Rather than creating many FlowFiles with the same Content Claim, refactored content repos' OutputStreams and ClaimWriteCache so that a new ContentClaim is created for each FlowFile. This ensures that we have a content claim offset of 0. The poor performance was due to having to use StreamUtils.skip() in conjunction with the CipherInputStream, which would only skip a max of 511 bytes at a time. By using a separate Content Claim per FlowFile, we no longer need to seek after creating the CipherInputStream
This closes#7363
Signed-off-by: David Handermann <exceptionfactory@apache.org>
(cherry picked from commit 702c6350344e4ae4cd31349747e96c1384017ed4)
* NIFI-11464 Improvements for importing nested versioned flows
- Introduce FlowSnapshotContainer to return root snapshot + children
- Introduce ControllerServiceResolver to extract logic from service facade
- Update resolution logic to correctly consider all services in the hierarchy
- Merge additional parameter contexts and parameter providers from child to parent
- Add unit test for controller service resolver
- Replace use of emptSet/emptyMap with new set/map instance
NIFI-11636: Change default log level from parquet internal reader to WARN as it logs excessively at INFO level
Signed-off-by: Matt Burgess <mattyb149@apache.org>
- Removed NetworkUtils methods for getting available ports
- Updated Socket-based components to support using 0 to listen on a random available port for improved test reliability
This closes#7299
Signed-off-by: David Handermann <exceptionfactory@apache.org>
(cherry picked from commit 50811660d00b4bcfcb431f9897807352b947813a)
NIFI-11557: Added an additional system test and updated github actions to include surefire-report in order to help diagnose problem that occurred in one of the last system-test runs in Github. Could not replicate problem locally
- Incremental adjustment avoids breaking test on slower environments
This closes#7260
Signed-off-by: David Handermann <exceptionfactory@apache.org>
(cherry picked from commit ec01bce20786dfef0bd457fa7de8e04edbef9589)
* NIFI-11287: detect dependent properties when the property it depends on references a parameter
* address review feedback
* address more review comments
* - loadProperties checks type before getting the parameter context
- retrieve the parameter context with ajax call from inside the class
* add type parameter to all places calling loadProperties
* get reference parameters by invoking provided callbacks from the client
* check for user permissions before requesting for referenced parameters
* address review feedback
This closes#7117
This closes#7124
Co-authored-by: David Handermann <exceptionfactory@apache.org>
Signed-off-by: David Handermann <exceptionfactory@apache.org>
(cherry picked from commit 5811a9c579a11aa8fc8358851df33d0456a5e10c)
- Restored previous behavior of sending openid and email scopes for OpenID Connect token requests
- Added offline_access scope as the default value in nifi.properties to support Refresh Tokens
This closes#7168
Signed-off-by: Paul Grey <greyp@apache.org>
* NIFI-11461 Improved User and Group Tenants Search
- Added searchTenants method to NiFiServiceFacade and removed unnecessary object creation
- Updated TenantsResource to use delegated NiFiServiceFacade.searchTenants method
- Changed autocomplete delay from default 300 ms to 500 ms
* NIFI-11461 Adjusted implementation to use EntityFactory.createTenantEntity
This closes#7181
(cherry picked from commit bdff3abcd6d072a61e6399e694e3213732696561)
- Upgraded Spring Boot from 2.7.9 to 2.7.10
This closes#7141
Signed-off-by: David Handermann <exceptionfactory@apache.org>
(cherry picked from commit 0160d6d6b90ef2d2862d01520161b37d489e2669)
- Added StandardOidcIdTokenDecoderFactory based on Spring Security OidcIdTokenDecoderFactory with custom REST Operations
Merged #7108 into main.
(cherry picked from commit e4f0508c90f7f354b4210dd80f3dbed5b3254bcd)
- Added Authorization Request Resolver with support for building the base redirect URI using allowed proxy headers
This closes#7104
(cherry picked from commit 75eb449a312815b84545c1ee157144255b8fc97d)
- Fixed system tests so that they work properly in Clustered version of RegistryClientIT
- Fixed system test - ensure that we wait for processors to become valid before attempting to start them; also added an additional system test around Controller Services in versioned flows
This closes#7095
Signed-off-by: David Handermann <exceptionfactory@apache.org>
* NIFI-4890 Refactored OIDC with support for Refresh Tokens
- Implemented OIDC Authorization Code Grant Flow using Spring Security Filters
- Implemented OIDC RP-Initiated Logout 1.0
- Implemented OAuth2 Token Revocation RFC 7009 for Refresh Tokens
- Added OIDC Bearer Token Refresh Filter for updating application Bearer Tokens from Refresh Token exchanges
- Added configurable Token Refresh Window to application properties
- Removed original implementation and supporting classes
* NIFI-4890 Set Bearer Token expiration based on Access Token
* NIFI-4890 Corrected spelling and naming issues based on feedback
This closes#7013
Fixed issue in StandardContentClaimWriteCache in which inner OutputStream class did not have an idempotent close() method; as a result, the stream could be written to while already in use for another active FlowFile; fixed bug in ContentClaimInputStream in which skip() method ignored its own BufferedInputStream - this was discovered because it was causing failures in StandardProcessSessionIT; fixed bug in StandardProcessSessionIT in which the length of StandardContentClaim was being doubled because the OutputStream was setting the claim length but that is already handled at a lower level.
This closes#7087
Signed-off-by: David Handermann <exceptionfactory@apache.org>
