[jira] [Assigned] (NIFI-8058) Changing a property after deleting a dynamic property causes the dynamic property to return to the UI
[ https://issues.apache.org/jira/browse/NIFI-8058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] M Tien reassigned NIFI-8058: Assignee: M Tien > Changing a property after deleting a dynamic property causes the dynamic > property to return to the UI > - > > Key: NIFI-8058 > URL: https://issues.apache.org/jira/browse/NIFI-8058 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI >Reporter: Matt Burgess >Assignee: M Tien >Priority: Major > > When a dynamic property is deleted from a component configuration dialog, if > any other property is modified, it causes the deleted dynamic property to > reappear in the UI. > To reproduce: open a processor config dialog (GenerateFlowFile, e.g.), add a > couple dynamic properties and hit Apply. Then open the dialog again, delete > one of the dynamic properties, then change another property. This causes the > deleted property to show up again. The workaround is to delete the dynamic > property, click Apply, then reopen the dialog to change the other properties. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (NIFI-8059) As a user of the PutEmail processor I would like to be able to sign emails using a certificate
Cory Wixom created NIFI-8059: Summary: As a user of the PutEmail processor I would like to be able to sign emails using a certificate Key: NIFI-8059 URL: https://issues.apache.org/jira/browse/NIFI-8059 Project: Apache NiFi Issue Type: New Feature Reporter: Cory Wixom The current PutEmail processor is missing a couple important features to make it usable in certain secure environments. The most important of which is that it doesn't allow you to digitally sign an email with a certificate. This ticket is to modify the processor to allow taking an SSLContext and sign the email with the certificate. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (NIFI-8058) Changing a property after deleting a dynamic property causes the dynamic property to return to the UI
Matt Burgess created NIFI-8058: -- Summary: Changing a property after deleting a dynamic property causes the dynamic property to return to the UI Key: NIFI-8058 URL: https://issues.apache.org/jira/browse/NIFI-8058 Project: Apache NiFi Issue Type: Bug Components: Core UI Reporter: Matt Burgess When a dynamic property is deleted from a component configuration dialog, if any other property is modified, it causes the deleted dynamic property to reappear in the UI. To reproduce: open a processor config dialog (GenerateFlowFile, e.g.), add a couple dynamic properties and hit Apply. Then open the dialog again, delete one of the dynamic properties, then change another property. This causes the deleted property to show up again. The workaround is to delete the dynamic property, click Apply, then reopen the dialog to change the other properties. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-8057) Remove truststore check from SslContextFactory.createSslContext()
[ https://issues.apache.org/jira/browse/NIFI-8057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241877#comment-17241877 ] Peter Turcsanyi commented on NIFI-8057: --- [~alopresto] do you have any concerns about it? > Remove truststore check from SslContextFactory.createSslContext() > - > > Key: NIFI-8057 > URL: https://issues.apache.org/jira/browse/NIFI-8057 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.12.1 >Reporter: Peter Turcsanyi >Priority: Major > > NIFI-7407 introduced a check in {{SslContextFactory.createSslContext()}}: if > KS is configured, then TS must be configured too > ([https://github.com/apache/nifi/blob/857eeca3c7d4b275fd698430594e7fae4864feff/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java#L79]) > This constraint is too strict for server-style processors (like ListenGRPC) > where only a KS is needed for 1-way SSL (and the presence of TS turns on > 2-way SSL). > The check should be removed/relieved. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (NIFI-8057) Remove truststore check from SslContextFactory.createSslContext()
Peter Turcsanyi created NIFI-8057: - Summary: Remove truststore check from SslContextFactory.createSslContext() Key: NIFI-8057 URL: https://issues.apache.org/jira/browse/NIFI-8057 Project: Apache NiFi Issue Type: Bug Affects Versions: 1.12.1 Reporter: Peter Turcsanyi NIFI-7407 introduced a check in {{SslContextFactory.createSslContext()}}: if KS is configured, then TS must be configured too ([https://github.com/apache/nifi/blob/857eeca3c7d4b275fd698430594e7fae4864feff/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java#L79]) This constraint is too strict for server-style processors (like ListenGRPC) where only a KS is needed for 1-way SSL (and the presence of TS turns on 2-way SSL). The check should be removed/relieved. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (NIFI-7128) Extend StringEncryptor with SecureHasher capability
[ https://issues.apache.org/jira/browse/NIFI-7128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann reassigned NIFI-7128: -- Assignee: David Handermann > Extend StringEncryptor with SecureHasher capability > --- > > Key: NIFI-7128 > URL: https://issues.apache.org/jira/browse/NIFI-7128 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework, Security >Affects Versions: 1.11.1 >Reporter: Andy LoPresto >Assignee: David Handermann >Priority: Major > Labels: encryption, hashing, security > > The {{StringEncryptor}} should be refactored to an interface and a standard > implementation provided as {{StandardStringEncryptor}}. It could also offer a > default implementation of the {{SecureHasher}} interface (via delegation to > {{Argon2}}, which would allow for standard hashing capability present > anywhere the existing {{StringEncryptor}} is used. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-7198) Support TLS in RedisConnectionPoolService
[ https://issues.apache.org/jira/browse/NIFI-7198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-7198: --- Labels: Security TLS (was: ) > Support TLS in RedisConnectionPoolService > - > > Key: NIFI-7198 > URL: https://issues.apache.org/jira/browse/NIFI-7198 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.11.3 >Reporter: David >Priority: Minor > Labels: Security, TLS > > Redis now supports a TLS configuration ([https://redis.io/topics/encryption)] > I would like to make use of Redis as a DistrubutedMapCache provider, but our > environment requires all traffic be TLS encrypted and the > RedisConnectionPoolService does not support TLS. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi-minifi-cpp] hunyadi-dev opened a new pull request #948: MINIFICPP-1325 - Refactor and test YAML connection parsing
hunyadi-dev opened a new pull request #948: URL: https://github.com/apache/nifi-minifi-cpp/pull/948 Update-after-rebase from #874. This is a refactor and test only PR - done as prework for name and UUID usage rework. It is probably simplest to **review this PR on a per commit basis**. This PR fixes faulty scenarios for parsing configuration values related to connections. 1. We agreed to fix this one: https://issues.apache.org/jira/browse/MINIFICPP-1331 1. The others are documented here. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] hunyadi-dev commented on pull request #874: MINIFICPP-1325 - Refactor and test YAML connection parsing
hunyadi-dev commented on pull request #874: URL: https://github.com/apache/nifi-minifi-cpp/pull/874#issuecomment-736764240 Closing this PR and opening a new one for the same content rebased. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] hunyadi-dev closed pull request #874: MINIFICPP-1325 - Refactor and test YAML connection parsing
hunyadi-dev closed pull request #874: URL: https://github.com/apache/nifi-minifi-cpp/pull/874 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] markap14 commented on pull request #4698: NIFI-1121: Use display name for dependent property documentation
markap14 commented on pull request #4698: URL: https://github.com/apache/nifi/pull/4698#issuecomment-736702263 Great catch @mattyb149 , thanks for fixing that. Am +1 on the change. Will wait until Github Actions completes but assuming that it passes I'll merge to main. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Reopened] (NIFI-1121) Allow components' properties to depend on one another
