[jira] [Commented] (NIFI-11579) InvokeHttp is not working when setting Username and password as grant type
[
https://issues.apache.org/jira/browse/NIFI-11579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798390#comment-17798390
]
Grant Cotton commented on NIFI-11579:
-
I get the same outcome (sometimes) when disabling then enabling the
StandardOAuth2AccessTokenProvider (1.23.2, Auth Strategy: Basic Authentication,
Grant Type: Client Credentials). Later in the logs I get
OAuth2 access token request failed [HTTP 400], response:
{"error":"invalid_client"}
but I've verified the credentials directly and they are correct.
There are also times when the issue just resolves and the Controller starts
working. I haven't been able to isolate why. This issue is also described here:
[https://community.cloudera.com/t5/Support-Questions/NiFi-StandardOauth2AccessTokenProvider-1-23-2-Grant-Type/td-p/378951]
but no response to that post either so far.
> InvokeHttp is not working when setting Username and password as grant type
> --
>
> Key: NIFI-11579
> URL: https://issues.apache.org/jira/browse/NIFI-11579
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.20.0, 1.21.0
>Reporter: Vrinda Palod
>Priority: Major
> Attachments: image-2023-05-22-15-49-35-231.png,
> image-2023-05-22-15-51-44-000.png
>
>
> Hi Team,
> I am trying to run Invokrhttp using StandardOauth2AccessTokenProvider
> controller service. When I set basic authentication and username and password
> in my controller service, it throws below error.
> !image-2023-05-22-15-49-35-231.png!
>
> InvokeHTTP[id=32a98900-0188-1000--88fdac58] Failed to properly
> initialize Processor. If still scheduled to run, NiFi will attempt to
> initialize and run the Processor again after the 'Administrative Yield
> Duration' has elapsed. Failure is due to java.io.UncheckedIOException: OAuth2
> access token request failed: java.io.UncheckedIOException: OAuth2 access
> token request failed
> - Caused by: com.fasterxml.jackson.core.JsonParseException: Unrecognized
> token
> 'eyJraWQiOiJlN2RmMGRmNS01ODcwLTQ0MjEtOTA2Mi1iZDkyZmVlYWI0MTMiLCJhbGciOiJQUzUxMiJ9':
> was expecting (JSON String, Number, Array, Object or token 'null', 'true' or
> 'false')
> at [Source:
> (String)"eyJraWQiOiJlN2RmMGRmNS01ODcwLTQ0MjEtOTA2Mi1iZDkyZmVlYWI0MTMiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhNzA1NjQ5IiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwibmJmIjoxNjg0NzUwNTM5LCJpc3MiOiJMZGFwUHJvdmlkZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhNzA1NjQ5IiwiZXhwIjoxNjg0NzkzNzM5LCJpYXQiOjE2ODQ3NTA1MzksImp0aSI6ImEwNjc3MjNjLWY5ZTgtNDg2Yi1iNjk5LWM3MThlM2JkYjI0ZSJ9.hnUxMPxCKNluxdLkPrlIy6JWkZAjEvbjWfDRxQjBSVXRyXNrcqgHyBb6Ruvca59xeWmEg1p4wuE5AENuzUEcwnuGX5vX-G0gx-4zY1WYpN7pp6JbXnKUxIXLqr4KMDyHAT0_0aVuNbgqJZ1MLOrfssh4jw_Trxol92N4kb0I4z"[truncated
> 513 chars]; line: 1, column: 81]
>
> Below is how I am setting up my controller service. There is no issue with
> endpoint url we are using.
> !image-2023-05-22-15-51-44-000.png!
