* NIFI-9514 - Add UI support for Parameter Providers in Controller Services
* - Fix a dialog closing issue
* - Hide fetch parameters button if there are config errors
* - Update Fetch Parameters dialog with new UX
- Implement checkbox logic for Selectable Parameters table
* - add createNewParameterContext property to track if group will be created as a new parameter context
- update fetch parameters dialog views for editing and after applying changes
- show affected referencing components after applying changes
- disable apply button if no parameter contexts will be updated
- refactor showing and hiding fetched parameters and selectable parameters tables logic
- add tooltip for parameter context icon
* - update parameter contexts view for provided contexts
* - add affected referencing components after applying fetched parameters
- add referencing parameter contexts to the provider settings tab
- update checkbox style in the selectable parameters table
- fix updating the referencing components border
- fix lint errors
* - fix selectable parameters table checkbox styles
* - fix hasParameterContextChanged checks
- checkbox style tweaks
* - add status bar to fetch parameters dialog
* - more style tweaks and remove unnecessary code
* - fix the selectable parameters table not saving and loading correctly
* - add tooltips
- fix styles
* - link from the parameter context to the associated parameter provider
* 9514: support navigating to the controller service created in parameter providers
* fix bulletins format in status bar
* address review feedback
- manage permissions for parameter providers
- disable/enable Fetch Parameters dialog Apply button
* manage authorizations to access parameter providers and parameter contexts
* fix lint errors
* fix and refactor hasGroupsChanged to determine the Apply button state
* new parameter context name input cannot be empty in Fetch Parameters dialog
* address review feedback
* fix duplicate code
* more fixes
* update fetch parameters checkbox states
* replace slickgrid checkbox selection plugin with custom implementation for different selection types
- check for affected parameters using the parameter status
* fixed showing the correct referencing components when switching groups
* fixed selectable parameters table shifting contents on row selection
* leverage slickgrid onClick to set user-selected parameter sensitivities in the selectable parameters table
* fix statusbar bulletins in processor details
- fix updating borders for referencing components
- update referencing parameter icon
- update table title in fetch parameters dialog
* address review feedback
* populate controller services referencing components of a referenced provider
- update controller services tab name
* showing parameter providers in CS controller service
* update tooltip messages in fetch parameters dialog
- fix dialog height to make room for the status bar
* reload the parameter providers table after a referenced parameter provider change in controller services
- fix conditions for enabling/disabling fetch parameters dialog Apply button
- add affected components no permissions message in the dialog
* fix always reloading the parameter providers table
- fix disableApplyButton checks
- add dialog message for a missing new parameter context name
* remove extra reload
* more fixes for disableApplyButton
- fixed styles for dialog message
* add a check in disableApplyButton for changed parameter values that are not referenced
- add changed value icon for parameters that are not referenced
- fix border on the referencing affected components container
* removed unnused plugins
This closes#5671
* NIFI-10473: Removing referencing components check on param provider fetch
* NIFI-10473: Adding parameter status DTO to ParameterProviderDTO
* Allowing parameterStatus to be populated even when no parameters were updated
* Adding ParameterStatus enum for parameter fetching
* Adding MISSING_BUT_REFERENCED ParameterStatus
This closes#6388
- Removing org.apache.httpcomponents:httpclient from nifi-web-api avoids Linkage Errors with Sensitive Property Providers
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6423.
- Updated standard user interface error handler to clear the Access-Token-Expiration item from Session Storage when receiving an error with the WWW-Authenticate Header indicating a problem with the Bearer Token
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6334.
- Appended root path to Cookie path attribute when removing Bearer Tokens as part of unauthorized response handling
- Updated Saml2AuthenticationSuccessHandler to follow standard Cookie path building strategy
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6278.
- Added Standard AuthenticationEntryPoint
- Configured AuthenticationEntryPoint for SecurityFilterChain and BearerTokenAuthenticationFilter
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6233.
- Removed extension of deprecated WebSecurityConfigurerAdapter
- Moved Filter bean configuration associated configuration classes
- Set default Spring Security log level to INFO
- Adjusted CSRF Token Repository to leverage simplified RequestUriBuilder for retrieving allowed context paths
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6195
- Updated SAML Authentication Configuration with Spring Security SAML 2 components
- Updated Administration Guide with REST Resources
- Replaced SAMLAccessResource methods with applicable Spring Security Filters
- Removed IDP Credential Service and supporting components
- Removed message.logging.enabled, metadata.signing.enabled, and signature.digest.algorithm properties
- Added Access Token Expiration resource method
- Removed Saml2AccessResource and replaced with Access Token Expiration to avoid unnecessary conflicts with SAML login consumer
- Corrected Resource URI handling to support proxy server access
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6149.
- Implemented MiNiFi C2 client using OkHttp
- Refactored MiNiFi bootstrap command handling and socket communication
- Added C2 Client Service to nifi-framework-core
This closes#6075
Co-authored-by: Matthew Burgess <mattyb149@apache.org>
Co-authored-by: Csaba Bejan <bejan.csaba@gmail.com>
Co-authored-by: Ferenc Erdei <ferdei@cloudera.com>
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Added nifi.web.https.application.protocols property
- Set default protocol to HTTP/1.1 and provided documentation for enabling HTTP/2
- Changed StandardALPNProcessor handshakeFailed log to debug
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#6093.
