Commit Graph

258 Commits

Author SHA1 Message Date
Matt Gilman 528b82634f
NIFI-4210:
- Introducing support for OpenId Connect.
- Updating REST API and UI to support the authorization code flow.
- Adding/fixing documentation.
- Implementing time constant equality checks where appropriate.
- Corrected error handling during startup and throughout the OIDC login sequence.
- Redacting the token values from the user log.
- Defaulting to RS256 when not preferred algorithm is specified.
- Marking the OIDC endpoints as non-guaranteed in to allow for minor adjustments if/when additional SSO techniques are introduced.

This closes #2047.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-08-10 11:15:35 -07:00
Andy LoPresto 675d989003
NIFI-4139
- Moved key provider interface and implementations from nifi-data-provenance-utils module to nifi-security-utils module.
- Refactored duplicate byte[] concatenation methods from utility classes and removed deprecation warnings from CipherUtility.
- Created KeyProviderFactory to encapsulate key provider instantiation logic.
- Added logic to handle legacy package configuration values for key providers.
- Added unit tests.
- Added resource files for un/limited strength cryptography scenarios.
- Added ASL to test resources.
- Moved legacy FQCN handling logic to CryptUtils.
- Added unit tests to ensure application startup logic handles legacy FQCNs.
- Moved master key extraction/provision out of FBKP.
- Removed nifi-security-utils dependency on nifi-properties-loader module.
- Added unit tests.
2017-08-07 15:21:58 -04:00
Yolanda M. Davis afd4f9e034
NIFI-4022 - Initial update for SASL support for cluster management in Zookeeper
NIFI-4022 - adding sasl documentation update and update to test

This closes #2046.

Signed-off-by: Bryan Bende <bbende@apache.org>
2017-08-04 14:19:35 -04:00
Matt Gilman eefad29167 NIFI-4127:
- Introducing composite ConfigurableUserGroupProvider and UserGroupProvider.
- Adding appropriate unit tests.
- Updating object model to support per resource (user/group/policy) configuration.
- Updating UI to support per resource (user/group/policy) configuration.
- Adding necessary documentation.
- Updating documentation to clarify integrity checks.
- Providing an example of configuring a composite implementation.

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #1978.
2017-07-11 18:13:04 +02:00
Andrew Lim 0c27a0888d
NIFI-3880 Added complete TLS Toolkit options to Admin Guide.
This closes #1965.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-06-30 14:45:35 -07:00
Andrew Lim 3089d9dce0 NIFI-4138 Add Component Alignment to User Guide
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1959
2017-06-29 11:54:56 -04:00
Pierre Villard ba3372a1dc NIFI-4079 Add concat in Record Path Guide. This closes #1920. 2017-06-21 14:56:07 -04:00
Matt Gilman 6bc6f955c0 NIFI-4059:
- Introducing the LdapUserGroupProvider.
- Updating documentation accordingly.
- Moving the IdentityMapping utilities so they were accessible.

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #1923.
2017-06-19 19:25:33 +02:00
Yolanda M. Davis 8ef4fddddd
NIFI-3696 - ConfigMigration and FileManager tools
This closes #1889.

Signed-off-by: Bryan Rosander <brosander@apache.org>
2017-06-12 09:50:02 -04:00
Matt Gilman 4ed7511bee
NIFI-3653: - Introducing UserGroup and Policy provider interfaces.
- Introducing FileUserGroupProvider and FileAccessPolicyProvider.
- Refactoring FileAuthorizer to utilize the file based implementations.
- Introducing the StandardManagedAuthorizer.
- Decorating the configured ManagedAuthorizer to ensure integrity checks are still performed.
- Loading user groups if possible to use during access decisions.
- Merging responses for requests for AccessPolicies, Users, and UserGroups.
- Adding unit tests as appropriate.
- Adding methods to the User, Group, and AccessPolicy builder that more easily supports generating UUIDs.
- Fixing typo when seeding policies during startup.
- Fixing type in documentation and error messages.

This closes #1897.

