.11.4 +Apache NiFi 1.8.0 - 1.11.3 Description: The org.springframework.data:spring-data-redis dependency in the nifi-redis-bundle had a vulnerable transitive dependency. See https://nvd.nist.gov/vuln/detail/CVE-2020-5398; target="_blank">NIST NVD CVE-2020-5398 for more information.
svn commit: r1876331 - in /nifi/site/trunk: registry.html security.html
Author: alopresto Date: Thu Apr 9 16:18:33 2020 New Revision: 1876331 URL: http://svn.apache.org/viewvc?rev=1876331=rev Log: Added NiFi Registry 0.6.0 links to source code. Added NiFi 1.11.4 CVE announcements. Modified: nifi/site/trunk/registry.html nifi/site/trunk/security.html Modified: nifi/site/trunk/registry.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/registry.html?rev=1876331=1876330=1876331=diff == --- nifi/site/trunk/registry.html (original) +++ nifi/site/trunk/registry.html Thu Apr 9 16:18:33 2020 @@ -198,62 +198,33 @@ https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.6.0;>Release Notes - - 0.5.0 - - - Sources - - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip;>nifi-registry-0.5.0-source-release.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc;>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256;>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha512;>sha512 ) - - - - Binaries - - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz;>nifi-registry-0.5.0-bin.tar.gz ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.asc;>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha256;>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha512;>sha512 ) - - https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip;>nifi-registry-0.5.0-bin.zip ( - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.asc;>asc, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha256;>sha256, - https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha512;>sha512 ) - - - https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.5.0;>Release Notes - - -0.4.0 +0.5.0 Sources -https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip;>nifi-registry-0.4.0-source-release.zip ( - https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.asc;>asc, - https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.sha256;>sha256, - https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.sha512;>sha512 ) +https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip;>nifi-registry-0.5.0-source-release.zip ( + https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc;>asc, + https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256;>sha256, + https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha512;>sha512 ) Bin
[nifi-registry] branch master updated: NIFIREG-380 - Allow NiFi Registry admins to configure whether Jetty will send the Jetty server version in responses. NIFIREG-380 Added new property to default ni
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-registry.git
The following commit(s) were added to refs/heads/master by this push:
new 56a44c8 NIFIREG-380 - Allow NiFi Registry admins to configure whether
Jetty will send the Jetty server version in responses. NIFIREG-380 Added new
property to default nifi-registry.properties.
56a44c8 is described below
commit 56a44c8528ec6f420b4b9d1c7b402da8417f518d
Author: Nathan Gough
AuthorDate: Mon Apr 6 21:10:25 2020 -0400
NIFIREG-380 - Allow NiFi Registry admins to configure whether Jetty will
send the Jetty server version in responses.
NIFIREG-380 Added new property to default nifi-registry.properties.
This closes #273.
Signed-off-by: Andy LoPresto
---
nifi-registry-assembly/pom.xml | 1 +
.../src/main/java/org/apache/nifi/registry/jetty/JettyServer.java | 1 +
.../org/apache/nifi/registry/properties/NiFiRegistryProperties.java | 6 ++
.../src/main/resources/conf/nifi-registry.properties| 1 +
4 files changed, 9 insertions(+)
diff --git a/nifi-registry-assembly/pom.xml b/nifi-registry-assembly/pom.xml
index 655964c..b4c7acd 100644
--- a/nifi-registry-assembly/pom.xml
+++ b/nifi-registry-assembly/pom.xml
@@ -152,6 +152,7 @@
./work/jetty
200
+
true
diff --git
a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
index 387857f..d20fce4 100644
---
a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
+++
b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
@@ -148,6 +148,7 @@ public class JettyServer {
final HttpConfiguration httpConfiguration = new HttpConfiguration();
httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE);
httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE);
+
httpConfiguration.setSendServerVersion(properties.shouldSendServerVersion());
if (properties.getPort() != null) {
final Integer port = properties.getPort();
diff --git
a/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
b/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
index e1e9a39..d3b4a25 100644
---
a/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
+++
b/nifi-registry-core/nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java
@@ -38,6 +38,7 @@ public class NiFiRegistryProperties extends Properties {
public static final String WEB_HTTPS_HOST = "nifi.registry.web.https.host";
public static final String WEB_WORKING_DIR =
"nifi.registry.web.jetty.working.directory";
public static final String WEB_THREADS = "nifi.registry.web.jetty.threads";
+public static final String WEB_SHOULD_SEND_SERVER_VERSION =
"nifi.registry.web.should.send.server.version";
public static final String SECURITY_KEYSTORE =
"nifi.registry.security.keystore";
public static final String SECURITY_KEYSTORE_TYPE =
"nifi.registry.security.keystoreType";
@@ -95,6 +96,7 @@ public class NiFiRegistryProperties extends Properties {
public static final String
DEFAULT_SECURITY_IDENTITY_PROVIDER_CONFIGURATION_FILE =
"./conf/identity-providers.xml";
public static final String DEFAULT_AUTHENTICATION_EXPIRATION = "12 hours";
public static final String DEFAULT_EXTENSIONS_WORKING_DIR =
"./work/extensions";
+public static final String DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION = "true";
public int getWebThreads() {
int webThreads = 200;
@@ -122,6 +124,10 @@ public class NiFiRegistryProperties extends Properties {
return getSslPort() != null;
}
+public boolean shouldSendServerVersion() {
+return
Boolean.parseBoolean(getProperty(WEB_SHOULD_SEND_SERVER_VERSION,
DEFAULT_WEB_SHOULD_SEND_SERVER_VERSION));
+}
+
public String getHttpsHost() {
return getProperty(WEB_HTTPS_HOST);
}
diff --git
a/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties
b/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties
index 2341f38..1b62023 100644
---
a/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/nifi-registry.properties
+++
b/nifi-registry-core/nifi-registry-resou
[nifi] branch master updated: NIFI-7326 updated URL to find splunk artifacts (#4188)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 445efcf NIFI-7326 updated URL to find splunk artifacts (#4188) 445efcf is described below commit 445efcfde615e94f03a0a42fab4309313d821046 Author: Joe Witt AuthorDate: Mon Apr 6 23:36:56 2020 -0400 NIFI-7326 updated URL to find splunk artifacts (#4188) Signed-off-by: Andy LoPresto --- nifi-nar-bundles/nifi-splunk-bundle/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nifi-nar-bundles/nifi-splunk-bundle/pom.xml b/nifi-nar-bundles/nifi-splunk-bundle/pom.xml index b11c8d0..73e2432 100644 --- a/nifi-nar-bundles/nifi-splunk-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-splunk-bundle/pom.xml @@ -34,9 +34,9 @@ -splunk -Splunk Artifactory - https://splunk.artifactoryonline.com/splunk/ext-releases-local/ +splunk-artifactory +Splunk Releases +https://splunk.jfrog.io/splunk/ext-releases-local true
[nifi] branch master updated: NIFI-7126 Increased test iterations to 10,000 in Argon2SecureHasherTe… (#4187)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 59c756c NIFI-7126 Increased test iterations to 10,000 in
Argon2SecureHasherTe… (#4187)
59c756c is described below
commit 59c756c72b756a497003cc59020de229bd45260f
Author: M Tien <56892372+mtien-apa...@users.noreply.github.com>
AuthorDate: Mon Apr 6 18:26:32 2020 -0700
NIFI-7126 Increased test iterations to 10,000 in Argon2SecureHasherTe…
(#4187)
* NIFI-7126 Increased test iterations to 10,000 in
Argon2SecureHasherTest#testDefaultCostParamsShouldBeSufficient to avoid JVM
warmup issues.
