mirror of https://github.com/apache/nifi.git
NIFI-11312 Rationalised Registry Docker scripts in one location
This closes #7064 Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
Chris Sampson
exceptionfactory
parent
3bf1195f4b
commit
c7df46eefd
|
|
@ -42,6 +42,7 @@ case ${AUTH} in
|
|||
;;
|
||||
oidc)
|
||||
echo 'Enabling OIDC user authentication'
|
||||
prop_replace 'nifi.registry.security.needClientAuth' 'false'
|
||||
|
||||
. "${scripts_dir}/secure.sh"
|
||||
. "${scripts_dir}/update_oidc_properties.sh"
|
||||
|
|
|
|||
|
|
@ -35,6 +35,9 @@ case ${NIFI_REGISTRY_FLOW_PROVIDER} in
|
|||
file)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider" "${providers_file}"
|
||||
;;
|
||||
database)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider" "${providers_file}"
|
||||
;;
|
||||
git)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider" "${providers_file}"
|
||||
add_property "Remote To Push" "${NIFI_REGISTRY_GIT_REMOTE:-}"
|
||||
|
|
|
|||
|
|
@ -45,3 +45,4 @@ edit_property 'Url' "${LDAP_URL}"
|
|||
edit_property 'User Search Base' "${LDAP_USER_SEARCH_BASE}"
|
||||
edit_property 'User Search Filter' "${LDAP_USER_SEARCH_FILTER}"
|
||||
edit_property 'Identity Strategy' "${LDAP_IDENTITY_STRATEGY}"
|
||||
edit_property 'Referral Strategy' "${LDAP_REFERRAL_STRATEGY}"
|
||||
|
|
|
|||
|
|
@ -15,13 +15,11 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
prop_replace 'nifi.security.user.oidc.discovery.url' "${NIFI_SECURITY_USER_OIDC_DISCOVERY_URL}"
|
||||
prop_replace 'nifi.security.user.oidc.connect.timeout' "${NIFI_SECURITY_USER_OIDC_CONNECT_TIMEOUT}"
|
||||
prop_replace 'nifi.security.user.oidc.read.timeout' "${NIFI_SECURITY_USER_OIDC_READ_TIMEOUT}"
|
||||
prop_replace 'nifi.security.user.oidc.client.id' "${NIFI_SECURITY_USER_OIDC_CLIENT_ID}"
|
||||
prop_replace 'nifi.security.user.oidc.client.secret' "${NIFI_SECURITY_USER_OIDC_CLIENT_SECRET}"
|
||||
prop_replace 'nifi.security.user.oidc.preferred.jwsalgorithm' "${NIFI_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM}"
|
||||
prop_replace 'nifi.security.user.oidc.additional.scopes' "${NIFI_SECURITY_USER_OIDC_ADDITIONAL_SCOPES}"
|
||||
prop_replace 'nifi.security.user.oidc.claim.identifying.user' "${NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER}"
|
||||
prop_replace 'nifi.security.user.oidc.fallback.claims.identifying.user' "${NIFI_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER}"
|
||||
prop_replace 'nifi.security.user.oidc.truststore.strategy' "${NIFI_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.discovery.url' "${NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.connect.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.read.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.client.id' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.client.secret' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.preferred.jwsalgorithm' "${NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.additional.scopes' "${NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.claim.identifying.user' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER}"
|
||||
|
|
|
|||
|
|
@ -47,6 +47,22 @@
|
|||
<plugin>
|
||||
<artifactId>maven-antrun-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-scripts-for-docker</id>
|
||||
<phase>process-sources</phase>
|
||||
<configuration>
|
||||
<target name="copy docker scripts to nifi-registry-docker for image build">
|
||||
<copy todir="${project.basedir}/target/sh" overwrite="true" flatten="true">
|
||||
<fileset dir="${project.basedir}/../../nifi-registry-core/nifi-registry-docker/dockerhub/sh" includes="*.sh">
|
||||
<include name="*.sh" />
|
||||
</fileset>
|
||||
</copy>
|
||||
</target>
|
||||
</configuration>
|
||||
<goals>
|
||||
<goal>run</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>copy-for-docker</id>
|
||||
<phase>process-sources</phase>
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# 1 - value to search for
|
||||
# 2 - value to replace
|
||||
# 3 - file to perform replacement inline
|
||||
prop_replace () {
|
||||
target_file=${3:-${nifi_registry_props_file}}
|
||||
echo 'replacing target file ' ${target_file}
|
||||
sed -i -e "s|^$1=.*$|$1=$2|" ${target_file}
|
||||
}
|
||||
|
||||
# NIFI_REGISTRY_HOME is defined by an ENV command in the backing Dockerfile
|
||||
export nifi_registry_props_file=${NIFI_REGISTRY_HOME}/conf/nifi-registry.properties
|
||||
export hostname=$(hostname)
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
scripts_dir='/opt/nifi-registry/scripts'
|
||||
|
||||
[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
|
||||
|
||||
# Perform idempotent changes of configuration to support secure environments
|
||||
echo 'Configuring environment with SSL settings'
|
||||
|
||||
: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being used."}
|
||||
if [ ! -f "${KEYSTORE_PATH}" ]; then
|
||||
echo "Keystore file specified (${KEYSTORE_PATH}) does not exist."
