Commit Graph

237 Commits

Author SHA1 Message Date
Matt Gilman 7f5eabd603
NIFI-3050: Implemented access control logic for restricted components.
- Addressing comments from PR.
- Adding restricted tags to relevant components.
- Showing a restricted icon overlay on the processor node on the canvas. (+1 squashed commit)
Squashed commits:
[f487682] NIFI-3050:
- Introducing a Restricted annotation for components that require elevated privileges to use.
- Updating the new Processor, Controller Service, and Reporting Task dialogs to include these details and prevent unauthorized selection.
- Including the Restricted description in the generated component documentation.
- Updating processor access control integration test to verify restricted component creation.
- Updating the developer, user, and admin guide to include the restricted component policy.

This closes #1247.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-11-21 12:07:48 -08:00
Andrew Lim 7e7739819a
NIFI-3058 Add documentation for ZooKeeper Migrator to Admin Guide
NIFI-3058 ZooKeeper Migration edits and general spelling corrections

This closes #1246.

Signed-off-by: Bryan Bende <bbende@apache.org>
2016-11-21 13:37:57 -05:00
Matt Gilman c8830742ee NIFI-3020:
- Introducing a strategy for identifying users.
- Fixing issue with the referral strategy error message.
- Adding code to shutdown the application when the authorizer or login identity provider are not initialized successfully.

NIFI-3020:
- Updating the admin guide to document the identity strategy.

NIFI-3020:
- Ensuring the request replicator attempts to shutdown regardless of whether the flow service properly terminates.

This closes #1236
2016-11-19 08:38:41 -05:00
Andrew Lim 5a25884f52 NIFI-3052 Update screenshots in Admin Guide and Getting Starting guide for additional colors added to UI
This closes #1239
2016-11-18 14:05:17 -05:00
jpercivall c4be800688 NIFI-2950 Adding support for whole number hex values and a fromRadix function
NIFI-2950 Fixing typo

This closes #1161
2016-11-17 07:27:51 -05:00
Bryan Rosander e5eda63705
NIFI-2943 - Toolkit uses JKS type over PKCS12 when creating truststore because non-Bouncy Castle providers cannot read certificates from PKCS12 truststore.
Peer review feedback (+2 squashed commits)
Squashed commits:
[0102c8e] NIFI-2943 - Peer review feedback
[9bcd495] NIFI-2943 - pkcs12 keystore improvements

1. loading pkcs12 keystores with bouncy castle everywhere
2. tls-toolkit client using jks truststore when keystore type is specified differently
3. tests

This closes #1165.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-11-16 17:13:10 -08:00
Andrew Lim 2c135c44f2 NIFI-2985 Update User Guide for Backpressure Visual indicator
This closes #1234.
2016-11-16 20:58:10 +01:00
Andrew Lim 76b859c4ef NIFI-2953 Update Multi-tenant authorization doc for changes to policy management UI. This closes #1225 2016-11-15 16:10:46 -05:00
Andy LoPresto 59fea1cb4e NIFI-2654 Enabled encryption coverage for login-identity-providers.xml.
Squashed commits:
[5dd22a9] NIFI-2654 Updated administration guide with login-identity-providers.xml flags.