Signed-off-by: Andy LoPresto
---
.../org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy
b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy
index 9a8b1ae..2a02a1c 100644
---
a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy
+++
b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy
@@ -209,10 +209,11 @@ class Argon2SecureHasherTest extends GroovyTestCase {
* This test can have the minimum time threshold updated to determine if
the performance
* is still sufficient compared to the existing threat model.
*/
+@Ignore("Long running test")
@Test
void testDefaultCostParamsShouldBeSufficient() {
// Arrange
-int testIterations = 10
+int testIterations = 10_000
byte[] inputBytes = "This is a sensitive value".bytes
Argon2SecureHasher a2sh = new Argon2SecureHasher()
[nifi] branch master updated: NIFI-7153 Adds ContentLengthFilter to enforce configurable maximum length on incoming HTTP requests. Adds DoSFilter to enforce configurable maximum on incoming HTTP reque
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 483f23a NIFI-7153 Adds ContentLengthFilter to enforce configurable
maximum length on incoming HTTP requests. Adds DoSFilter to enforce
configurable maximum on incoming HTTP requests per second. Redirected log
messages for ContentLengthFilter to nifi-app.log in logback.xml.
483f23a is described below
commit 483f23a8aac7af780feda4b0193401366172b119
Author: Troy Melhase
AuthorDate: Sun Mar 22 13:49:25 2020 -0800
NIFI-7153 Adds ContentLengthFilter to enforce configurable maximum length
on incoming HTTP requests.
Adds DoSFilter to enforce configurable maximum on incoming HTTP requests
per second.
Redirected log messages for ContentLengthFilter to nifi-app.log in
logback.xml.
This closes #4125.
Signed-off-by: Andy LoPresto
---
.../java/org/apache/nifi/util/NiFiProperties.java | 12 ++
.../org/apache/nifi/util/NiFiPropertiesTest.java | 19 +++
.../src/main/asciidoc/administration-guide.adoc| 2 +
.../nifi-framework/nifi-resources/pom.xml | 3 +-
.../src/main/resources/conf/logback.xml| 5 +
.../src/main/resources/conf/nifi.properties| 2 +
.../org/apache/nifi/web/server/JettyServer.java| 43 +
.../nifi/web/filter/ContentLengthFilterTest.java | 185 +
.../web/security/requests/ContentLengthFilter.java | 149 +
.../src/main/webapp/js/nf/nf-error-handler.js | 6 +-
10 files changed, 423 insertions(+), 3 deletions(-)
diff --git
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 4c6a354..3fea5df 100644
---
a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++
b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -193,6 +193,8 @@ public abstract class NiFiProperties {
public static final String WEB_MAX_HEADER_SIZE =
"nifi.web.max.header.size";
public static final String WEB_PROXY_CONTEXT_PATH =
"nifi.web.proxy.context.path";
public static final String WEB_PROXY_HOST = "nifi.web.proxy.host";
+public static final String WEB_MAX_CONTENT_SIZE =
"nifi.web.max.content.size";
+public static final String WEB_MAX_REQUESTS_PER_SECOND =
"nifi.web.max.requests.per.second";
// ui properties
public static final String UI_BANNER_TEXT = "nifi.ui.banner.text";
@@ -266,6 +268,8 @@ public abstract class NiFiProperties {
public static final int DEFAULT_WEB_THREADS = 200;
public static final String DEFAULT_WEB_MAX_HEADER_SIZE = "16 KB";
public static final String DEFAULT_WEB_WORKING_DIR = "./work/jetty";
+public static final String DEFAULT_WEB_MAX_CONTENT_SIZE = "20 MB";
+public static final String DEFAULT_WEB_MAX_REQUESTS_PER_SECOND = "3";
public static final String DEFAULT_NAR_WORKING_DIR = "./work/nar";
public static final String DEFAULT_COMPONENT_DOCS_DIRECTORY =
"./work/docs/components";
public static final String DEFAULT_NAR_LIBRARY_DIR = "./lib";
@@ -643,6 +647,14 @@ public abstract class NiFiProperties {
return getProperty(WEB_MAX_HEADER_SIZE, DEFAULT_WEB_MAX_HEADER_SIZE);
}
+public String getWebMaxContentSize() {
+return getProperty(WEB_MAX_CONTENT_SIZE, DEFAULT_WEB_MAX_CONTENT_SIZE);
+}
+
+public String getMaxWebRequestsPerSecond() {
+return getProperty(WEB_MAX_REQUESTS_PER_SECOND,
DEFAULT_WEB_MAX_REQUESTS_PER_SECOND);
+}
+
public int getWebThreads() {
return getIntegerProperty(WEB_THREADS, DEFAULT_WEB_THREADS);
}
diff --git
a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
index 9bc5e90..da5e8da 100644
---
a/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
+++
b/nifi-commons/nifi-properties/src/test/java/org/apache/nifi/util/NiFiPropertiesTest.java
@@ -261,4 +261,23 @@ public class NiFiPropertiesTest {
// Expect RuntimeException thrown
assertEquals(Integer.parseInt(portValue),
clusterProtocolAddress.getPort());
}
+
+@Test
+public void testShouldHaveReasonableMaxContentLengthValues() {
+// Arrange with default values:
+NiFiProperties properties =
NiFiProperties.createBasicNiFiProperties(null, new HashMap() {{
+}});
+
+// Assert defaults match expectations:
+assertEquals(properties.getWebMaxCont
[nifi] branch master updated: NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new f91d6c4 NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151) f91d6c4 is described below commit f91d6c420d78aa000f1cc894636f56b533b589b8 Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Tue Mar 17 19:49:15 2020 -0700 NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151) * NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.favre.lib.bcrypt library. Updated LICENSE and NOTICE files to reflect changes. Updated unit tests. Co-authored-by: Andy LoPresto * NIFI-7268 Fixed typo in Javadoc. Co-authored-by: Andy LoPresto --- LICENSE| 17 - nifi-assembly/LICENSE | 17 - nifi-assembly/pom.xml | 4 +- nifi-commons/nifi-security-utils/pom.xml | 9 +-- .../security/util/crypto/BcryptCipherProvider.java | 79 +- .../crypto/BcryptCipherProviderGroovyTest.groovy | 45 ++-- .../src/main/resources/META-INF/LICENSE| 17 - .../src/main/resources/META-INF/LICENSE| 19 -- .../src/main/resources/META-INF/LICENSE| 21 -- .../src/main/resources/META-INF/LICENSE| 17 - .../src/main/resources/META-INF/LICENSE| 19 +- .../src/main/resources/META-INF/LICENSE| 17 - .../nifi-standard-processors/pom.xml | 5 +- nifi-nar-bundles/nifi-standard-bundle/pom.xml | 6 +- 14 files changed, 97 insertions(+), 195 deletions(-) diff --git a/LICENSE b/LICENSE index e6f09b4..f1db125 