[ https://issues.apache.org/jira/browse/NIFI-1121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Burgess reopened NIFI-1121: Reopening to add https://github.com/apache/nifi/pull/4698 > Allow components' properties to depend on one another > - > > Key: NIFI-1121 > URL: https://issues.apache.org/jira/browse/NIFI-1121 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework >Affects Versions: 1.11.4 >Reporter: Mark Payne >Assignee: M Tien >Priority: Major > Fix For: 1.13.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > Concept: A Processor developer (or Controller Service or Reporting Task > developer) should be able to indicate when building a PropertyDescriptor that > the property is "dependent on" another Property. If Property A depends on > Property B, then the following should happen: > Property A should not be shown in the Configure dialog unless a value is > selected for Property B. Additionally, if Property A is dependent on > particular values of Property B, then Property A should be shown only if > Property B is set to one of those values. > For example, in Compress Content, the "Compression Level" property should be > dependent on the "Mode" property being set to "Compress." This means that if > the "Mode" property is set to Decompress, then the UI would not show the > Compression Level property. This will be far less confusing for users, as it > will allow the UI to hide properties that irrelevant based on the > configuration. > Additionally, if Property A depends on Property B and Property A is required, > then a valid value must be set for Property A ONLY if Property B is set to a > value that Property A depends on. I.e., in the example above, the Compression > Level property can be required, but if the Mode is not set to Compress, then > it doesn't matter if the Compression Level property is set to a valid value - > the Processor will still be valid, because Compression Level is not a > relevant property in this case. > This provides developers to provide validation much more easily, as many > times the developer currently must implement the customValidate method to > ensure that if Property A is set that Property B must also be set. In this > case, it is taken care of by the framework simply by adding a dependency. > From an API perspective, it would manifest itself as having a new "dependsOn" > method added to the PropertyDescriptor.Builder class: > {code} > /** > * Indicates that this Property is relevant if and only if the parent property > has some (any) value set. > **/ > Builder dependsOn(PropertyDescriptor parent); > {code} > {code} > /** > * Indicates that this Property is relevant if and only if the parent > property is set to one of the values included in the 'relevantValues' > Collection. > **/ > Builder dependsOn(PropertyDescriptor parent, Collection > relevantValues); > {code} > In providing this capability, we will not only be able to hide properties > that are not valid based on the Processor's other configuration but will also > make the notion of "Strategy Properties" far more powerful/easy to use. This > is because we can now have a Property such as "My Capability Strategy" and > then have properties that are shown for each of the allowed strategies. > For example, in MergeContent, the Header, Footer, Demarcator could become > dependent on the "Bin-Packing Algorithm" Merge Strategy. These properties can > then be thought of logically as properties of that strategy itself. > This will require a few different parts of the application to be updated: > * nifi-api - must be updated to support the new methods. > * nifi-framework-core - must be updated to handle new validation logic for > components > * nifi-web - must be updated to show/hide properties based on other > properties' values > * nifi-mock - needs to handle the validation logic and ensure that developers > are using the API properly, throwing AssertionErrors if not > * nifi-docs - need to update the Developer Guide to explain how this works > * processors - many processors can be updated to take advantage of this new > capability -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi] mattyb149 opened a new pull request #4698: NIFI-1121: Use display name for dependent property documentation
mattyb149 opened a new pull request #4698: URL: https://github.com/apache/nifi/pull/4698 Thank you for submitting a contribution to Apache NiFi. Please provide a short description of the PR here: Description of PR Before this PR, the machine-friendly name was being shown in the documentation for dependent properties, which can make it difficult to map to the other property's name/doc. This minor change shows the display name instead. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with **NIFI-** where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically `main`)? - [x] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._ ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder? - [x] Have you written or updated unit tests to verify your changes? - [x] Have you verified that the full build is successful on JDK 8? - [ ] Have you verified that the full build is successful on JDK 11? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`? - [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`? - [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] lordgamez commented on a change in pull request #942: MINIFICPP-1410 Add permissions property support for Putfile processor
lordgamez commented on a change in pull request #942: URL: https://github.com/apache/nifi-minifi-cpp/pull/942#discussion_r533564990 ## File path: libminifi/include/utils/file/FileUtils.h ## @@ -303,55 +322,74 @@ inline bool get_uid_gid(const std::string , uint64_t , uint64_t ) { #endif inline int is_directory(const char * path) { -struct stat dir_stat; -if (stat(path, _stat) < 0) { -return 0; -} -return S_ISDIR(dir_stat.st_mode); + struct stat dir_stat; + if (stat(path, _stat) < 0) { + return 0; + } + return S_ISDIR(dir_stat.st_mode); +} + +inline int exists(const std::string& path) { Review comment: Fixed in [163bbea](https://github.com/apache/nifi-minifi-cpp/pull/942/commits/163bbeaa1f80756ff7d9b3f034e4e0bc71c3dcee) ## File path: extensions/standard-processors/processors/PutFile.cpp ## @@ -54,6 +54,19 @@ core::Property PutFile::CreateDirs("Create Missing Directories", "If true, then core::Property PutFile::MaxDestFiles( core::PropertyBuilder::createProperty("Maximum File Count")->withDescription("Specifies the maximum number of files that can exist in the output directory")->withDefaultValue(-1)->build()); +#ifndef WIN32 +core::Property PutFile::Permissions( +core::PropertyBuilder::createProperty("Permissions") + ->withDescription("Sets the permissions on the output file to the value of this attribute. " +"Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.") Review comment: Fixed in [163bbea](https://github.com/apache/nifi-minifi-cpp/pull/942/commits/163bbeaa1f80756ff7d9b3f034e4e0bc71c3dcee) ## File path: PROCESSORS.md ## @@ -899,6 +899,8 @@ In the list below, the names of required properties appear in bold. Any other pr |**Create Missing Directories**|true||If true, then missing destination directories will be created. If false, flowfiles are penalized and sent to failure.| |Directory|.||The output directory to which to put files**Supports Expression Language: true**| |Maximum File Count|-1||Specifies the maximum number of files that can exist in the output directory| +|Permissions|||Sets the permissions on the output file to the value of this attribute. Format must be in octal number (e.g. 644 or 0755). Not supported on Windows systems.| +|Directory Permissions|||Sets the permissions on the directories being created if 'Create Missing Directories' property is set. Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.| Review comment: Fixed in [163bbea](https://github.com/apache/nifi-minifi-cpp/pull/942/commits/163bbeaa1f80756ff7d9b3f034e4e0bc71c3dcee) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] lordgamez commented on a change in pull request #942: MINIFICPP-1410 Add permissions property support for Putfile processor
lordgamez commented on a change in pull request #942: URL: https://github.com/apache/nifi-minifi-cpp/pull/942#discussion_r533552705 ## File path: extensions/standard-processors/processors/PutFile.cpp ## @@ -54,6 +54,19 @@ core::Property PutFile::CreateDirs("Create Missing Directories", "If true, then core::Property PutFile::MaxDestFiles( core::PropertyBuilder::createProperty("Maximum File Count")->withDescription("Specifies the maximum number of files that can exist in the output directory")->withDefaultValue(-1)->build()); +#ifndef WIN32 +core::Property PutFile::Permissions( +core::PropertyBuilder::createProperty("Permissions") + ->withDescription("Sets the permissions on the output file to the value of this attribute. " +"Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.") + ->build()); +core::Property PutFile::DirectoryPermissions( +core::PropertyBuilder::createProperty("Directory Permissions") + ->withDescription("Sets the permissions on the directories being created if 'Create Missing Directories' property is set. " +"Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.") + ->build()); Review comment: In that case it works the same way as `boost::filesystem::create_directory` which is creating the directory in mode `777` then applies the system's default umask. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] lordgamez commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
lordgamez commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533408675 ## File path: encrypt-config/ArgParser.cpp ## @@ -0,0 +1,178 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include "ArgParser.h" +#include "utils/OptionalUtils.h" +#include "utils/StringUtils.h" +#include "CommandException.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace encrypt_config { + +const std::vector Arguments::registered_args_{ +{std::set{"--minifi-home", "-m"}, + true, + "minifi home", + "Specifies the home directory used by the minifi agent"} +}; + +const std::vector Arguments::registered_flags_{ +{std::set{"--help", "-h"}, + "Prints this help message"}, +{std::set{"--encrypt-flow-config"}, + "If set, the flow configuration file (as specified in minifi.properties) is also encrypted."} +}; + +bool haveCommonItem(const std::set& a, const std::set& b) { Review comment: This could be moved to utils, also could be generalized as a template. ## File path: libminifi/src/c2/C2Client.cpp ## @@ -0,0 +1,318 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include "c2/C2Client.h" +#include "core/state/nodes/MetricsBase.h" +#include "core/state/nodes/QueueMetrics.h" +#include "core/state/nodes/AgentInformation.h" +#include "core/state/nodes/RepositoryMetrics.h" +#include "properties/Configure.h" +#include "core/state/UpdateController.h" +#include "core/controller/ControllerServiceProvider.h" +#include "c2/C2Agent.h" +#include "core/state/nodes/FlowInformation.h" +#include "utils/file/FileSystem.