Exposed master key retrieval code in NiFiPropertiesLoader.
Added logic to decrypt login identity providers XML configuration.
Updated login-identity-providers.xsd to include encryption scheme attribute.
Added unit tests. (+18 squashed commits)
Squashed commits:
[57c815f] NIFI-2654 Resolved issue where empty LIP property elements could not be encrypted.
Added unit test and resource.
[27d7309] NIFI-2654 Wired in serialization logic to write logic for LIP.
Added comprehensive unit test for LIP & NFP in same test.
[b450eb2] NIFI-2654 Finalized logic for preserving comments in LIP parsing.
[5aa6c9c] NIFI-2654 Added logic for maintaining XML formatting (comments and whitespace) for LIP.
Added unit tests (w/o encryption works; w/ does not).
[b53461f] NIFI-2654 Added unit test for full tool invocation migrating a login-identity-providers.xml file and updating file and bootstrap.conf with key.
[2d9686c] NIFI-2654 Updated tool description and various logging statements.
Added unit test for full tool invocation encrypting a login-identity-providers.xml file and updating file and bootstrap.conf with key.
[8c67cb2] NIFI-2654 Added logic to encrypt LIP XML content.
Added unit tests.
[8682d19] NIFI-2654 Added logic to handle "empty" (commented) LIP files.
Added unit tests.
[077230e] NIFI-2654 Fixed logic to decrypt multiline and multiple-per-line XML elements.
Added unit tests and resources.
[d5bb8da] NIFI-2654 Ignored unit test for unreadable conf directory because directory was causing Maven build issues.
Removed test resources.
[7e50506] NIFI-2654 Fixed AESSensitivePropertyProvider bug handling cipher text with whitespace.
Added unit test.
[b69a661] NIFI-2654 Fixed AESSensitivePropertyProviderFactoryTest to reflect absence of key causes errors.
[6f821b9] NIFI-2654 Added standard password to arbitrary encryption test for use in test resources.
[d289ffa] NIFI-2654 Added LIP XML decryption.
Added unit tests.
[a482245] NIFI-2654 Added LIP test resources.
[7204df4] NIFI-2654 Changed logic to only perform properties encryption when file path is provided.
[729e1df] NIFI-2654 Removed population of default file locations for bootstrap.conf, nifi.properties, and login-identity-providers.xml as not all files may be desired.
Added/updated unit tests.
[7dba5ef] NIFI-2654 Started LIP work (arguments & parsing).
Added unit tests.

Signed-off-by: Yolanda M. Davis <ymdavis@apache.org>

This closes #1216
2016-11-14 22:39:06 -05:00
Matt Gilman bff89f17b3 NIFI-401: - Minor tweaks to PR #1117. - Ensuring existing configuraiton is retained and shown until the user explicits changes it. - Retaining, but disabling, deprecated options.
This closes #1185
This closes #1117
This closes #512

Signed-off-by: jpercivall <JPercivall@apache.org>
2016-11-08 17:06:43 -05:00
Bryan Bende d1d053725b NIFI-2909 Adding per-instance class loading capability through @RequiresInstanceClassLoading annotation
NIFI-1712 Applying per-instance class loading to HBaseClientService to allow specifying Phoenix Client JAR

-Refactoring the ClassLoading so that every processor, controller service, and reporting task gets an InstanceClassLoader with a parent of the NAR ClassLoader, and only components with @RequiresInstanceClassLoading will make a copy of the NAR ClassLoader resources, and addressing some review feedback

This closes #1156
2016-11-08 13:21:27 -05:00
Andy LoPresto 89eb2ce28c
NIFI-2652 Provided key migration capability for encrypted config tool.
Added test resources with 128-bit encryption for environments without unlimited strength cryptographic jurisdiction policies installed. All tests pass in both 128- and 256-bit environments. (+8 squashed commits)
Squashed commits:
[55f127c] NIFI-2652 Updated Admin Guide with instructions for encrypted config key migration.
[05abf0e] NIFI-2652 Added unit tests for negative cases for migration argument parsing.
Cleaned up TODOs and comments.
[9b73b22] NIFI-2652 Removed SCrypt mock from one unit test that didn't need it. Test pollution is removed and all tests pass.
[d17ea77] NIFI-2652 Removed SCrypt mock from one redundant unit test. One offender remains ignored.
[0924ce0] NIFI-2652 Removed SCrypt mock from one unit test that did not need it. Two offenders remain ignored.
[cb5f850] NIFI-2652 Expanded unit test for combinations into individual tests due to System.exit() only be capturable once per test.
Three tests which mock Scrypt for speed are temporarily ignored to perform test pollution identification.
[c9cc5dc] NIFI-2652 Added logic and unit test for all combinations of original key/password and new key/password.
[19713ec] NIFI-2652 Implemented first pass of key migration logic and provided single comprehensive unit test.

