[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131993623 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java --- @@ -640,7 +643,128 @@ public Response scheduleComponents( componentsToSchedule.entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> getRevision(e.getValue(), e.getKey(; // update the process group -final ScheduleComponentsEntity entity = serviceFacade.scheduleComponents(id, scheduledState, componentRevisions); +final ScheduleComponentsEntity entity = serviceFacade.scheduleComponents(id, scheduledState, componentRevisions); +return generateOkResponse(entity).build(); +} +); +} + + +@PUT +@Consumes(MediaType.APPLICATION_JSON) +@Produces(MediaType.APPLICATION_JSON) +@Path("process-groups/{id}/controller-services") +@ApiOperation(value = "Enable or disable Controller Services in the specified Process Group.", +response = ActivateControllerServicesEntity.class, +authorizations = { +@Authorization(value = "Read - /flow", type = ""), +@Authorization(value = "Write - /{component-type}/{uuid} - For every service being enabled/disabled", type = "") +}) +@ApiResponses( +value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +} +) +public Response activateControllerServices( +@Context HttpServletRequest httpServletRequest, +@ApiParam(value = "The process group id.", required = true) +@PathParam("id") String id, +@ApiParam(value = "The request to schedule or unschedule. If the comopnents in the request are not specified, all authorized components will be considered.", required = true) +final ActivateControllerServicesEntity requestEntity) { + +// ensure the same id is being used +if (!id.equals(requestEntity.getId())) { +throw new IllegalArgumentException(String.format("The process group id (%s) in the request body does " ++ "not equal the process group id of the requested resource (%s).", requestEntity.getId(), id)); +} + +final ControllerServiceState state; +if (requestEntity.getState() == null) { +throw new IllegalArgumentException("The scheduled state must be specified."); --- End diff -- Copy/paste issue in error message... ControllerServiceState is not a 'scheduled state'. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131996939 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java --- @@ -314,7 +430,7 @@ public Response updateProcessGroup( Authorizable authorizable = lookup.getProcessGroup(id).getAuthorizable(); authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, -null, +() -> serviceFacade.verifyUpdateProcessGroup(requestProcessGroupDTO), --- End diff -- This is verifying that the variables can be updated but they are ignored in the corresponding `updateProcessGroup` call below. Since variable updates are not supported in this endpoint, can this check be removed? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131983295 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java --- @@ -3062,34 +3206,70 @@ public ProcessGroupEntity getProcessGroup(final String groupId) { return createProcessGroupEntity(processGroup); } -private ControllerServiceEntity createControllerServiceEntity(final ControllerServiceNode serviceNode, final Set serviceIds) { +private ControllerServiceEntity createControllerServiceEntity(final ControllerServiceNode serviceNode, final Set serviceIds, final NiFiUser user) { final ControllerServiceDTO dto = dtoFactory.createControllerServiceDto(serviceNode); final ControllerServiceReference ref = serviceNode.getReferences(); final ControllerServiceReferencingComponentsEntity referencingComponentsEntity = createControllerServiceReferencingComponentsEntity(ref, serviceIds); dto.setReferencingComponents(referencingComponentsEntity.getControllerServiceReferencingComponents()); final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(serviceNode.getIdentifier())); -final PermissionsDTO permissions = dtoFactory.createPermissionsDto(serviceNode); +final PermissionsDTO permissions = dtoFactory.createPermissionsDto(serviceNode, user); final List bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(serviceNode.getIdentifier())); final List bulletinEntities = bulletins.stream().map(bulletin -> entityFactory.createBulletinEntity(bulletin, permissions.getCanRead())).collect(Collectors.toList()); return entityFactory.createControllerServiceEntity(dto, revision, permissions, bulletinEntities); } @Override -public Set getControllerServices(final String groupId) { -final Set serviceNodes = controllerServiceDAO.getControllerServices(groupId); +public VariableRegistryEntity getVariableRegistry(final String groupId) { +final ProcessGroup processGroup = processGroupDAO.getProcessGroup(groupId); +if (processGroup == null) { +throw new ResourceNotFoundException("Could not find group with ID " + groupId); +} + +return createVariableRegistryEntity(processGroup); +} + +private VariableRegistryEntity createVariableRegistryEntity(final ProcessGroup processGroup) { +final VariableRegistryDTO registryDto = dtoFactory.createVariableRegistryDto(processGroup); +final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(processGroup.getIdentifier())); +final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroup); +return entityFactory.createVariableRegistryEntity(registryDto, revision, permissions); +} + +@Override +public VariableRegistryEntity populateAffectedComponents(final VariableRegistryDTO variableRegistryDto) { --- End diff -- `NiFiServiceFacadeLock` handles read/write locking based on the method name. Assuming this method needs that thread safety, the name of this method needs to be accounted for. Either by changing it here or adding another advice to intercept this method call. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131983144 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java --- @@ -821,6 +925,46 @@ public ScheduleComponentsEntity scheduleComponents(final String processGroupId, } @Override +public ActivateControllerServicesEntity activateControllerServices(final String processGroupId, final ControllerServiceState state, final Map<String, Revision> serviceRevisions) { --- End diff -- `NiFiServiceFacadeLock` handles read/write locking based on the method name. Assuming this method needs that thread safety, the name of this method needs to be accounted for. Either by changing it here or adding another advice to intercept this method call. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131985592 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessGroupDAO.java --- @@ -145,6 +202,21 @@ public ProcessGroup updateProcessGroup(ProcessGroupDTO processGroupDTO) { } @Override +public ProcessGroup updateVariableRegistry(final VariableRegistryDTO variableRegistry) { --- End diff -- Assuming this action needs to be recorded in the Flow History, the `ProcessGroupAuditor` will need to account for this method invocation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131979395 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/ProcessGroupDTO.java --- @@ -200,4 +204,13 @@ public void setInactiveRemotePortCount(Integer inactiveRemotePortCount) { this.inactiveRemotePortCount = inactiveRemotePortCount; } + +@ApiModelProperty("The variables that are configured for the Process Group") +public Map<String, String> getVariables() { +return variables; +} + +public void setVariables(final Map<String, String> variables) { --- End diff -- These should be set when populating the DTO in `DtoFactory.createConciseProcessGroupDto(...)`. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r132005935 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java --- @@ -325,6 +441,859 @@ public Response updateProcessGroup( ); } + +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.APPLICATION_JSON) +@Path("{groupId}/variable-registry/update-requests/{updateId}") +@ApiOperation(value = "Gets a process group's variable registry", response = VariableRegistryUpdateRequestEntity.class, authorizations = { +@Authorization(value = "Read - /process-groups/{uuid}", type = "") +}) +@ApiResponses(value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +}) +public Response getVariableRegistryUpdateRequest( +@ApiParam(value = "The process group id.", required = true) @PathParam("groupId") final String groupId, +@ApiParam(value = "The ID of the Variable Registry Update Request", required = true) @PathParam("updateId") final String updateId) { + +if (groupId == null || updateId == null) { +throw new IllegalArgumentException("Group ID and Update ID must both be specified."); +} + +if (isReplicateRequest()) { +return replicate(HttpMethod.GET); +} + +// authorize access +serviceFacade.authorizeAccess(lookup -> { +final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable(); +processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); +}); + +final VariableRegistryUpdateRequest request = varRegistryUpdateRequests.get(updateId); +if (request == null) { +throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId); +} + +if (!groupId.equals(request.getProcessGroupId())) { +throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId + " for Process Group with identifier " + groupId); +} + +final VariableRegistryUpdateRequestEntity entity = new VariableRegistryUpdateRequestEntity(); +entity.setId(request.getRequestId()); + entity.setRequestDto(dtoFactory.createVariableRegistryUpdateRequestDto(request)); +entity.setUri(generateResourceUri("process-groups", groupId, "variable-registry", updateId)); +return generateOkResponse(entity).build(); +} + + +@DELETE +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.APPLICATION_JSON) +@Path("{groupId}/variable-registry/update-requests/{updateId}") +@ApiOperation(value = "Deletes an update request for a process group's variable registry. If the request is not yet complete, it will automatically be cancelled.", +response = VariableRegistryUpdateRequestEntity.class, authorizations = { +@Authorization(value = "Read - /process-groups/{uuid}", type = "") +}) +@ApiResponses(value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +}) +public Response deleteVariableR