100644 --- a/LICENSE +++ b/LICENSE @@ -298,23 +298,6 @@ This product bundles HexViewJS available under an MIT License TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - -Copyright (c) 2006 Damien Miller - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'Fontello' which is available under an MIT license. Copyright (C) 2011 by Vitaly Puzrin diff --git a/nifi-assembly/LICENSE b/nifi-assembly/LICENSE index d61cb40..345c887 100644 --- a/nifi-assembly/LICENSE +++ b/nifi-assembly/LICENSE @@ -1658,23 +1658,6 @@ information can be found here: OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - -Copyright (c) 2006 Damien Miller - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'js-beautify' which is available under an MIT license. Copyright (c) 2007-2013 Einar Lielmanis and contributors. diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml index ef8d3d0..7ee07c3 100644 --- a/nifi-assembly/pom.xml +++ b/nifi-assembly/pom.xml @@ -1108,7 +1108,7 @@ language governing permissions and limitations under the License. --> com.faster
[nifi] branch master updated: NIFI-7267 - Upgrade spring-data-redis in Redis bundle (#4150)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7105bf3 NIFI-7267 - Upgrade spring-data-redis in Redis bundle (#4150) 7105bf3 is described below commit 7105bf36a8e191cacf43ed8ac6171be64a8c2e02 Author: Pierre Villard AuthorDate: Tue Mar 17 23:51:28 2020 +0100 NIFI-7267 - Upgrade spring-data-redis in Redis bundle (#4150) Signed-off-by: Andy LoPresto --- nifi-nar-bundles/nifi-redis-bundle/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-nar-bundles/nifi-redis-bundle/pom.xml b/nifi-nar-bundles/nifi-redis-bundle/pom.xml index c4cecc4..fc6213e 100644 --- a/nifi-nar-bundles/nifi-redis-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-redis-bundle/pom.xml @@ -27,7 +27,7 @@ pom -2.1.0.RELEASE +2.1.16.RELEASE
[nifi] branch master updated (d687209 -> 290bd37)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git. from d687209 NIFI-7242: When a Parameter is changed, any property referencing that parameter should have its #onPropertyModified method called. Also renamed Accumulo tests to integration tests because they start embedded servers and connect to them, which caused failures in my environment. Also fixed a bug in TestLengthDelimitedJournal because it was resulting in failures when building locally as well. add 290bd37 NIFI-7119 Implement boundary checking for Argon2 cost parameters (#4111) No new revisions were added by this update. Summary of changes: .../security/util/crypto/Argon2SecureHasher.java | 138 -- .../util/crypto/Argon2SecureHasherTest.groovy | 156 + 2 files changed, 284 insertions(+), 10 deletions(-)
[nifi] branch master updated: NIFI-7179 Documented Download flow option in Process group context menu (#4124)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7b0ae56 NIFI-7179 Documented Download flow option in Process group context menu (#4124) 7b0ae56 is described below commit 7b0ae56a2c08de8898cc55ce8e4d44b2e1767fcd Author: Andrew Lim AuthorDate: Mon Mar 9 19:54:56 2020 -0400 NIFI-7179 Documented Download flow option in Process group context menu (#4124) Signed-off-by: Andy LoPresto --- .../asciidoc/images/nifi-process-group-menu.png | Bin 87194 -> 95017 bytes nifi-docs/src/main/asciidoc/user-guide.adoc | 3 +++ 2 files changed, 3 insertions(+) diff --git a/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png b/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png index 0f3db8e..c7affa3 100644 Binary files a/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png and b/nifi-docs/src/main/asciidoc/images/nifi-process-group-menu.png differ diff --git a/nifi-docs/src/main/asciidoc/user-guide.adoc b/nifi-docs/src/main/asciidoc/user-guide.adoc index 1bf6c8a..7e173d1 100644 --- a/nifi-docs/src/main/asciidoc/user-guide.adoc +++ b/nifi-docs/src/main/asciidoc/user-guide.adoc @@ -364,11 +364,14 @@ NOTE: It is also possible to double-click on the Process Group to enter it. - *Start*: This option allows the user to start a Process Group. - *Stop*: This option allows the user to stop a Process Group. +- *Enable*: This option allows the user to enable all Processors in the Process Group. +- *Disable*: This option allows the user to disable all Processors in the Process Group. - *View status history*: This option opens a graphical representation of the Process Group's statistical information over time. - *View connections->Upstream*: This option allows the user to see and "jump to" upstream connections that are coming into the Process Group. - *View connections->Downstream*: This option allows the user to see and "jump to" downstream connections that are going out of the Process Group. - *Center in view*: This option centers the view of the canvas on the given Process Group. - *Group*: This option allows the user to create a new Process Group that contains the selected Process Group and any other components selected on the canvas. +- *Download flow*: This option allows the user to download the flow as a JSON file. The file can be used as a backup or imported into a link:https://nifi.apache.org/registry.html[NiFi Registry^] using the <>. (Note: If "Download flow" is selected for a versioned process group, there is no versioning information in the download. In other words, the resulting contents of the JSON file is the same whether the process group is versioned or not.) - *Create template*: This option allows the user to create a template from the selected Process Group. - *Copy*: This option places a copy of the selected Process Group on the clipboard, so that it may be pasted elsewhere on the canvas by right-clicking on the canvas and selecting Paste. The Copy/Paste actions also may be done using the keystrokes Ctrl-C (Command-C) and Ctrl-V (Command-V). - *Delete*: This option allows the DFM to delete a Process Group.