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-11197) Add YAML Record Reader
[ https://issues.apache.org/jira/browse/NIFI-11197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788639#comment-17788639 ] Grant Cotton commented on NIFI-11197: - [~macdoor615] Any chance you can share your ExecuteGroovyScript version of the yaml to json converter while we wait for the feature described above? > Add YAML Record Reader > -- > > Key: NIFI-11197 > URL: https://issues.apache.org/jira/browse/NIFI-11197 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Affects Versions: 1.20.0 >Reporter: macdoor615 >Assignee: Daniel Stieglitz >Priority: Major > Fix For: 2.0.0-M1, 1.24.0 > > Time Spent: 4h 40m > Remaining Estimate: 0h > > The yaml format is basically equivalent to json. When used as a configuration > file, it is much more convenient than json. It can have comments and the file > is shorter. > More and more systems adopt yaml format. Now we developed a conversion tool > from yaml to json with the ExecuteGroovyScript processor. > It is recommended to add a processor that can convert between yaml and json -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-9675) Upgrade H2 to 2.1.210 to mitigate Critical CVEs
[
https://issues.apache.org/jira/browse/NIFI-9675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17496420#comment-17496420
]
Grant Cotton commented on NIFI-9675:
These two vulnerabilities also apply to NiFi Registry (1.15.3) and Nifi Toolkit
(1.15.3)
> Upgrade H2 to 2.1.210 to mitigate Critical CVEs
> ---
>
> Key: NIFI-9675
> URL: https://issues.apache.org/jira/browse/NIFI-9675
> Project: Apache NiFi
> Issue Type: Improvement
>Reporter: Raman N
>Priority: Major
>
> In H2 versions used in Apache NiFi; following vulnerabilities are detected by
> Trivy:
> [https://nvd.nist.gov/vuln/detail/CVE-2021-42392]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-23221]
> These CVEs can be fixed by upgrading *h2* version to 2.1.210
> *CVE-2021-42392:*
> {code:java}
> {
> "VulnerabilityID": "CVE-2021-42392",
> "PkgName": "com.h2database:h2",
> "PkgPath": "opt/nifi/nifi-toolkit-current/lib/h2-1.4.199.jar",
> "InstalledVersion": "1.4.199",
> "FixedVersion": "2.0.206",
> "Layer": {
> "Digest":
> "sha256:4e4453b0591c2445b47576e4a8721ccc1bb1e7312c9f78c6c0f7fdbddad2a0f3",
> "DiffID":
> "sha256:5e21f394214906c7864139895d26d2dae021b68493693c633f5f9b0a690ae2b2"
> },
> "SeveritySource": "ghsa-maven",
> "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-42392;,
> "Title": "h2: Remote Code Execution in Console",
> "Description": "The org.h2.util.JdbcUtils.getConnection method of
> the H2 database takes as parameters the class name of the driver and URL of
> the database. An attacker may pass a JNDI driver name and a URL leading to a
> LDAP or RMI servers, causing remote code execution. This can be exploited
> through various attack vectors, most notably through the H2 Console which
> leads to unauthenticated remote code execution.",
> "Severity": "CRITICAL",
> "CweIDs": [
> "CWE-502"
> ],
> "CVSS": {
> "nvd": {
> "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
> "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
> "V2Score": 10,
> "V3Score": 9.8
> },
> "redhat": {
> "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
> "V3Score": 7.1
> }
> } ...
> {code}
> *CVE-2022-23221:*
> {code:java}
> {
> "VulnerabilityID": "CVE-2022-23221",
> "PkgName": "com.h2database:h2",
> "PkgPath": "opt/nifi/nifi-toolkit-current/lib/h2-1.4.199.jar",
> "InstalledVersion": "1.4.199",
> "FixedVersion": "2.1.210",
> "Layer": {
> "Digest":
> "sha256:4e4453b0591c2445b47576e4a8721ccc1bb1e7312c9f78c6c0f7fdbddad2a0f3",
> "DiffID":
> "sha256:5e21f394214906c7864139895d26d2dae021b68493693c633f5f9b0a690ae2b2"
> },
> "SeveritySource": "ghsa-maven",
> "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23221;,
> "Title": "h2: Loading of custom classes from remote servers through
> JNDI",
> "Description": "H2 Console before 2.1.210 allows remote attackers
> to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the
> IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring,
> a different vulnerability than CVE-2021-42392.",
> "Severity": "CRITICAL",
> "CweIDs": [
> "CWE-94"
> ],
> "CVSS": {
> "nvd": {
> "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
> "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
> "V2Score": 10,
> "V3Score": 9.8
> },
> "redhat": {
> "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
> "V3Score": 8.1
> }
> },..
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