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131983043 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java --- @@ -774,6 +791,80 @@ public RemoteProcessGroupPortEntity updateRemoteProcessGroupOutputPort( } @Override +public Set identifyComponentsAffectedByVariableRegistryUpdate(final VariableRegistryDTO variableRegistryDto) { --- End diff -- `NiFiServiceFacadeLock` handles read/write locking based on the method name. Assuming this method needs that thread safety, the name of this method needs to be accounted for. Either by changing it here or adding another advice to intercept this method call. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131998273 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java --- @@ -325,6 +441,859 @@ public Response updateProcessGroup( ); } + +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.APPLICATION_JSON) +@Path("{groupId}/variable-registry/update-requests/{updateId}") +@ApiOperation(value = "Gets a process group's variable registry", response = VariableRegistryUpdateRequestEntity.class, authorizations = { +@Authorization(value = "Read - /process-groups/{uuid}", type = "") +}) +@ApiResponses(value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +}) +public Response getVariableRegistryUpdateRequest( +@ApiParam(value = "The process group id.", required = true) @PathParam("groupId") final String groupId, +@ApiParam(value = "The ID of the Variable Registry Update Request", required = true) @PathParam("updateId") final String updateId) { + +if (groupId == null || updateId == null) { +throw new IllegalArgumentException("Group ID and Update ID must both be specified."); +} + +if (isReplicateRequest()) { +return replicate(HttpMethod.GET); +} + +// authorize access +serviceFacade.authorizeAccess(lookup -> { +final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable(); +processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); +}); + +final VariableRegistryUpdateRequest request = varRegistryUpdateRequests.get(updateId); +if (request == null) { +throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId); +} + +if (!groupId.equals(request.getProcessGroupId())) { +throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId + " for Process Group with identifier " + groupId); +} + +final VariableRegistryUpdateRequestEntity entity = new VariableRegistryUpdateRequestEntity(); +entity.setId(request.getRequestId()); + entity.setRequestDto(dtoFactory.createVariableRegistryUpdateRequestDto(request)); +entity.setUri(generateResourceUri("process-groups", groupId, "variable-registry", updateId)); +return generateOkResponse(entity).build(); +} + + +@DELETE +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.APPLICATION_JSON) +@Path("{groupId}/variable-registry/update-requests/{updateId}") +@ApiOperation(value = "Deletes an update request for a process group's variable registry. If the request is not yet complete, it will automatically be cancelled.", +response = VariableRegistryUpdateRequestEntity.class, authorizations = { +@Authorization(value = "Read - /process-groups/{uuid}", type = "") +}) +@ApiResponses(value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +}) +public Response deleteVariableR
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131979744 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java --- @@ -140,6 +185,22 @@ private TemplateResource templateResource; private ControllerServiceResource controllerServiceResource; +private final DtoFactory dtoFactory = new DtoFactory(); --- End diff -- If using the `DtoFactory` here, it can be injected in the Spring context. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131999511 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java --- @@ -325,6 +441,859 @@ public Response updateProcessGroup( ); } + +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.APPLICATION_JSON) +@Path("{groupId}/variable-registry/update-requests/{updateId}") +@ApiOperation(value = "Gets a process group's variable registry", response = VariableRegistryUpdateRequestEntity.class, authorizations = { +@Authorization(value = "Read - /process-groups/{uuid}", type = "") +}) +@ApiResponses(value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +}) +public Response getVariableRegistryUpdateRequest( +@ApiParam(value = "The process group id.", required = true) @PathParam("groupId") final String groupId, +@ApiParam(value = "The ID of the Variable Registry Update Request", required = true) @PathParam("updateId") final String updateId) { + +if (groupId == null || updateId == null) { +throw new IllegalArgumentException("Group ID and Update ID must both be specified."); +} + +if (isReplicateRequest()) { +return replicate(HttpMethod.GET); +} + +// authorize access +serviceFacade.authorizeAccess(lookup -> { +final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable(); +processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); +}); + +final VariableRegistryUpdateRequest request = varRegistryUpdateRequests.get(updateId); +if (request == null) { +throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId); +} + +if (!groupId.equals(request.getProcessGroupId())) { +throw new ResourceNotFoundException("Could not find a Variable Registry Update Request with identifier " + updateId + " for Process Group with identifier " + groupId); +} + +final VariableRegistryUpdateRequestEntity entity = new VariableRegistryUpdateRequestEntity(); +entity.setId(request.getRequestId()); + entity.setRequestDto(dtoFactory.createVariableRegistryUpdateRequestDto(request)); +entity.setUri(generateResourceUri("process-groups", groupId, "variable-registry", updateId)); +return generateOkResponse(entity).build(); +} + + +@DELETE +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.APPLICATION_JSON) +@Path("{groupId}/variable-registry/update-requests/{updateId}") +@ApiOperation(value = "Deletes an update request for a process group's variable registry. If the request is not yet complete, it will automatically be cancelled.", +response = VariableRegistryUpdateRequestEntity.class, authorizations = { +@Authorization(value = "Read - /process-groups/{uuid}", type = "") +}) +@ApiResponses(value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +}) +public Response deleteVariableR
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131994112 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java --- @@ -640,7 +643,128 @@ public Response scheduleComponents( componentsToSchedule.entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> getRevision(e.getValue(), e.getKey(; // update the process group -final ScheduleComponentsEntity entity = serviceFacade.scheduleComponents(id, scheduledState, componentRevisions); +final ScheduleComponentsEntity entity = serviceFacade.scheduleComponents(id, scheduledState, componentRevisions); +return generateOkResponse(entity).build(); +} +); +} + + +@PUT +@Consumes(MediaType.APPLICATION_JSON) +@Produces(MediaType.APPLICATION_JSON) +@Path("process-groups/{id}/controller-services") +@ApiOperation(value = "Enable or disable Controller Services in the specified Process Group.", +response = ActivateControllerServicesEntity.class, +authorizations = { +@Authorization(value = "Read - /flow", type = ""), +@Authorization(value = "Write - /{component-type}/{uuid} - For every service being enabled/disabled", type = "") +}) +@ApiResponses( +value = { +@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), +@ApiResponse(code = 401, message = "Client could not be authenticated."), +@ApiResponse(code = 403, message = "Client is not authorized to make this request."), +@ApiResponse(code = 404, message = "The specified resource could not be found."), +@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") +} +) +public Response activateControllerServices( +@Context HttpServletRequest httpServletRequest, +@ApiParam(value = "The process group id.", required = true) +@PathParam("id") String id, +@ApiParam(value = "The request to schedule or unschedule. If the comopnents in the request are not specified, all authorized components will be considered.", required = true) +final ActivateControllerServicesEntity requestEntity) { + +// ensure the same id is being used +if (!id.equals(requestEntity.getId())) { +throw new IllegalArgumentException(String.format("The process group id (%s) in the request body does " ++ "not equal the process group id of the requested resource (%s).", requestEntity.getId(), id)); +} + +final ControllerServiceState state; +if (requestEntity.getState() == null) { +throw new IllegalArgumentException("The scheduled state must be specified."); +} else { +try { +state = ControllerServiceState.valueOf(requestEntity.getState()); +} catch (final IllegalArgumentException iae) { +throw new IllegalArgumentException(String.format("The scheduled must be one of [%s].", --- End diff -- Looks like another copy/paste in this error message. Also, appears to be missing 'state' in where the message was copied from. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2051: NIFI-4224: Initial implementation of Process Group ...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2051#discussion_r131983689 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java --- @@ -821,6 +925,46 @@ public ScheduleComponentsEntity scheduleComponents(final String processGroupId, } @Override +public ActivateControllerServicesEntity activateControllerServices(final String processGroupId, final ControllerServiceState state, final Map<String, Revision> serviceRevisions) { + +final NiFiUser user = NiFiUserUtils.getNiFiUser(); +return activateControllerServices(user, processGroupId, state, serviceRevisions); +} + +@Override +public ActivateControllerServicesEntity activateControllerServices(final NiFiUser user, final String processGroupId, final ControllerServiceState state, --- End diff -- `NiFiServiceFacadeLock` handles read/write locking based on the method name. Assuming this method needs that thread safety, the name of this method needs to be accounted for. Either by changing it here or adding another advice to intercept this method call. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi-registry issue #3: NIFIREG-6 Adding nifi-registry-bootstrap module