[nifi] branch master updated: NIFI-7227 Fixed typo in Global Access Policy table (#4112)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 7773681 NIFI-7227 Fixed typo in Global Access Policy table (#4112) 7773681 is described below commit 7773681eeaa82f9c4099a3191d1f7f784f91bf7a Author: Andy LoPresto AuthorDate: Wed Mar 4 12:59:05 2020 -0800 NIFI-7227 Fixed typo in Global Access Policy table (#4112) Co-authored-by: spius <57421336+sp...@users.noreply.github.com> Signed-off-by: Andy LoPresto --- nifi-docs/src/main/asciidoc/administration-guide.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index 7093fbd..5c90725 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -1104,7 +1104,7 @@ Global access policies govern the following system level authorizations: |Policy |Privilege |Global Menu Selection |Resource Descriptor |view the UI -|Allow users to view the UI +|Allows users to view the UI |N/A |`/flow`
svn commit: r1874805 - /nifi/site/trunk/download.html
Author: alopresto Date: Wed Mar 4 16:08:29 2020 New Revision: 1874805 URL: http://svn.apache.org/viewvc?rev=1874805=rev Log: Updated download links to new domain. Modified: nifi/site/trunk/download.html Modified: nifi/site/trunk/download.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/download.html?rev=1874805=1874804=1874805=diff == --- nifi/site/trunk/download.html (original) +++ nifi/site/trunk/download.html Wed Mar 4 16:08:29 2020 @@ -119,7 +119,7 @@ To verify the downloads please follow these https://www.apache.org/info/verification.html;>procedures -using these https://www.apache.org/dist/nifi/KEYS;>KEYS +using these https://downloads.apache.org/nifi/KEYS;>KEYS If a download is not found please allow up to 24 hours for the mirrors to sync. @@ -133,20 +133,20 @@ Sources: -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip;>nifi-1.11.3-source-release.zip [53 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip;>nifi-1.11.3-source-release.zip [53 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512;>sha512 ) Binaries -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz;>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz;>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512;>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip;>nifi-1.11.3-bin.zip [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip;>nifi-1.11.3-bin.zip [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512;>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz;>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz;>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512;>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip;>nifi-toolkit-1.11.3-bin.zip [42 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip;>nifi-toolkit-1.11.3-bin.zip [42 MB] (
[nifi-site] branch master updated: Changed old download links to downloads.apache.org.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git The following commit(s) were added to refs/heads/master by this push: new ddab941 Changed old download links to downloads.apache.org. ddab941 is described below commit ddab941a5eb971ba482b46cfee299add354205a2 Author: Andy LoPresto AuthorDate: Wed Mar 4 07:59:47 2020 -0800 Changed old download links to downloads.apache.org. --- src/pages/html/download.hbs | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/pages/html/download.hbs b/src/pages/html/download.hbs index 16a2806..772eeb7 100644 --- a/src/pages/html/download.hbs +++ b/src/pages/html/download.hbs @@ -15,7 +15,7 @@ title: Apache NiFi Downloads To verify the downloads please follow these https://www.apache.org/info/verification.html;>procedures -using these https://www.apache.org/dist/nifi/KEYS;>KEYS +using these https://downloads.apache.org/nifi/KEYS;>KEYS If a download is not found please allow up to 24 hours for the mirrors to sync. @@ -29,20 +29,20 @@ title: Apache NiFi Downloads Sources: -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip;>nifi-1.11.3-source-release.zip [53 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-source-release.zip;>nifi-1.11.3-source-release.zip [53 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-source-release.zip.sha512;>sha512 ) Binaries -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz;>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.tar.gz;>nifi-1.11.3-bin.tar.gz [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.tar.gz.sha512;>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip;>nifi-1.11.3-bin.zip [1.2 GB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-1.11.3-bin.zip;>nifi-1.11.3-bin.zip [1.2 GB] ( https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-1.11.3-bin.zip.sha512;>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz;>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc;>asc, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256;>sha256, https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512;>sha512 ) +https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz;>nifi-toolkit-1.11.3-bin.tar.gz [42 MB] ( https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.asc;>asc, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha256;>sha256, https://downloads.apache.org/nifi/1.11.3/nifi-toolkit-1.11.3-bin.tar.gz.sha512;>sha512 ) -https://www.apache.org/dyn/closer.lua?path=/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip;>nifi-toolkit-1.11.3-bin.zip [42 MB] ( https://www.apache.org/dist/nifi/1.11.3/nifi-toolkit-1.11.3-bin.zip.asc;>asc, https://www.apache
[nifi] branch master updated: NIFI-7121 Updated comment to state a 'static' salt is used in the constructor. (#4098)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 0b2816b NIFI-7121 Updated comment to state a 'static' salt is used in
the constructor. (#4098)
0b2816b is described below
commit 0b2816baa4a44ac8e2128e4730796cc193d8bced
Author: M Tien <56892372+mtien-apa...@users.noreply.github.com>
AuthorDate: Tue Mar 3 15:50:49 2020 -0800
NIFI-7121 Updated comment to state a 'static' salt is used in the
constructor. (#4098)
Signed-off-by: Andy LoPresto
---
.../java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
index 0697f3d..22e618c 100644
---
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
+++
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
@@ -70,7 +70,7 @@ public class Argon2SecureHasher implements SecureHasher {
}
/**
- * Instantiates an Argon2 secure hasher using the provided cost
parameters. A unique
+ * Instantiates an Argon2 secure hasher using the provided cost
parameters. A static
* {@link #DEFAULT_SALT_LENGTH} byte salt will be generated on every hash
request.