Signed-off-by: Bryan Bende <bbende@apache.org>
2017-06-09 13:54:10 -04:00
Andrew Lim f447fc73fa NIFI-4048 Added nifi.cluster.node.protocol.max.threads to Cluster Node Properties section of Admin Guide
This closes #1908

Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
2017-06-09 12:59:22 -04:00
Matt Gilman cc741d2be6
NIFI-3997:
- Bumping to next minor version.
2017-06-08 15:22:51 -04:00
Matt Gilman 6ee12e9b47
NIFI-3997-RC1prepare for next development iteration 2017-06-05 11:07:43 -04:00
Matt Gilman ddb73612bd
NIFI-3997-RC1prepare release nifi-1.3.0-RC1 2017-06-05 11:07:28 -04:00
Mark Payne 32314d70fd NIFI-4009: Added support for several key functions in RecordPath
Signed-off-by: Matt Burgess <mattyb149@apache.org>

This closes #1881
2017-06-02 14:06:05 -04:00
Andrew Lim de6a98618a NIFI-479 Add UI Extension Section to Developer Guide
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1882
2017-06-02 12:05:20 -04:00
Andrew Lim 3966f5ce86 NIFI-3959 Corrected Anatomy of Processor and Process group screenshots and text
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1862
2017-05-26 08:51:25 -04:00
Mark Payne 5aa3baca79 NIFI-3568: This closes #1577. Use a cached thread pool in order to allow ThreadPoolRequestReplicator to scale up the number of threads to some configurable max
Signed-off-by: joewitt <joewitt@apache.org>
2017-05-24 21:21:45 -04:00
Andrew Lim 49270f8a8c NIFI-3944 Update docs and screenshots for Component Versioning
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1840
2017-05-23 11:06:59 -04:00
Andrew Lim 28eadaa683
NIFI-3911 Improve Controller Services and Reporting Task Documentation
This closes #1826.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-05-18 19:20:39 -07:00
Andre F de Miranda 289dde098e
NIFI-3896 - Makes DeprecationNotice more intuitive. This closes #1799
Update developers guide on how to deprecate a component
2017-05-17 16:37:11 -04:00
Matt Gilman 6ffb78d404
NIFI-3853:
- Filtering out certain control characters and unpaired Unicode surrogate codepoints prior to saving the flow.xml.

This closes #1784.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-05-15 19:02:03 -07:00
Mark Payne b1901d5fe0 NIFI-3838: Initial implementation of RecordPath and UpdateRecord processor
NIFI-3838: Updated version from 1.2.0-SNAPSHOT to 1.3.0-SNAPSHOT; removed unneeded value from AttributeExpression.ResultType enum

NIFI-3838: Addressed PR Review feedback

NIFI-3838: Allow for schemas to be merged together for a record; refactored RecordSetWriterFactory so that there is a method to obtain the schema and then the writer is created with that schema. Added additional unit tests

NIFI-3838: Addressed problems with documentation based on PR Review

NIFI-3838: Fixed checkstyle violation

NIFI-3838: Addressed issue of comparing different types of Number objects

Signed-off-by: Matt Burgess <mattyb149@apache.org>

This closes #1772
2017-05-12 12:36:52 -04:00
Andrew Lim b6bdc4a0a8 NIFI-3850 Corrected errors in Admin Guide and made property formatting consistent
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1771
2017-05-09 15:06:23 -04:00
Bryan Bende 3af53419af
NIFI-3770-RC2 prepare for next development iteration 2017-05-05 20:50:28 -04:00
Bryan Bende 3a605af8e0
NIFI-3770-RC2 prepare release nifi-1.2.0-RC2 2017-05-05 20:50:14 -04:00
Sarah Olson 960ef9142d Documentation for admin toolkit
Signed-off-by: Yolanda M. Davis <ymdavis@apache.org>

This closes #1736
2017-05-03 09:01:59 -04:00
Sarah Olson 16f37763f6
NIFI-3773 Added documentation and screenshots for Component Versioning.
This closes #1734.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-05-02 17:37:18 -04:00
Andrew Lim 580d65dfde
NIFI-3701 Documentation improvements for 1.x.
This closes # 1733.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-05-02 16:41:47 -04:00
Andre F de Miranda 3bfe323a5d NIFI-3769 - Document detail value of 'nifi.provenance.repository.warm.cache.frequency' 2017-05-02 08:44:01 -04:00
Andy LoPresto 946f4a1a28
NIFI-3721 Added documentation for Encrypted Provenance Repositories to Admin Guide and User Guide.
Added screenshot of encrypted provenance repository contents on disk.
Added note about clearing existing provenance repository when switching to encrypted implementation (see PR 1686 @ https://github.com/apache/nifi/pull/1686#issuecomment-298432578).