Github user mcgilman commented on the issue: https://github.com/apache/nifi-registry/pull/3 Thanks @bbende! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2044 Thanks @alopresto! This has been merged to master. I accidentally forgot to add the 'This closes...' text to the commit message. Would you mind closing this PR out? Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2044 @alopresto These refactorings look good. The backward compatibility support for legacy configurations is also solid. One minor thing I'd like to investigate further if we can remove the dependency between the nifi-security-utils and the nifi-properties-loader. The nifi-security-utils are referenced and pulled into many NARs and the additional dependency would introduce further duplication of the nifi-properties-loader jar (and it's transitive dependencies not already included). This dependency is only used to load the master key from the bootstrap.conf. While it's not a showstopper, it would be nice if we didn't need this additional dependency and instead allowed the client of the nifi-security-utils provide the master key when necessary. Thanks --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2051: NIFI-4224: Initial implementation of Process Group level V...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2051 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2044 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi-registry pull request #3: NIFIREG-6 Adding nifi-registry-bootstrap modu...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/3#discussion_r131141483 --- Diff: nifi-registry-runtime/src/main/java/org/apache/nifi/registry/NiFiRegistry.java --- @@ -18,22 +18,69 @@ import org.apache.nifi.registry.jetty.JettyServer; import org.apache.nifi.registry.properties.NiFiRegistryProperties; +import org.apache.nifi.registry.util.FileUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.slf4j.bridge.SLF4JBridgeHandler; +import java.io.File; import java.io.FileReader; +import java.io.FileWriter; import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Random; +import java.util.Timer; +import java.util.TimerTask; +import java.util.concurrent.Executors; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.ScheduledFuture; +import java.util.concurrent.ThreadFactory; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicLong; /** * Main entry point for NiFiRegistry. */ public class NiFiRegistry { -private static final Logger logger = LoggerFactory.getLogger(JettyServer.class); +private static final Logger LOGGER = LoggerFactory.getLogger(NiFiRegistry.class); +private static final String KEY_FILE_FLAG = "-K"; -private static JettyServer server; +public static final String BOOTSTRAP_PORT_PROPERTY = "nifi.registry.bootstrap.listen.port"; + +private final JettyServer server; +private final BootstrapListener bootstrapListener; +private volatile boolean shutdown = false; + +public NiFiRegistry(final NiFiRegistryProperties properties) +throws ClassNotFoundException, IOException, NoSuchMethodException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException { + +// There can only be one krb5.conf for the overall Java process so set this globally during +// start up so that processors and our Kerberos authentication code don't have to set this + +// TODO enable if we support Kerberos --- End diff -- Should we remove this for now until we need to explicitly add support for it? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi-registry pull request #3: NIFIREG-6 Adding nifi-registry-bootstrap modu...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/3#discussion_r131150677 --- Diff: nifi-registry-runtime/src/main/java/org/apache/nifi/registry/NiFiRegistry.java --- @@ -43,28 +90,242 @@ public void run() { } })); -// load the properties +final String bootstrapPort = System.getProperty(BOOTSTRAP_PORT_PROPERTY); +if (bootstrapPort != null) { +try { +final int port = Integer.parseInt(bootstrapPort); + +if (port < 1 || port > 65535) { +throw new RuntimeException("Failed to start NiFi Registry because system property '" + BOOTSTRAP_PORT_PROPERTY + "' is not a valid integer in the range 1 - 65535"); +} + +bootstrapListener = new BootstrapListener(this, port); +bootstrapListener.start(); +} catch (final NumberFormatException nfe) { +throw new RuntimeException("Failed to start NiFi Registry because system property '" + BOOTSTRAP_PORT_PROPERTY + "' is not a valid integer in the range 1 - 65535"); +} +} else { +LOGGER.info("NiFi Registry started without Bootstrap Port information provided; will not listen for requests from Bootstrap"); +bootstrapListener = null; +} + +// delete the web working dir - if the application does not start successfully +// the web app directories might be in an invalid state. when this happens +// jetty will not attempt to re-extract the war into the directory. by removing +// the working directory, we can be assured that it will attempt to extract the +// war every time the application starts. +File webWorkingDir = properties.getWebWorkingDirectory(); +FileUtils.deleteFilesInDirectory(webWorkingDir, null, LOGGER, true, true); +FileUtils.deleteFile(webWorkingDir, LOGGER, 3); + +detectTimingIssues(); + +// redirect JUL log events +SLF4JBridgeHandler.removeHandlersForRootLogger(); +SLF4JBridgeHandler.install(); + +final long startTime = System.nanoTime(); +server = new JettyServer(properties); + +if (shutdown) { +LOGGER.info("NiFi Registry has been shutdown via NiFi Registry Bootstrap. Will not start Controller"); +} else { +server.start(); + +if (bootstrapListener != null) { +bootstrapListener.sendStartedStatus(true); +} + +final long duration = System.nanoTime() - startTime; +LOGGER.info("Controller initialization took " + duration + " nanoseconds " ++ "(" + (int) TimeUnit.SECONDS.convert(duration, TimeUnit.NANOSECONDS) + " seconds)."); +} +} + +protected void shutdownHook() { +try { +this.shutdown = true; + +LOGGER.info("Initiating shutdown of Jetty web server..."); +if (server != null) { +server.stop(); +} +if (bootstrapListener != null) { +bootstrapListener.stop(); +} +LOGGER.info("Jetty web server shutdown completed (nicely or otherwise)."); +} catch (final Throwable t) { +LOGGER.warn("Problem occurred ensuring Jetty web server was properly terminated due to " + t); +} +} + +/** + * Determine if the machine we're running on has timing issues. + */ +private void detectTimingIssues() { --- End diff -- I'm not sure we need to detect timing issues for the registry. Can probably remove this check. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi-registry issue #3: NIFIREG-6 Adding nifi-registry-bootstrap module
Github user mcgilman commented on the issue: https://github.com/apache/nifi-registry/pull/3 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r131135419 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java --- @@ -0,0 +1,339 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.proc.BadJOSEException; +import com.nimbusds.jose.util.DefaultResourceRetriever; +import com.nimbusds.jose.util.ResourceRetriever; +import com.nimbusds.jwt.JWT; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.TokenErrorResponse; +import com.nimbusds.oauth2.sdk.TokenRequest; +import com.nimbusds.oauth2.sdk.TokenResponse; +import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; +import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod; +import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; +import com.nimbusds.oauth2.sdk.auth.ClientSecretPost; +import com.nimbusds.oauth2.sdk.auth.Secret; +import com.nimbusds.oauth2.sdk.http.HTTPRequest; +import com.nimbusds.oauth2.sdk.http.HTTPResponse; +import com.nimbusds.oauth2.sdk.id.ClientID; +import com.nimbusds.oauth2.sdk.token.BearerAccessToken; +import com.nimbusds.openid.connect.sdk.OIDCScopeValue; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; +import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse; +import com.nimbusds.openid.connect.sdk.UserInfoRequest; +import com.nimbusds.openid.connect.sdk.UserInfoResponse; +import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse; +import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; +import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata; +import com.nimbusds.openid.connect.sdk.token.OIDCTokens; +import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator; +import net.minidev.json.JSONObject; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.util.FormatUtils; +import org.apache.nifi.util.NiFiProperties; +import org.apache.nifi.web.security.jwt.JwtService; +import org.apache.nifi.web.security.token.LoginAuthenticationToken; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.net.URI; +import java.net.URL; +import java.util.Calendar; +import java.util.Date; +import java.util.List; +import java.util.concurrent.TimeUnit; + +import static com.nimbusds.openid.connect.sdk.claims.UserInfo.EMAIL_CLAIM_NAME; + +/** + * OidcProvider for managing the OpenId Connect Authorization flow. + */ +public class StandardOidcIdentityProvider implements OidcIdentityProvider { + +private static final Logger logger = LoggerFactory.getLogger(StandardOidcIdentityProvider.class); + +private NiFiProperties properties; +private JwtService jwtService; +private OIDCProviderMetadata oidcProviderMetadata; +private int oidcConnectTimeout; +private int oidcReadTimeout; +private IDTokenValidator tokenValidator; +private ClientID clientId; +private Secret clientSecret; + +/** + * Creates a new StandardOidcIdentityProvider. + * + * @param jwtService jwt service + * @param properties properties + */ +public StandardOidcIdentityProvider(final JwtService jwtService, final NiFiProperties properties) { +this.properties = properties; +this.jwtService = jwtService; + +// attempt to process the oidc configu
