NIFI-5247 nifi-toolkit bash entry points should leverage exec to replace bash with the current java process in order to handle signals properly in docker.

- Also add bash, openssl, jq to make certificate request operations easier - Move project.version to the build config from the Dockerfile, use target/ folder for the build dependency - Docker integration tests for checking exit codes and tls-toolkit basic server-client interaction This closes #2746.
2025-02-07 10:38:33 +00:00 · 2018-05-24 16:15:55 +02:00 · 2018-05-24 16:15:55 +02:00 · caa71fce92
commit caa71fce92
parent a1794b101e
15 changed files with 102 additions and 22 deletions
--- a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile
+++ b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile
@ -21,7 +21,7 @@ LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"

 ARG UID=1000
 ARG GID=1000
-ARG NIFI_TOOLKIT_VERSION=${project.version}
+ARG NIFI_TOOLKIT_VERSION=
 ARG NIFI_TOOLKIT_BINARY=nifi-toolkit-${NIFI_TOOLKIT_VERSION}-bin.tar.gz

 ENV NIFI_TOOLKIT_BASE_DIR=/opt/nifi-toolkit
@ -30,7 +30,9 @@ ENV NIFI_TOOLKIT_HOME=${NIFI_TOOLKIT_BASE_DIR}/nifi-toolkit-${NIFI_TOOLKIT_VERSI
 ADD ./sh/docker-entrypoint.sh /opt/sh/docker-entrypoint.sh

 # Fix docker-entrypoint perms as per https://issues.apache.org/jira/browse/MRESOURCES-236 and Setup NiFi user
-RUN chmod +x /opt/sh/docker-entrypoint.sh \
+RUN apk add --update curl bash jq openssl \
+    && rm -rf /var/cache/apk/* \
+    && chmod +x /opt/sh/docker-entrypoint.sh \
    && addgroup -g $GID nifi \
    && adduser -D -s /bin/ash -u $UID -G nifi nifi \
    && mkdir -p ${NIFI_TOOLKIT_BASE_DIR}
--- a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub
+++ b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub
@ -32,7 +32,7 @@ ADD sh/docker-entrypoint.sh /opt/sh/docker-entrypoint.sh