This closes #1186.
2016-11-07 15:33:10 -08:00
Andrew Lim b7c6392183 NIFI-2960 Remove unused/outdated doc images. This closes #1169 2016-11-03 13:54:04 -04:00
Andrew Lim 60da897e10 NIFI-2915 Updated reference to correct View Details image; Replaced RPG secure/not secure images; Changed template Note style to match rest of documentation. This closes #1168 2016-11-03 12:24:09 -04:00
jpercivall 1d74b5d3ce NIFI-2791 Adding 'math' expression language function
This closes #1157.
2016-10-25 19:45:38 +02:00
jpercivall e4a3e09643 NIFI-1662 Adding proper UI regex support for decimals in EL
This closes #1018
2016-10-24 10:31:16 -04:00
jpercivall 94ab999026 NIFI-1662 adding Expression Language decimal support 2016-10-24 10:20:21 -04:00
Andrew Lim 979b4d8ab9
NIFI-2801 Edited Kafka processor documentation to explicitly state which Kafka versions supported by each processor
This closes #1119.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-10-12 10:35:45 -07:00
Koji Kawamura 540ef63efa NIFI-2855: Site-to-Site with port forwarding.
- Added following properties:
  - nifi.web.http.port.forwarding
  - nifi.web.https.port.forwarding

This closes #1100.

Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
2016-10-07 15:00:37 +09:00
Andrew Lim 53f7a21663 NIFI-2691 Replaced references to kerberos/spegno principle with principal in nifi.properties and admin guide
This closes: #1105

Signed-off-by: Andre F de Miranda <trixpan@users.noreply.github.com>
2016-10-07 01:22:49 +11:00
Joe N 6f1af31ff2 NIFI-2852 base64 expression language functions
Signed-off-by: jpercivall <joepercivall@yahoo.com>
2016-10-05 17:33:07 -04:00
Lee Laim 4dbdfea5dc
minor typo in expression-language-guide.doc
delimiter in example was asciidoc syntax

This closes #1098.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-10-04 17:27:44 -07:00
Andrew Lim 3ac3b8dc91 NIFI-2639 Update NiFi In Depth Doc: made text edits and replaced screenshots with new UI
This closes #1067

Signed-off-by: jpercivall <joepercivall@yahoo.com>
2016-09-27 11:41:48 -04:00
Andre F de Miranda 446cd44702 NIFI-2816 - Clean typos across the code
This closes #1057.
2016-09-26 17:47:31 +02:00
Andre F de Miranda aa933a1941 NIFI-2755 - Fixes minor typo in Developers Guide
This closes #1003
2016-09-15 10:12:04 -04:00
Mark Payne a7e76cc00a NIFI-1966: When cluster is started up, do not assume that Cluster Coordinator has the golden copy of the flow but instead wait for some period of time or until the required number of nodes have connected, and then choose which flow is correct. This closes #977 2016-09-06 16:31:37 -04:00
Joseph Percivall 1fe18a1567 NIFI-2676-rc1 prepare for next development iteration 2016-08-26 11:40:58 -04:00
Joseph Percivall 74d5224783 NIFI-2676-rc1 prepare release nifi-1.0.0-RC1 2016-08-26 11:40:44 -04:00
Andrew Lim 7bc255b9b1
NIFI-2648 Edit formatting of TLS toolkit section of Admin guide for improved readability and consistency
This closes #934.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-08-24 14:37:35 -07:00
Andrew Lim 487f05a2b1
NIFI-2451 Updated Admin Guide with encrypted config documentation.
Changed "the user" to "you" in new sections for consistency. (+3 squashed commits)
Squashed commits:
[aadbbd1] NIFI-2451 Incorporated Drew's final comments to Admin Guide.
[b9a04ea] NIFI-2451 Added new documentation regarding encrypt-config tool after changes in NIFI-1831.
[5c07e68] NIFI-2451 Update Admin guide for encrypt-config command utility, new nifi.sensitive.props.additional.keys property, and removal of Java 7 reference for JCE Unlimited Strength Jurisdiction Policy

This closes #926.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-08-24 13:08:38 -07:00
Sarah Olson 7a4fed189c NIFI-2638: Updated iconProcessor.png with image from new UI.
This closes #924

Signed-off-by: jpercivall <joepercivall@yahoo.com>
2016-08-23 18:07:13 -04:00
James Wing 7884d09948 NIFI-2536 Update User Guide Template section. This closes #852 2016-08-22 15:07:54 -04:00
Sarah Olson 4847ed28a1 NIFI-2410: This closes #885. updates to the Controller Services information in the User Guide. 2016-08-18 13:48:00 -04:00
Bryan Rosander 5b58e5a251
NIFI-2477 - Updating admin guide to account for NIFI-2476 NIFI-2477 - Adding client dn to doc, examples
This closes #875.

