Updated NOTICE with current copyright year for Jetty dependencies
Updated Jetty SSLContextFactory usage, invoke setEndpointIdentificationAlgorithm(null) on server SslContextFactory instances
Updated TestInvokeHttpSSL to provide a separate client keystore, rather than reusing the server's keystore
Regenerated nifi-standard-processors keystore and truststore, added client keystore
Updated ITestHandleHttpRequest, TestInvokeHttpSSL, TestInvokeHttpTwoWaySSL, and TestListenHTTP to use a separate client keystore instead of reusing the server's keystore. Also updated the tests to separately test one-way and two-way SSL
NIFI-6196 - Setting the endpoint identification algorithm to null for sockets to ensure certificates without SANs applied correctly still work. We can change this in a new NiFi release with other potentially breaking changes.
This closes#3426.
NIFI-6026 - Updated splitKeystore to use standalone mode with a -splitKeystore argument.
NIFI-6026 - Removed unused file and references.
NIFI-6026 - Removed some code that is not necessary after doing some argument checking in the command line parsing.
NIFI-6026 - Made some small changes to only require keystore password if keystore and key passwords are the same. Added some more tests.
NIFI-6026 - Added some more unit tests as per Andy's request. Also added a check for empty keystores. Made tests a bit cleaner.
NIFI-6026 - Added empty keystore used by unit tests.
NIFI-6026 Fixed minor formatting and checkstyle issues.
This closes#3340.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
- Supports both UUID and identity for user / user group specification
- Add UUID to toolkit command results
- Fix representation for type and bundle of ControllerServiceResult
- Make description more detailed
- Fix to print only in interactive mode or verbose mode in UpdateAccessPolicy. (with slight refactoring)
- Add list-templates command
- Add start/stop commands for reporting task and enable/disable commands for reporting task controller service.
- Also added "get-repoting-task" command (for single reporting task) to be consistent with controller service.
This closes#3366.
Signed-off-by: Bryan Bende <bbende@apache.org>
NIFI-4166 Adjusted dependencies
NIFI-4166 Excluded RAT and checkstyle for generated-sources. (Added by Mike Thomsen)
This closes#1994
Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com>
- Removing needClientAuth property since cluster comms now requires two way ssl. Jetty client auth settings are based on configured features.
- Removing dead code.
- Updating documentation.
- Removing references to needClientAuth property in all test resources.
- Removing overloaded util method with strict parameter.
This closes#3102.
Added Spock test for NonLocalPartitionPartitioner
Updated NOTICE files for FontAwesome with the updated version (4.7.0) and URL to the free license
Updated package-lock.json with the updated version of FontAwesome (4.7.0)
Added method to FlowFileQueue interface to reset an offloaded queue
Queues that are now immediately have the offloaded status reset once offloading finishes
SocketLoadBalancedFlowFileQueue now ignores back-pressure when offloading flowfiles
Cleaned up javascript in nf-cluster-table.js when creating markup for the node operation icons
Fixed incorrect handling of a heartbeat from an offloaded node. Heartbeats from offloading or offloaded nodes will now be reported as an event, the heartbeat will be removed and ignored.
Added unit tests and integration tests to cover offloading nodes
Updated Cluster integration test class with accessor for the current cluster coordinator
Updated Node integration test class's custom NiFiProperties implementation to return the load balancing port and a method to assert an offloaded node
Added exclusion to top-level pom for ITSpec.class
Updated NodeClusterCoordinator to allow idempotent requests to offload a cluster
Added capability to connect/delete/disconnect/offload a node from the cluster to the Toolkit CLI
Added capability to get the status of nodes from the cluster to the Toolkit CLI
Upgraded FontAwesome to 4.7.0 (from 4.6.1)
Added icon "fa-upload" for offloading nodes in the cluster table UI
Refactored some test code to be clearer.
Renamed some resources to be consistent across modules.
Changed passwords to meet new minimum length requirements.
This closes#3018
Moved utility code to TlsHelper.
Added unit tests.
Added command-line parsing for additional CA certificate path.
Added documentation on using the TLS Toolkit to generate and sign certificates using an externally-signed CA.
Updated toolkit external CA documentation to be inline with additional context from NIFI-5473.