This closes #1713.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-05-01 17:19:25 -04:00
Andrew Lim 11b935a27b NIFI-3748 Add component linking functionality to documentation
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1724
2017-05-01 15:37:13 -04:00
Andrew Lim 0a7b9467e9 NIFI-3684 Make docs more explicit about anonymous access to a secured instance
This closes #1722

Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
2017-05-01 13:13:54 -04:00
Andrew Lim 6512306fa4 NIFI-3752 Fixed broken links in User Guide
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1710
2017-04-27 15:42:44 -04:00
Bryan Rosander ee4b88620a NIFI-3737 - Reverting problematic pngs
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>

This closes #1693
2017-04-25 12:47:48 -04:00
Bryan Rosander 879fe3efd6 NIFI-3737 - Ran optipng on all png files 2017-04-25 12:28:49 -04:00
Joe Percivall 5419891fe7 NIFI-3633 This closes #1610. Adding HttpNotificationService.
Signed-off-by: joewitt <joewitt@apache.org>
2017-04-11 00:37:12 -04:00
Mike Moser 2589df80ab NIFI-3304 removed unneeded Java 8 codecache info from Admin Guide
This closes #1621

Signed-off-by: Andre F de Miranda <trixpan@users.noreply.github.com>
2017-04-11 02:05:20 +10:00
Bryan Bende 556f309df0
NIFI-3520 Refactoring instance class loading
- Fixing FlowController to use appropriate class loader when instantiating processor
- Updating ExtensionManager to leverage new flag in MANIFEST from NAR plugin
- Adding ReloadComponent interface and refactoring instance class loading to use it
- Fixing FetchHDFS issue with TDE by using ugi.doAs
- Refactoring nifi-nar-utils so that ExtensionManager only lives in nifi-framework
- Caching temp components found during service loader in ExtensionManager
- Updating authorizables, docs, and fingerprinting to use the cached components
- Introducing a flag on @RequiresInstanceClassLoading to indicate if ancestor resources should be cloned
- Updating developer guide regarding cloneAncestorResources flag
- This closes #1635
2017-04-06 13:51:08 -04:00
Bryan Bende d90cf846b9 NIFI-3380 Bumping NAR plugin to 1.2.0-SNAPSHOT development to leverage changes from master, adding buildnumber-maven-plugin to nifi-nar-bundles to properly set build info in MANIFEST of NARs
- Refactoring NarDetails to include all info from MANIFEST
- Adding the concept of a Bundle and refactoring NarClassLoaders to pass Bundles to ExtensionManager
- Adding logic to fail start-up when multiple NARs with same coordinates exist, moving Bundle classes to framework API
- Refactoring bundle API to classes and creating BundleCoordinate
- Updating FlowController to use BundleCoordinate

- Updating the UI and DTO model to support showing bundle details that loaded an extension type.
- Adding bundle details for processor canvas node, processor dialogs, controller service dialogs, and reporting task dialogs.
- Updating the formating of the bundle coordinates.
- Addressing text overflow in the configuration/details dialog.
- Fixing self referencing functions.
- Updating extension UI mapping to incorporate bundle coordinates.
- Discovering custom UIs through the supplied bundles.
- Adding verification methods for creating extensions through the rest api.
- Only returning extensions that are common amongst all nodes.
- Rendering the ghost processors using a dotted border.
- Adding bundle details to the flow.xml.
- Loading NiFi build and version details from the framework NAR.
- Removing properties for build and version details.
- Wiring together front end and back end changes.
- Including bundle coordinates in the component data model.
- Wiring together component data model and flow.xml.
- Addressing issue when resolve unvesioned dependent NARs.