*
* @param hashLength the output length in bytes ({@code 4 to 2^32 - 1})
[nifi] branch master updated: NIFI-7218 Fixed typo in Overview docs. (#4107)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new cb08382 NIFI-7218 Fixed typo in Overview docs. (#4107) cb08382 is described below commit cb08382da4cb888c1d8cdfab078a57c0c2986501 Author: Andy LoPresto AuthorDate: Tue Mar 3 15:47:42 2020 -0800 NIFI-7218 Fixed typo in Overview docs. (#4107) --- nifi-docs/src/main/asciidoc/overview.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-docs/src/main/asciidoc/overview.adoc b/nifi-docs/src/main/asciidoc/overview.adoc index 594d9a3..78ab665 100644 --- a/nifi-docs/src/main/asciidoc/overview.adoc +++ b/nifi-docs/src/main/asciidoc/overview.adoc @@ -20,7 +20,7 @@ Apache NiFi Team :linkattrs: == What is Apache NiFi? -Put simply NiFi was built to automate the flow of data between systems. While +Put simply, NiFi was built to automate the flow of data between systems. While the term 'dataflow' is used in a variety of contexts, we use it here to mean the automated and managed flow of information between systems. This problem space has been around ever since enterprises had more than one system,
[nifi] branch master updated: NIFI-7152 Added custom ExceptionMappers to handle invalid Remote Process Group port value - (#4085)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 815e4cf NIFI-7152 Added custom ExceptionMappers to handle invalid
Remote Process Group port value - (#4085)
815e4cf is described below
commit 815e4cf51f913645352899837f702c7cd4f3a246
Author: Andy LoPresto
AuthorDate: Tue Feb 25 13:14:52 2020 -0800
NIFI-7152 Added custom ExceptionMappers to handle invalid Remote Process
Group port value - (#4085)
JsonContentConversionExceptionMapper, JsonMappingExceptionMapper,
JsonParseExceptionMapper.
Registered the custom ExceptionMappers.
Added unit tests to throw Exception for string port value and sanitize
script input. Handled null or empty JsonMappingException reference path.
Added the Apache license to Groovy Test.
Signed-off-by: Andy LoPresto
---
.../apache/nifi/web/NiFiWebApiResourceConfig.java | 6 +-
.../JsonContentConversionExceptionMapper.java | 67 +
.../web/api/config/JsonMappingExceptionMapper.java | 47 ++
.../web/api/config/JsonParseExceptionMapper.java | 46 +
...JsonContentConversionExceptionMapperTest.groovy | 104 +
5 files changed, 268 insertions(+), 2 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java
index 4f19596..7569b37 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiResourceConfig.java
@@ -30,6 +30,9 @@ import
org.apache.nifi.web.api.config.IllegalNodeReconnectionExceptionMapper;
import org.apache.nifi.web.api.config.IllegalStateExceptionMapper;
import org.apache.nifi.web.api.config.InvalidAuthenticationExceptionMapper;
import org.apache.nifi.web.api.config.InvalidRevisionExceptionMapper;
+import org.apache.nifi.web.api.config.JsonMappingExceptionMapper;
+import org.apache.nifi.web.api.config.JsonParseExceptionMapper;
+import org.apache.nifi.web.api.config.JsonContentConversionExceptionMapper;
import org.apache.nifi.web.api.config.MutableRequestExceptionMapper;
import org.apache.nifi.web.api.config.NiFiCoreExceptionMapper;
import org.apache.nifi.web.api.config.NoClusterCoordinatorExceptionMapper;
@@ -46,8 +49,6 @@ import
org.apache.nifi.web.api.config.WebApplicationExceptionMapper;
import org.apache.nifi.web.api.filter.RedirectResourceFilter;
import org.apache.nifi.web.util.ObjectMapperResolver;
import org.glassfish.jersey.jackson.JacksonFeature;
-import
org.glassfish.jersey.jackson.internal.jackson.jaxrs.base.JsonMappingExceptionMapper;
-import
org.glassfish.jersey.jackson.internal.jackson.jaxrs.base.JsonParseExceptionMapper;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
import org.glassfish.jersey.message.GZipEncoder;
import org.glassfish.jersey.server.ResourceConfig;
@@ -118,6 +119,7 @@ public class NiFiWebApiResourceConfig extends
ResourceConfig {
register(InvalidRevisionExceptionMapper.class);
register(JsonMappingExceptionMapper.class);
register(JsonParseExceptionMapper.class);
+register(JsonContentConversionExceptionMapper.class);
register(MutableRequestExceptionMapper.class);
register(NiFiCoreExceptionMapper.class);
register(NoConnectedNodesExceptionMapper.class);
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/JsonContentConversionExceptionMapper.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/JsonContentConversionExceptionMapper.java
new file mode 100644
index 000..51109ca
--- /dev/null
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/JsonContentConversionExceptionMapper.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * d
[nifi] branch master updated: NIFI-7175 Fixed core attributes formatting in Developer Guide. (#4066)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new eef0470 NIFI-7175 Fixed core attributes formatting in Developer
Guide. (#4066)
eef0470 is described below
commit eef04709b97f41a9c27cca82a9b885d03cb43784
Author: Andy LoPresto
AuthorDate: Fri Feb 21 10:41:41 2020 -0800
NIFI-7175 Fixed core attributes formatting in Developer Guide. (#4066)
* NIFI-7175 Fixed core attributes formatting in Developer Guide.