Cleaned up toolkit documentation.
Improved error message by changing to absolute path.
Added Javadoc to and removed unthrown exception declarations from TlsHelper#verifyCertificateSignature().
Cleaned up unit tests with utility method.
Fixed checkstyle error.
Support conversion of a PKCS#8 formatted private key automatically to avoid forcing the user to do that. Also add some log messages for debugging when the parser fails to parse the appropriate object
Incorporated Peter's contribution for PKCS #8 to PKCS #1 conversion.
Added documentation and refactored methods.
Refactored unit test.
Added RAT exclusion for test resource.
This closes#2935.
Co-authored-by: pepov <peterwilcsinszky@gmail.com>
Signed-off-by: Matt Gilman <mcgilman@apache.org>
Removed NiFiHostnameVerifier. Removed NiFi WebUtils usage of NiFiHostnameVerifier.
Added unit tests for the DefaultHostnameVerifier to WebUtils.java
Added groovy-eclipse-compiler definition to nifi-web-utils/pom.xml to execute Groovy unit tests.
This closes#2919.
Co-authored-by: Andy LoPresto <alopresto@apache.org>
Signed-off-by: Andy LoPresto <alopresto@apache.org>
Added unit tests.
Added unit test resources.
Fixed comments.
Refactored XmlSlurper instantiation to keep ignorable whitespace.
Added logic to handle LIP complex user search filter.
Added unit tests.
Added unit test resources.
Removed unnecessary substitution/repopulation logic from encrypt|decryptAuthorizers.
All unit tests pass.
Removed unnecessary substitution/repopulation logic from CET.
Removed unnecessary unit tests.
Removed unnecessary commons-text dependency from pom.xml.
This closes#2797.
Signed-off-by: Bryan Bende <bbende@apache.org>
- Also add bash, openssl, jq to make certificate request operations easier
- Move project.version to the build config from the Dockerfile, use target/ folder for the build dependency
- Docker integration tests for checking exit codes and tls-toolkit basic server-client interaction
This closes#2746.
Added another test for special characters in the DN/output key filename.
Added a method to escape special characters in the alias name for keys in the truststore. This fixes an error with the TlsToolkit which occurs when extracting keys and writing them to file.
This closes#2684.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
- Fixes unit test salt assertion regex
- Adds RAT excludes and reenables console output for unapproved files
NIFI-4942 Temporarily disables tests that are failing on Linux
This closes#2648.
Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
NIFI-4942 [WIP] More unit tests passing.
NIFI-4942 All unit tests pass and test artifacts are cleaned up.
NIFI-4942 Added RAT exclusions.
NIFI-4942 Added Scrypt hash format checker. Added unit tests.
NIFI-4942 Added NiFi hash format checker. Added unit tests.
NIFI-4942 Added check for simultaneous use of -z/-y. Added logic to check hashed password/key. Added logic to retrieve secure hash from file to compare. Added unit tests (125/125).
NIFI-4942 Added new ExitCode. Added logic to return current hash params in JSON for Ambari to consume. Fixed typos in error messages. Added unit tests (129/129).
NIFI-4942 Added Scrypt hash format verification for hash check. Added unit tests.
NIFI-4942 Fixed RAT checks.
Signed-off-by: Yolanda Davis <ymdavis@apache.org>
This closes#2628
- Improving response when service is stuck enabling, and improving response when some services couldn't be enabled
- Throwing exception when a service is stuck enabling or can't be enabled so that standalone mode gets a non-zero status code, also allowing use of -verbose so stand-alone can decide if output is desired
- Improving information provided by pg-disable-services
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#2604.
- Adding ResolvedReference to encapsulate the results of resolving a back-reference.
- Update README.md
- Added OkResult for delete commands
- Added sync-flow-versions and transfer-flow-version to registry commands
- Returning appropriate status code when exiting standalone mode
- Adding security section to README
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#2477.
Troy Melhase
Jeff Storck
thenatog
Andrew Lim
Yoshiaki Takahashi
Joe Witt
Bryan Bende
Joe Skora
Jan Hentschel
Denes Arvay
Matt Gilman
Kotaro Terada
Andy LoPresto
pepov
zenfenan
Kevin Doran
Derek Straka
Andrew Grande