- The default configuration prioritizes ssh-rsa when Key Algorithms Allowed is not specified
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6479.
* NIFI-10577 Fixed Sensitive Checkbox rendering for Fetch Parameters
- Corrected rendering of Sensitive status checkbox on Firefox using standard nf-checkbox
* NIFI-10577 Corrected canvas rendering in Safari
Merged #6473 in main.
* NIFI-10566: update availability text in Controller Settings
- fix link in controller service referencing a parameter provider
* add Registry Clients to the availability message
This closes#6463
- Made sure to check TCP is protocol set before using SSL Context Service during runtime
This closes#6441
Signed-off-by: David Handermann <exceptionfactory@apache.org>
Adding provided scope to api dependency in nifi-standard-parameter-providers module
Adding additional documentation, other minor code cleanup
Correcting error handling in StandardParameterProviderNode, updating additional details for DatabaseParameterProvider
Correcting null columm value handling
NIFI-9402: Fixed Checkstyle violation
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#6391
- Upgraded Azure Event Hubs components from legacy version 3 to current version 5
- Refactored Azure dependencies using azure-sdk-bom
- Merged nifi-azure-record-sink-nar with nifi-azure-nar
- Refactored PutAzureCosmosDBRecordTest to use Jackson instead of Gson
This closes#6319.
Signed-off-by: Peter Turcsanyi <turcsanyi@apache.org>
* NIFI-10542: set sensitivity for new parameters in a synced parameter context
* show removed or missing but referenced parameters with tooltip in the selectable parameters table
- remove default parameter value
* address review feedback
- fix showing a referencing icon for a missing but removed parameter
* fix discovering new parameters
This closes#6446
* init commit
* remove test string
* display only class name for types combo
* remove commented code
* add UI support for dynamic properties
* add support for controller services
* address review feedback:
* fix syntax error
* remove console logs
* move contents of editRegistry into callback
* add name and description fields back to edit dialog
* add referencing component logic for registry clients
* implement reload logic
* more review findings
* increase size of description textarea in config
* remove location column from registry table
* remove commented out code
* post-rebase tweaks
* change if condition from assignment to evaluation
* add missing semicolons
* refactor new registry initialization into function
* more feedback addressed
* fix rebase error around controller service reference
* render registry references in their own list
* remove duplicate updateValidationError function
* remove TODO comment
* expose reload through nfSettings public variable
* show add registry dialog only after available types returns
* fix css class name
This closes#6437
* NIFI-9514 - Add UI support for Parameter Providers in Controller Services
* - Fix a dialog closing issue
* - Hide fetch parameters button if there are config errors
* - Update Fetch Parameters dialog with new UX
- Implement checkbox logic for Selectable Parameters table
* - add createNewParameterContext property to track if group will be created as a new parameter context
- update fetch parameters dialog views for editing and after applying changes
- show affected referencing components after applying changes
- disable apply button if no parameter contexts will be updated
- refactor showing and hiding fetched parameters and selectable parameters tables logic
- add tooltip for parameter context icon
* - update parameter contexts view for provided contexts
* - add affected referencing components after applying fetched parameters
- add referencing parameter contexts to the provider settings tab
- update checkbox style in the selectable parameters table
- fix updating the referencing components border
- fix lint errors
* - fix selectable parameters table checkbox styles
* - fix hasParameterContextChanged checks
- checkbox style tweaks
* - add status bar to fetch parameters dialog
* - more style tweaks and remove unnecessary code
* - fix the selectable parameters table not saving and loading correctly
* - add tooltips
- fix styles
* - link from the parameter context to the associated parameter provider
* 9514: support navigating to the controller service created in parameter providers
* fix bulletins format in status bar
* address review feedback
- manage permissions for parameter providers
- disable/enable Fetch Parameters dialog Apply button
* manage authorizations to access parameter providers and parameter contexts
* fix lint errors
* fix and refactor hasGroupsChanged to determine the Apply button state
* new parameter context name input cannot be empty in Fetch Parameters dialog
* address review feedback
* fix duplicate code
* more fixes
* update fetch parameters checkbox states
* replace slickgrid checkbox selection plugin with custom implementation for different selection types
- check for affected parameters using the parameter status
* fixed showing the correct referencing components when switching groups
* fixed selectable parameters table shifting contents on row selection
* leverage slickgrid onClick to set user-selected parameter sensitivities in the selectable parameters table
* fix statusbar bulletins in processor details
- fix updating borders for referencing components
- update referencing parameter icon
- update table title in fetch parameters dialog
* address review feedback
* populate controller services referencing components of a referenced provider
- update controller services tab name
* showing parameter providers in CS controller service
* update tooltip messages in fetch parameters dialog
- fix dialog height to make room for the status bar
* reload the parameter providers table after a referenced parameter provider change in controller services
- fix conditions for enabling/disabling fetch parameters dialog Apply button
- add affected components no permissions message in the dialog
* fix always reloading the parameter providers table
- fix disableApplyButton checks
- add dialog message for a missing new parameter context name
* remove extra reload
* more fixes for disableApplyButton
- fixed styles for dialog message
* add a check in disableApplyButton for changed parameter values that are not referenced
- add changed value icon for parameters that are not referenced
- fix border on the referencing affected components container
* removed unnused plugins
This closes#5671
* NIFI-10473: Removing referencing components check on param provider fetch
* NIFI-10473: Adding parameter status DTO to ParameterProviderDTO
* Allowing parameterStatus to be populated even when no parameters were updated
* Adding ParameterStatus enum for parameter fetching
* Adding MISSING_BUT_REFERENCED ParameterStatus
This closes#6388
- NIFI-10518: Adding intended state to ScheduledStateChangeListener
- Notifying of scheduled state change when transitionComponentState is called
- Notifying scheduled state change when reporting task state is changed
- Notifying scheduledState changes for remote group port start/stop components calls
- Removing org.apache.httpcomponents:httpclient from nifi-web-api avoids Linkage Errors with Sensitive Property Providers
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6423.
