Commit Graph

116 Commits

Author SHA1 Message Date
Andy LoPresto 57baae9ae2
NIFI-5476 Added logic to check CA certificate signature against additional certificates.
Moved utility code to TlsHelper.
Added unit tests.
Added command-line parsing for additional CA certificate path.
Added documentation on using the TLS Toolkit to generate and sign certificates using an externally-signed CA.
Updated toolkit external CA documentation to be inline with additional context from NIFI-5473.
Cleaned up toolkit documentation.
Improved error message by changing to absolute path.
Added Javadoc to and removed unthrown exception declarations from TlsHelper#verifyCertificateSignature().
Cleaned up unit tests with utility method.
Fixed checkstyle error.
Support conversion of a PKCS#8 formatted private key automatically to avoid forcing the user to do that. Also add some log messages for debugging when the parser fails to parse the appropriate object
Incorporated Peter's contribution for PKCS #8 to PKCS #1 conversion.
Added documentation and refactored methods.
Refactored unit test.
Added RAT exclusion for test resource.

This closes #2935.

Co-authored-by: pepov <peterwilcsinszky@gmail.com>

Signed-off-by: Matt Gilman <mcgilman@apache.org>
2018-08-07 12:07:35 -07:00
thenatog 8106af699c
NIFI-5400 - Changed the hostname verifier from the custom NiFi verifier to the Apache http-client DefaultHostnameVerifier
Removed NiFiHostnameVerifier. Removed NiFi WebUtils usage of NiFiHostnameVerifier.
Added unit tests for the DefaultHostnameVerifier to WebUtils.java
Added groovy-eclipse-compiler definition to nifi-web-utils/pom.xml to execute Groovy unit tests.

This closes #2919.

Co-authored-by: Andy LoPresto <alopresto@apache.org>
Signed-off-by: Andy LoPresto <alopresto@apache.org>
2018-08-06 19:57:49 -07:00
pepov b191f6a62a
NIFI-5430 CLI tool extension for cluster summary
This closes #2894.

Signed-off-by: Bryan Bende <bbende@apache.org>
2018-07-16 15:29:06 -04:00
Andy LoPresto d42a1e8bf4
NIFI-5323-RC1 prepare for next development iteration 2018-06-19 20:02:21 -07:00
Andy LoPresto 99bcd1f88d
NIFI-5323-RC1 prepare release nifi-1.7.0-RC1 2018-06-19 20:02:01 -07:00
Andy LoPresto 8996b7f6d6
NIFI-5193 Added logic to handle complex user filter expressions.
Added unit tests.
Added unit test resources.
Fixed comments.
Refactored XmlSlurper instantiation to keep ignorable whitespace.
Added logic to handle LIP complex user search filter.
Added unit tests.
Added unit test resources.
Removed unnecessary substitution/repopulation logic from encrypt|decryptAuthorizers.
All unit tests pass.
Removed unnecessary substitution/repopulation logic from CET.
Removed unnecessary unit tests.
Removed unnecessary commons-text dependency from pom.xml.

This closes #2797.

Signed-off-by: Bryan Bende <bbende@apache.org>
2018-06-19 13:27:47 -04:00
Bryan Bende 0b0ba1eae3
NIFI-5319 Utilize NiFi Registry 0.2.0 client
This closes #2801.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2018-06-18 15:37:05 -07:00
Andy LoPresto 90b8e7f9ff NIFI-5209 Removed unused test resources.
Removed RAT exclusion from pom.xml.

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #2798.
2018-06-15 13:52:33 +02:00
Andy LoPresto d02cd4f909
NIFI-5209 Removed secure hash functionality from ConfigEncryptionTool.
Removed relevant unit tests.

This closes #2761.

