Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-10240 Removed custom validation for SSL Context Service in ListenSyslog 

- Made sure to check TCP is protocol set before using SSL Context Service during runtime

This closes #6441

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
Emilio Setiadarma 2022-09-21 10:15:45 -07:00 committed by exceptionfactory
parent 4b691b133b
commit abf88c3aab
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
2 changed files with 4 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java
View File

@ -267,15 +267,6 @@ public class ListenSyslog extends AbstractSyslogProcessor {
.explanation("Cannot set Parse Messages to 'true' if Batch Size is greater than 1").build());
}
final String protocol = validationContext.getProperty(PROTOCOL).getValue();
final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (UDP_VALUE.getValue().equals(protocol) && sslContextService != null) {
results.add(new ValidationResult.Builder()
.explanation("SSL can not be used with UDP")
.valid(false).subject("SSL Context").build());
}
return results;
}
@ -285,7 +276,8 @@ public class ListenSyslog extends AbstractSyslogProcessor {
final int receiveBufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final int maxSocketBufferSize = context.getProperty(MAX_SOCKET_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final int maxMessageQueueSize = context.getProperty(MAX_MESSAGE_QUEUE_SIZE).asInteger();
final TransportProtocol protocol = TransportProtocol.valueOf(context.getProperty(PROTOCOL).getValue());
final String protocol = context.getProperty(PROTOCOL).getValue();
final TransportProtocol transportProtocol = TransportProtocol.valueOf(protocol);
final String networkInterfaceName = context.getProperty(NETWORK_INTF_NAME).evaluateAttributeExpressions().getValue();
final Charset charset = Charset.forName(context.getProperty(CHARSET).evaluateAttributeExpressions().getValue());
final String msgDemarcator = context.getProperty(MESSAGE_DELIMITER).getValue().replace("\\n", "\n").replace("\\r", "\r").replace("\\t", "\t");
@ -295,7 +287,7 @@ public class ListenSyslog extends AbstractSyslogProcessor {
final InetAddress address = getListenAddress(networkInterfaceName);
final ByteArrayMessageNettyEventServerFactory factory = new ByteArrayMessageNettyEventServerFactory(getLogger(),
address, port, protocol, messageDemarcatorBytes, receiveBufferSize, syslogEvents);
address, port, transportProtocol, messageDemarcatorBytes, receiveBufferSize, syslogEvents);
factory.setThreadNamePrefix(String.format("%s[%s]", ListenSyslog.class.getSimpleName(), getIdentifier()));
final int maxConnections = context.getProperty(MAX_CONNECTIONS).asLong().intValue();
factory.setWorkerThreads(maxConnections);
@ -305,7 +297,7 @@ public class ListenSyslog extends AbstractSyslogProcessor {
factory.setSocketKeepAlive(socketKeepAlive);
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
if (sslContextService != null && TCP_VALUE.getValue().equals(protocol)) {
final SSLContext sslContext = sslContextService.createContext();
ClientAuth clientAuth = ClientAuth.REQUIRED;
final PropertyValue clientAuthProperty = context.getProperty(CLIENT_AUTH);

20
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenSyslog.java
View File

@ -24,8 +24,6 @@ import org.apache.nifi.flowfile.attributes.CoreAttributes;
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceEventType;
import org.apache.nifi.remote.io.socket.NetworkUtils;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.syslog.attributes.SyslogAttributes;
import org.apache.nifi.util.MockFlowFile;
import org.apache.nifi.util.TestRunner;
@ -42,8 +40,6 @@ import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class TestListenSyslog {
private static final String PRIORITY = "34";
@ -76,22 +72,6 @@ public class TestListenSyslog {
processor.shutdownEventServer();
}
@Test
public void testUdpSslContextServiceInvalid() throws InitializationException {
runner.setProperty(ListenSyslog.PROTOCOL, TransportProtocol.UDP.toString());
final int port = NetworkUtils.getAvailableUdpPort();
runner.setProperty(ListenSyslog.PORT, Integer.toString(port));
final RestrictedSSLContextService sslContextService = mock(RestrictedSSLContextService.class);
final String identifier = RestrictedSSLContextService.class.getName();
when(sslContextService.getIdentifier()).thenReturn(identifier);
runner.addControllerService(identifier, sslContextService);
runner.enableControllerService(sslContextService);
runner.setProperty(ListenSyslog.SSL_CONTEXT_SERVICE, identifier);
runner.assertNotValid();
}
@Test
public void testRunTcp() throws Exception {
final int port = NetworkUtils.getAvailableTcpPort();