|
||||
exit 1
|
||||
fi
|
||||
: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) of the keystore being used."}
|
||||
: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being used."}
|
||||
|
||||
: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore being used."}
|
||||
if [ ! -f "${TRUSTSTORE_PATH}" ]; then
|
||||
echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist."
|
||||
exit 1
|
||||
fi
|
||||
: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, PEM) of the truststore being used."}
|
||||
: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore being used."}
|
||||
|
||||
prop_replace 'nifi.registry.security.keystore' "${KEYSTORE_PATH}"
|
||||
prop_replace 'nifi.registry.security.keystoreType' "${KEYSTORE_TYPE}"
|
||||
prop_replace 'nifi.registry.security.keystorePasswd' "${KEYSTORE_PASSWORD}"
|
||||
prop_replace 'nifi.registry.security.keyPasswd' "${KEY_PASSWORD:-$KEYSTORE_PASSWORD}"
|
||||
prop_replace 'nifi.registry.security.truststore' "${TRUSTSTORE_PATH}"
|
||||
prop_replace 'nifi.registry.security.truststoreType' "${TRUSTSTORE_TYPE}"
|
||||
prop_replace 'nifi.registry.security.truststorePasswd' "${TRUSTSTORE_PASSWORD}"
|
||||
|
||||
# Disable HTTP and enable HTTPS
|
||||
prop_replace 'nifi.registry.web.http.port' ''
|
||||
prop_replace 'nifi.registry.web.http.host' ''
|
||||
prop_replace 'nifi.registry.web.https.port' "${NIFI_REGISTRY_WEB_HTTPS_PORT:-18443}"
|
||||
prop_replace 'nifi.registry.web.https.host' "${NIFI_REGISTRY_WEB_HTTPS_HOST:-$HOSTNAME}"
|
||||
|
||||
# Establish initial user and an associated admin identity
|
||||
sed -i -e 's|<property name="Initial User Identity 1">.*</property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_REGISTRY_HOME}/conf/authorizers.xml
|
||||
sed -i -e 's|<property name="Initial Admin Identity">.*</property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_REGISTRY_HOME}/conf/authorizers.xml
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
scripts_dir='/opt/nifi-registry/scripts'
|
||||
|
||||
[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
|
||||
|
||||
# Establish baseline properties
|
||||
prop_replace 'nifi.registry.web.http.port' "${NIFI_REGISTRY_WEB_HTTP_PORT:-18080}"
|
||||
prop_replace 'nifi.registry.web.http.host' "${NIFI_REGISTRY_WEB_HTTP_HOST:-$HOSTNAME}"
|
||||
|
||||
. ${scripts_dir}/update_database.sh
|
||||
|
||||
# Check if we are secured or unsecured
|
||||
case ${AUTH} in
|
||||
tls)
|
||||
echo 'Enabling Two-Way SSL user authentication'
|
||||
. "${scripts_dir}/secure.sh"
|
||||
;;
|
||||
ldap)
|
||||
echo 'Enabling LDAP user authentication'
|
||||
# Reference ldap-provider in properties
|
||||
prop_replace 'nifi.registry.security.identity.provider' 'ldap-identity-provider'
|
||||
prop_replace 'nifi.registry.security.needClientAuth' 'false'
|
||||
|
||||
. "${scripts_dir}/secure.sh"
|
||||
. "${scripts_dir}/update_login_providers.sh"
|
||||
;;
|
||||
oidc)
|
||||
echo 'Enabling OIDC user authentication'
|
||||
prop_replace 'nifi.registry.security.needClientAuth' 'false'
|
||||
|
||||
. "${scripts_dir}/secure.sh"
|
||||
. "${scripts_dir}/update_oidc_properties.sh"
|
||||
;;
|
||||
esac
|
||||
|
||||
. "${scripts_dir}/update_flow_provider.sh"
|
||||
. "${scripts_dir}/update_bundle_provider.sh"
|
||||
|
||||
# Continuously provide logs so that 'docker logs' can produce them
|
||||
tail -F "${NIFI_REGISTRY_HOME}/logs/nifi-registry-app.log" &
|
||||
"${NIFI_REGISTRY_HOME}/bin/nifi-registry.sh" run &
|
||||
nifi_registry_pid="$!"