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace c2 { + +C2Client::C2Client( +std::shared_ptr configuration, std::shared_ptr provenance_repo, +std::shared_ptr flow_file_repo, std::shared_ptr content_repo, +std::unique_ptr flow_configuration, std::shared_ptr filesystem, +std::shared_ptr logger) +: core::Flow(std::move(provenance_repo), std::move(flow_file_repo), std::move(content_repo), std::move(flow_configuration)), + configuration_(std::move(configuration)), + filesystem_(std::move(filesystem)), + logger_(std::move(logger)) {} + +void C2Client::stopC2() { + if (c2_agent_) { +c2_agent_->stop(); + } +} + +bool C2Client::isC2Enabled() const { + std::string c2_enable_str; + configuration_->get(Configure::nifi_c2_enable, "c2.enable", c2_enable_str); + return utils::StringUtils::toBool(c2_enable_str).value_or(false); +} + +void C2Client::initialize(core::controller::ControllerServiceProvider *controller, const std::shared_ptr _sink) { + std::string class_str; + configuration_->get("nifi.c2.agent.class", "c2.agent.class", class_str); + configuration_->setAgentClass(class_str); + + if (!isC2Enabled()) { +return; + } + + if (class_str.empty()) { +logger_->log_error("Class name must be defined when C2 is enabled"); +throw std::runtime_error("Class name must be defined when C2 is enabled"); + } + + std::string identifier_str; + if (!configuration_->get("nifi.c2.agent.identifier", "c2.agent.identifier", identifier_str) || identifier_str.empty()) { +// set to the flow controller's identifier +identifier_str = getControllerUUID().to_string(); + } +
[GitHub] [nifi-minifi-cpp] fgerlits commented on a change in pull request #942: MINIFICPP-1410 Add permissions property support for Putfile processor
fgerlits commented on a change in pull request #942: URL: https://github.com/apache/nifi-minifi-cpp/pull/942#discussion_r533520945 ## File path: PROCESSORS.md ## @@ -899,6 +899,8 @@ In the list below, the names of required properties appear in bold. Any other pr |**Create Missing Directories**|true||If true, then missing destination directories will be created. If false, flowfiles are penalized and sent to failure.| |Directory|.||The output directory to which to put files**Supports Expression Language: true**| |Maximum File Count|-1||Specifies the maximum number of files that can exist in the output directory| +|Permissions|||Sets the permissions on the output file to the value of this attribute. Format must be in octal number (e.g. 644 or 0755). Not supported on Windows systems.| +|Directory Permissions|||Sets the permissions on the directories being created if 'Create Missing Directories' property is set. Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.| Review comment: Typo: two "format"s. I would get rid of all "format"s and write "Must be an octal number (e.g. 644 or 0755)." in both property descriptions. ## File path: libminifi/include/utils/file/FileUtils.h ## @@ -303,55 +322,74 @@ inline bool get_uid_gid(const std::string , uint64_t , uint64_t ) { #endif inline int is_directory(const char * path) { -struct stat dir_stat; -if (stat(path, _stat) < 0) { -return 0; -} -return S_ISDIR(dir_stat.st_mode); + struct stat dir_stat; + if (stat(path, _stat) < 0) { + return 0; + } + return S_ISDIR(dir_stat.st_mode); +} + +inline int exists(const std::string& path) { Review comment: I can see that returning 0 (true) and -1 (false) fits into the existing pattern, but I think it would be better to return a `bool` at least from `is_directory()` and `exists()`. ## File path: extensions/standard-processors/processors/PutFile.cpp ## @@ -54,6 +54,19 @@ core::Property PutFile::CreateDirs("Create Missing Directories", "If true, then core::Property PutFile::MaxDestFiles( core::PropertyBuilder::createProperty("Maximum File Count")->withDescription("Specifies the maximum number of files that can exist in the output directory")->withDefaultValue(-1)->build()); +#ifndef WIN32 +core::Property PutFile::Permissions( +core::PropertyBuilder::createProperty("Permissions") + ->withDescription("Sets the permissions on the output file to the value of this attribute. " +"Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.") Review comment: even more "format"s here :) same suggestion as above ## File path: extensions/standard-processors/processors/PutFile.cpp ## @@ -54,6 +54,19 @@ core::Property PutFile::CreateDirs("Create Missing Directories", "If true, then core::Property PutFile::MaxDestFiles( core::PropertyBuilder::createProperty("Maximum File Count")->withDescription("Specifies the maximum number of files that can exist in the output directory")->withDefaultValue(-1)->build()); +#ifndef WIN32 +core::Property PutFile::Permissions( +core::PropertyBuilder::createProperty("Permissions") + ->withDescription("Sets the permissions on the output file to the value of this attribute. " +"Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.") + ->build()); +core::Property PutFile::DirectoryPermissions( +core::PropertyBuilder::createProperty("Directory Permissions") + ->withDescription("Sets the permissions on the directories being created if 'Create Missing Directories' property is set. " +"Format must be format octal number (e.g. 644 or 0755). Not supported on Windows systems.") + ->build()); Review comment: What happens if these are not set? I would have expected a default value here. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-7906) Add graph processor with flexibility to query graph database conditioned on flowfile content and attirbutes
[ https://issues.apache.org/jira/browse/NIFI-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241670#comment-17241670 ] ASF subversion and git services commented on NIFI-7906: --- Commit c29cced269dcce28fb9ba034025d01e76a79b037 in nifi's branch refs/heads/main from Levi Lentz [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c29cced ] NIFI-7906: parameterized graph query NIFI-7906: addressing PR concerns NIFI-7906: code styling fixes NIFI-7906: adding in license information to new files + enables processor in META-INF NIFI-7906: exclude test files from RAT NIFI-7906: PR refactor to streamline graph response NIFI-7906: removing ERRORS output Unused after refactor Did a few cleanups for the contributor. This closes #4638 Signed-off-by: Mike Thomsen > Add graph processor with flexibility to query graph database conditioned on > flowfile content and attirbutes > --- > > Key: NIFI-7906 > URL: https://issues.apache.org/jira/browse/NIFI-7906 > Project: Apache NiFi > Issue Type: New Feature >Reporter: Levi Lentz >Assignee: Levi Lentz >Priority: Minor > Labels: graph > Fix For: 1.13.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > The current graph bundle currently does not allow you to query the graph > database (as defined in the GraphClientService) with attributes or content > available in the flow file. > > This functionality would allow uses to perform dynamic queries/mutations of > the underlying graph data based. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7906) Add graph processor with flexibility to query graph database conditioned on flowfile content and attirbutes
[ https://issues.apache.org/jira/browse/NIFI-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241666#comment-17241666 ] ASF subversion and git services commented on NIFI-7906: --- Commit c29cced269dcce28fb9ba034025d01e76a79b037 in nifi's branch refs/heads/main from Levi Lentz [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c29cced ] NIFI-7906: parameterized graph query NIFI-7906: addressing PR concerns NIFI-7906: code styling fixes NIFI-7906: adding in license information to new files + enables processor in META-INF NIFI-7906: exclude test files from RAT NIFI-7906: PR refactor to streamline graph response NIFI-7906: removing ERRORS output Unused after refactor Did a few cleanups for the contributor. This closes #4638 Signed-off-by: Mike Thomsen > Add graph processor with flexibility to query graph database conditioned on > flowfile content and attirbutes > --- > > Key: NIFI-7906 > URL: https://issues.apache.org/jira/browse/NIFI-7906 > Project: Apache NiFi > Issue Type: New Feature >Reporter: Levi Lentz >Assignee: Levi Lentz >Priority: Minor > Labels: graph > Fix For: 1.13.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > The current graph bundle currently does not allow you to query the graph > database (as defined in the GraphClientService) with attributes or content > available in the flow file. > > This functionality would allow uses to perform dynamic queries/mutations of > the underlying graph data based. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7906) Add graph processor with flexibility to query graph database conditioned on flowfile content and attirbutes
[ https://issues.apache.org/jira/browse/NIFI-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241664#comment-17241664 ] ASF subversion and git services commented on NIFI-7906: --- Commit c29cced269dcce28fb9ba034025d01e76a79b037 in nifi's branch refs/heads/main from Levi Lentz [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c29cced ] NIFI-7906: parameterized graph query NIFI-7906: addressing PR concerns NIFI-7906: code styling fixes NIFI-7906: adding in license information to new files + enables processor in META-INF NIFI-7906: exclude test files from RAT NIFI-7906: PR refactor to streamline graph response NIFI-7906: removing ERRORS output Unused after refactor Did a few cleanups for the contributor. This closes #4638 Signed-off-by: Mike Thomsen > Add graph processor with flexibility to query graph database conditioned on > flowfile content and attirbutes > --- > > Key: NIFI-7906 > URL: https://issues.apache.org/jira/browse/NIFI-7906 > Project: Apache NiFi > Issue Type: New Feature >Reporter: Levi Lentz >Assignee: Levi Lentz >Priority: Minor > Labels: graph > Fix For: 1.13.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > The current graph bundle currently does not allow you to query the graph > database (as defined in the GraphClientService) with attributes or content > available in the flow file. > > This functionality would allow uses to perform dynamic queries/mutations of > the underlying graph data based. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7906) Add graph processor with flexibility to query graph database conditioned on flowfile content and attirbutes