Signed-off-by: Kevin Doran <kdoran@apache.org>
2018-06-10 21:54:25 -04:00
zenfenan cf3c666683 NIFI-5286: Updated FasterXML Jackson libraries to 2.9.5
This closes #2775

Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com>
2018-06-09 14:19:45 -04:00
pepov caa71fce92 NIFI-5247 nifi-toolkit bash entry points should leverage exec to replace bash with the current java process in order to handle signals properly in docker.
- Also add bash, openssl, jq to make certificate request operations easier
 - Move project.version to the build config from the Dockerfile, use target/ folder for the build dependency
 - Docker integration tests for checking exit codes and tls-toolkit basic server-client interaction

This closes #2746.
2018-06-01 13:20:33 -04:00
Andy LoPresto 4f1444c0e0 NIFI-4942 This closes #2690. Resolved test failures in JCE limited mode.
Signed-off-by: joewitt <joewitt@apache.org>
2018-05-09 13:52:05 -04:00
thenatog 2094786ec8
NIFI-5161 - Moved filename escaping method to TlsHelper.java to allow use by the different Tls modes.
Added another test for special characters in the DN/output key filename.
Added a method to escape special characters in the alias name for keys in the truststore. This fixes an error with the TlsToolkit which occurs when extracting keys and writing them to file.

This closes #2684.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2018-05-07 14:07:20 -07:00
Andy LoPresto 4e4aa54c69
NIFI-5116 Implemented logic to translate nifi.properties file to CLI properties format.
Added unit tests.

This closes #2660.

Signed-off-by: Bryan Bende <bbende@apache.org>
2018-04-26 09:59:59 -04:00
Kevin Doran fc902234b6 NIFI-4942 Fixes Travis CI build
- Fixes unit test salt assertion regex
- Adds RAT excludes and reenables console output for unapproved files

NIFI-4942 Temporarily disables tests that are failing on Linux

This closes #2648.

Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
2018-04-20 05:15:47 +00:00
Andy LoPresto 6d06defa63 NIFI-4942 [WIP] Added skeleton for secure hash handling in encrypt-config toolkit. Added test resource for Python scrypt implementation/verifier. Added unit tests.
NIFI-4942 [WIP] More unit tests passing.

NIFI-4942 All unit tests pass and test artifacts are cleaned up.

NIFI-4942 Added RAT exclusions.

NIFI-4942 Added Scrypt hash format checker. Added unit tests.

NIFI-4942 Added NiFi hash format checker. Added unit tests.

NIFI-4942 Added check for simultaneous use of -z/-y. Added logic to check hashed password/key. Added logic to retrieve secure hash from file to compare. Added unit tests (125/125).

NIFI-4942 Added new ExitCode. Added logic to return current hash params in JSON for Ambari to consume. Fixed typos in error messages. Added unit tests (129/129).

NIFI-4942 Added Scrypt hash format verification for hash check. Added unit tests.

NIFI-4942 Fixed RAT checks.

Signed-off-by: Yolanda Davis <ymdavis@apache.org>

This closes #2628
2018-04-13 18:25:09 -04:00
joewitt 59f625d3c2 Merge branch 'NIFI-4995-RC3' as part of NiFi 1.6.0 release process 2018-04-06 16:48:08 -07:00
Bryan Bende 7abb02fff0 NIFI-5027 Adding commands pg-get-services, pg-enable-services, and pg-disable-services
- Improving response when service is stuck enabling, and improving response when some services couldn't be enabled
- Throwing exception when a service is stuck enabling or can't be enabled so that standalone mode gets a non-zero status code, also allowing use of -verbose so stand-alone can decide if output is desired
- Improving information provided by pg-disable-services

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #2604.
2018-04-04 23:26:24 +02:00
joewitt d511fe3e4b NIFI-4995-RC3 prepare for next development iteration 2018-04-03 08:28:34 -07:00
joewitt f8466cb16d NIFI-4995-RC3 prepare release nifi-1.6.0-RC3 2018-04-03 08:28:15 -07:00
joewitt 7b5bf265a6 NIFI-4995 updating copyright year on all notices 2018-03-26 21:54:10 -04:00
joewitt 478e34082d NIFI-4995 release process exposed this item doesn't get updated by versions mechanism so using project version instead 2018-03-20 14:32:00 -04:00
Derek Straka 5bdb7cf6e7 NIFI-4912: This closes #2494. Update jackson version to latest stable version (2.9.4)
Signed-off-by: joewitt <joewitt@apache.org>
2018-03-19 10:22:50 -04:00
joewitt c71409fb5d
NIFI-4936 trying to quiet down the mvn output a bit so we dont exceed the travis-ci 4MB max
NIFI-4936 updated dependency handling pushing down delcarations where they belong
This closes #2512
2018-03-09 16:34:53 -05:00
Bryan Bende 5041bea773 NIFI-4839 Improving back-ref support so that ReferenceResolver is passed the option being resolved
- Adding ResolvedReference to encapsulate the results of resolving a back-reference.
- Update README.md
- Added OkResult for delete commands
- Added sync-flow-versions and transfer-flow-version to registry commands
- Returning appropriate status code when exiting standalone mode
- Adding security section to README