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130962746 --- Diff: pom.xml --- @@ -95,7 +95,7 @@ 9.4.3.v20170317 4.10.4 4.2.4.RELEASE -4.0.3.RELEASE +4.2.3.RELEASE --- End diff -- I'm not aware of the changes. Just realized we hadn't upgraded in awhile. I'm happy to back this out and create another JIRA to investigate further. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130962379 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java --- @@ -0,0 +1,339 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.proc.BadJOSEException; +import com.nimbusds.jose.util.DefaultResourceRetriever; +import com.nimbusds.jose.util.ResourceRetriever; +import com.nimbusds.jwt.JWT; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.TokenErrorResponse; +import com.nimbusds.oauth2.sdk.TokenRequest; +import com.nimbusds.oauth2.sdk.TokenResponse; +import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; +import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod; +import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; +import com.nimbusds.oauth2.sdk.auth.ClientSecretPost; +import com.nimbusds.oauth2.sdk.auth.Secret; +import com.nimbusds.oauth2.sdk.http.HTTPRequest; +import com.nimbusds.oauth2.sdk.http.HTTPResponse; +import com.nimbusds.oauth2.sdk.id.ClientID; +import com.nimbusds.oauth2.sdk.token.BearerAccessToken; +import com.nimbusds.openid.connect.sdk.OIDCScopeValue; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; +import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse; +import com.nimbusds.openid.connect.sdk.UserInfoRequest; +import com.nimbusds.openid.connect.sdk.UserInfoResponse; +import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse; +import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; +import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata; +import com.nimbusds.openid.connect.sdk.token.OIDCTokens; +import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator; +import net.minidev.json.JSONObject; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.util.FormatUtils; +import org.apache.nifi.util.NiFiProperties; +import org.apache.nifi.web.security.jwt.JwtService; +import org.apache.nifi.web.security.token.LoginAuthenticationToken; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.net.URI; +import java.net.URL; +import java.util.Calendar; +import java.util.Date; +import java.util.List; +import java.util.concurrent.TimeUnit; + +import static com.nimbusds.openid.connect.sdk.claims.UserInfo.EMAIL_CLAIM_NAME; + +/** + * OidcProvider for managing the OpenId Connect Authorization flow. + */ +public class StandardOidcIdentityProvider implements OidcIdentityProvider { + +private static final Logger logger = LoggerFactory.getLogger(StandardOidcIdentityProvider.class); + +private NiFiProperties properties; +private JwtService jwtService; +private OIDCProviderMetadata oidcProviderMetadata; +private int oidcConnectTimeout; +private int oidcReadTimeout; +private IDTokenValidator tokenValidator; +private ClientID clientId; +private Secret clientSecret; + +/** + * Creates a new StandardOidcIdentityProvider. + * + * @param jwtService jwt service + * @param properties properties + */ +public StandardOidcIdentityProvider(final JwtService jwtService, final NiFiProperties properties) { +this.properties = properties; +this.jwtService = jwtService; + +// attempt to process the oidc configu
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130943341 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java --- @@ -0,0 +1,339 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.proc.BadJOSEException; +import com.nimbusds.jose.util.DefaultResourceRetriever; +import com.nimbusds.jose.util.ResourceRetriever; +import com.nimbusds.jwt.JWT; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.TokenErrorResponse; +import com.nimbusds.oauth2.sdk.TokenRequest; +import com.nimbusds.oauth2.sdk.TokenResponse; +import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; +import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod; +import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; +import com.nimbusds.oauth2.sdk.auth.ClientSecretPost; +import com.nimbusds.oauth2.sdk.auth.Secret; +import com.nimbusds.oauth2.sdk.http.HTTPRequest; +import com.nimbusds.oauth2.sdk.http.HTTPResponse; +import com.nimbusds.oauth2.sdk.id.ClientID; +import com.nimbusds.oauth2.sdk.token.BearerAccessToken; +import com.nimbusds.openid.connect.sdk.OIDCScopeValue; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; +import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse; +import com.nimbusds.openid.connect.sdk.UserInfoRequest; +import com.nimbusds.openid.connect.sdk.UserInfoResponse; +import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse; +import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; +import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata; +import com.nimbusds.openid.connect.sdk.token.OIDCTokens; +import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator; +import net.minidev.json.JSONObject; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.util.FormatUtils; +import org.apache.nifi.util.NiFiProperties; +import org.apache.nifi.web.security.jwt.JwtService; +import org.apache.nifi.web.security.token.LoginAuthenticationToken; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.net.URI; +import java.net.URL; +import java.util.Calendar; +import java.util.Date; +import java.util.List; +import java.util.concurrent.TimeUnit; + +import static com.nimbusds.openid.connect.sdk.claims.UserInfo.EMAIL_CLAIM_NAME; + +/** + * OidcProvider for managing the OpenId Connect Authorization flow. + */ +public class StandardOidcIdentityProvider implements OidcIdentityProvider { + +private static final Logger logger = LoggerFactory.getLogger(StandardOidcIdentityProvider.class); + +private NiFiProperties properties; +private JwtService jwtService; +private OIDCProviderMetadata oidcProviderMetadata; +private int oidcConnectTimeout; +private int oidcReadTimeout; +private IDTokenValidator tokenValidator; +private ClientID clientId; +private Secret clientSecret; + +/** + * Creates a new StandardOidcIdentityProvider. + * + * @param jwtService jwt service + * @param properties properties + */ +public StandardOidcIdentityProvider(final JwtService jwtService, final NiFiProperties properties) { +this.properties = properties; +this.jwtService = jwtService; + +// attempt to process the oidc configu
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130884930 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/OidcService.java --- @@ -0,0 +1,207 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.id.State; +import org.apache.nifi.web.security.util.CacheKey; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.URI; +import java.security.SecureRandom; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; + +import static org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED; + +/** + * OidcService is a service for managing the OpenId Connect Authorization flow. + */ +public class OidcService { + +private OidcIdentityProvider identityProvider; +private Cache<CacheKey, State> stateLookupForPendingRequests; // identifier from cookie -> state value +private Cache<CacheKey, String> jwtLookupForCompletedRequests; // identifier from cookie -> jwt or identity (and generate jwt on retrieval) + +/** + * Creates a new OtpService with an expiration of 5 minutes. + */ +public OidcService(final OidcIdentityProvider identityProvider) { +this(identityProvider, 60, TimeUnit.SECONDS); +} + +/** + * Creates a new OtpService. + * + * @param duration The expiration duration + * @param units The expiration units + * @throws NullPointerException If units is null + * @throws IllegalArgumentException If duration is negative + */ +public OidcService(final OidcIdentityProvider identityProvider, final int duration, final TimeUnit units) { +this.identityProvider = identityProvider; +this.stateLookupForPendingRequests = CacheBuilder.newBuilder().expireAfterWrite(duration, units).build(); +this.jwtLookupForCompletedRequests = CacheBuilder.newBuilder().expireAfterWrite(duration, units).build(); +} + +/** + * Returns whether OpenId Connect is enabled. + * + * @return whether OpenId Connect is enabled + */ +public boolean isOidcEnabled() { +return identityProvider.isOidcEnabled(); +} + +/** + * Returns the OpenId Connect authorization endpoint. + * + * @return the authorization endpoint + */ +public URI getAuthorizationEndpoint() { +return identityProvider.getAuthorizationEndpoint(); +} + +/** + * Returns the OpenId Connect scope. + * + * @return scope + */ +public Scope getScope() { +return identityProvider.getScope(); +} + +/** + * Returns the OpenId Connect client id. + * + * @return client id + */ +public String getClientId() { +return identityProvider.getClientId().getValue(); +} + +/** + * Initiates an OpenId Connection authorization code flow using the specified request identifier to maintain state. + * + * @param oidcRequestIdentifier request identifier + * @return state + */ +public State createState(final String oidcRequestIdentifier) { +if (!isOidcEnabled()) { +throw new IllegalStateException(OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED); +} + +final CacheKey oidcRequestIdentifierKey = new CacheKey(oidcRequestIdent
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130882716 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/OidcService.java --- @@ -0,0 +1,207 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.id.State; +import org.apache.nifi.web.security.util.CacheKey; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.URI; +import java.security.SecureRandom; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; + +import static org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED; + +/** + * OidcService is a service for managing the OpenId Connect Authorization flow. + */ +public class OidcService { + +private OidcIdentityProvider identityProvider; +private Cache<CacheKey, State> stateLookupForPendingRequests; // identifier from cookie -> state value +private Cache<CacheKey, String> jwtLookupForCompletedRequests; // identifier from cookie -> jwt or identity (and generate jwt on retrieval) + +/** + * Creates a new OtpService with an expiration of 5 minutes. + */ +public OidcService(final OidcIdentityProvider identityProvider) { +this(identityProvider, 60, TimeUnit.SECONDS); +} + +/** + * Creates a new OtpService. + * + * @param duration The expiration duration + * @param units The expiration units + * @throws NullPointerException If units is null + * @throws IllegalArgumentException If duration is negative + */ +public OidcService(final OidcIdentityProvider identityProvider, final int duration, final TimeUnit units) { +this.identityProvider = identityProvider; +this.stateLookupForPendingRequests = CacheBuilder.newBuilder().expireAfterWrite(duration, units).build(); +this.jwtLookupForCompletedRequests = CacheBuilder.newBuilder().expireAfterWrite(duration, units).build(); +} + +/** + * Returns whether OpenId Connect is enabled. + * + * @return whether OpenId Connect is enabled + */ +public boolean isOidcEnabled() { +return identityProvider.isOidcEnabled(); +} + +/** + * Returns the OpenId Connect authorization endpoint. + * + * @return the authorization endpoint + */ +public URI getAuthorizationEndpoint() { +return identityProvider.getAuthorizationEndpoint(); +} + +/** + * Returns the OpenId Connect scope. + * + * @return scope + */ +public Scope getScope() { +return identityProvider.getScope(); +} + +/** + * Returns the OpenId Connect client id. + * + * @return client id + */ +public String getClientId() { +return identityProvider.getClientId().getValue(); +} + +/** + * Initiates an OpenId Connection authorization code flow using the specified request identifier to maintain state. + * + * @param oidcRequestIdentifier request identifier + * @return state + */ +public State createState(final String oidcRequestIdentifier) { +if (!isOidcEnabled()) { +throw new IllegalStateException(OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED); +} + +final CacheKey oidcRequestIdentifierKey = new CacheKey(oidcRequestIdent