Signed-off-by: Bryan Bende <bbende@apache.org>
2016-08-17 16:36:40 -04:00
Andrew Lim 9a16ca72d7
NIFI-2477 Document TLS generation tool in Admin and Developer Guides
Signed-off-by: Bryan Bende <bbende@apache.org>
2016-08-17 16:36:25 -04:00
Sarah Olson 74661e6623 NIFI-2556 This closes #868. Updated User Guide with informaiton about custom properties 2016-08-17 13:24:49 -07:00
Matt Gilman 3f7216ab84 NIFI-2561: - Decoupling kerberos service and spnego principles and keytabs.
Signed-off-by: Yolanda M. Davis <ymdavis@apache.org>

This closes #873
2016-08-17 08:14:05 -04:00
James Wing 4ec34da99b NIFI-2563 This closes #853. Fixing User Guide Label Icon 2016-08-14 14:42:12 -04:00
Andrew Lim d32a7ba761 NIFI-2449 This closes #845. Update Admin and Getting Started guides for custom properties 2016-08-14 14:38:01 -04:00
Devin Fisher 28b5dbec3a Changed the heading for doc to encode instead of escape
Signed-off-by: Matt Burgess <mattyb149@apache.org>
2016-08-12 11:30:06 -04:00
Devin Fisher c385651209 Added documentation for the new expression language functions for escapes
Signed-off-by: Matt Burgess <mattyb149@apache.org>
2016-08-12 11:30:06 -04:00
Andrew Lim 916292994c NIFI-2541 This closes #831. Update Multi-tenant authorization doc for UI change to Policy page 2016-08-10 15:47:59 -04:00
joewitt f7d2cd69d4 NIFI-2499 edited image paths in asciidoc 2016-08-09 16:37:20 -04:00
Sarah Olson 623d56c0d5 NIFI-2499 This closes #825. Updated User Guide screen shots and text to reflect the new UI. Added two new screenshots as well. 2016-08-09 16:37:20 -04:00
joewitt 120d2100a3 NIFI-2506 fixed build warns on administration-guide.doc 2016-08-08 10:04:51 -04:00
Andrew Lim 3fc67df0b4 NIFI-2506 This closes #799. Update screenshot in README.md for new 1.0 UI 2016-08-08 10:04:00 -04:00
Andrew Lim 026a8d53d2 NIFI-2502 This closes #797. Update Multi-tenant Authorization section in Admin Guide for addition of data policies 2016-08-08 09:53:56 -04:00
Andrew Lim 7a5560c33f NIFI-2420 This closes #763. This closes #762. Updated Admin Guide with Multi-tenant Auth section and related system properties 2016-08-01 22:25:08 -04:00
Rob Moran 731050352d NIFI-2450 Update Getting Started guide, Data Provenance section graphics 2016-08-01 21:55:52 -04:00
Andrew Lim 4d17504a0f NIFI-2434 This closes #747. Correct outdated info in Admin Guide: remove Java 8 refs, update browser versions, new weak crypto screenshot, new cluster screenshot, edit Site-to-Siteproperty descriptions, move cluster node properties to proper section 2016-08-01 11:38:59 -04:00
Andrew Lim 986f951ae8 NIFI-2321 This closes #707. Update Getting Started doc for 1.0 UI changes: made text edits/improvements and added new screenshots 2016-07-28 22:00:04 -04:00
Rob Moran 7e2740160a NIFI-2361 This closes #708. Update cluster information and add new graphic 2016-07-22 14:15:00 -04:00
Rob Moran 99b4af7820 NIFI-2211 This closes #700. This closes #691. Updating NiFi architecture graphics for overview doc 2016-07-21 12:16:21 -04:00
Andrew Lim 0e8e19a479 NIFI-2320 Update existing Getting Starting images with new UI images 2016-07-21 10:57:06 -04:00
Mark Payne 0ce352d203 NIFI-2145: Fixed some typos/misspellings 2016-07-14 11:09:42 -04:00
Koji Kawamura 30889995cb NIFI-2145: Auto flow.xml archive
- Added following properties:
  - nifi.flow.configuration.archive.enabled
  - nifi.flow.configuration.archive.max.time
  - nifi.flow.configuration.archive.max.storage
- Removed manual archive operation:
  - Removed 'Back-up flow' link from UI since it's not needed any longer
  - Removed corresponding REST API controller/archive and its
    implementations
- Added FlowConfigurationArchiveManager to enclose archive related code
- Updated related docs
2016-07-14 10:35:16 -04:00
joewitt cd1bccef8c NIFI-2258 resolved formatting issues causing build warnings
This closes #648
2016-07-14 10:10:35 -04:00
Haimo Liu 59ad51af6d NIFI-2209 This closes #623. Update overview.adoc
Updated NIFI overview documentation
2016-07-08 16:17:43 -07:00
Haimo Liu d61b80758c Add images for zero-master clustering
Add architecture images for zero-master clustering
2016-07-08 16:06:04 -07:00
Koji Kawamura c120c4982d NIFI-1857: HTTPS Site-to-Site
- Enable HTTP(S) for Site-to-Site communication
- Support HTTP Proxy in the middle of local and remote NiFi
- Support BASIC and DIGEST auth with Proxy Server
- Provide 2-phase style commit same as existing socket version
- [WIP] Test with the latest cluster env (without NCM) hasn't tested yet