[ https://issues.apache.org/jira/browse/NIFI-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241668#comment-17241668 ] ASF subversion and git services commented on NIFI-7906: --- Commit c29cced269dcce28fb9ba034025d01e76a79b037 in nifi's branch refs/heads/main from Levi Lentz [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c29cced ] NIFI-7906: parameterized graph query NIFI-7906: addressing PR concerns NIFI-7906: code styling fixes NIFI-7906: adding in license information to new files + enables processor in META-INF NIFI-7906: exclude test files from RAT NIFI-7906: PR refactor to streamline graph response NIFI-7906: removing ERRORS output Unused after refactor Did a few cleanups for the contributor. This closes #4638 Signed-off-by: Mike Thomsen > Add graph processor with flexibility to query graph database conditioned on > flowfile content and attirbutes > --- > > Key: NIFI-7906 > URL: https://issues.apache.org/jira/browse/NIFI-7906 > Project: Apache NiFi > Issue Type: New Feature >Reporter: Levi Lentz >Assignee: Levi Lentz >Priority: Minor > Labels: graph > Fix For: 1.13.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > The current graph bundle currently does not allow you to query the graph > database (as defined in the GraphClientService) with attributes or content > available in the flow file. > > This functionality would allow uses to perform dynamic queries/mutations of > the underlying graph data based. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7906) Add graph processor with flexibility to query graph database conditioned on flowfile content and attirbutes
[ https://issues.apache.org/jira/browse/NIFI-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241667#comment-17241667 ] ASF subversion and git services commented on NIFI-7906: --- Commit c29cced269dcce28fb9ba034025d01e76a79b037 in nifi's branch refs/heads/main from Levi Lentz [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c29cced ] NIFI-7906: parameterized graph query NIFI-7906: addressing PR concerns NIFI-7906: code styling fixes NIFI-7906: adding in license information to new files + enables processor in META-INF NIFI-7906: exclude test files from RAT NIFI-7906: PR refactor to streamline graph response NIFI-7906: removing ERRORS output Unused after refactor Did a few cleanups for the contributor. This closes #4638 Signed-off-by: Mike Thomsen > Add graph processor with flexibility to query graph database conditioned on > flowfile content and attirbutes > --- > > Key: NIFI-7906 > URL: https://issues.apache.org/jira/browse/NIFI-7906 > Project: Apache NiFi > Issue Type: New Feature >Reporter: Levi Lentz >Assignee: Levi Lentz >Priority: Minor > Labels: graph > Fix For: 1.13.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > The current graph bundle currently does not allow you to query the graph > database (as defined in the GraphClientService) with attributes or content > available in the flow file. > > This functionality would allow uses to perform dynamic queries/mutations of > the underlying graph data based. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7906) Add graph processor with flexibility to query graph database conditioned on flowfile content and attirbutes
[ https://issues.apache.org/jira/browse/NIFI-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241665#comment-17241665 ] ASF subversion and git services commented on NIFI-7906: --- Commit c29cced269dcce28fb9ba034025d01e76a79b037 in nifi's branch refs/heads/main from Levi Lentz [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c29cced ] NIFI-7906: parameterized graph query NIFI-7906: addressing PR concerns NIFI-7906: code styling fixes NIFI-7906: adding in license information to new files + enables processor in META-INF NIFI-7906: exclude test files from RAT NIFI-7906: PR refactor to streamline graph response NIFI-7906: removing ERRORS output Unused after refactor Did a few cleanups for the contributor. This closes #4638 Signed-off-by: Mike Thomsen > Add graph processor with flexibility to query graph database conditioned on > flowfile content and attirbutes > --- > > Key: NIFI-7906 > URL: https://issues.apache.org/jira/browse/NIFI-7906 > Project: Apache NiFi > Issue Type: New Feature >Reporter: Levi Lentz >Assignee: Levi Lentz >Priority: Minor > Labels: graph > Fix For: 1.13.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > The current graph bundle currently does not allow you to query the graph > database (as defined in the GraphClientService) with attributes or content > available in the flow file. > > This functionality would allow uses to perform dynamic queries/mutations of > the underlying graph data based. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7906) Add graph processor with flexibility to query graph database conditioned on flowfile content and attirbutes
[ https://issues.apache.org/jira/browse/NIFI-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241669#comment-17241669 ] ASF subversion and git services commented on NIFI-7906: --- Commit c29cced269dcce28fb9ba034025d01e76a79b037 in nifi's branch refs/heads/main from Levi Lentz [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c29cced ] NIFI-7906: parameterized graph query NIFI-7906: addressing PR concerns NIFI-7906: code styling fixes NIFI-7906: adding in license information to new files + enables processor in META-INF NIFI-7906: exclude test files from RAT NIFI-7906: PR refactor to streamline graph response NIFI-7906: removing ERRORS output Unused after refactor Did a few cleanups for the contributor. This closes #4638 Signed-off-by: Mike Thomsen > Add graph processor with flexibility to query graph database conditioned on > flowfile content and attirbutes > --- > > Key: NIFI-7906 > URL: https://issues.apache.org/jira/browse/NIFI-7906 > Project: Apache NiFi > Issue Type: New Feature >Reporter: Levi Lentz >Assignee: Levi Lentz >Priority: Minor > Labels: graph > Fix For: 1.13.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > The current graph bundle currently does not allow you to query the graph > database (as defined in the GraphClientService) with attributes or content > available in the flow file. > > This functionality would allow uses to perform dynamic queries/mutations of > the underlying graph data based. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi] asfgit closed pull request #4638: NIFI-7906: parameterized graph query
asfgit closed pull request #4638: URL: https://github.com/apache/nifi/pull/4638 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] MikeThomsen commented on a change in pull request #4638: NIFI-7906: parameterized graph query
MikeThomsen commented on a change in pull request #4638: URL: https://github.com/apache/nifi/pull/4638#discussion_r533437833 ## File path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/src/main/java/org/apache/nifi/processors/graph/ExecuteGraphQueryRecord.java ## @@ -0,0 +1,272 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.processors.graph; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.nifi.annotation.behavior.DynamicProperty; +import org.apache.nifi.annotation.behavior.InputRequirement; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.Validator; +import org.apache.nifi.expression.ExpressionLanguageScope; +import org.apache.nifi.flowfile.FlowFile; +import org.apache.nifi.annotation.behavior.WritesAttribute; +import org.apache.nifi.annotation.behavior.WritesAttributes; +import org.apache.nifi.annotation.lifecycle.OnScheduled; +import org.apache.nifi.annotation.documentation.CapabilityDescription; +import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.graph.GraphClientService; +import org.apache.nifi.processor.exception.ProcessException; +import org.apache.nifi.processor.ProcessContext; +import org.apache.nifi.processor.ProcessSession; +import org.apache.nifi.processor.Relationship; +import org.apache.nifi.processor.util.StandardValidators; +import org.apache.nifi.record.path.FieldValue; +import org.apache.nifi.record.path.RecordPath; +import org.apache.nifi.record.path.RecordPathResult; +import org.apache.nifi.record.path.util.RecordPathCache; +import org.apache.nifi.serialization.RecordReader; +import org.apache.nifi.serialization.RecordReaderFactory; +import org.apache.nifi.serialization.RecordSetWriterFactory; + +import org.apache.nifi.serialization.record.Record; + +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.charset.StandardCharsets; +import java.util.List; +import java.util.Map; +import java.util.HashMap; +import java.util.Set; +import java.util.HashSet; +import java.util.Arrays; +import java.util.ArrayList; +import java.util.Collections; +import java.util.stream.Collectors; + +@Tags({"graph, gremlin"}) +@CapabilityDescription("This uses a flowfile as input to perform graph mutations.") +@WritesAttributes({ +@WritesAttribute(attribute = ExecuteGraphQueryRecord.GRAPH_OPERATION_TIME, description = "The amount of time it took to execute all of the graph operations."), +@WritesAttribute(attribute = ExecuteGraphQueryRecord.RECORD_COUNT, description = "The amount of record processed") +}) +@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED) +@DynamicProperty(name = "A FlowFile property to be used as a parameter in the graph script", Review comment: Wording's a little inaccurate, but I'll change this. ## File path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/src/main/java/org/apache/nifi/processors/graph/ExecuteGraphQueryRecord.java ## @@ -0,0 +1,272 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.processors.graph; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.nifi.annotation.behavior.DynamicProperty; +import org.apache.nifi.annotation.behavior.InputRequirement; +import