* NIFI-7175 Made core attribute names more consistent.
---
nifi-docs/src/main/asciidoc/developer-guide.adoc | 30 ++--
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/nifi-docs/src/main/asciidoc/developer-guide.adoc
b/nifi-docs/src/main/asciidoc/developer-guide.adoc
index 2a2c93c..aca8b69 100644
--- a/nifi-docs/src/main/asciidoc/developer-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/developer-guide.adoc
@@ -127,30 +127,34 @@ can change, the FlowFile object is
immutable. Modifications to a FlowFile are made possible by the ProcessSession.
The core attributes for FlowFiles are defined in the
`org.apache.nifi.flowfile.attributes.CoreAttributes` enum.
-The most common attributes you'll see are filename, path and uuid. The string
in quotes is the value of the
-attribute within the `CoreAttributes` enum.
+The most common attributes you'll see are `filename`, `path` and `uuid`. The
string in parentheses is the value of the
+attribute within the `CoreAttributes` enum and how it appears in the UI/API.
-- Filename ("filename"): The filename of the FlowFile. The filename should not
contain any directory structure.
+- Filename (`filename`): The filename of the FlowFile. The filename should not
contain any directory structure.
-- File Size ("fileSize"): The file size of the FlowFile in bytes.
+- UUID (`uuid`): A Universally Unique Identifier assigned to this FlowFile
that distinguishes the FlowFile from other FlowFiles in the system.
-- UUID ("uuid"): A Universally Unique Identifier assigned to this FlowFile
that distinguishes the FlowFile from other FlowFiles in the system.
+- Path (`path`): The FlowFile's path indicates the relative directory to which
a FlowFile belongs and does not contain the filename.
-- Path ("path"): The FlowFile's path indicates the relative directory to which
a FlowFile belongs and does not contain the filename.
+- Absolute Path (`absolute.path`): The FlowFile's absolute path indicates the
absolute directory to which a FlowFile belongs and does not contain the
filename.
-- Absolute Path ("absolute.path"): The FlowFile's absolute path indicates the
absolute directory to which a FlowFile belongs and does not contain the
filename.
+- Priority (`priority`): A numeric value indicating the FlowFile priority.
-- Entry Date ("entryDate"): The date and time at which the FlowFile entered
the system (i.e., was created). The value of this attribute is a number that
represents the number of milliseconds since midnight, Jan. 1, 1970 (UTC).
+- MIME Type (`mime.type`): The MIME Type of this FlowFile.
-- Lineage Start Date ("lineageStartDate"): Any time that a FlowFile is cloned,
merged, or split, this results in a "child" FlowFile being created. As those
children are then cloned, merged, or split, a chain of ancestors is built. This
value represents the date and time at which the oldest ancestor entered the
system. Another way to think about this is that this attribute represents the
latency of the FlowFile through the system. The value is a number that
represents the number of millis [...]
+- Discard Reason (`discard.reason`): Specifies the reason that a FlowFile is
being discarded.
-- Priority ("priority"): A numeric value indicating the FlowFile priority.
+- Alternate Identifier (`alternate.identifier`): Indicates an identifier other
than the FlowFile's UUID that is known to refer to this FlowFile.
-- MIME Type ("mime.type"): The MIME Type of this FlowFile.
+= Additional Common Attributes
-- Discard Reason ("discard.reason"): Specifies the reason that a FlowFile is
being discarded.
+While these attributes are not members of the `CoreAttributes` enum, they are
de facto standards across the system and found on most FlowFiles.
-- Alternative Identifier ("alternate.identifier"): Indicates an identifier
other than the FlowFile's UUID that is known to refer to this FlowFile.
+- File Size (`fileSize`): The size of the FlowFile content in bytes.
+
+- Entry Date (`entryDate`): The date and time at which the FlowFile entered
the system (i.e., was created). The value of this attribute is a number that
represents the number of milliseconds since midnight, Jan. 1, 1970 (UTC).
+
+-
[nifi] branch master updated: NIFI-7135 - Fix Java 11 build with com.puppycrawl.tools:checkstyle:jar:8.29 dependency
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 41518d9 NIFI-7135 - Fix Java 11 build with
com.puppycrawl.tools:checkstyle:jar:8.29 dependency
41518d9 is described below
commit 41518d953cde9776451a7f395747acd7cc8beb7a
Author: Pierre Villard
AuthorDate: Tue Feb 11 19:06:14 2020 -0800
NIFI-7135 - Fix Java 11 build with com.puppycrawl.tools:checkstyle:jar:8.29
dependency
This closes #4050.
Signed-off-by: Andy LoPresto
---
.travis.yml | 21 +++--
pom.xml | 27 +++
2 files changed, 34 insertions(+), 14 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index c6e431c..a5fd764 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -28,8 +28,10 @@ matrix:
echo "Cached Maven repository exists, skipping dependency cache"
fi
- stage: "Cache"
- name: "Cache Dependencies - openjdk8"
- jdk: openjdk8
+ name: "Cache Dependencies - openjdk8 & openjdk11"
+ jdk:
+- openjdk8
+- openjdk11
script: >-
if [ ! -d "$HOME"/.m2/repository ] || [ ! "$(ls -A
"$HOME"/.m2/repository)" ] ; then
echo "Cached Maven repository does not exist, downloading
dependencies..."