- Refactored nifi-vault-utils to nifi-hashicorp-vault-api and nifi-hashcorp-vault modules
- Added HashiCorpVaultClientService and Standard implementation
This closes#6304
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Updated Admin Guide with section on Logging Configuration and Deprecation Logging
- Updated Developer Guide with section on Deprecating Components and Features
- Added Deprecation Logging when adding components marked with DeprecationNotice to the Flow Configuration
- Added Deprecation Logging on deprecated methods in standard Controller Service implementations
- Removed integration tests for deprecated PersistentProvenanceRepository
- Updated logging and added documentation on minor upgrade steps
- Updated logging for HDFSNarProvider and RocksDB Repository
This closes#6390
Signed-off-by: Paul Grey <greyp@apache.org>
- Replaced individual AWS SDK versions with root managed dependency version
- Set AWS SDK 1 version to 1.12.299
- Set AWS SDK 2 version to 2.17.270
- Suppressed false positive dependency vulnerability for aws-sdk-swf-libraries
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6405.
NIFI-2827 Update CompressContent.java to use zstd compression format
NIFI-2827 Update test cases for CompressContent.java to include zstd format
NIFI-2827 Update JsonRecordSetWriter.java to enable zstd compression format
This closes#6294
Signed-off-by: Mike Thomsen <mthomsen@apache.org>
- Updated standard user interface error handler to clear the Access-Token-Expiration item from Session Storage when receiving an error with the WWW-Authenticate Header indicating a problem with the Bearer Token
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6334.
- Added nifi-deprecation-log module with interface and implementation using SLF4J
- Updated standard logback.xml with nifi-deprecation.log appender
- Updated NiFiLegacyCipherProvider with deprecation logging
- Set Size, Time Policy, and Total Size Limit for Deprecation Log
This closes#6300
Signed-off-by: Paul Grey <greyp@apache.org>
Fixed bug where ProcessGroup would inadvertently set the wrong component's Versioned Component ID to null when there was an ID conflict
This closes#6314
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Added Connection Properties Provider with implementation to translate SSL Mode and SSL Context Service configuration to MySQL Connector properties
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#6306
- Changed from com.github.shyiko to com.zendesk dependency group for current library version
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6302.
- Added nifi-web-client implementation based on OkHttp
- Added WebClientServiceProvider Controller Service interface and implementation
- Corrected comments and added unmodifiableMap wrapper
- Added getHeaderNames() and corrected ProxyContext comments
This closes#6268
Signed-off-by: Paul Grey <greyp@apache.org>
- Added managed dependency in root Maven configuration
- Removed different versions from other Maven configurations
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6284.
- Appended root path to Cookie path attribute when removing Bearer Tokens as part of unauthorized response handling
- Updated Saml2AuthenticationSuccessHandler to follow standard Cookie path building strategy
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6278.
Currently, when a batch level error occurs (e.g. delivery timeout), the same error is logged for each record of the batch, needlessly flooding the logs.
InFlightMessageTracker now only logs an exception when a flow file encounters it for the first time.
This closes#6185
Signed-off-by: Paul Grey <greyp@apache.org>
- Corrected setting of wantClientAuth instead of needClientAuth based on Client Authentication configuration
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#6271.
- Upgraded Protobuf from 3.14.0 to 3.21.4
- Removed netty-tcnative-boringssl-static as not necessary following NIFI-9897
This closes#6255.