[GitHub] [nifi] ottobackwards commented on a change in pull request #4685: NIFI-8042: Fixed bug that was escaping Expression Language references…
ottobackwards commented on a change in pull request #4685: URL: https://github.com/apache/nifi/pull/4685#discussion_r533514874 ## File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestReplaceText.java ## @@ -53,6 +54,66 @@ public TestRunner getRunner() { return runner; } Review comment: I think the edge case is where there is a mix of expression language and other things like captures etc. Maybe a multi-case test would be appropriate? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] ottobackwards commented on a change in pull request #4685: NIFI-8042: Fixed bug that was escaping Expression Language references…
ottobackwards commented on a change in pull request #4685: URL: https://github.com/apache/nifi/pull/4685#discussion_r533513856 ## File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ReplaceText.java ## @@ -602,8 +602,7 @@ public boolean isAllDataBufferedForEntireText() { @Override public FlowFile replace(FlowFile flowFile, final ProcessSession session, final ProcessContext context, final String evaluateMode, final Charset charset, final int maxBufferSize) { Review comment: I think one of the issues with maintaining this processor is that the reasons why things are quoted, escaped or not escaped are not documented in the code. Maybe a comment here would be helpful? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-7260) Scripted controller services do not handle Module Directory changes or script errors properly
[ https://issues.apache.org/jira/browse/NIFI-7260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Thomsen updated NIFI-7260: --- Fix Version/s: 1.13.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Scripted controller services do not handle Module Directory changes or script > errors properly > - > > Key: NIFI-7260 > URL: https://issues.apache.org/jira/browse/NIFI-7260 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Matt Burgess >Assignee: Matt Burgess >Priority: Major > Fix For: 1.13.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Currently for all scripted controller services (ScriptedReader, e.g.) the > scripting engine (with additional classpath modules defined by the Module > Directory property) is only recreated when the Script Engine property has > changed. It should be recreated when the Module Directory property has > changed as well. > In addition, the controller service can be enabled even with an error in the > script. The controller service reports internally that it is invalid, but > becomes enabled anyway, hiding the invalid status from the user. They may > also suffer from the issue in NIFI-4968 with logging while the script is > invalid. Instead an exception should be thrown, which prevents the CS from > being enabled, then the fix from NIFI-4968 should be applied so that > excessive logging does not occur while the CS is invalid. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7260) Scripted controller services do not handle Module Directory changes or script errors properly
[ https://issues.apache.org/jira/browse/NIFI-7260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241584#comment-17241584 ] ASF subversion and git services commented on NIFI-7260: --- Commit 64e3599f05865c0adfce95da15e1677744ea39f4 in nifi's branch refs/heads/main from Matt Burgess [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=64e3599 ] NIFI-7260: Fix error handling and re-evaluate Module Directory property on changed for scripted controller services This closes #4147 Signed-off-by: Mike Thomsen > Scripted controller services do not handle Module Directory changes or script > errors properly > - > > Key: NIFI-7260 > URL: https://issues.apache.org/jira/browse/NIFI-7260 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Matt Burgess >Assignee: Matt Burgess >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > Currently for all scripted controller services (ScriptedReader, e.g.) the > scripting engine (with additional classpath modules defined by the Module > Directory property) is only recreated when the Script Engine property has > changed. It should be recreated when the Module Directory property has > changed as well. > In addition, the controller service can be enabled even with an error in the > script. The controller service reports internally that it is invalid, but > becomes enabled anyway, hiding the invalid status from the user. They may > also suffer from the issue in NIFI-4968 with logging while the script is > invalid. Instead an exception should be thrown, which prevents the CS from > being enabled, then the fix from NIFI-4968 should be applied so that > excessive logging does not occur while the CS is invalid. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi] asfgit closed pull request #4147: NIFI-7260: Fix error handling and re-evaluate Module Directory property on changed for scripted controller services
asfgit closed pull request #4147: URL: https://github.com/apache/nifi/pull/4147 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-8053) ReplaceText with Expression Language in Match Group results in Data Loss/Corruption
[ https://issues.apache.org/jira/browse/NIFI-8053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Villard updated NIFI-8053: - Component/s: (was: Core Framework) Extensions > ReplaceText with Expression Language in Match Group results in Data > Loss/Corruption > --- > > Key: NIFI-8053 > URL: https://issues.apache.org/jira/browse/NIFI-8053 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.11.4, 1.12.1 > Environment: Running in Docker in Kubernetes on a Ubuntu Host >Reporter: Robin Lutz >Priority: Blocker > Attachments: replace_text_race_condition.xml > > > This seems to be related to https://issues.apache.org/jira/browse/NIFI-7683 > When I run a ReplaceText processor with multiple Threads and also manipulate > the result within an expression (im my case _${'$1':escapeJson()}_), the > processor will corrupt (cut off) or loose data. > I attached a template that demonstrates the case. > I did not see these problems in 1.11.2, never tried 1.11.3, and have i since > then with every release (1.12.0 and 1.12.1). > Finally, after noticing the bug mentioned above, I was able to reproduce the > problem. > Blocker and Important, because the user can loose data. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-8053) ReplaceText with Expression Language in Match Group results in Data Loss/Corruption
[ https://issues.apache.org/jira/browse/NIFI-8053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Villard updated NIFI-8053: - Fix Version/s: 1.13.0 > ReplaceText with Expression Language in Match Group results in Data > Loss/Corruption > --- > > Key: NIFI-8053 > URL: https://issues.apache.org/jira/browse/NIFI-8053 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.11.4, 1.12.1 > Environment: Running in Docker in Kubernetes on a Ubuntu Host >Reporter: Robin Lutz >Priority: Blocker > Fix For: 1.13.0 > > Attachments: replace_text_race_condition.xml > > > This seems to be related to https://issues.apache.org/jira/browse/NIFI-7683 > When I run a ReplaceText processor with multiple Threads and also manipulate > the result within an expression (im my case _${'$1':escapeJson()}_), the > processor will corrupt (cut off) or loose data. > I attached a template that demonstrates the case. > I did not see these problems in 1.11.2, never tried 1.11.3, and have i since > then with every release (1.12.0 and 1.12.1). > Finally, after noticing the bug mentioned above, I was able to reproduce the > problem. > Blocker and Important, because the user can loose data. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (NIFI-8053) ReplaceText with Expression Language in Match Group results in Data Loss/Corruption
[ https://issues.apache.org/jira/browse/NIFI-8053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Villard resolved NIFI-8053. -- Resolution: Duplicate > ReplaceText with Expression Language in Match Group results in Data > Loss/Corruption > --- > > Key: NIFI-8053 > URL: https://issues.apache.org/jira/browse/NIFI-8053 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.11.4, 1.12.1 > Environment: Running in Docker in Kubernetes on a Ubuntu Host >Reporter: Robin Lutz >Priority: Blocker > Attachments: replace_text_race_condition.xml > > > This seems to be related to https://issues.apache.org/jira/browse/NIFI-7683 > When I run a ReplaceText processor with multiple Threads and also manipulate > the result within an expression (im my case _${'$1':escapeJson()}_), the > processor will corrupt (cut off) or loose data. > I attached a template that demonstrates the case. > I did not see these problems in 1.11.2, never tried 1.11.3, and have i since > then with every release (1.12.0 and 1.12.1). > Finally, after noticing the bug mentioned above, I was able to reproduce the > problem. > Blocker and Important, because the user can loose data. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [nifi-minifi-cpp] fgerlits opened a new pull request #947: MINIFICPP-1401 Read certificates from the Windows system store