- Fixed Buffer handling issues at asyc http client POST
- Fixed JS error when applying Remote Process Group Port setting from UI
- Use compression setting from UI
- Removed already finished TODO comments

- Added additional buffer draining code after receiving EOF
- Added inspection and assert code to make sure Site-to-Site client has
  written data fully to output
stream
- Changed default nifi.remote.input.secure from true to false

This closes #497.
2016-06-09 15:09:57 -04:00
Chris McDermott abad7d805e NIFI-1660 - Enhance the expression language with jsonPath function 2016-06-07 15:34:36 -04:00
Mark Payne cd011731ab NIFI-1960: Update admin guide regarding documentation for clustering
NIFI-1960: Updates to guide as follow-up from PR review
2016-06-03 15:23:39 -04:00
Andy LoPresto 8127314975
NIFI-1919 Added replaceFirst() expression language method which accepts literal or pattern for replacement.
Reverted whitespace changes. (+8 squashed commits)
Squashed commits:
[329755c] NIFI-1919 Reverted import re-organization from IDE.
[cf73c2f] NIFI-1919 Updated expression language guide.
[d9a1455] NIFI-1919 Reverted changes to ReplaceEvaluator.
Added ReplaceFirstEvaluator.
Added replace first logic to Query buildFunctionEvaluator.
Added unit tests.
[e2eb880] NIFI-1919 Added replaceFirst to AttributeExpression lexer and parser grammar definitions.
[11fe913] NIFI-1919 Ignored demonstrative test for replaceAll as it behaves as expected.
[af97be1] NIFI-1919 Changed ReplaceEvaluator to use String#replaceFirst which interprets regex instead of compiling as literal.
Demonstrative unit test now passes but two existing unit tests fail. I am not sure these tests are correct.
[f24f17b] NIFI-1919 Added working unit test to illustrate fix.
[8a0d43b] NIFI-1919 Added Groovy unit test to demonstrate issue.
Added DelegatingMetaClass code to record it (test not complete).

This closes #474.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-06-01 16:39:58 -07:00
Pierre Villard 372ffb8aa0 NIFI-1811 Removed ProcessorLog and updated dependent interfaces
This closes #403.

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-05-19 13:08:09 -04:00
James Wing 347b281b2d NIFI-1887 Updating default timeout in Admin Guide
This closes #447.

Signed-off-by: James Wing <jvwing@gmail.com>
2016-05-16 11:57:33 -07:00
Pierre Villard b7aa381ab4 NIFI-1826 Updated documentation
Signed-off-by: Matt Burgess <mattyb149@apache.org>

This closes #396
2016-05-11 10:02:11 -04:00
Andrew Lim dc4f983c7a
NIFI-1862 User Guide corrections/improvements
Made multiple edits to the User Guide documentation for correcting errors (spelling/grammatical) and improving readability.