Signed-off-by: Kevin Doran <kdoran@apache.org>
NIFI-10277 Changed failure test to throw SocketException
NIFI-10277 Increased timeout to 30 seconds and moved verify method
Signed-off-by: Joe Witt <joewitt@apache.org>
Not always UpdateKey comes in first position
Better readability
Include testUpdatePkNotFirst
Including usefull SQL log debug
Fix semicolon
NIFI-10252: Additional unit test for specified update keys
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#6226
- Added OnShutdown annotation to Cache Server and Cache Client Service methods
This closes#6221
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Added Standard AuthenticationEntryPoint
- Configured AuthenticationEntryPoint for SecurityFilterChain and BearerTokenAuthenticationFilter
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6233.
- Set Allow DTD as display name in EvaluateXPath and EvaluateXQuery
This closes#6230
Co-authored-by: David Handermann <exceptionfactory@apache.org>
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Description of original relationship of ExecuteStreamCommand processor might be misleading
This closes#6229
Signed-off-by: David Handermann <exceptinofactory@apache.org>
- Migrate tests in nifi-framework-mark-loading-utils to JUnit5
- Annotate tests that use x86_64 native binaries to be conditional on x86_64 os.arch
This closes#6215
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Corrected NoSuchMethodError for ZooKeeper discovery mode with Hive3 JDBC and mismatch between Hadoop 3.3.3 and Curator 4.2.0
This closes#6210
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Removed extension of deprecated WebSecurityConfigurerAdapter
- Moved Filter bean configuration associated configuration classes
- Set default Spring Security log level to INFO
- Adjusted CSRF Token Repository to leverage simplified RequestUriBuilder for retrieving allowed context paths
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6195
- Bump version to 6.29.5 for arm64 compatibility
- Extract RocksDBFlowFileRepository and supporting code to its own module
- Mark RocksDBFlowFileRepository as deprecated, both in code and documentation
- Log deprecation warning at startup if RocksDBFlowFileRepository is used
- Move native RocksDB info logs to NiFi debug level logs
This closes#6155
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Corrected handling of documentation for allowable values
NIFI-10162 Updated Multipart Form-Data Name description
This closes#6163.
Signed-off-by: Kevin Doran <kdoran@apache.org>
- Increased bootstrap heap size from 24 MB to 48 to avoid heap constraints when using HTTP notifications
This closes#6161
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Updated SAML Authentication Configuration with Spring Security SAML 2 components
- Updated Administration Guide with REST Resources
- Replaced SAMLAccessResource methods with applicable Spring Security Filters
- Removed IDP Credential Service and supporting components
- Removed message.logging.enabled, metadata.signing.enabled, and signature.digest.algorithm properties
- Added Access Token Expiration resource method
- Removed Saml2AccessResource and replaced with Access Token Expiration to avoid unnecessary conflicts with SAML login consumer
- Corrected Resource URI handling to support proxy server access
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6149.
- Excluded slf4j-reload4j implementation of Log4j 1
- Updated nifi-hive3-processors to leverage shared Hadoop version from 3.1.1
- Updated nifi-accumulo-bundle to leverage shared Hadoop version from 3.1.1
- Updated nifi-atlas-bundle to leverage shared Hadoop version from 3.3.2
- Updated nifi-spark-receiver to leverage shared Hadoop version from 3.3.2
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6139.
- Removed direct dependency on metadata-extractor to inherit newer transitive version
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6140.
- Replaced Jackson 1 dependencies with Jackson 2
- Removed commons-beanutils override that is no longer necessary with new Hadoop version
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6136.
- Removed duplicate plugin configuration in nifi-registry
- Removed maven-failsafe-plugin override in nifi-elasticsearch-client-service
- Removed failing test ResourceAuthorizationFilterSpec in nifi-registry-web-api
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6132.
- Implemented MiNiFi C2 client using OkHttp
- Refactored MiNiFi bootstrap command handling and socket communication
- Added C2 Client Service to nifi-framework-core
This closes#6075
Co-authored-by: Matthew Burgess <mattyb149@apache.org>
Co-authored-by: Csaba Bejan <bejan.csaba@gmail.com>
Co-authored-by: Ferenc Erdei <ferdei@cloudera.com>
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Added nifi.web.https.application.protocols property
- Set default protocol to HTTP/1.1 and provided documentation for enabling HTTP/2
- Changed StandardALPNProcessor handshakeFailed log to debug
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#6093.
* NIFI-9960 Added documentation for Sensitive Dynamic Properties
- Updated User Guide with Add Property details
- Updated Developer Guide with annotation configuration details
- Updated Document Writer to indicate Supports Sensitive Dynamic Properties status
* NIFI-9960 Adjusted User Guide wording based on feedback
- Changed assertVerificationSuccess() to separate testVerificationSuccessful() method
- Upgraded TestListSFTP to JUnit 5
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6092.