* NIFI-9959 Added UI Support for Sensitive Dynamic Properties
- Added SupportsSensitiveDynamicProperties to DBCPConnectionPool and ScriptedReportingTask
* NIFI-9959 Added sensitive parameter argument for Controller Service descriptors
* NIFI-9959 Adjusted sensitive property descriptor handling to support changing status
* NIFI-9959 Added info icon for Sensitive Value field
* NIFI-9959 Corrected handling of descriptor for existing dynamic properties
* NIFI-9959 Cleaning up dialog markup.
Co-authored-by: Matt Gilman <matt.c.gilman@gmail.com>
This closes#6073
* NIFI-9958 Implemented Sensitive Dynamic Properties
- Added SupportsSensitiveDynamicProperties annotation for components
- Added optional sensitive query parameter to Property Descriptor REST Resource methods
- Added system tests for components supporting sensitive dynamic properties
- Updated REST Resources to support Sensitive Dynamic Property Names
- Updated Documentation Writer to indicate component support for Sensitive Dynamic Properties
- Updated InvokeHTTP to support Sensitive Dynamic Properties
- Updated Auditor components to handle masking Sensitive Dynamic Properties
* Refactored Property Descriptor REST method handling
- Corrected AbstractDocumentationWriter evaluation of support for sensitive dynamic properties
- Refactored Controller Service Dynamic Properties system tests to new class
* Updated AbstractComponentNode.getProperties() to get canonical descriptor
* NIFI-10001: Fixed issue in which some components may fail to update the scheduled state when comparing flows
* NIFI-10001: Fixed bugs that caused some components to not have their scheduled state updated. When comparing two flows, now allow specifying how to determine a VersionedComponent's ID for comparison. When comparing local flow against flow from registry, use Versioned Component ID. But when comparing two instantiated flows, such as local flow vs. cluster flow, use the VersionedComponent's Instance ID instead. This ensures that we can properly compare two components even if there are several instances of a given flow
* NIFI-9895 Allow parameter to reference controller service. Check read and write authorization for both previous and newly set controller service. Authorization done for both property or parameter change. Import/export handled by switching between instance id and versioned id.
* NIFI-10001: When enabling a collection of Controller Services, changed logic. Instead of enabling dependent services and waiting for them to complete enablement before starting a given service, just start the services given. The previous logic was necessary long ago because we couldn't enable a service unless all dependent services were fully enabled. But that changed a while ago. Now, we can enable a service when it's invalid. It'll just keep trying to enable until it becomes valid. At that point, it will complete its transition from ENABLING to ENABLED.
* NIFI-10001: Restored previous implementation for StandardControllerServiceProvider, as the changes were not ultimately what we needed. Changed StandardProcessGroup to use a ConcurrentHashMap for controller services instead of a HashMap with readLock. This was causing a deadlock when we enable a Controller Service that references another service during flow synchronization. Flow Synchronization was happening within a write lock and enabling the service required a read lock on the group. Eventually the thread holding the write lock would timeout and release the write lock. But this caused significant delays on startup. By changing to a ConcurrentHashMap, we alleviate the need for the Read Lock. Also noticed in testing that the StandardNiFiServiceFacade did not save flow changes when enabling dependent services so added call to controllerFacade.save().
- Removed unnecessary references to jackson.version property
- Removed unnecessary dependency management references to Jackson libraries
This closes#5992
Signed-off-by: Mike Thomsen <mthomsen@apache.org>
* NIFI-9883 Refactored property protection to isolated ClassLoader
- Added nifi-property-protection-loader for abstracting access to implementation classes using ServiceLoader
- Updated Authorizer and Login Identity Provider configuration using isolated ClassLoader
- Updated NiFi Properties Loader using isolated ClassLoader
- Updated nifi-assembly to place property protection dependencies in lib/properties directory
- Updated and refactored unit tests
- Corrected LoginIdentityProviderFactoryBean getObject() Type
- Refactored XML parsing to use providers from nifi-xml-processing
- Configured spotbugs-maven-plugin with findsecbugs-plugin in nifi-xml-processing
- Disabled Validate DTD in default configuration for EvaluateXPath and EvaluateXQuery
- Replaced configuration of DocumentBuilder and streaming XML Readers with shared components
- Removed XML utilities from nifi-security-utils
- Moved Commons Configuration classes to nifi-lookup-services
This closes#5962
Signed-off-by: Paul Grey <greyp@apache.org>
* NIFI-9787: Increasing visibility of selected slickgrid row with 1px borders on the top and bottom plus a slightly darker yellow background-color value.
* NIFI-9787: Added missing units to the padding values.
Merged #5857 into main.
simonbence
M Tien
Joe Gresock
exceptionfactory
Mark Payne
Hsin-Ying Lee
Malthe Borch
Joe Witt
Paul Grey
timeabarna
Nissim Shiman
Matthew Burgess
Emilio Setiadarma
tpalfy
Chris Sampson
Matt Gilman
dependabot[bot]
Bence Simon
Hervé Boutemy
Jonathan Conti-Vock
Jon Conti-Vock