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130879118 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/OidcService.java --- @@ -0,0 +1,207 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.id.State; +import org.apache.nifi.web.security.util.CacheKey; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.URI; +import java.security.SecureRandom; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; + +import static org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED; + +/** + * OidcService is a service for managing the OpenId Connect Authorization flow. + */ +public class OidcService { + +private OidcIdentityProvider identityProvider; +private Cache<CacheKey, State> stateLookupForPendingRequests; // identifier from cookie -> state value +private Cache<CacheKey, String> jwtLookupForCompletedRequests; // identifier from cookie -> jwt or identity (and generate jwt on retrieval) + +/** + * Creates a new OtpService with an expiration of 5 minutes. + */ +public OidcService(final OidcIdentityProvider identityProvider) { +this(identityProvider, 60, TimeUnit.SECONDS); +} + +/** + * Creates a new OtpService. + * + * @param duration The expiration duration + * @param units The expiration units + * @throws NullPointerException If units is null + * @throws IllegalArgumentException If duration is negative + */ +public OidcService(final OidcIdentityProvider identityProvider, final int duration, final TimeUnit units) { +this.identityProvider = identityProvider; +this.stateLookupForPendingRequests = CacheBuilder.newBuilder().expireAfterWrite(duration, units).build(); +this.jwtLookupForCompletedRequests = CacheBuilder.newBuilder().expireAfterWrite(duration, units).build(); +} + +/** + * Returns whether OpenId Connect is enabled. + * + * @return whether OpenId Connect is enabled + */ +public boolean isOidcEnabled() { +return identityProvider.isOidcEnabled(); --- End diff -- Got it. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130878806 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/OidcService.java --- @@ -0,0 +1,207 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.id.State; +import org.apache.nifi.web.security.util.CacheKey; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.URI; +import java.security.SecureRandom; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; + +import static org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED; + +/** + * OidcService is a service for managing the OpenId Connect Authorization flow. + */ +public class OidcService { + +private OidcIdentityProvider identityProvider; +private Cache<CacheKey, State> stateLookupForPendingRequests; // identifier from cookie -> state value +private Cache<CacheKey, String> jwtLookupForCompletedRequests; // identifier from cookie -> jwt or identity (and generate jwt on retrieval) + +/** + * Creates a new OtpService with an expiration of 5 minutes. + */ +public OidcService(final OidcIdentityProvider identityProvider) { +this(identityProvider, 60, TimeUnit.SECONDS); +} + +/** + * Creates a new OtpService. + * + * @param duration The expiration duration --- End diff -- Got it. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130878563 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java --- @@ -125,6 +142,160 @@ public Response getLoginConfig(@Context HttpServletRequest httpServletRequest) { return generateOkResponse(entity).build(); } +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.WILDCARD) +@Path("oidc/request") +@ApiOperation( +value = "Initiates a request to authenticate through the configured OpenId Connect provider." +) +public void oidcRequest(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception { +// only consider user specific access over https +if (!httpServletRequest.isSecure()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "User authentication/authorization is only supported when running over HTTPS."); +return; +} + +// ensure oidc is enabled +if (!oidcService.isOidcEnabled()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "OpenId Connect is not configured."); +return; +} + +final String oidcRequestIdentifier = UUID.randomUUID().toString(); + +// generate a cookie to associate this login sequence +final Cookie cookie = new Cookie(OIDC_REQUEST_IDENTIFIER, oidcRequestIdentifier); +cookie.setPath("/"); +cookie.setHttpOnly(true); +cookie.setMaxAge(60); +cookie.setSecure(true); +httpServletResponse.addCookie(cookie); + +// get the state for this request +final State state = oidcService.createState(oidcRequestIdentifier); + +// build the authorization uri +final URI authorizationUri = UriBuilder.fromUri(oidcService.getAuthorizationEndpoint()) +.queryParam("client_id", oidcService.getClientId()) +.queryParam("response_type", "code") +.queryParam("scope", oidcService.getScope().toString()) +.queryParam("state", state.getValue()) +.queryParam("redirect_uri", getOidcCallback()) +.build(); + +// generate the response +httpServletResponse.sendRedirect(authorizationUri.toString()); +} + +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.WILDCARD) +@Path("oidc/callback") +@ApiOperation( +value = "Redirect/callback URI for processing the result of the OpenId Connect login sequence." +) +public void oidcCallback(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception { +// only consider user specific access over https +if (!httpServletRequest.isSecure()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "User authentication/authorization is only supported when running over HTTPS."); +return; +} + +// ensure oidc is enabled +if (!oidcService.isOidcEnabled()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "OpenId Connect is not configured."); +return; +} + +final String oidcRequestIdentifier = getCookieValue(httpServletRequest.getCookies(), OIDC_REQUEST_IDENTIFIER); +if (oidcRequestIdentifier == null) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "The login request identifier was not found in the request. Unable to continue."); +return; +} + +final com.nimbusds.openid.connect.sdk.AuthenticationResponse oidcResponse = AuthenticationResponseParser.parse(getRequestUri()); +if (oidcResponse.indicatesSuccess()) { +final AuthenticationSuccessResponse successfulOidcResponse = (AuthenticationSuccessResponse) oidcResponse; + +// confirm state +final State state = successfulOidcResponse.getState(); +if (!oidcService.isStateValid(oidcRequestIdentifier, state)) { +logger.error("Purposed state does not match the stored state. Unable to continue login process."); + +// remove the oidc request cookie +removeOidcRequestCookie(httpSer
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130873359 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java --- @@ -125,6 +142,160 @@ public Response getLoginConfig(@Context HttpServletRequest httpServletRequest) { return generateOkResponse(entity).build(); } +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.WILDCARD) +@Path("oidc/request") +@ApiOperation( +value = "Initiates a request to authenticate through the configured OpenId Connect provider." +) +public void oidcRequest(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception { +// only consider user specific access over https +if (!httpServletRequest.isSecure()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "User authentication/authorization is only supported when running over HTTPS."); +return; +} + +// ensure oidc is enabled +if (!oidcService.isOidcEnabled()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "OpenId Connect is not configured."); +return; +} + +final String oidcRequestIdentifier = UUID.randomUUID().toString(); + +// generate a cookie to associate this login sequence +final Cookie cookie = new Cookie(OIDC_REQUEST_IDENTIFIER, oidcRequestIdentifier); +cookie.setPath("/"); +cookie.setHttpOnly(true); +cookie.setMaxAge(60); +cookie.setSecure(true); +httpServletResponse.addCookie(cookie); + +// get the state for this request +final State state = oidcService.createState(oidcRequestIdentifier); + +// build the authorization uri +final URI authorizationUri = UriBuilder.fromUri(oidcService.getAuthorizationEndpoint()) +.queryParam("client_id", oidcService.getClientId()) +.queryParam("response_type", "code") +.queryParam("scope", oidcService.getScope().toString()) +.queryParam("state", state.getValue()) +.queryParam("redirect_uri", getOidcCallback()) +.build(); + +// generate the response +httpServletResponse.sendRedirect(authorizationUri.toString()); +} + +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.WILDCARD) +@Path("oidc/callback") +@ApiOperation( +value = "Redirect/callback URI for processing the result of the OpenId Connect login sequence." +) +public void oidcCallback(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception { +// only consider user specific access over https +if (!httpServletRequest.isSecure()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "User authentication/authorization is only supported when running over HTTPS."); +return; +} + +// ensure oidc is enabled +if (!oidcService.isOidcEnabled()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "OpenId Connect is not configured."); +return; +} + +final String oidcRequestIdentifier = getCookieValue(httpServletRequest.getCookies(), OIDC_REQUEST_IDENTIFIER); +if (oidcRequestIdentifier == null) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "The login request identifier was not found in the request. Unable to continue."); +return; +} + +final com.nimbusds.openid.connect.sdk.AuthenticationResponse oidcResponse = AuthenticationResponseParser.parse(getRequestUri()); +if (oidcResponse.indicatesSuccess()) { +final AuthenticationSuccessResponse successfulOidcResponse = (AuthenticationSuccessResponse) oidcResponse; + +// confirm state +final State state = successfulOidcResponse.getState(); +if (!oidcService.isStateValid(oidcRequestIdentifier, state)) { +logger.error("Purposed state does not match the stored state. Unable to continue login process."); --- End diff -- That's a typo. It was meant to say the "Proposed state". I'll updat