@@ -38,6 +40,7 @@ matrix:
else
echo "Cached Maven repository exists, skipping dependency cache"
fi
+
# For the build stages, use -pl to exclude the following from the build to
reduce build time:
# non-api nar modules
# assembly modules
@@ -74,18 +77,8 @@ matrix:
&& test ${PIPESTATUS[0]} -eq 0
- stage: "Build"
name: "Build Java 11 EN"
- # Do not specify "jdk:" here, install-jdk.sh will download the JDK set
JAVA_HOME appropriately
- before_script:
-# Download the newest version of sormuras' install-jdk.sh to /tmp
-# install-jdk.sh is used by Travis internally, sormoras is the
maintainer of that script
-- wget -O /tmp/install-jdk.sh
https://github.com/sormuras/bach/raw/master/install-jdk.sh
-# Need to specifically install AdoptOpenJDK 11.0.4 (Linux, HotSpot)
since Travis does not offer it by default
-# The link to the AdoptOpenJDK 11.0.4 .tar.gz is taken directly from
AdoptOpenJDK's website
-- >-
- source /tmp/install-jdk.sh
- --url
'https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jdk_x64_linux_hotspot_11.0.4_11.tar.gz'
- script:
-- >-
+ jdk: openjdk11
+ script: >-
mvn clean install -V -T 1C
-pl `find . -type d \( -name "*-nar" -or -name "*-assembly" -or
-name "*hive3*" -or -name "nifi-system-test*" \) -and -not -name "*api-nar"
-and -not -path "*/target/*" -and -not -name "*__*" -printf "!./%P,"`
-Pcontrib-check,include-grpc -Ddir-only
diff --git a/pom.xml b/pom.xml
index fb42ca4..fb3972b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -143,6 +143,33 @@
+gcs-maven-central-mirror
+
+GCS Maven Central mirror
+
https://maven-central.storage-download.googleapis.com/repos/central/data/
+
+true
+
+
+false
+
+
+
+central
+Central Repository
+https://repo.maven.apache.org/maven2
+default
+
+false
+
+
+never
+
+
+
bintray
Groovy Bintray
https://dl.bintray.com/groovy/maven
[nifi-registry] branch master updated (8c1c585 -> d021507)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/nifi-registry.git. from 8c1c585 NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances. new e2e9220 [NIFIREG-352] update frontend deps new d653c60 update package-lock new d021507 Merge pull request #252 from scottyaslan/NIFIREG-352 The 298 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../src/main/package-lock.json | 919 +++-- .../nifi-registry-web-ui/src/main/package.json | 4 +- 2 files changed, 677 insertions(+), 246 deletions(-)
[nifi-registry] branch master updated: NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-registry.git The following commit(s) were added to refs/heads/master by this push: new 8c1c585 NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances. 8c1c585 is described below commit 8c1c585e4845f815bc3c586e640b66d8f7997d94 Author: Nathan Gough AuthorDate: Fri Feb 14 12:57:15 2020 -0500 NIFIREG-362 - Updated dependencies and ran tests. Smoke tested NiFi and NiFi Reg in secured instances. This closes #260. Signed-off-by: Andy LoPresto --- nifi-registry-core/nifi-registry-framework/pom.xml | 2 +- pom.xml| 8 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nifi-registry-core/nifi-registry-framework/pom.xml b/nifi-registry-core/nifi-registry-framework/pom.xml index 67f77c4..e8ef77b 100644 --- a/nifi-registry-core/nifi-registry-framework/pom.xml +++ b/nifi-registry-core/nifi-registry-framework/pom.xml @@ -300,7 +300,7 @@ org.eclipse.jgit org.eclipse.jgit -4.11.8.201904181247-r +4.11.9.201909030838-r commons-codec diff --git a/pom.xml b/pom.xml index 2ac512a..5e6108b 100644 --- a/pom.xml +++ b/pom.xml @@ -96,14 +96,14 @@ 2.1 2.27 2.9.9 -2.9.9.1 -2.1.6.RELEASE -5.1.5.RELEASE +2.9.10.2 +2.1.12.RELEASE +5.1.8.RELEASE 5.2.4 5.1.0 3.12.0 1.11.2 - 1.4.197 + 1.4.200 2.5.4 3.4.0-01 2.3.2
[nifi-registry] branch master updated: NIFIREG-357 Added autocomplete="off" to login password input.
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-registry.git The following commit(s) were added to refs/heads/master by this push: new b5d70d1 NIFIREG-357 Added autocomplete="off" to login password input. new 4a46e92 Merge pull request #261 from mtien-apache/NIFIREG-357 b5d70d1 is described below commit b5d70d153b0a0720e19573061f498bba73417462 Author: mtien AuthorDate: Tue Feb 18 13:24:39 2020 -0800 NIFIREG-357 Added autocomplete="off" to login password input. --- .../main/webapp/components/login/dialogs/nf-registry-user-login.html| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html b/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html index eee4614..e873e47 100644 --- a/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html +++ b/nifi-registry-core/nifi-registry-web-ui/src/main/webapp/components/login/dialogs/nf-registry-user-login.html @@ -32,7 +32,7 @@ limitations under the License. - +
[nifi] branch master updated: NIFI-6927 Consolidate SSL context and trust managers for OkHttp on JDK9. Fixes name conflicts.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 0de8945 NIFI-6927 Consolidate SSL context and trust managers for
OkHttp on JDK9. Fixes name conflicts.
0de8945 is described below
commit 0de89452f1975c5724e75e5f9d5865bb814cf4de
Author: Troy Melhase
AuthorDate: Mon Feb 10 11:56:09 2020 -0900
NIFI-6927 Consolidate SSL context and trust managers for OkHttp on JDK9.
Fixes name conflicts.
This closes #4047.