|
||||
|
||||
trap "echo Received trapped signal, beginning shutdown...;" KILL TERM HUP INT EXIT;
|
||||
|
||||
echo NiFi-Registry running with PID ${nifi_registry_pid}.
|
||||
wait ${nifi_registry_pid}
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
providers_file=${NIFI_REGISTRY_HOME}/conf/providers.xml
|
||||
property_xpath='/providers/extensionBundlePersistenceProvider'
|
||||
|
||||
add_property() {
|
||||
property_name=$1
|
||||
property_value=$2
|
||||
|
||||
if [ -n "${property_value}" ]; then
|
||||
xmlstarlet ed --inplace --subnode "${property_xpath}" --type elem -n property -v "${property_value}" \
|
||||
-i \$prev --type attr -n name -v "${property_name}" \
|
||||
"${providers_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/property[@name='Extension Bundle Storage Directory']" -v "${NIFI_REGISTRY_BUNDLE_STORAGE_DIR:-./extension_bundles}" "${providers_file}"
|
||||
|
||||
case ${NIFI_REGISTRY_BUNDLE_PROVIDER} in
|
||||
file)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider" "${providers_file}"
|
||||
;;
|
||||
s3)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.aws.S3BundlePersistenceProvider" "${providers_file}"
|
||||
add_property "Region" "${NIFI_REGISTRY_S3_REGION:-}"
|
||||
add_property "Bucket Name" "${NIFI_REGISTRY_S3_BUCKET_NAME:-}"
|
||||
add_property "Key Prefix" "${NIFI_REGISTRY_S3_KEY_PREFIX:-}"
|
||||
add_property "Credentials Provider" "${NIFI_REGISTRY_S3_CREDENTIALS_PROVIDER:-DEFAULT_CHAIN}"
|
||||
add_property "Access Key" "${NIFI_REGISTRY_S3_ACCESS_KEY:-}"
|
||||
add_property "Secret Access Key" "${NIFI_REGISTRY_S3_SECRET_ACCESS_KEY:-}"
|
||||
add_property "Endpoint URL" "${NIFI_REGISTRY_S3_ENDPOINT_URL:-}"
|
||||
;;
|
||||
esac
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
prop_replace 'nifi.registry.db.url' "${NIFI_REGISTRY_DB_URL:-jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE}"
|
||||
prop_replace 'nifi.registry.db.driver.class' "${NIFI_REGISTRY_DB_CLASS:-org.h2.Driver}"
|
||||
prop_replace 'nifi.registry.db.driver.directory' "${NIFI_REGISTRY_DB_DIR:-}"
|
||||
prop_replace 'nifi.registry.db.username' "${NIFI_REGISTRY_DB_USER:-nifireg}"
|
||||
prop_replace 'nifi.registry.db.password' "${NIFI_REGISTRY_DB_PASS:-nifireg}"
|
||||
prop_replace 'nifi.registry.db.maxConnections' "${NIFI_REGISTRY_DB_MAX_CONNS:-5}"
|
||||
prop_replace 'nifi.registry.db.sql.debug' "${NIFI_REGISTRY_DB_DEBUG_SQL:-false}"
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
providers_file=${NIFI_REGISTRY_HOME}/conf/providers.xml
|
||||
property_xpath='/providers/flowPersistenceProvider'
|
||||
|
||||
add_property() {
|
||||
property_name=$1
|
||||
property_value=$2
|
||||
|
||||
if [ -n "${property_value}" ]; then
|
||||
xmlstarlet ed --inplace --subnode "${property_xpath}" --type elem -n property -v "${property_value}" \
|
||||
-i \$prev --type attr -n name -v "${property_name}" \
|
||||
"${providers_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/property[@name='Flow Storage Directory']" -v "${NIFI_REGISTRY_FLOW_STORAGE_DIR:-./flow_storage}" "${providers_file}"
|
||||
|
||||
case ${NIFI_REGISTRY_FLOW_PROVIDER} in
|
||||
file)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider" "${providers_file}"
|