 # Setup NiFi user
 # Download, validate, and expand Apache NiFi Toolkit binary.
-RUN apk add --update curl \
+RUN apk add --update curl bash jq openssl \
    && rm -rf /var/cache/apk/* \
    && addgroup -g $GID nifi \
    && adduser -D -s /bin/ash -u $UID -G nifi nifi \
--- a/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh
@ -36,5 +36,5 @@ if ! [ -f "${toolkit_path}/${program}.sh" ]; then
    print_help ${program}
 else
    shift
-    ${toolkit_path}/${program}.sh "$@"
+    exec ${toolkit_path}/${program}.sh "$@"
 fi
--- a/nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh
@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -xuo pipefail
+
+VERSION=${1:-}
+IMAGE=apache/nifi-toolkit:${VERSION}
+
+echo "Testing return values on missing input:"
+docker run --rm $IMAGE
+test 0 -eq $? || exit 1
+
+echo "Testing return values on invalid input for all commands:"
+docker run --rm $IMAGE encrypt-config invalid 1>/dev/null 2>&1
+test 2 -eq $? || exit 1
+
+docker run --rm $IMAGE s2s invalid 1>/dev/null 2>&1
+test 0 -eq $? || exit 1
+
+docker run --rm $IMAGE zk-migrator invalid 1>/dev/null 2>&1
+test 0 -eq $? || exit 1
+
+docker run --rm $IMAGE node-manager invalid 1>/dev/null 2>&1
+test 1 -eq $? || exit 1
+
+docker run --rm $IMAGE cli invalid 1>/dev/null 2>&1
+test 255 -eq $? || exit 1
+
+docker run --rm $IMAGE tls-toolkit invalid 1>/dev/null 2>&1
+test 2 -eq $? || exit 1
+
+docker run --rm $IMAGE file-manager invalid 1>/dev/null 2>&1
+test 1 -eq $? || exit 1
+
+docker run --rm $IMAGE flow-analyzer invalid 1>/dev/null 2>&1
+test 1 -eq $? || exit 1
--- a/nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -exuo pipefail
+
+VERSION=$1
+IMAGE=apache/nifi-toolkit:${VERSION}
+CONTAINER=nifi-toolkit-$VERSION-tls-toolkit-integration-test
+
+TOKEN=D40F6B95-801F-4800-A1E1-A9FCC712E0BD
+
+trap " { docker rm -f $CONTAINER ; } " EXIT
+
+echo "Starting CA server using the tls-toolkit server command"
+docker run -d --name $CONTAINER $IMAGE tls-toolkit server -t $TOKEN -c $CONTAINER
+
+echo "Requesting client certificate using the tls-toolkit client command"
+docker run --rm --link $CONTAINER $IMAGE tls-toolkit client -t $TOKEN -c $CONTAINER
--- a/nifi-toolkit/nifi-toolkit-assembly/pom.xml
+++ b/nifi-toolkit/nifi-toolkit-assembly/pom.xml
@ -28,6 +28,8 @@ language governing permissions and limitations under the License. -->
                    <excludes combine.children="append">
                        <exclude>src/main/resources/conf/config-client.json</exclude>
                        <exclude>src/main/resources/conf/config-server.json</exclude>
+                        <exclude>docker/tests/tls-toolkit.sh</exclude>
+                        <exclude>docker/tests/exit-codes.sh</exclude>
                    </excludes>
                </configuration>
            </plugin>
@ -182,6 +184,7 @@ language governing permissions and limitations under the License. -->
                                    <buildArgs>
                                        <UID>1000</UID>
                                        <GID>1000</GID>
+                                        <NIFI_TOOLKIT_VERSION>${project.version}</NIFI_TOOLKIT_VERSION>
                                    </buildArgs>
                                    <repository>apache/nifi-toolkit</repository>
                                    <tag>${project.version}</tag>
@ -189,6 +192,38 @@ language governing permissions and limitations under the License. -->
                            </execution>
                        </executions>
                    </plugin>
+                    <plugin>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <executions>
+                            <execution>
+                                <id>Docker integration tests - exit codes</id>
+                                <phase>integration-test</phase>
+                                <goals>
+                                    <goal>exec</goal>
+                                </goals>
+                                <configuration>
+                                    <arguments>
+                                        <argument>${project.version}</argument>
+                                    </arguments>
+                                    <executable>${project.basedir}/docker/tests/exit-codes.sh</executable>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>Docker integration tests - tls-toolkit</id>
+                                <phase>integration-test</phase>
+                                <goals>
+                                    <goal>exec</goal>
+                                </goals>
+                                <configuration>
+                                    <arguments>
+                                        <argument>${project.version}</argument>
+                                    </arguments>
+                                    <executable>${project.basedir}/docker/tests/tls-toolkit.sh</executable>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                </plugins>
            </build>
        </profile>
--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh
@ -111,8 +111,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.cli.CLIMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.cli.CLIMain "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh
@ -111,8 +111,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh
@ -110,8 +110,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.filemanager.FileManagerTool "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.filemanager.FileManagerTool "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh
@ -111,8 +111,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.flowanalyzer.FlowAnalyzerDriver "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.flowanalyzer.FlowAnalyzerDriver "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh
@ -110,8 +110,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.nodemanager.NodeManagerTool "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.nodemanager.NodeManagerTool "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh
@ -111,8 +111,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.notify.NotificationTool "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.notify.NotificationTool "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh
@ -111,8 +111,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.s2s.SiteToSiteCliMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.s2s.SiteToSiteCliMain "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh
@ -111,8 +111,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.tls.TlsToolkitMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.tls.TlsToolkitMain "$@"
 }


--- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh
+++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh
@ -111,8 +111,7 @@ run() {
   export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"

   umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.zkmigrator.ZooKeeperMigratorMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.zkmigrator.ZooKeeperMigratorMain "$@"
 }