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130871309 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java --- @@ -125,6 +142,160 @@ public Response getLoginConfig(@Context HttpServletRequest httpServletRequest) { return generateOkResponse(entity).build(); } +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.WILDCARD) +@Path("oidc/request") +@ApiOperation( +value = "Initiates a request to authenticate through the configured OpenId Connect provider." +) +public void oidcRequest(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception { +// only consider user specific access over https +if (!httpServletRequest.isSecure()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "User authentication/authorization is only supported when running over HTTPS."); +return; +} + +// ensure oidc is enabled +if (!oidcService.isOidcEnabled()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "OpenId Connect is not configured."); +return; +} + +final String oidcRequestIdentifier = UUID.randomUUID().toString(); + +// generate a cookie to associate this login sequence +final Cookie cookie = new Cookie(OIDC_REQUEST_IDENTIFIER, oidcRequestIdentifier); +cookie.setPath("/"); +cookie.setHttpOnly(true); +cookie.setMaxAge(60); +cookie.setSecure(true); +httpServletResponse.addCookie(cookie); + +// get the state for this request +final State state = oidcService.createState(oidcRequestIdentifier); + +// build the authorization uri +final URI authorizationUri = UriBuilder.fromUri(oidcService.getAuthorizationEndpoint()) +.queryParam("client_id", oidcService.getClientId()) +.queryParam("response_type", "code") +.queryParam("scope", oidcService.getScope().toString()) +.queryParam("state", state.getValue()) +.queryParam("redirect_uri", getOidcCallback()) +.build(); + +// generate the response +httpServletResponse.sendRedirect(authorizationUri.toString()); +} + +@GET +@Consumes(MediaType.WILDCARD) +@Produces(MediaType.WILDCARD) +@Path("oidc/callback") +@ApiOperation( +value = "Redirect/callback URI for processing the result of the OpenId Connect login sequence." +) +public void oidcCallback(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception { +// only consider user specific access over https +if (!httpServletRequest.isSecure()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "User authentication/authorization is only supported when running over HTTPS."); +return; +} + +// ensure oidc is enabled +if (!oidcService.isOidcEnabled()) { +forwardToMessagePage(httpServletRequest, httpServletResponse, "OpenId Connect is not configured."); +return; +} + +final String oidcRequestIdentifier = getCookieValue(httpServletRequest.getCookies(), OIDC_REQUEST_IDENTIFIER); +if (oidcRequestIdentifier == null) { --- End diff -- `getCookieValue` returns null when no cookie is found with the specified name. I'll update the Javadoc's on that method to make it clearer. If there is a cookie with that name, we attempt to use the associated value in the login process. We have not formally defined a format for this identifier. Rather, we've left it just a `String` for now in case we choose to change it later. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2047: NIFI-4210: Add support for OpenId Connect
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/2047 NIFI-4210: Add support for OpenId Connect NIFI-4210: - Introducing support for OpenId Connect. - Updating REST API and UI to support the authorization code flow. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4210 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2047.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2047 commit 4859baa29f42ff98e3747527cb0135e306baa7d2 Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-08-01T14:46:45Z NIFI-4210: - Introducing support for OpenId Connect. - Updating REST API and UI to support the authorization code flow. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2019: NIFI-4032: Managed Ranger Authorizer
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2019 Great find @YolandaMDavis! Will address this and update. Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1872: NIFI-106: Expose processors' counters in Stats History
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1872 Thanks @markap14! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2023: NIFI-4206: Proxy instructions in Admin Guide
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2023 @bond- Another commit has been pushed which includes a brief example for NiFi specific configuration. I am not super familiar with proxy configurations so if you have any additional suggestions that should be added just let me know. If you wanted to supply a patch with specific details based on your experience thus far, I'd be happy to include it in this PR. Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1644: NIFI-11 - Capture StringIndexOutOfBoundsException to preve...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1644 Thanks @trixpan! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2023: NIFI-4206: Proxy instructions in Admin Guide
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/2023 NIFI-4206: Proxy instructions in Admin Guide NIFI-4206: - Updating admin guide to include instructions for running NiFi behind a proxy. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4206 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2023.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2023 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #2019: NIFI-4032: Managed Ranger Authorizer
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/2019 NIFI-4032: Managed Ranger Authorizer NIFI-4032: Managed Ranger Authorizer - Introducing the ManagedRangerAuthorizer. - Introducing the AuthorizationAuditor. - Updating authorization requests to utilize Authorizable where ever possible so allow for a singular place to audit resource not found as denied when the parent authorizable is null (no more inheritance). - Updating unit tests as appropriate. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4032 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2019.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2019 commit c87208d38ac1d46b7304dc737a8f8c332897a4d5 Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-06-28T14:17:17Z NIFI-4032: - Introducing the ManagedRangerAuthorizer. - Introducing the AuthorizationAuditor. - Updating authorization requests to utilize Authorizable where ever possible so allow for a singular place to audit resource not found as denied when the parent authorizable is null (no more inheritance). - Updating unit tests as appropriate. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1872: NIFI-106: Expose processors' counters in Stats Hist...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/1872#discussion_r127742238 --- Diff: nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java --- @@ -234,6 +245,7 @@ public ProcessorStatus clone() { clonedObj.flowFilesRemoved = flowFilesRemoved; clonedObj.runStatus = runStatus; clonedObj.type = type; +clonedObj.counters = new HashMap<>(counters); --- End diff -- May need to protect against NPE when `counters` is null. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1872: NIFI-106: Expose processors' counters in Stats Hist...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/1872#discussion_r127739416 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/StatusHistoryEndpointMerger.java --- @@ -109,13 +119,49 @@ public NodeResponse merge(URI uri, String method, Set successfulRe noReadPermissionsComponentDetails = nodeStatus.getComponentDetails(); } +if (!nodeStatus.isIncludeCounters()) { --- End diff -- I'm not sure we need to add a new field to the `nodeStatus` as the read permission is already present in the corresponding `nodeResponseEntity`. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1872: NIFI-106: Expose processors' counters in Stats Hist...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/1872#discussion_r127741268 --- Diff: nifi-framework-api/src/main/java/org/apache/nifi/controller/status/history/StatusHistory.java --- @@ -41,4 +41,9 @@ * @return List of snapshots for a given component */ List getStatusSnapshots(); + +/** + * @return true if counter values are included in the Status History + */ +boolean isIncludeCounters(); --- End diff -- If we're able to remove the flag from the `StatusHistoryDTO`, we may also be able to remove this one. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1872: NIFI-106: Expose processors' counters in Stats Hist...
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/1872#discussion_r127741006 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java --- @@ -2867,6 +2867,7 @@ private ProcessorStatus getProcessorStatus(final RepositoryStatusReport report, status.setFlowFilesSent(entry.getFlowFilesSent()); status.setBytesSent(entry.getBytesSent()); status.setFlowFilesRemoved(entry.getFlowFilesRemoved()); +status.setCounters(entry.getCounters()); --- End diff -- This should be done conditionally based on `isProcessorAuthorized`. When captured for status history purposes that `Predicate` will always result in `true`. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1872: NIFI-106: Expose processors' counters in Stats History
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1872 @markap14 this sounds like a good approach. Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi-registry issue #1: NIFIREG-1 Initial project structure for NiFi Registr...