Updating unit tests to pass based on framework changes
- Fixing logging of extension types during start up

- Allowing the application to start if there is a compatible bundle found. - Reporting missing bundle when the a compatible bundle is not found. - Fixing table height in new component dialogs.

Fixing chechstyle error and increasing test timeout for TestStandardControllerServiceProvider
- Adding ability to change processor type at runtime
- Adding backend code to change type for controller services

- Cleaning up instance classloaders for temp components.
- Creating a dialog for changing the version of a component.
- Updating the formatting of the component type and bundle throughout.
- Updating the new component dialogs to support selecting source group.
- Cleaning up new component dialogs.
- Cleaning up documentation in the cluster node endpoint.

Adding missing include in nifi-web-ui pom compressor plugin
- Refactoring so ConfigurableComponent provides getLogger() and so the nodes provide the ConfigurableComponent
- Creating LoggableComponent to pass around the component, logger, and coordinate with in the framework

- Finishing clean up following rebase.

Calling lifecycle methods for add and remove when changing versions of a component
- Introducing verifyCanUpdateBundle(coordinate) to ConfiguredComponent, and adding unit tests

- Ensuring documentation is available for all components. Including those of the same type that are loaded from different bundles.

Adding lookup from ClassLoader to Bundle, adding fix for instance class loading to include all parent NARs, and adding additional unit tests for FlowController
- Adding validation to ensure referenced controller services implement the required API
- Fixing template instantiation to look up compatible bundle

- Requiring services/reporting tasks to be disabled/stopped.
- Only supporting a change version option when the item has multiple versions available.
- Limiting the possible new controller services to the applicable API version.
- Showing the implemented API versions for Controller Services.
- Updating the property descriptor tooltip to indicate the required service requirements.
- Introducing version based sorting in the new component dialog, change version dialog, and new controller service dialog.
- Addressing remainder of the issues from recent rebase.

Ensuring bundles have been added to the flow before proposing a flow, and incorporating bundle information into flow fingerprinting
- Refactoring the way missing bundles work to retain the desired bundle if available
- Fixing logger.isDebugEnabled to be logger.isTraceEnabled

- Auditing when user changes the bundle. - Ensuring bundle details are present in templates.

Moving standard prioritizers to framework NAR and refactoring ExtensionManager logic to handle cases where an extension is in a JAR directly in the lib directory

- Ensuring all nodes attempt to instantiate the same template instance when the available bundles may differ. - Fixing the auditing of copy/paste and template instantiation. - Running addtional verification methods when running standalone.

Refactoring controller service invocation handler to allow updating the node used by the invocation handler
- Ensuring the bundles in a proposed flow are compatible with the current instance when the current instance has no flow is going to accept the proposed flow
- Merging whether multiple versions of the component are available
- Setting NAR plugin back to current released version
- Cleaning up DocGenerator to not process multiple times

Addressing incorrect usage of nf.Common. - Using formatType in the new component type dialogs.

Improving error messages when looking for bundles

Addressing comments from PR. - Fixing references to global nf namespace. - Fixing injection of nfProcessGroupConfiguration in nfComponentVersion. - Fixing web api integration tests.

Not rendering unversioned in help documentation. - Ensuring the isExtentionMissing flag is correct after changing the component type.

Adding synchronization in node classes to ensure changing component can't occur when component is running, introducing MissingBundleException for better reporting when a node can't join cluster due to a missing bundle, and bumping NAR plugin to released version 1.2.0

Adding concept of missing components to fingerprinting to ensure nodes agree on missing components when joining a cluster

NIFI-3380: NIFI-3520: - Fixing hive nar dependency. - Marking DBCPService as provided. - Skipping services that require instance classloading and are cobundled with their service API. - Skipping components that require instance classloading and reference service APIs that are cobundled. - Addressing UI issues in the new component dialogs when re-opening with a filter applied.

Fixing checkstyles issue and adding back assume checks to distributed cache server test

Ensuring new component types are sorted correctly when shown initially.

