[jira] [Commented] (NIFI-11579) InvokeHttp is not working when setting Username and password as grant type
[ https://issues.apache.org/jira/browse/NIFI-11579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798390#comment-17798390 ] Grant Cotton commented on NIFI-11579: - I get the same outcome (sometimes) when disabling then enabling the StandardOAuth2AccessTokenProvider (1.23.2, Auth Strategy: Basic Authentication, Grant Type: Client Credentials). Later in the logs I get OAuth2 access token request failed [HTTP 400], response: {"error":"invalid_client"} but I've verified the credentials directly and they are correct. There are also times when the issue just resolves and the Controller starts working. I haven't been able to isolate why. This issue is also described here: [https://community.cloudera.com/t5/Support-Questions/NiFi-StandardOauth2AccessTokenProvider-1-23-2-Grant-Type/td-p/378951] but no response to that post either so far. > InvokeHttp is not working when setting Username and password as grant type > -- > > Key: NIFI-11579 > URL: https://issues.apache.org/jira/browse/NIFI-11579 > Project: Apache NiFi > Issue Type: Bug >Affects Versions: 1.20.0, 1.21.0 >Reporter: Vrinda Palod >Priority: Major > Attachments: image-2023-05-22-15-49-35-231.png, > image-2023-05-22-15-51-44-000.png > > > Hi Team, > I am trying to run Invokrhttp using StandardOauth2AccessTokenProvider > controller service. When I set basic authentication and username and password > in my controller service, it throws below error. > !image-2023-05-22-15-49-35-231.png! > > InvokeHTTP[id=32a98900-0188-1000--88fdac58] Failed to properly > initialize Processor. If still scheduled to run, NiFi will attempt to > initialize and run the Processor again after the 'Administrative Yield > Duration' has elapsed. Failure is due to java.io.UncheckedIOException: OAuth2 > access token request failed: java.io.UncheckedIOException: OAuth2 access > token request failed > - Caused by: com.fasterxml.jackson.core.JsonParseException: Unrecognized > token > 'eyJraWQiOiJlN2RmMGRmNS01ODcwLTQ0MjEtOTA2Mi1iZDkyZmVlYWI0MTMiLCJhbGciOiJQUzUxMiJ9': > was expecting (JSON String, Number, Array, Object or token 'null', 'true' or > 'false') > at [Source: > (String)"eyJraWQiOiJlN2RmMGRmNS01ODcwLTQ0MjEtOTA2Mi1iZDkyZmVlYWI0MTMiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhNzA1NjQ5IiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwibmJmIjoxNjg0NzUwNTM5LCJpc3MiOiJMZGFwUHJvdmlkZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhNzA1NjQ5IiwiZXhwIjoxNjg0NzkzNzM5LCJpYXQiOjE2ODQ3NTA1MzksImp0aSI6ImEwNjc3MjNjLWY5ZTgtNDg2Yi1iNjk5LWM3MThlM2JkYjI0ZSJ9.hnUxMPxCKNluxdLkPrlIy6JWkZAjEvbjWfDRxQjBSVXRyXNrcqgHyBb6Ruvca59xeWmEg1p4wuE5AENuzUEcwnuGX5vX-G0gx-4zY1WYpN7pp6JbXnKUxIXLqr4KMDyHAT0_0aVuNbgqJZ1MLOrfssh4jw_Trxol92N4kb0I4z"[truncated > 513 chars]; line: 1, column: 81] > > Below is how I am setting up my controller service. There is no issue with > endpoint url we are using. > !image-2023-05-22-15-51-44-000.png! > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11197) Add YAML Record Reader
[ https://issues.apache.org/jira/browse/NIFI-11197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17788639#comment-17788639 ] Grant Cotton commented on NIFI-11197: - [~macdoor615] Any chance you can share your ExecuteGroovyScript version of the yaml to json converter while we wait for the feature described above? > Add YAML Record Reader > -- > > Key: NIFI-11197 > URL: https://issues.apache.org/jira/browse/NIFI-11197 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Affects Versions: 1.20.0 >Reporter: macdoor615 >Assignee: Daniel Stieglitz >Priority: Major > Fix For: 2.0.0-M1, 1.24.0 > > Time Spent: 4h 40m > Remaining Estimate: 0h > > The yaml format is basically equivalent to json. When used as a configuration > file, it is much more convenient than json. It can have comments and the file > is shorter. > More and more systems adopt yaml format. Now we developed a conversion tool > from yaml to json with the ExecuteGroovyScript processor. > It is recommended to add a processor that can convert between yaml and json -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-9675) Upgrade H2 to 2.1.210 to mitigate Critical CVEs