Github user mcgilman commented on the issue: https://github.com/apache/nifi-registry/pull/1 Thanks @bbende! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2001: NIFI-1586 Removed check for distributed ZK quorum before s...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2001 Thanks @jtstorck! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2001: NIFI-1586 Removed check for distributed ZK quorum before s...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2001 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1999: NIFI-3939: Reviewed and corrected all incorrect nifi-web-a...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1999 Thanks @m-hogue! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1999: NIFI-3939: Reviewed and corrected all incorrect nifi-web-a...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1999 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1996: NIFI-4167: StandardResourceClaimManager should not synchro...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1996 Thanks @markap14! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1996: NIFI-4167: StandardResourceClaimManager should not synchro...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1996 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2000: NIFI-4172: renamed ClusteSummaryEntity to ClusterSummaryEn...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2000 I've updated the fix version on the JIRA so we'll catch it for 2.0.0. Unfortunately, I cannot close the PR without a commit. Only the person that created the PR can do so. Do you mind closing? Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2000: NIFI-4172: renamed ClusteSummaryEntity to ClusterSummaryEn...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2000 Thanks for the PR @m-hogue. I almost made this fix myself awhile back and held off. Technically, this class is part of a domain model for the REST API. Folks should be able to use this model in conjunction with frameworks like Jersey or RestEasy to interact with the REST API. Because of this, we treat this as another public API and we don't introduce breaking changes outside of major releases. Fortunately, the typo is not visible to folks consuming the REST API without our DTO domain model (through curl for instance). --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1995: NIFI-4151: Ensure that we properly call invalidateValidati...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1995 Thanks @markap14. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1978: NIFI-4127: Composite User Group Providers
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1978 @pvillard31 A second commit has been pushed updating the documentation and providing an example of the composite configurable user group provider. Thanks again for the review! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1962: NIFI-4143 - externalize MAX_CONCURRENT_REQUESTS
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1962 Thanks @pvillard31! Most recent update looks great. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1978: NIFI-4127: Composite User Group Providers
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/1978#discussion_r125994624 --- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc --- @@ -464,6 +464,17 @@ Another option for the UserGroupProvider is the LdapUserGroupProvider. By defaul * Group Name Attribute - Attribute to use to extract group name (i.e. cn). Optional. If not set, the entire DN is used. * Group Member Attribute - Attribute to use to define group membership (i.e. member). Optional. If not set group membership will not be calculated through the groups. Will rely on group member being defined through 'User Group Name Attribute' if set. +Another option for the UserGroupProvider are composite implementations. This means that multiple sources/implementations can be configured and composed. For instance, an admin can configure users/groups to be loaded from a file and an directory server. There are two composite implementations, one that supports multiple UserGroupProviders and one that supports multiple UserGroupProviders and a single configurable UserGroupProvider. + +The CompositeUserGroupProvider will provide support for retrieving users and groups from multiple sources. --- End diff -- Ah. Sorry your totally right. I forgot about those checks. They have been in place for awhile. So that constraint shouldn't be unique to the composite providers. Regardless, I will update the documentation accordingly. I suppose I could remove those tests I referenced since they will never hit when running in the app. However, they still ensure the order the providers are invoked so I'll probably leave them in place. Anyways, thanks for confirming. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1978: NIFI-4127: Composite User Group Providers
Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/1978#discussion_r125987445 --- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc --- @@ -464,6 +464,17 @@ Another option for the UserGroupProvider is the LdapUserGroupProvider. By defaul * Group Name Attribute - Attribute to use to extract group name (i.e. cn). Optional. If not set, the entire DN is used. * Group Member Attribute - Attribute to use to define group membership (i.e. member). Optional. If not set group membership will not be calculated through the groups. Will rely on group member being defined through 'User Group Name Attribute' if set. +Another option for the UserGroupProvider are composite implementations. This means that multiple sources/implementations can be configured and composed. For instance, an admin can configure users/groups to be loaded from a file and an directory server. There are two composite implementations, one that supports multiple UserGroupProviders and one that supports multiple UserGroupProviders and a single configurable UserGroupProvider. + +The CompositeUserGroupProvider will provide support for retrieving users and groups from multiple sources. --- End diff -- Multiple users should be supported in this PR. Did you see otherwise? There are a couple test cases that verify this [1] [2]. Order does matter and I can update the docs to describe this fact. UserGroupProviders are invoked in the order they appear in the authorizers.xml. [1] https://github.com/mcgilman/nifi/blob/0e679007e59bfea050f73b046f52b2a772a281ae/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/test/java/org/apache/nifi/authorization/CompositeUserGroupProviderTest.java#L139 [2] https://github.com/mcgilman/nifi/blob/0e679007e59bfea050f73b046f52b2a772a281ae/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/test/java/org/apache/nifi/authorization/CompositeConfigurableUserGroupProviderTest.java#L93 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1979: NIFI-4151: Updated UpdateAttribute to only create JAXB Con...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1979 Thanks @markap14! The update has addressed the test failures and this has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1980: NIFI-4153: Use a LinkedBlockingQueue instead of a Synchron...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1980 Thanks @markap14! This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1979: NIFI-4151: Updated UpdateAttribute to only create JAXB Con...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1979 @markap14 Looks like the proposed changes are causing unit test failures. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1980: NIFI-4153: Use a LinkedBlockingQueue instead of a Synchron...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1980 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1962: NIFI-4143 - externalize MAX_CONCURRENT_REQUESTS
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1962 @pvillard31 Just started reviewing this PR. I'm wondering if the property should be associated with the cluster section instead of the web properties. This property is only relevant when clustered and am concerned it may be confusing being colocated with the jetty thread configuration. Since that thread pool drives the size of the thread pool that Jetty uses it could be confused with the maximum number of concurrent requests. It might make sense to associate this property with other request replication properties. For instance the replication thread pool size: ``` nifi.cluster.node.protocol.threads=${nifi.cluster.node.protocol.threads} nifi.cluster.node.protocol.max.threads=${nifi.cluster.node.protocol.max.threads} ``` Or the replication timeouts: ``` nifi.cluster.node.connection.timeout=${nifi.cluster.node.connection.timeout} nifi.cluster.node.read.timeout=${nifi.cluster.node.read.timeout} ``` Thoughts? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1979: NIFI-4151: Updated UpdateAttribute to only create JAXB Con...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1979 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1978: NIFI-4127: Composite User Group Providers
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1978 NIFI-4127: Composite User Group Providers NIFI-4127: - Introducing composite ConfigurableUserGroupProvider and UserGroupProvider. - Adding appropriate unit tests. - Updating object model to support per resource (user/group/policy) configuration. - Updating UI to support per resource (user/group/policy) configuration. - Adding necessary documentation. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4127 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1978.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1978 commit 0e679007e59bfea050f73b046f52b2a772a281ae Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-06-28T20:40:41Z NIFI-4127: - Introducing composite ConfigurableUserGroupProvider and UserGroupProvider. - Adding appropriate unit tests. - Updating object model to support per resource (user/group/policy) configuration. - Updating UI to support per resource (user/group/policy) configuration. - Adding necessary documentation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1923: NIFI-4059: Introduce LdapUserGroupProvider
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1923 Thanks @pvillard31 for having a look at this PR! I've addressed the two issues above and I think resolving the group name when searching users only and detecting group membership is supported. Check out this unit test here [1]. Please let me know if I misunderstood. Thanks again! [1] https://github.com/mcgilman/nifi/blob/4dd7aaae8de2ea2e2000510e5501f6e6b71d7f4b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/test/java/org/apache/nifi/ldap/tenants/LdapUserGroupProviderTest.java#L213 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1923: NIFI-4059: Introduce LdapUserGroupProvider
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1923 NIFI-4059: Introduce LdapUserGroupProvider NIFI-4059: - Introducing the LdapUserGroupProvider. - Updating documentation accordingly. - Moving the IdentityMapping utilities so they were accessible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4059 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1923.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1923 commit 4dd7aaae8de2ea2e2000510e5501f6e6b71d7f4b Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-06-12T20:53:56Z NIFI-4059: - Introducing the LdapUserGroupProvider. - Updating documentation accordingly. - Moving the IdentityMapping utilities so they were accessible. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1900: NIFI-4019: Added support for X-Forwarded-* headers
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1900 Yup. Thanks again! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1900: NIFI-4019: Added support for X-Forwarded-* headers
Github user mcgilman closed the pull request at: https://github.com/apache/nifi/pull/1900 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1900: NIFI-4019: Added support for X-Forwarded-* headers
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1900 Thanks for catching those @jtstorck! Will update. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1897: NIFI-3653: Introduce ManagedAuthorizer
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1897 For those reviewing... just pushed a follow-up commit. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1897: NIFI-3653: Introduce ManagedAuthorizer
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1897 I'll be posting another commit to this PR to more easily allow providers to map their users, groups, and policies to the internal data model. Also, have minor documentation and error message tweaks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1903: NIFI-4045: POST lineage may not respond with eventI...