||||
;;
|
||||
database)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider" "${providers_file}"
|
||||
;;
|
||||
git)
|
||||
xmlstarlet ed --inplace -u "${property_xpath}/class" -v "org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider" "${providers_file}"
|
||||
add_property "Remote To Push" "${NIFI_REGISTRY_GIT_REMOTE:-}"
|
||||
add_property "Remote Access User" "${NIFI_REGISTRY_GIT_USER:-}"
|
||||
add_property "Remote Access Password" "${NIFI_REGISTRY_GIT_PASSWORD:-}"
|
||||
;;
|
||||
esac
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
login_providers_file=${NIFI_REGISTRY_HOME}/conf/identity-providers.xml
|
||||
property_xpath='//identityProviders/provider/property'
|
||||
|
||||
# Update a given property in the login-identity-providers file if a value is specified
|
||||
edit_property() {
|
||||
property_name=$1
|
||||
property_value=$2
|
||||
|
||||
if [ -n "${property_value}" ]; then
|
||||
xmlstarlet ed --inplace -u "${property_xpath}[@name='${property_name}']" -v "${property_value}" "${login_providers_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Remove comments to enable the ldap-provider
|
||||
sed -i '/To enable the ldap-identity-provider remove/d' "${login_providers_file}"
|
||||
|
||||
edit_property 'Authentication Strategy' "${LDAP_AUTHENTICATION_STRATEGY}"
|
||||
edit_property 'Manager DN' "${LDAP_MANAGER_DN}"
|
||||
edit_property 'Manager Password' "${LDAP_MANAGER_PASSWORD}"
|
||||
edit_property 'TLS - Keystore' "${LDAP_TLS_KEYSTORE}"
|
||||
edit_property 'TLS - Keystore Password' "${LDAP_TLS_KEYSTORE_PASSWORD}"
|
||||
edit_property 'TLS - Keystore Type' "${LDAP_TLS_KEYSTORE_TYPE}"
|
||||
edit_property 'TLS - Truststore' "${LDAP_TLS_TRUSTSTORE}"
|
||||
edit_property 'TLS - Truststore Password' "${LDAP_TLS_TRUSTSTORE_PASSWORD}"
|
||||
edit_property 'TLS - Truststore Type' "${LDAP_TLS_TRUSTSTORE_TYPE}"
|
||||
edit_property 'TLS - Protocol' "${LDAP_TLS_PROTOCOL}"
|
||||
edit_property 'Url' "${LDAP_URL}"
|
||||
edit_property 'User Search Base' "${LDAP_USER_SEARCH_BASE}"
|
||||
edit_property 'User Search Filter' "${LDAP_USER_SEARCH_FILTER}"
|
||||
edit_property 'Identity Strategy' "${LDAP_IDENTITY_STRATEGY}"
|
||||
edit_property 'Referral Strategy' "${LDAP_REFERRAL_STRATEGY}"
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
prop_replace 'nifi.registry.security.user.oidc.discovery.url' "${NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.connect.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.read.timeout' "${NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.client.id' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.client.secret' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.preferred.jwsalgorithm' "${NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.additional.scopes' "${NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.claim.identifying.user' "${NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.fallback.claims.identifying.user' "${NIFI_REGISTRY_SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER}"
|
||||
prop_replace 'nifi.registry.security.user.oidc.truststore.strategy' "${NIFI_REGISTRY_SECURITY_USER_OIDC_TRUSTSTORE_STRATEGY}"
|
||||
Loading…
Reference in New Issue