fgerlits opened a new pull request #947: URL: https://github.com/apache/nifi-minifi-cpp/pull/947 https://issues.apache.org/jira/browse/MINIFICPP-1401 If the (new) `nifi.security.use.system.cert.store` property is set to true, then read client and server certificates from the Windows system store if no certificate file is given in the properties. On Linux/Mac, only server certificates are supported, and even that is untested. By default, we use `LocalMachine/ROOT` ("Trusted Root Certification Authorities") as the server cert store and `LocalMachine/MY` ("Personal") as the client cert store, but these can be overridden by setting the `nifi.security.windows.cert.store.location` (default: `LocalMachine`) `nifi.security.windows.server.cert.store` (default: `ROOT`) `nifi.security.windows.client.cert.store` (default: `MY`) properties. If `nifi.security.windows.client.cert.cn` is given a non-empty value, then the client certificate will only be accepted if it has this CN (in the Subject). `nifi.security.windows.client.cert.key.usage` can contain a list of comma-separated Extended Key Usage strings; the default is "Client Authentication". The client certificate will only be accepted if its Extended Key Usage contains all these key usages (it is allowed to contain more). --- Thank you for submitting a contribution to Apache NiFi - MiNiFi C++. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with MINIFICPP- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically main)? - [x] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file? - [ ] If applicable, have you updated the NOTICE file? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] lordgamez commented on a change in pull request #940: MINIFICPP-1373 - Implement ConsumeKafka
lordgamez commented on a change in pull request #940: URL: https://github.com/apache/nifi-minifi-cpp/pull/940#discussion_r530919194 ## File path: extensions/librdkafka/ConsumeKafka.cpp ## @@ -0,0 +1,522 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ConsumeKafka.h" + +#include +#include + +#include "core/PropertyValidation.h" +#include "utils/ProcessorConfigUtils.h" +#include "utils/gsl.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace processors { + +constexpr const std::size_t ConsumeKafka::DEFAULT_MAX_POLL_RECORDS; +constexpr char const* ConsumeKafka::DEFAULT_MAX_POLL_TIME; + +core::Property ConsumeKafka::KafkaBrokers(core::PropertyBuilder::createProperty("Kafka Brokers") + ->withDescription("A comma-separated list of known Kafka Brokers in the format :.") + ->withDefaultValue("localhost:9092", core::StandardValidators::get().NON_BLANK_VALIDATOR) + ->supportsExpressionLanguage(true) + ->isRequired(true) + ->build()); + +core::Property ConsumeKafka::SecurityProtocol(core::PropertyBuilder::createProperty("Security Protocol") + ->withDescription("This property is currently not supported. Protocol used to communicate with brokers. Corresponds to Kafka's 'security.protocol' property.") + ->withAllowableValues({SECURITY_PROTOCOL_PLAINTEXT/*, SECURITY_PROTOCOL_SSL, SECURITY_PROTOCOL_SASL_PLAINTEXT, SECURITY_PROTOCOL_SASL_SSL*/ }) + ->withDefaultValue(SECURITY_PROTOCOL_PLAINTEXT) + ->isRequired(true) + ->build()); + +core::Property ConsumeKafka::TopicNames(core::PropertyBuilder::createProperty("Topic Names") + ->withDescription("The name of the Kafka Topic(s) to pull from. More than one can be supplied if comma separated.") + ->supportsExpressionLanguage(true) + ->build()); + +core::Property ConsumeKafka::TopicNameFormat(core::PropertyBuilder::createProperty("Topic Name Format") + ->withDescription("Specifies whether the Topic(s) provided are a comma separated list of names or a single regular expression.") + ->withAllowableValues({TOPIC_FORMAT_NAMES, TOPIC_FORMAT_PATTERNS}) + ->withDefaultValue(TOPIC_FORMAT_NAMES) + ->build()); + +core::Property ConsumeKafka::HonorTransactions(core::PropertyBuilder::createProperty("Honor Transactions") + ->withDescription( + "Specifies whether or not NiFi should honor transactional guarantees when communicating with Kafka. If false, the Processor will use an \"isolation level\" of " + "read_uncomitted. This means that messages will be received as soon as they are written to Kafka but will be pulled, even if the producer cancels the transactions. " + "If this value is true, NiFi will not receive any messages for which the producer's transaction was canceled, but this can result in some latency since the consumer " + "must wait for the producer to finish its entire transaction instead of pulling as the messages become available.") + ->withDefaultValue(true) + ->isRequired(true) + ->build()); + +core::Property ConsumeKafka::GroupID(core::PropertyBuilder::createProperty("Group ID") + ->withDescription("A Group ID is used to identify consumers that are within the same consumer group. Corresponds to Kafka's 'group.id' property.") + ->supportsExpressionLanguage(true) + ->build()); + +core::Property ConsumeKafka::OffsetReset(core::PropertyBuilder::createProperty("Offset Reset") + ->withDescription("Allows you to manage the condition when there is no initial offset in Kafka or if the current offset does not exist any more on the server (e.g. because that " + "data has been deleted). Corresponds to Kafka's 'auto.offset.reset' property.") + ->withAllowableValues({OFFSET_RESET_EARLIEST, OFFSET_RESET_LATEST, OFFSET_RESET_NONE}) + ->withDefaultValue(OFFSET_RESET_LATEST) + ->isRequired(true) + ->build()); + +core::Property ConsumeKafka::KeyAttributeEncoding(core::PropertyBuilder::createProperty("Key Attribute Encoding") + ->withDescription("FlowFiles that are emitted have an attribute named 'kafka.key'. This property dictates how the value of the attribute should be encoded.") + ->withAllowableValues({KEY_ATTR_ENCODING_UTF_8, KEY_ATTR_ENCODING_HEX}) +
[jira] [Commented] (NIFI-8056) openid integration with nifi is not working (in proxy environment)
[ https://issues.apache.org/jira/browse/NIFI-8056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241441#comment-17241441 ] Ramani J commented on NIFI-8056: Just to verify the probable fix. I have tested by having the latest version 8.27 instead of 6.x. Below fix is working fine in nifi with additional code changes with proxy information. com.nimbusds oauth2-oidc-sdk 8.27 > openid integration with nifi is not working (in proxy environment) > -- > > Key: NIFI-8056 > URL: https://issues.apache.org/jira/browse/NIFI-8056 > Project: Apache NiFi > Issue Type: Bug > Components: Security >Affects Versions: 1.12.1 > Environment: nifi 1.12.1 with open id (with proxy) >Reporter: Ramani J >Priority: Critical > > setup nifi 1.12.1 > configure open id integration > start the server after the openid configuration, it will not start and throw, > connection time out error > 2020-11-25 18:21:49,047 INFO [main] o.eclipse.jetty.server.AbstractConnector > Started ServerConnector@dd0c991\{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}2020-11-25 > 18:21:49,047 INFO [main] o.eclipse.jetty.server.AbstractConnector Started > ServerConnector@dd0c991\{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}2020-11-25 > 18:21:49,047 INFO [main] org.eclipse.jetty.server.Server Started > @172112ms2020-11-25 18:21:49,054 WARN [main] > org.apache.nifi.web.server.JettyServer Failed to start web server... shutting > down.org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'oidcService' defined in class path resource > [nifi-web-security-context.xml]: Bean instantiation via constructor failed; > nested exception is org.springframework.beans.BeanInstantiationException: > Failed to instantiate [org.apache.nifi.web.security.oidc.OidcService]: > Constructor threw exception; nested exception is java.lang.RuntimeException: > Unable to retrieve OpenId Connect Provider metadata from: > https://accounts.google.com/.well-known/openid-configuration at > org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:279) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481) > at > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312) > at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) > at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308) > at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) > at > org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761) > at > org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867) > at > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543) > at > org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443) > at > org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325) > at > org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) > at > org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:930) > at > org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:553) > at > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:889) > at > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) > at > org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1445) > at > org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1409) > at > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:822) > at > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) > at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524) at >
[jira] [Created] (NIFI-8056) openid integration with nifi is not working (in proxy environment)