Signed-off-by: Andy LoPresto
---
.../notification/http/HttpNotificationService.java | 69
.../nifi/security/util/SslContextFactory.java | 71 +
.../nifi-elasticsearch-processors/pom.xml | 2 +-
.../AbstractElasticsearchHttpProcessor.java| 31 +++-
.../TestQueryElasticsearchHttpNoHits.java | 2 +-
.../okhttp/OkHttpReplicationClient.java| 84 +++-
.../security/util/SslServerSocketFactory.java | 82 ---
.../framework/security/util/SslSocketFactory.java | 92 --
.../nifi/processors/standard/InvokeHTTP.java | 20 -
.../org/apache/nifi/lookup/RestLookupService.java | 38 -
10 files changed, 184 insertions(+), 307 deletions(-)
diff --git
a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
index 1405625..2ab7c72 100644
---
a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
+++
b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
@@ -28,16 +28,13 @@ import
org.apache.nifi.bootstrap.notification.NotificationFailedException;
import
org.apache.nifi.bootstrap.notification.NotificationInitializationContext;
import org.apache.nifi.bootstrap.notification.NotificationType;
import org.apache.nifi.components.PropertyDescriptor;
-import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.expression.AttributeExpression;
import org.apache.nifi.expression.ExpressionLanguageScope;
-import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.util.Tuple;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.util.ArrayList;
@@ -196,12 +193,25 @@ public class HttpNotificationService extends
AbstractNotificationService {
// check if the keystore is set and add the factory if so
if (url.toLowerCase().startsWith("https")) {
try {
-Tuple
sslSocketFactoryWithTrustManagers = getSslSocketFactory(context);
+Tuple sslContextTuple =
SslContextFactory.createTrustSslContextWithTrustManagers(
+
context.getProperty(HttpNotificationService.PROP_KEYSTORE).getValue(),
+
context.getProperty(HttpNotificationService.PROP_KEYSTORE_PASSWORD).isSet()
+?
context.getProperty(HttpNotificationService.PROP_KEYSTORE_PASSWORD).getValue().toCharArray()
: null,
+
context.getProperty(HttpNotificationService.PROP_KEY_PASSWORD).isSet()
+?
context.getProperty(HttpNotificationService.PROP_KEY_PASSWORD).getValue().toCharArray()
: null,
+
context.getProperty(HttpNotificationService.PROP_KEYSTORE_TYPE).getValue(),
+
context.getProperty(HttpNotificationService.PROP_TRUSTSTORE).getValue(),
+
context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_PASSWORD).isSet()
+?
context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_PASSWORD).getValue().toCharArray()
: null,
+
context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_TYPE).getValue(),
+SslContextFactory.ClientAuth.REQUIRED,
+
context.getProperty(HttpNotificationService.SSL_ALGORITHM).getValue()
+);
// Find the first X509TrustManager
-List x509TrustManagers =
Arrays.stream(sslSocketFactoryWithTrustManagers.getValue())
+List x509TrustManagers =
Arrays.stream(sslContextTuple.getValue())
.filter(trustManager -> trustManager instanceof
X509TrustManager)
.map(trustManager -> (X509TrustManager)
trustManager).collect(Collectors.toList());
-
okHttpClientBuilder.
[nifi] branch master updated: NIFI-7136 Added autocomplete="off" to login password input (#4055)
This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git The following commit(s) were added to refs/heads/master by this push: new 37614d0 NIFI-7136 Added autocomplete="off" to login password input (#4055) 37614d0 is described below commit 37614d02cd6721a33504ac2918b28243700632d1 Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Fri Feb 14 20:46:08 2020 -0800 NIFI-7136 Added autocomplete="off" to login password input (#4055) NIFI-7136 Added autocomplete="off" to login password input Updated nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp Co-authored-by: Pierre Villard Signed-off-by: Andy LoPresto --- .../nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp index 9f9a660..6339664 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp @@ -26,7 +26,7 @@ Password - + - \ No newline at end of file +
[nifi] branch master updated: NIFI-7082 Updated tls-toolkit default server and client certificates validity days to 825 days. (#4046)
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 8faea04 NIFI-7082 Updated tls-toolkit default server and client
certificates validity days to 825 days. (#4046)
8faea04 is described below
commit 8faea04ff13b847fa2065ed127273d706be89064
Author: M Tien <56892372+mtien-apa...@users.noreply.github.com>
AuthorDate: Mon Feb 10 20:22:49 2020 -0500
NIFI-7082 Updated tls-toolkit default server and client certificates
validity days to 825 days. (#4046)
Signed-off-by: Andy LoPresto
---
.../nifi-toolkit-assembly/src/main/resources/conf/config-client.json| 2 +-
.../nifi-toolkit-assembly/src/main/resources/conf/config-server.json| 2 +-
.../main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git
a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json
b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json
index e572bc1..ea0d333 100644
---
a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json
+++
b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-client.json
@@ -7,7 +7,7 @@
"caHostname" : "localhost",
"trustStore" : "clientTrustStore",
"trustStoreType" : "jks",
- "days" : 1095,
+ "days" : 825,
"keySize" : 2048,
"keyPairAlgorithm" : "RSA",
"signingAlgorithm" : "SHA256WITHRSA"
diff --git
a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json
b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json
index fae89ed..8044a6d 100644
---
a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json
+++
b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/conf/config-server.json
@@ -4,7 +4,7 @@
"token" : "myTestTokenUseSomethingStronger",
"caHostname" : "localhost",
"port" : 8443,
- "days" : 1095,
+ "days" : 825,
"keySize" : 2048,
"keyPairAlgorithm" : "RSA",
"signingAlgorithm" : "SHA256WITHRSA"
diff --git
a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
index 5e440a7..2b7f8a1 100644
---
a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
+++
b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
@@ -28,7 +28,7 @@ public class TlsConfig {
public static final String DEFAULT_HOSTNAME = "localhost";
public static final String DEFAULT_KEY_STORE_TYPE = "jks";
public static final int DEFAULT_PORT = 8443;
-public static final int DEFAULT_DAYS = 3 * 365;
+public static final int DEFAULT_DAYS = 825;
public static final int DEFAULT_KEY_SIZE = 2048;
public static final String DEFAULT_KEY_PAIR_ALGORITHM = "RSA";
public static final String DEFAULT_SIGNING_ALGORITHM = "SHA256WITHRSA";