* NIFI-9959 Added UI Support for Sensitive Dynamic Properties
- Added SupportsSensitiveDynamicProperties to DBCPConnectionPool and ScriptedReportingTask
* NIFI-9959 Added sensitive parameter argument for Controller Service descriptors
* NIFI-9959 Adjusted sensitive property descriptor handling to support changing status
* NIFI-9959 Added info icon for Sensitive Value field
* NIFI-9959 Corrected handling of descriptor for existing dynamic properties
* NIFI-9959 Cleaning up dialog markup.
Co-authored-by: Matt Gilman <matt.c.gilman@gmail.com>
This closes#6073
* NIFI-9958 Implemented Sensitive Dynamic Properties
- Added SupportsSensitiveDynamicProperties annotation for components
- Added optional sensitive query parameter to Property Descriptor REST Resource methods
- Added system tests for components supporting sensitive dynamic properties
- Updated REST Resources to support Sensitive Dynamic Property Names
- Updated Documentation Writer to indicate component support for Sensitive Dynamic Properties
- Updated InvokeHTTP to support Sensitive Dynamic Properties
- Updated Auditor components to handle masking Sensitive Dynamic Properties
* Refactored Property Descriptor REST method handling
- Corrected AbstractDocumentationWriter evaluation of support for sensitive dynamic properties
- Refactored Controller Service Dynamic Properties system tests to new class
* Updated AbstractComponentNode.getProperties() to get canonical descriptor
- Prefixing endpoint paths with a forward slash ensures correct HTTP request formatting required for some deployments with a forwarding proxy
This closes#6058
Signed-off-by: David Handermann <exceptionfactory@apache.org>
* NIFI-10001: Fixed issue in which some components may fail to update the scheduled state when comparing flows
* NIFI-10001: Fixed bugs that caused some components to not have their scheduled state updated. When comparing two flows, now allow specifying how to determine a VersionedComponent's ID for comparison. When comparing local flow against flow from registry, use Versioned Component ID. But when comparing two instantiated flows, such as local flow vs. cluster flow, use the VersionedComponent's Instance ID instead. This ensures that we can properly compare two components even if there are several instances of a given flow
- Added Map and Set Cache Servers based on nifi-event-transport components
- Removed custom servers and unused socket stream components
- Reduced duplication on protocol classes
- Added checks for readable bytes
- Added mark and reset handling for buffer reads
This closes#6040
Signed-off-by: Paul Grey <greyp@apache.org>
* NIFI-9895 Allow parameter to reference controller service. Check read and write authorization for both previous and newly set controller service. Authorization done for both property or parameter change. Import/export handled by switching between instance id and versioned id.
* NIFI-10001: When enabling a collection of Controller Services, changed logic. Instead of enabling dependent services and waiting for them to complete enablement before starting a given service, just start the services given. The previous logic was necessary long ago because we couldn't enable a service unless all dependent services were fully enabled. But that changed a while ago. Now, we can enable a service when it's invalid. It'll just keep trying to enable until it becomes valid. At that point, it will complete its transition from ENABLING to ENABLED.
* NIFI-10001: Restored previous implementation for StandardControllerServiceProvider, as the changes were not ultimately what we needed. Changed StandardProcessGroup to use a ConcurrentHashMap for controller services instead of a HashMap with readLock. This was causing a deadlock when we enable a Controller Service that references another service during flow synchronization. Flow Synchronization was happening within a write lock and enabling the service required a read lock on the group. Eventually the thread holding the write lock would timeout and release the write lock. But this caused significant delays on startup. By changing to a ConcurrentHashMap, we alleviate the need for the Read Lock. Also noticed in testing that the StandardNiFiServiceFacade did not save flow changes when enabling dependent services so added call to controllerFacade.save().
Joe Witt
exceptionfactory
krisztina-zsihovszki
Nandor Soma Abonyi
Yanni
Ferenc Erdei
Ferenc Kis
Andrew Lim
Joe Gresock
M Tien
Peter Turcsanyi
Emilio Setiadarma
Aerilym
Matthew Hawkins
Lance Kinley
Lehel
Zoltan Kornel Torok
Tamas Palfy
Eduardo Fontes
simonbence
Shane Ardell
Nathan Gough
Bryan Bende
mr1716
kulikg
Csaba Bejan
Mark Payne
Robert Kalmar
UcanInfosec
Bence Simon
ravinarayansingh
Gabor Kulik
Mike Thomsen
Paul Grey
Matthew Burgess
Pierre Villard
Timea Barna
Hsin-Ying Lee
Malthe Borch
royalfork2
Daniel Urban
patalwell
NissimShiman
Arpad Boda
Kevin Doran
Otto Fowler
dependabot[bot]
timeabarna
Nissim Shiman
Tamas Palfy
Juldrixx
greyp9
tpalfy
Bryan Bende
Mark Bean
Paula Yamashita
Chris Sampson
Peter Gyori