This closes #1585.
2017-03-24 11:06:44 -04:00
Mike Moser 2dd61125d1 NIFI-2481 improved content repo archive description in Admin Guide
This closes: #1603

Signed-off-by: Andre F de Miranda <trixpan@users.noreply.github.com>
2017-03-24 22:49:01 +11:00
Wil Selwood eb37f300c7 NIFI-3634 Fix minor User Guide Typos
Signed-off-by: James Wing <jvwing@gmail.com>
2017-03-22 16:48:09 -07:00
Matt Gilman 9d4239be1e NIFI-3245:
- Adding notes to the controller service tables to better define their availability.
- Clarifying support of Safari.

This closes #1593

Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
2017-03-13 13:48:11 -04:00
Matt Gilman 16bde02ed0
NIFI-3541: - Allowing the user to specify the network interface to send/receive data for a Remote Process Group.
This closes #1550.

Signed-off-by: Mark Payne <markap14@hotmail.com>
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2017-03-06 10:38:15 -05:00
Mark Payne 96ed405d70 NIFI-3356: Initial implementation of writeahead provenance repository
- The idea behind NIFI-3356 was to improve the efficiency and throughput of the Provenance Repository, as it is often the bottleneck. While testing the newly designed repository,
  a handful of other, fairly minor, changes were made to improve efficiency as well, as these came to light when testing the new repository:

- Use a BufferedOutputStream within StandardProcessSession (via a ClaimCache abstraction) in order to avoid continually writing to FileOutputStream when writing many small FlowFiles
- Updated threading model of MinimalLockingWriteAheadLog - now performs serialization outside of lock and writes to a 'synchronized' OutputStream
- Change minimum scheduling period for components from 30 microseconds to 1 nanosecond. ScheduledExecutor is very inconsistent with timing of task scheduling. With the bored.yield.duration
  now present, this value doesn't need to be set to 30 microseconds. This was originally done to avoid processors that had no work from dominating the CPU. However, now that we will yield
  when processors have no work, this results in slowing down processors that are able to perform work.
- Allow nifi.properties to specify multiple directories for FlowFile Repository
- If backpressure is engaged while running a batch of sessions, then stop batch processing earlier. This helps FlowFiles to move through the system much more smoothly instead of the
  herky-jerky queuing that we previously saw at very high rates of FlowFiles.
- Added NiFi PID to log message when starting nifi. This was simply an update to the log message that provides helpful information.

NIFI-3356: Fixed bug in ContentClaimWriteCache that resulted in data corruption and fixed bug in RepositoryConfiguration that threw exception if cache warm duration was set to empty string

NIFI-3356: Fixed NPE

NIFI-3356: Added debug-level performance monitoring

NIFI-3356: Updates to unit tests that failed after rebasing against master

NIFI-3356: Incorporated PR review feedback

NIFI-3356: Fixed bug where we would delete index directories that are still in use; also added additional debug logging and a simple util class that can be used to textualize provenance event files - useful in debugging

This closes #1493
2017-02-22 12:40:06 -05:00
Andrew Lim 855743f933
NIFI-3493 Corrected reference in Admin Guide to http not https for nifi.web.https.network.interface property
This closes #1515.

Signed-off-by: Bryan Rosander <brosander@apache.org>
2017-02-16 13:04:16 -05:00
Andrew Lim 702a0dcf17 NIFI-3480 Fix incorrect Admin Guide documentation regarding anonymous access
This closes #1512
2017-02-16 09:45:41 -05:00
Koji Kawamura 1eb98aefee NIFI-3373: Add nifi.flow.configuration.archive.max.count
- Add 'nifi.flow.configuration.archive.max.count' in nifi.properties
- Change default archive limit so that it uses archive max time(30 days)
  and storage (500MB) if no limitation is specified
- Simplified logic to delete old archives

This closes #1460.

Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
2017-02-16 14:19:39 +09:00
Aldrin Piri 76fcf5def1 NIFI-3385 - This closes #1440. Updating copyright statements to reflect the new year. 2017-02-16 00:10:02 -05:00
Jeff Storck 8b90343715
NIFI-3355 Allows NiFi to bind to specific network interfaces, with separate interface lists for HTTP and HTTPS.
This closes #1508.

Signed-off-by: Bryan Rosander <brosander@apache.org>
2017-02-15 18:39:26 -05:00