This closes #427.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-05-09 10:31:33 -07:00
Yolanda M. Davis defb6f5b61 NIFI-361 - Create Processors to mutate JSON data
Signed-off-by: Matt Burgess <mattyb149@apache.org>

This closes #354
2016-05-03 14:38:11 -04:00
jpercivall 0557095613 NIFI-1028 initial commit of NiFi In Depth documentation
NIFI-1028 addressing review comments
This closes #339
2016-05-03 14:01:45 -04:00
Matt Burgess 106b0fa0fc NIFI-981: Added SelectHiveQL and PutHiveQL processors
This closes #410.

Signed-off-by: Bryan Bende <bbende@apache.org>
2016-05-03 13:51:38 -04:00
Aldrin Piri eded0de154 NIFI-1807 Adding information on volatile content repository configuration settings. 2016-04-23 14:53:51 -04:00
Randy Gelhausen b4309e86bd NIFI-1807 Update administration-guide.adoc adding flowfile, provenance, and content repository volatile implementation documentation.
This closes #378.

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-04-23 14:53:27 -04:00
Chris McDermott 32398693d5 NIFI-1661 add random() function to expression language.
Signed-off-by: Joe Skora <jskora@apache.org>
2016-04-21 14:05:00 -04:00
Matt Gilman 153f63ef43 NIFI-1551:
- Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer.
- Updating UI accordingly.
- Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
- This closes #359.
2016-04-15 16:03:00 -04:00
Andrew Lim acfc01213c
Update getting-started.adoc
Corrected button, menu item and icon inconsistencies/errors.  Fixed bulleted list formatting error in "Working with Templates" section.

This closes #329.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-04-12 17:08:15 -07:00
andrewmlim e66315c4db Update getting-started.adoc
Corrected spelling/grammatical errors

This closes #327.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-04-05 10:47:52 -07:00
Matt Gilman 2de7f3f884 Updating versions to 1.0.0-SNAPSHOT. 2016-04-04 11:36:20 -04:00
Aldrin Piri e977729b56 NIFI-1634-rc2 prepare for next development iteration 2016-03-23 18:56:34 -04:00
Aldrin Piri 0b9bd20d31 NIFI-1634-rc2 prepare release nifi-0.6.0-RC2 2016-03-23 18:56:22 -04:00
Aldrin Piri b44b177039 NIFI-1605 Adjust documentation and resources to reflect nifi.provenance.repository.rollover.time default
This closes #263

Signed-off-by: Matt Burgess <mattyb149@apache.org>
2016-03-17 22:14:24 -04:00
Andy LoPresto 76f2d5702f NIFI-1274 Added Kerberos authentication mechanism.
NIFI-1274 Cleaned up TODO statements. (+3 squashed commits)
Squashed commits:
[fd101cd] Removed logic to check for presence of services to determine if token support is enabled when username/password authentication is enabled (Kerberos also requires tokens).
[c2ce29f] Reverted import changes to RulesResource.java.
[c269d72] Added Kerberos authentication mechanism.