[ https://issues.apache.org/jira/browse/NIFI-9675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17496420#comment-17496420 ] Grant Cotton commented on NIFI-9675: These two vulnerabilities also apply to NiFi Registry (1.15.3) and Nifi Toolkit (1.15.3) > Upgrade H2 to 2.1.210 to mitigate Critical CVEs > --- > > Key: NIFI-9675 > URL: https://issues.apache.org/jira/browse/NIFI-9675 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Raman N >Priority: Major > > In H2 versions used in Apache NiFi; following vulnerabilities are detected by > Trivy: > [https://nvd.nist.gov/vuln/detail/CVE-2021-42392] > [https://nvd.nist.gov/vuln/detail/CVE-2022-23221] > These CVEs can be fixed by upgrading *h2* version to 2.1.210 > *CVE-2021-42392:* > {code:java} > { > "VulnerabilityID": "CVE-2021-42392", > "PkgName": "com.h2database:h2", > "PkgPath": "opt/nifi/nifi-toolkit-current/lib/h2-1.4.199.jar", > "InstalledVersion": "1.4.199", > "FixedVersion": "2.0.206", > "Layer": { > "Digest": > "sha256:4e4453b0591c2445b47576e4a8721ccc1bb1e7312c9f78c6c0f7fdbddad2a0f3", > "DiffID": > "sha256:5e21f394214906c7864139895d26d2dae021b68493693c633f5f9b0a690ae2b2" > }, > "SeveritySource": "ghsa-maven", > "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-42392;, > "Title": "h2: Remote Code Execution in Console", > "Description": "The org.h2.util.JdbcUtils.getConnection method of > the H2 database takes as parameters the class name of the driver and URL of > the database. An attacker may pass a JNDI driver name and a URL leading to a > LDAP or RMI servers, causing remote code execution. This can be exploited > through various attack vectors, most notably through the H2 Console which > leads to unauthenticated remote code execution.", > "Severity": "CRITICAL", > "CweIDs": [ > "CWE-502" > ], > "CVSS": { > "nvd": { > "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", > "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", > "V2Score": 10, > "V3Score": 9.8 > }, > "redhat": { > "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", > "V3Score": 7.1 > } > } ... > {code} > *CVE-2022-23221:* > {code:java} > { > "VulnerabilityID": "CVE-2022-23221", > "PkgName": "com.h2database:h2", > "PkgPath": "opt/nifi/nifi-toolkit-current/lib/h2-1.4.199.jar", > "InstalledVersion": "1.4.199", > "FixedVersion": "2.1.210", > "Layer": { > "Digest": > "sha256:4e4453b0591c2445b47576e4a8721ccc1bb1e7312c9f78c6c0f7fdbddad2a0f3", > "DiffID": > "sha256:5e21f394214906c7864139895d26d2dae021b68493693c633f5f9b0a690ae2b2" > }, > "SeveritySource": "ghsa-maven", > "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23221;, > "Title": "h2: Loading of custom classes from remote servers through > JNDI", > "Description": "H2 Console before 2.1.210 allows remote attackers > to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the > IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, > a different vulnerability than CVE-2021-42392.", > "Severity": "CRITICAL", > "CweIDs": [ > "CWE-94" > ], > "CVSS": { > "nvd": { > "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", > "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", > "V2Score": 10, > "V3Score": 9.8 > }, > "redhat": { > "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", > "V3Score": 8.1 > } > },.. > {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)