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1903 NIFI-4045: POST lineage may not respond with eventId NIFI-4045: - Addressing issues causing the eventId to not be relayed when submitting a lineage request under certain conditions. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4045 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1903.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1903 commit b3c5adfefb7a6debd5839585e39c7aa47a0e5fd5 Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-06-08T17:38:19Z NIFI-4045: - Addressing issues causing the eventId to not be relayed when submitting a lineage request under certain conditions. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1900: NIFI-4019: Added support for X-Forwarded-* headers
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1900 NIFI-4019: Added support for X-Forwarded-* headers NIFI-4019: - Adding support for X-Forwarded-* headers. - Unrelated code clean up. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4019 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1900.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1900 commit 6c3e6311b62881ae2a895ab59c1234303f04fbc9 Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-06-08T13:38:07Z NIFI-4019: - Adding support for X-Forwarded-* headers. - Unrelated code clean up. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1897: NIFI-3653: Introduce ManagedAuthorizer
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1897 NIFI-3653: Introduce ManagedAuthorizer NIFI-3653: - Introducing UserGroup and Policy provider interfaces. - Introducing FileUserGroupProvider and FileAccessPolicyProvider. - Refactoring FileAuthorizer to utilize the file based implementations. - Introducing the StandardManagedAuthorizer. - Decorating the configured ManagedAuthorizer to ensure integrity checks are still performed. - Loading user groups if possible to use during access decisions. - Merging responses for requests for AccessPolicies, Users, and UserGroups. - Adding unit tests as appropriate. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-3653 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1897.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1897 commit 55524cc7d2f45c9c17dab02627e7c29159acbe28 Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-05-26T19:02:44Z NIFI-3653: - Introducing UserGroup and Policy provider interfaces. - Introducing FileUserGroupProvider and FileAccessPolicyProvider. - Refactoring FileAuthorizer to utilize the file based implementations. - Introducing the StandardManagedAuthorizer. - Decorating the configured ManagedAuthorizer to ensure integrity checks are still performed. - Loading user groups if possible to use during access decisions. - Merging responses for requests for AccessPolicies, Users, and UserGroups. - Adding unit tests as appropriate. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1893: NIFI-4027: Restoring tooltips in the toolbar
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1893 NIFI-4027: Restoring tooltips in the toolbar NIFI-4027: - Fixing the positioning of the tooltips in the component toolbar. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-4027 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1893.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1893 commit 2bcb1ad6c3dbd369548d6ac2a7878a33272d60b0 Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-06-06T21:29:24Z NIFI-4027: - Fixing the positioning of the tooltips in the component toolbar. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1644: NIFI-11 - Capture StringIndexOutOfBoundsException to preve...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1644 @trixpan I think the most recent commit does address the remaining spots, however it appears break a unit test. Do you mind updating? Looking at the failure in the Travis build, I believe the new exception is the desirable behavior. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1644: NIFI-11 - Capture StringIndexOutOfBoundsException to preve...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1644 @trixpan I believe there a couple other instances where we are evaluating an expression where we are still just catching ProcessException. Specifically, I believe we also need this adjustment when evaluating conditions and considering attributes to delete. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1872: NIFI-106: Expose processors' counters in Stats History
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1872 @markap14 - Counters are currently protected in access policies using a global resource. This is due to the fact that there are instance based Counters and a corresponding type based Counter. The type base Counters aggregate the values from all instances of that type reporting that Counter. Because type based Counters lose the association to the underlying instance, we are currently requiring a global permission. Access to stats and status history is available to any user with permissions to the UI (protected in access policies with the /flow resource). Because of this, I think we need to filter only allowable Counters into the status history. We will need to decide what is allowable in this context. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1871: NIFI-3719: Address timezone issue when formatting h...
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1871 NIFI-3719: Address timezone issue when formatting hours/minutes/seconds NIFI-3719: - Removing the usage of SimpleDateFormat when formatting hours/minutes/seconds as the current timezone could cause unintended results. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-3719 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1871.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1871 commit db77f7dd5356a38dae1b8b831a6e74fe992775ef Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-05-30T15:15:04Z NIFI-3719: - Removing the usage of SimpleDateFormat when formatting hours/minutes/seconds as the current timezone could cause unintended results. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1848: [NIFI-3925] bound width of combo options drop down text
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1848 Thanks @scottyaslan. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1849: [NIFI-3943] align combo option item toolips to hover close...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1849 Thanks @scottyaslan. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1848: [NIFI-3925] bound width of combo options drop down text
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1848 @scottyaslan Would it be possible to update this PR to not take a percentage based approach? The component(s) selected by the combo plugin can have any width. Taking a percentage based approach may unnecessarily limit the text width. We should be able to update the corresponding JS file to set an appropriate width based on the incoming element. We are already doing this when we set the width of the container element for the combo options [1]. When setting the width of the option text element we'll need to update the width accordingly based on whether there is a description or not. [1] https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/combo/jquery.combo.js#L165 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1848: [NIFI-3925] bound width of combo options drop down text
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1848 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1644: NIFI-11 - Capture StringIndexOutOfBoundsException to preve...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1644 Pretty sure it still needs an update. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1844: NIFI-3955: Filtering out the EventTime searchable f...
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1844 NIFI-3955: Filtering out the EventTime searchable field for all implementation of ProvenanceRepository NIFI-3955: - Filtering out the EventTime searchable field for all implementation of ProvenanceRepository. Prefer user query using the startDate/endDate fields. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-3955 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1844.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1844 commit 267f838d389c90c5dec22b44ea7ed4b64aa7e902 Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-05-23T12:57:28Z NIFI-3955: - Filtering out the EventTime searchable field for all implementation of ProvenanceRepository. Prefer user query using the startDate/endDate fields. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1838: NIFI-3933: Monitor heartbeats based on connected no...
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1838 NIFI-3933: Monitor heartbeats based on connected nodes NIFI-3933: - When monitoring heartbeats use the connected nodes as the basis for the check. This addresses the case when a node is terminated and no corresponding heartbeats exist. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-3933 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1838.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1838 commit 4a4e0159b6d6b81f895d43c4ed95a5d8ac9a329e Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-05-22T19:28:30Z NIFI-3933: - When monitoring heartbeats use the connected nodes as the basis for the check. This addresses the case when a node is terminated and no corresponding heartbeats exist. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1812: NIFI-1963 Forces a node reconnecting to a cluster to inher...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1812 Thanks @jtstorck. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1812: NIFI-1963 Forces a node reconnecting to a cluster to inher...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1812 Will pick up review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1799: NIFI-3896 - Makes DeprecationNotice more intuitive
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1799 Thanks @trixpan. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1799: NIFI-3896 - Makes DeprecationNotice more intuitive
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1799 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1819: NIFI-3917: Use a default value of 'false' for CSV Reader's...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1819 Thanks @markap14! This has been merged to master. And thanks @kevdoran reviewing too! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1819: NIFI-3917: Use a default value of 'false' for CSV Reader's...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1819 Will review/merge... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1818: [NIFI-3906] Introduce additional validation when handling ...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1818 Thanks @scottyaslan. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1818: [NIFI-3906] Introduce additional validation when handling ...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1818 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1817: NIFI-3923: Only start processors after repositories have b...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1817 Thanks @markap14. This has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1817: NIFI-3923: Only start processors after repositories have b...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1817 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1808: NIFI-3904 Adding logic to only reload when incoming bundle...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1808 Thanks @bbende. This looks good and has been merged to master. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #1808: NIFI-3904 Adding logic to only reload when incoming bundle...
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/1808 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi pull request #1803: NIFI-3901: Address Provenance Rest Api issues
GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/1803 NIFI-3901: Address Provenance Rest Api issues NIFI-3901: - Addressing response code of POST /provenance/lineage. - Ensuring cluster node details are set accordingly. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-3901 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1803.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1803 commit c13b59347b78c0f60b97a0a01a065dc9c1e5321e Author: Matt Gilman <matt.c.gil...@gmail.com> Date: 2017-05-15T20:44:26Z NIFI-3901: - Addressing response code of POST /provenance/lineage. - Ensuring cluster node details are set accordingly. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---