Ramani J created NIFI-8056: -- Summary: openid integration with nifi is not working (in proxy environment) Key: NIFI-8056 URL: https://issues.apache.org/jira/browse/NIFI-8056 Project: Apache NiFi Issue Type: Bug Components: Security Affects Versions: 1.12.1 Environment: nifi 1.12.1 with open id (with proxy) Reporter: Ramani J setup nifi 1.12.1 configure open id integration start the server after the openid configuration, it will not start and throw, connection time out error 2020-11-25 18:21:49,047 INFO [main] o.eclipse.jetty.server.AbstractConnector Started ServerConnector@dd0c991\{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}2020-11-25 18:21:49,047 INFO [main] o.eclipse.jetty.server.AbstractConnector Started ServerConnector@dd0c991\{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}2020-11-25 18:21:49,047 INFO [main] org.eclipse.jetty.server.Server Started @172112ms2020-11-25 18:21:49,054 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'oidcService' defined in class path resource [nifi-web-security-context.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apache.nifi.web.security.oidc.OidcService]: Constructor threw exception; nested exception is java.lang.RuntimeException: Unable to retrieve OpenId Connect Provider metadata from: https://accounts.google.com/.well-known/openid-configuration at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:279) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:930) at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:553) at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:889) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1445) at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1409) at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:822) at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) at
[jira] [Updated] (MINIFICPP-1329) Fix implementation and usages of StringUtils::StringToBool
[ https://issues.apache.org/jira/browse/MINIFICPP-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adam Hunyadi updated MINIFICPP-1329: Description: *Background:* Conversions from string to other values in MiNiFi usually follow the convention of changing an output value and returning a boolean denoting the success of the conversion. For booleans however, this is not the case: {code:c++|title=Current Implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); std::istringstream(input) >> std::boolalpha >> output; return output; } {code} It is known to be misused in the code, for example this code assumes the return value false corresponds to a parse failure: [https://github.com/apache/nifi-minifi-cpp/blob/rel/minifi-cpp-0.7.0/extensions/opc/src/putopc.cpp#L319-L323] *Proposal:* If we want to stay consistent with the other conversions, we can do this: {code:c++|title=Minimum change for the new implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); output = "true" == input; return output || "false" == input; } {code} However, many cases use the return value as the conversion result. One should be cautious: # Introduce the new implementation next to the old one as a function with a different name # Change the return value to void on the original # Until the code compiles: ## Eliminate all the usages of return values as parsed values ## Redirect the checked value implementations to the copy # Change the implementation of the original to return the conversion success # Delete the copy # Search and replace the name of the copy to the original (i) With a bit more work, we can potentially change the return type to an optional, or a success enum. was: *Background:* Conversions from string to other values in MINIFI usually follow the convention of changing an output value and returning a boolean denoting the success of the conversion. For booleans however, this is not the case: {code:c++|title=Current Implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); std::istringstream(input) >> std::boolalpha >> output; return output; } {code} It is known to be misused in the code, for example this code assumes the return value false corresponds to a parse failure: [https://github.com/apache/nifi-minifi-cpp/blob/rel/minifi-cpp-0.7.0/extensions/opc/src/putopc.cpp#L319-L323] *Proposal:* If we want to stay consistent with the other conversions, we can do this: {code:c++|title=Minimum change for the new implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); output = "true" == input; return output || "false" == input; } {code} However, many cases use the return value as the conversion result. One should be cautious: # First we should copy the implementation to one with a different name # Change the return value to void on the original # Until the code compiles: ## Eliminate all the usages of return values as parsed values ## Redirect the checked value implementations to the copy # Change the implementation of the original to return the conversion success # Delete the copy # Search and replace the name of the copy to the original (your IDE can do this, but verify the result) (i) With a bit more work, we can potentially change the return type to an optional, or a success enum. > Fix implementation and usages of StringUtils::StringToBool > -- > > Key: MINIFICPP-1329 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1329 > Project: Apache NiFi MiNiFi C++ > Issue Type: Bug >Reporter: Adam Hunyadi >Priority: Minor > Labels: MiNiFi-CPP-Hygiene, beginner, newbie, starter > > *Background:* > Conversions from string to other values in MiNiFi usually follow the > convention of changing an output value and returning a boolean denoting the > success of the conversion. For booleans however, this is not the case: > {code:c++|title=Current Implementation} > bool StringUtils::StringToBool(std::string input, bool ) { > std::transform(input.begin(), input.end(), input.begin(), ::tolower); > std::istringstream(input) >> std::boolalpha >> output; > return output; > } > {code} > It is known to be misused in the code, for example this code assumes the > return value false corresponds to a parse failure: > > [https://github.com/apache/nifi-minifi-cpp/blob/rel/minifi-cpp-0.7.0/extensions/opc/src/putopc.cpp#L319-L323] > *Proposal:* > If we want to stay consistent with the other conversions, we can do
[jira] [Updated] (MINIFICPP-1329) Fix implementation and usages of StringUtils::StringToBool
[ https://issues.apache.org/jira/browse/MINIFICPP-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ferenc Gerlits updated MINIFICPP-1329: -- Description: *Background:* Conversions from string to other values in MINIFI usually follow the convention of changing an output value and returning a boolean denoting the success of the conversion. For booleans however, this is not the case: {code:c++|title=Current Implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); std::istringstream(input) >> std::boolalpha >> output; return output; } {code} It is known to be misused in the code, for example this code assumes the return value false corresponds to a parse failure: [https://github.com/apache/nifi-minifi-cpp/blob/rel/minifi-cpp-0.7.0/extensions/opc/src/putopc.cpp#L319-L323] *Proposal:* If we want to stay consistent with the other conversions, we can do this: {code:c++|title=Minimum change for the new implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); output = "true" == input; return output || "false" == input; } {code} However, many cases use the return value as the conversion result. One should be cautious: # First we should copy the implementation to one with a different name # Change the return value to void on the original # Until the code compiles: ## Eliminate all the usages of return values as parsed values ## Redirect the checked value implementations to the copy # Change the implementation of the original to return the conversion success # Delete the copy # Search and replace the name of the copy to the original (your IDE can do this, but verify the result) (i) With a bit more work, we can potentially change the return type to an optional, or a success enum. was: *Background:* Conversions from string to other values in MINIFI usually follow the convention of changing an output value and returning a boolean denoting the success of the conversion. For booleans however, this is not the case: {code:c++|title=Current Implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); std::istringstream(input) >> std::boolalpha >> output; return output; } {code} It is known to be misused in the code, for example this code assumes the return value false corresponds to a parse failure: [https://github.com/apache/nifi-minifi-cpp/blob/rel/minifi-cpp-0.7.0/extensions/opc/src/putopc.cpp#L319-L323] *Proposal:* If we want to stay consistent with the other conversions, we can do this: {code:c++|title=Minimum change for the new implementation} bool StringUtils::StringToBool(std::string input, bool ) { std::transform(input.begin(), input.end(), input.begin(), ::tolower); output = "true" == input; return output || "false" == input; } {code} However, many cases use the return value as the conversion result. One should be cautious: # First we should copy the implementation to one with a different name # Change the return value to void on the original # Until the code compiles: ## Eliminate all the usages of return values as parsed values ## Redirect the checked value implementations to the copy # Change the implementation of the original to return the conversion success # Delete the copy # Search and replace the name of the copy to the original (i) With a bit more work, we can potentially change the return type to an optional, or a success enum. > Fix implementation and usages of StringUtils::StringToBool > -- > > Key: MINIFICPP-1329 > URL: https://issues.apache.org/jira/browse/MINIFICPP-1329 > Project: Apache NiFi MiNiFi C++ > Issue Type: Bug >Reporter: Adam Hunyadi >Priority: Minor > Labels: MiNiFi-CPP-Hygiene, beginner, newbie, starter > > *Background:* > Conversions from string to other values in MINIFI usually follow the > convention of changing an output value and returning a boolean denoting the > success of the conversion. For booleans however, this is not the case: > {code:c++|title=Current Implementation} > bool StringUtils::StringToBool(std::string input, bool ) { > std::transform(input.begin(), input.end(), input.begin(), ::tolower); > std::istringstream(input) >> std::boolalpha >> output; > return output; > } > {code} > It is known to be misused in the code, for example this code assumes the > return value false corresponds to a parse failure: > > [https://github.com/apache/nifi-minifi-cpp/blob/rel/minifi-cpp-0.7.0/extensions/opc/src/putopc.cpp#L319-L323] > *Proposal:* > If we want to stay consistent with the other conversions, we can do this: >