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #2477.
2018-02-28 17:24:24 +01:00
Andrew Grande 2fd24b78e6 NIFI-4839 - The "Disabled" column had incorrect size and skewed the header 2018-02-28 17:24:15 +01:00
Bryan Bende 1911635a3a NIFI-4839 - Switching standalone mode to default to simple output
- Added pg-status command and improved output of pg-list
- Setting up back-refs for pg-list and using table layout for pg-get-vars and pg-get-version
- Only print usage on errors related to missing/incorrect options
2018-02-28 17:24:05 +01:00
Andrew Grande d1027879eb NIFI-4839 - Fixed handling of a connection object position - it doesn't have one and just returns null (calculated by the UI dynamically) 2018-02-28 17:23:57 +01:00
Bryan Bende b68eebd429 NIFI-4839 - Added abbreviation in simple output for name, description, and comments
- Refactored so that commands produce a result which can then be written or used
- Added support for back-referencing results, initially prototyped by Andrew Grande
- Fixed dynamic table layout when writing simple results
- Added a new command group called 'demo' with a new 'quick-import' command
- Fixes/improvements after previous refactoring
- Created a reusable TableWriter and updating a few result classes to use it
2018-02-28 17:23:44 +01:00
Andrew Grande cc3c1b1714 NIFI-4839 - Implemented nice dynamic table output for all list-XXX commands (in simple mode)
- Better output formatting for 'registry list-buckets'
- Implemented dynamic table formatting for 'registry list-XXX' commands
- Implemented dynamic table formatting for 'nifi list-registry-clients' command
- Implemented dynamic table formatting for 'nifi list-registry-clients' command
- Better handling of non-null, but empty descriptions and commit messages
2018-02-28 17:23:35 +01:00
Bryan Bende 69367ff0bf NIFI-4839 - Updating README and cleaning up descriptions and comments
- Making registryClientId optional and auto selecting when only one is available
- Added delete-bucket command
- Added delete-flow command for registry
2018-02-28 17:23:27 +01:00
Andrew Grande fe71c18ec5 NIFI-4839 - Support both public URLs and local files as inputs for import actions.
- The handling of empty canvas got lost in the merge, causing errors with a new NiFi instance.
- Broaden support for input, now supportes both local files _and_ any public URL with a schema recognized by Java runtime.
2018-02-28 17:23:18 +01:00
Bryan Bende c1c808002c NIFI-4839
- Modified how the process group box is calculated
- Adding command to get the id of a registry client by name
- Refactoring how results are written to support option of simple or json output
- Added pg-set-var command
- Added pg-list command
- Added getDescription to every command and prints when asking for help on a command
- Adding verbose out to help command to print description for every command
2018-02-28 17:23:10 +01:00
Andrew Grande e3cc7bee05 NIFI-4839 - Implemented auto-layout when importing the PG. Will find an available spot on a canvas which doesn't overlap with other components and is as close to the canvas center as possible. 2018-02-28 17:23:01 +01:00
Bryan Bende 9c3594ded6 NIFI-4839 - Fixing completer unit test
- Added pg-get-version, pg-get-all-versions, pg-change-version
- Added info the Context to know if we are in interactive mode
2018-02-28 17:22:52 +01:00
Andrew Grande 8b490134c7 NIFI-4839 - Rename the registry group to `registry` for better UX 2018-02-28 17:22:43 +01:00
Bryan Bende 9cf9e866ba NIFI-4839 Creating nifi-toolkit-cli to provide a CLI for interacting with NiFi and NiFi Registry 2018-02-28 17:22:28 +01:00
Lori Buettner b7fdb235ee
NIFI-3367 Added token length check and unit test.
This closes #2463.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2018-02-09 17:43:41 -08:00
joewitt 41ce788812 NIFI-4751 changed to next minor release version snapshot 2018-01-12 15:15:32 -05:00
joewitt 36405e888c NIFI-4751-RC1 prepare for next development iteration 2018-01-08 23:39:49 -07:00
joewitt 46d30c7e92 NIFI-4751-RC1 prepare release nifi-1.5.0-RC1 2018-01-08 23:39:32 -07:00
Kevin Doran 182e2c6e94 NIFI-4708 This closes #2389. Fixes encrypt-config log4j configuration
Signed-off-by: joewitt <joewitt@apache.org>
2018-01-08 21:31:57 -07:00
Bryan Bende 08c3910679 NIFI-4708 This closes #2388. Correcting logic for determining decryption key in NiFiRegistryMode.groovy
Signed-off-by: joewitt <joewitt@apache.org>
2018-01-08 20:34:53 -07:00
Kevin Doran a8817e0238
NIFI-4708 Add Registry support to encrypt-config.
Adds support for NiFI Registry config files to the encrypt-config tool
in NiFi Toolkit.
Also adds decryption capability to encrypt-config tool.