Moved Kerberos service wiring from XML to Java to handle scenario where admin has not configured Kerberos (previously threw NullPointerException in FileSystemResource constructor). (+15 squashed commits)
Squashed commits:
[09fc694] Added Kerberos documentation to Admin Guide.
[ecfb864] Cleaned up unused logic.
[157efb3] Added logic to determine if client certificates are required for REST API (login, anonymous, and Kerberos service authentication all disabled).
Cleaned up KerberosService by moving logic to NiFiProperties.
[5438619] Added documentation for Kerberos login-identity-providers.xml.
[3332d9f] Added NiFi properties for Kerberos SSO.
[b14a557] Fixed canvas call to only attempt Kerberos login if JWT not present in local storage.
Added logic to handle ticket validation failure in AccessResource.
Changed wiring of Kerberos service beans to XML in nifi-web-security-context.xml for consistency.
[c31ae3d] Kerberos SPNEGO works without additional filter (new entry endpoint accepts Kerberos ticket in Authorization header and returns JWT so the rest of the application functions the same as LDAP).
[98460e7] Added check to only instantiate beans when Kerberos enabled to allow access control integration tests to pass.
[6ed0724] Renamed Kerberos discovery method to be explicit about service vs. credential login.
[ed67d2e] Removed temporary solution for Rules Resource access via Kerberos ticket.
[c8b2b01] Added temporary solution for Rules Resource access via Kerberos ticket.
[81ca80f] NIFI-1274 Added KerberosAuthenticationFilter to conduct SPNEGO authentication with local (client) Kerberos ticket.
Added properties and accessors for service principal and keytab location for NiFi app server.
Added KAF to NiFiWebApiSecurityConfiguration.
Added AlternateKerberosUserDetailsService to provide user lookup without dependency on extension bundle (nifi-kerberos-iaa-provider).
Added dependencies on spring-security-kerberos-core and -web modules to pom.xml.
[0605ba8] Added working configuration files to test/resources in kerberos module to document necessary config. This version requires the user to enter their Kerberos username (without realm) and password into the NiFi login screen and will authenticate them against the running KDC.
Also includes a sample keystore and root CA public key for configuring a secure instance.
[49236c8] Added kerberos module dependencies to nifi/pom.xml and nifi-assembly/pom.xml.
Added default properties to login-identity-providers.xml.
[928c52b] Added nifi-kerberos-iaa-providers-bundle module to nifi/pom.xml.
Added skeleton of Kerberos authenticator using Spring Security Kerberos plugin.
This closes #284

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2016-03-17 13:10:09 -04:00
Mark Payne a7b97419e5 NIFI-1626: Throw an Exception proactively if too much state is attempting to be stored via ZooKeeperStateProvider
NIFI-1626: Updated State Management section of Developer Guide

Signed-off-by: jpercivall <joepercivall@yahoo.com>
2016-03-16 16:12:00 -04:00
Oleg Zhurakousky 8e7e2916fa NIFI-1464 fixed admin guide 2016-03-11 12:54:50 -05:00
Oleg Zhurakousky 59fac58c96 NIFI-1464 ensured that OnUnscheduled is treated the same as OnScheduled
NIFI-1464 polished javadocs, error messages and docs
2016-03-11 12:54:50 -05:00
Oleg Zhurakousky 0c5b1c27f2 NIFI-1464, Refactored Processor's life-cycle operation sequence
* Simplified and cleaned StandardProcessScheduler.start/stopProcessor methods
* Added stop/start operations to ProcessorNode.
* Removed unnecessary synchronization blocks related to ScheduledState in favor of enforcing order and idempotency via CAS operations. Those synchronization blocks were causing intermittent deadlocks whenever @OnScheduled blocks indefinitely.
* Added support for stopping the service when @OnScheduled operation hangs.
* Fixed the order of life-cycle operation invocation ensuring that each operation can *only* be invoked at the appropriate time
* Removed unnecessary locks from StandardProcessNode since Atomic variables are used.
* Removed calls to @OnStopped from ContinuallyRunningProcessTask while ensuring that procesor's full shut down in implementation of StandardProcessorNode.stop() method.
* Removed dead code
* Added comprehensive tests suite that covers 95% of Processor's life-cycle operations within the scope of FlowController, StandardProcesssScheduler and StandardProcessNode
* Improved and added javadocs on covered operations with detailed explanations.
2016-03-11 12:54:50 -05:00
Richard Miskin 99c7fe3b44 NIFI-963 Update admin guide to cover configuration of multiple lib directories
This closes #250.

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-02-27 10:01:38 -05:00
Matt Gilman bb2d2c3674 Clarifying embedded ZooKeeper on NCM is not possible. 2016-02-22 16:34:43 -05:00
Matt Gilman 8cff13e749 Minor changes to the state management section of the admin guide. 2016-02-22 15:21:56 -05:00
Tony Kurc 6c2ba997a0 Merge branch 'NIFI-1379-RC3' 2016-02-16 20:13:41 -05:00
Randy Gelhausen e4d0ec7e60 NIFI-1508: NiFi Site to Site doc tweak
This closes #215.