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533149990 ## File path: extensions/http-curl/tests/C2ConfigEncryption.cpp ## @@ -0,0 +1,58 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#undef NDEBUG +#include +#include +#include "HTTPIntegrationBase.h" +#include "HTTPHandlers.h" +#include "utils/IntegrationTestUtils.h" +#include "utils/EncryptionProvider.h" + +int main(int argc, char **argv) { + const cmd_args args = parse_cmdline_args(argc, argv, "update"); + TestController controller; + // copy config file to temporary location as it will get overridden + char tmp_format[] = "/var/tmp/c2.XX"; + std::string home_path = controller.createTempDirectory(tmp_format); + std::string live_config_file = utils::file::FileUtils::concat_path(home_path, "config.yml"); + utils::file::FileUtils::copy_file(args.test_file, live_config_file); + // the C2 server will update the flow with the contents of args.test_file + // which will be encrypted and persisted to the temporary live_config_file + C2UpdateHandler handler(args.test_file); + VerifyC2Update harness(1); + harness.getConfiguration()->set(minifi::Configure::nifi_flow_configuration_encrypt, "true"); + harness.setKeyDir(args.key_dir); + harness.setUrl(args.url, ); + handler.setC2RestResponse(harness.getC2RestUrl(), "configuration", "true"); + + const auto start = std::chrono::system_clock::now(); Review comment: removed This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533152594 ## File path: libminifi/include/core/Flow.h ## @@ -0,0 +1,59 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include "core/ProcessGroup.h" +#include "core/Repository.h" +#include "core/ContentRepository.h" +#include "core/FlowConfiguration.h" +#include "utils/Id.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace core { + +class Flow { Review comment: (although the is-a relationship arising from the resulting inheritance-chain might be troublesome, we could go for protected inheritance or composition (generally I favor composition, but in this case I'd go with protected inheritance)) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533152594 ## File path: libminifi/include/core/Flow.h ## @@ -0,0 +1,59 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include "core/ProcessGroup.h" +#include "core/Repository.h" +#include "core/ContentRepository.h" +#include "core/FlowConfiguration.h" +#include "utils/Id.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace core { + +class Flow { Review comment: (although the is-a relationship arising from the resulting inheritance-chain might be troublesome, we could go for protected inheritance or composition) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533149990 ## File path: extensions/http-curl/tests/C2ConfigEncryption.cpp ## @@ -0,0 +1,58 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#undef NDEBUG +#include +#include +#include "HTTPIntegrationBase.h" +#include "HTTPHandlers.h" +#include "utils/IntegrationTestUtils.h" +#include "utils/EncryptionProvider.h" + +int main(int argc, char **argv) { + const cmd_args args = parse_cmdline_args(argc, argv, "update"); + TestController controller; + // copy config file to temporary location as it will get overridden + char tmp_format[] = "/var/tmp/c2.XX"; + std::string home_path = controller.createTempDirectory(tmp_format); + std::string live_config_file = utils::file::FileUtils::concat_path(home_path, "config.yml"); + utils::file::FileUtils::copy_file(args.test_file, live_config_file); + // the C2 server will update the flow with the contents of args.test_file + // which will be encrypted and persisted to the temporary live_config_file + C2UpdateHandler handler(args.test_file); + VerifyC2Update harness(1); + harness.getConfiguration()->set(minifi::Configure::nifi_flow_configuration_encrypt, "true"); + harness.setKeyDir(args.key_dir); + harness.setUrl(args.url, ); + handler.setC2RestResponse(harness.getC2RestUrl(), "configuration", "true"); + + const auto start = std::chrono::system_clock::now(); Review comment: remove ## File path: libminifi/src/utils/EncryptionProvider.cpp ## @@ -33,22 +40,19 @@ constexpr const char* CONFIG_ENCRYPTION_KEY_PROPERTY_NAME = "nifi.bootstrap.sens } // namespace -namespace org { -namespace apache { -namespace nifi { -namespace minifi { - -utils::optional Decryptor::create(const std::string& minifi_home) { +utils::optional EncryptionProvider::create(const std::string& home_path) { minifi::Properties bootstrap_conf; - bootstrap_conf.setHome(minifi_home); + bootstrap_conf.setHome(home_path); bootstrap_conf.loadConfigureFile(DEFAULT_NIFI_BOOTSTRAP_FILE); return bootstrap_conf.getString(CONFIG_ENCRYPTION_KEY_PROPERTY_NAME) - | utils::map([](const std::string& encryption_key_hex) { return utils::StringUtils::from_hex(encryption_key_hex); }) - | utils::map(::crypto::stringToBytes) - | utils::map([](const utils::crypto::Bytes& encryption_key_bytes) { return minifi::Decryptor{encryption_key_bytes}; }); + | utils::map([](const std::string _key_hex) { return utils::StringUtils::from_hex(encryption_key_hex); }) + | utils::map(::crypto::stringToBytes) + | utils::map([](const utils::crypto::Bytes _key_bytes) { return EncryptionProvider{encryption_key_bytes}; }); Review comment: done This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533148086 ## File path: libminifi/include/core/Flow.h ## @@ -0,0 +1,59 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include "core/ProcessGroup.h" +#include "core/Repository.h" +#include "core/ContentRepository.h" +#include "core/FlowConfiguration.h" +#include "utils/Id.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace core { + +class Flow { Review comment: (also it was necessitated by my desire to factor out c2-relevant parts of the `FlowController` into `C2Client` (although that might not be the best name, I am open to suggestions)) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533147213 ## File path: libminifi/include/core/Flow.h ## @@ -0,0 +1,59 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include "core/ProcessGroup.h" +#include "core/Repository.h" +#include "core/ContentRepository.h" +#include "core/FlowConfiguration.h" +#include "utils/Id.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace core { + +class Flow { Review comment: we have a `FlowController` class which controls a "flow", although "flow" is a concept, it was not materialized in our architecture before (as far as I understand), this aims to take one step in that direction, what constitutes a "flow" is not entirely clear to me, but currently I went with the layout of the network and the repositories This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533139939 ## File path: libminifi/include/utils/file/FileSystem.h ## @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include "utils/OptionalUtils.h" +#include "utils/EncryptionProvider.h" +#include "core/logging/LoggerConfiguration.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace utils { +namespace file { + +class FileSystem { + public: + explicit FileSystem(bool should_encrypt = false, utils::optional encryptor = {}); + + FileSystem(const FileSystem&) = delete; + FileSystem(FileSystem&&) = delete; + FileSystem& operator=(const FileSystem&) = delete; + FileSystem& operator=(FileSystem&&) = delete; + + utils::optional read(const std::string& file_name); + + bool write(const std::string& file_name, const std::string& file_content); + + private: + bool should_encrypt_on_write_; + utils::optional encryptor_; + std::shared_ptr logger_{logging::LoggerFactory::getLogger()}; +}; Review comment: the problem with this, now that I think about it, is the question of "who owns the config file path", because if it is a `ConfigFileIO` it should own the path and read/write should not get a path parameter, but then again currently `FlowConfiguration` owns the config file path, so I think that would be a bigger change (which may not be beneficial at all) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key
adamdebreceni commented on a change in pull request #937: URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533136916 ## File path: libminifi/include/utils/file/FileSystem.h ## @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include "utils/OptionalUtils.h" +#include "utils/EncryptionProvider.h" +#include "core/logging/LoggerConfiguration.h" + +namespace org { +namespace apache { +namespace nifi { +namespace minifi { +namespace utils { +namespace file { + +class FileSystem { + public: + explicit FileSystem(bool should_encrypt = false, utils::optional encryptor = {}); + + FileSystem(const FileSystem&) = delete; + FileSystem(FileSystem&&) = delete; + FileSystem& operator=(const FileSystem&) = delete; + FileSystem& operator=(FileSystem&&) = delete; + + utils::optional read(const std::string& file_name); + + bool write(const std::string& file_name, const std::string& file_content); + + private: + bool should_encrypt_on_write_; + utils::optional encryptor_; + std::shared_ptr logger_{logging::LoggerFactory::getLogger()}; +}; Review comment: I specifically wanted it not to be aware of encryption, `ConfigFileIO` seemed a little too specific for me, but for the current purposes this seems to be our best bet This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org