This closes #2376.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2018-01-08 11:17:21 -08:00
Kevin Doran 482f371958
NIFI-4701 Add authorizers.xml support to toolkit.
Adds authorizers.xml to the files understood by the encrypt-config
tool in the NiFi Toolkit. If enabled, then the sensitive properties
for LdapUserGroupProvider in authorizers.xml will be encrypted.
Also fixes a bug wherein encrypt-config replaces multiple XML nodes
in login-indentity-providers.xml when LdapProvider is not the first
provider listed in the file.
Enable properties in authorizers.xml to be encrypted by the master key.

This closes #2350.

Signed-off-by: Andy LoPresto <alopresto.apache@gmail.com>
2017-12-31 17:41:04 -05:00
Aldrin Piri c730f802b7
NIFI-4672 Adding missing quotes around arguments passed in from the entrypoint script.
This closes #2322.

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2017-12-06 10:48:21 -05:00
Aldrin Piri 7b6aab7f98 NIFI-4333:
Providing Docker support of the NiFi Toolkit via Maven build and Docker
Hub.
2017-12-04 12:01:55 -05:00
Bryan Bende ce9787a414
NIFI-4622 Adding status tool to TLS toolkit
This closes #2280.

Signed-off-by: Bryan Bende <bbende@apache.org>
2017-11-27 09:52:46 -05:00
Matt Gilman 6baea8ccff
NIFI-4444:
- Upgrading to Jersey 2.x.
- Updating NOTICE files where necessary.
- Fixing checkstyle issues.

This closes #2206.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
2017-10-12 10:27:02 -07:00
Andy LoPresto d4168f5ff1
NIFI-4297
- Upgraded immediately actionable dependency versions from Meterian report.
- Upgraded jackson-core test dependencies for HBase and Elasticsearch modules.
- Only 3 instances of jackson-core < 2.8.6 (Google Cloud Platform and Spark Receiver modules).
- Upgraded version of poi dependency in nifi-email-processors to 3.16.
- Resolving dependency issues after rebasing against 1.5.0-SNAPSHOT.
- Removed jackson-databind from <dependencyManagement> block in nifi/pom.xml and added explicit reference to ${jackson.version} in all referenced artifacts.
- Removed jackson-mapper-asl from <dependencyManagement> block in nifi/pom.xml and added explicit reference to ${jackson.old.version} in all referenced artifacts.
- Removed Jasypt from <dependencyManagement> and added explicit version in test dependency for legacy compatibility.
- This closes #2084
2017-10-05 15:23:52 -04:00