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-02-16 15:17:28 -05:00
Tony Kurc ad73b5c9d9 NIFI-1379-RC3 prepare for next development iteration 2016-02-12 17:28:10 -05:00
Tony Kurc 8309dba80b NIFI-1379-RC3 prepare release nifi-0.5.0-RC3 2016-02-12 17:27:59 -05:00
Lars Francke d01449ee72 NIFI-1496: State Manager documentation link wrong. This closes #214
Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2016-02-10 08:46:42 -05:00
Tony Kurc 5be83166ee NIFI-1485: Updated 'header' section of NiFi NOTICE files 2016-02-07 13:52:00 -05:00
Tony Kurc 303f8eabf1 NIFI-1379: Move to 0.5.0-SNAPSHOT, add tkurc code signing key to keys 2016-02-06 08:49:48 -05:00
Andy LoPresto b407379670 NIFI-1257 Resolved legacy compatibility issue with NiFi legacy KDF salt length dependent on cipher block size.
Replaced screenshot for NiFiLegacy salt encoding.
Added description of legacy salt length determination in admin guide.
Added logic for NiFiLegacyCipherProvider to generate and validate salts of the length determined by the cipher block size.
Changed EncryptContent to default to Bcrypt KDF.

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-02-05 23:38:58 -05:00
Lars Francke 0d72969053 NIFI-1482 - DeveloperGuide :: Controller Service is using wrong method name
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-02-05 23:35:10 -05:00
Aldrin Piri 4df6512126 Merge branch 'NIFI-259' 2016-02-05 14:09:29 -05:00
Andy LoPresto 498b5023ce NIFI-1257 NIFI-1259
Added utility method to return the maximum acceptable password length for PBE ciphers on JVM with limited strength crypto because BC implementation is undocumented (based on empirical evidence).
Updated EncryptionMethod definitions to accurately reflect need for unlimited strength crypto according to algorithm key length.
Added processor logic to invoke keyed cipher.
Added EncryptContent processor property for raw hex key (always visible until NIFI-1121).
Added validations for KDF (keyed and PBE) and hex key.
Added utility method to return list of valid key lengths for algorithm.
Added description to allowable values for KDF and encryption method in EncryptContent processor.
Added IV read/write to KeyedCipherProvider and changed from interface to abstract class.
Added salt read/write logic to NifiLegacy and OpenSSL cipher providers.
Changed RandomIVPBECipherProvider from interface to abstract class.
Updated strong KDF implementations.
Renamed CipherFactory to CipherProviderFactory.
Added unit test for registered KDF resolution from factory.
Updated default iteration count for PBKDF2 cipher provider.
Implemented Scrypt cipher provider.
Added salt translator from mcrypt format to Java format.
Added unit tests for salt formatting and validation.
Added surefire block to groovy unit test profile to enforce 3072 MB heap for Scrypt test.
Added local Java implementation of Scrypt KDF (and underlying PBKDF2 KDF) from Will Glozer.
Defined interface for KeyedCipherProvider.
Implemented AES implementation for KeyedCipherProvider.
Added Ruby script to test/resources for external compatibility check.
Added key length check to PBKDF2 cipher provider.
Changed default PRF to SHA-512.
Added salt and key length check to PBKDF2 cipher provider.
Added utility method to check key length validity for cipher families.
Added Bcrypt implementation.
Implemented PBKDF2 cipher provider.
Added default constructor with strong choices for PBKDF2 cipher provider.
Implemented NiFiLegacyCipherProvider and added unit tests.
Added key length parameter to PBKDF2 cipher provider.
Added PRF resolution to PBKDF2 cipher provider.
Added RandomIVPBECipherProvider to allow for non-deterministic IVs.
Added new keyed encryption methods and added boolean field for compatibility with new KDFs.
Added CipherFactory.
Improved Javadoc in NiFi legacy cipher provider and OpenSSL cipher provider.
Added KeyedCipherProvider interface.
Added OpenSSL PKCS#5 v1.5 EVP_BytesToKey cipher provider and unit test.

This closes #201.

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-02-04 19:40:55 -05:00
Matt Gilman adfa5dc0eb NIFI-259: - Moving the state management documentation to after the Clustering configuration.
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2016-02-03 10:13:23 -05:00