The NiFi and NiFi Bootstrap processes both bind to random ephemeral
ports to allow for inter-process communication (e.g. shutdown, port,
ping, etc.). However, the randomness of these ephemeral ports can pose
challenges for some security policies and firewall rules.
This adds two configuration options, nifi.bootstrap.listen.port and
nifi.listener.bootstrap.port, that allow an administrator to define
which ports the two processes should bind to for this communication,
making it easier to define security policies. The options default to
zero to maintain the current ephemeral port behavior.
NIFI-6740: Add configuration options to specify NiFi/Bootstrap communication ports
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5746
- Upgraded nifi-bootstrap-utils JNA from 4.4.0 to 5.10.0
- Upgraded nifi-windows-event-log-processors JNA from 4.5.2 to 5.10.0
- Upgraded nifi-toolkit-cli JLine from 3.5.2 to 3.21.0
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5766.
update lintin
update font awesome path
bump nifi-fds version
update nifi deps
update frontend maven plugin
change CI npm cache restore keys so that we will not use cached directories for older versions of node
This closes#5751.
Signed-off-by: Kevin Doran <kdoran@apache.org>
- Replaced module references to version 2.7.0 with managed dependency in nifi-nar-bundles
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5763.
- Configured tests to use random temporary directory
- Added Derby shutdown handling and directory removal
- Upgraded DBCPServiceTest to JUnit 5
- Added pool name to HikariCP
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5759
- Upgraded tika-core from 1.27 to 2.3.0
- Upgraded tika-parsers to tika-parsers-standard-package in nifi-media-processors
- Updated Tika metadata property references
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5754.
* NIFI-9655 Added Queue Logging to ListenUDP
- Added TrackingLinkedBlockingQueue to track the largest queue size
- Updated AbstractListenEventProcessor to write debug log at most once per minute
- AbstractListenEventProcessor updates support both ListenUDP and ListenUDPRecord
* NIFI-9628: Added a uiOnly flag when requesting Controller Service details and the list of Controller Services. This allows us to return much less data when retrieving these resources.
* NIFI-9628: Addressed review feedback; added uiOnly flag for controller service run-status and references also
* NIFI-9628: Fixed checkstyle issues by removing unused imports
This closes#5712
- Added okhttp-bom to root Maven configuration
- Removed repeated okhttp.version property from specific dependencies
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5737.
- Refactored nifi-framework and nifi-standard modules
- Replaced Google Cache with Caffeine Cache
- Replaced Google collections classes with standard Java collections
This closes#5730.
Signed-off-by: Kevin Doran <kdoran@apache.org>
- Removed moquette-broker and refactored tests
- Upgraded docker-compose-rule-junit4 to 1.7.0 for Maven Central retrieval
- Changed JSTL dependency groupId for Maven Central retrieval
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5719.
- Added ProxyFTPClient with connect method supporting unresolved hosts
- Added FTPClientProvider with implementation handling configuration and connection
- Added support for SOCKS with authentication in FTP components
- Refactored FTPTransfer using FTPClientProvider
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5655.
- Replaced nifi-processor-utils with nifi-utils where necessary
- Added direct dependencies on commons-lang3 where necessary
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5693.
- ids of the entities are prefixed by their types to avoid id conflict in 3rd party table library
For some authorizers the UUID calculation for users and groups based only on the name of the entity and a global seed.
This results the same UUID for a group and a user with the same name. The same ids are no longer causing any issue on the UI.
- group icon alignment is fixed for edit user dialog
This closes#5695
- Replaced TestServerAndClient with separate classes for Set Server and Map Server
- Implemented before and after annotations for starting and stopping server instances
NIFI-9625 Added check for cache directory existence before clean
NIFI-9625 Updated Map and Set Cache Server Tests to use random port
Signed-off-by: Joe Witt <joewitt@apache.org>
- Corrected several missing return statements
- Increased Maven heap size to 3 GB for ci-workflow
This closes#5700
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Switch ExtensionManifestParser implementation to use JAXB instead of Jackson XML
- Fix handling of older NARs that don't have newer fields in ExtensionManifest
- Add response merging for runtime-manifest REST end-point, remove commons-lang3 from c2 dependencies
This closes#5630
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- 'Leave group' action button is added to 'Navigation'
- 'Leave group' action works with 'esc' hotkey if no modal, context menu, etc. is open
- 'esc' key closes context menu if it is open
- user guide is updated with new navigation options
This closes#5678
- Added DataTransferDoSFilter with request URI evaluation
- Added RequestFilterProvider and implementations to abstract Jetty Filter configuration
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5670.
This PR introduces 2 new properties for the ConsumeAMQP processor
And one new property for PublishAMQP
This allows to configure the processors to use escaping for commas and to consistently not use curly braces in the amqp$header attribute.
The default values ensure backwards compatibility.
This closes#5458.
Signed-off-by: Kevin Doran <kdoran@apache.org>
- Added generic type to AbstractPutEventProcessor for compiler checking of event types
- Refactored createTransitUri to shared method in AbstractPutEventProcessor
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5658.
- Added optional includedRegistries query parameter to Flow Metrics Resource method supporting one or more registries
- Added optional includedNames query parameter to Flow Metrics Resource method supporting one or more metric family names
- Added sampleName and sampleLabelValue optional pattern parameters
- Added FilteringMetricFamilySamplesEnumeration to support streamed filtering
- Added PrometheusMetricsWriter and TextFormat implementation
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5571.
- Removed deprecation from ListenTCP Pool Receive Buffers property
- Added BufferAllocator configuration property for NettyEventServerFactory
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5653.
- Added nifi-property-protection-api with provider interfaces
- Added nifi-property-protection-factory with implementation references
- Added ProtectionSchemeResolver for abstracting conversion from command arguments
- Refactored PropertyProtectionScheme to package private visibility
- Refactored multiple unit test and removed provider integration tests
- Renamed AESSensitivePropertyProvider to AesGcmSensitivePropertyProvider
- Added getSupportedProtectionSchemes() to StandardProtectionSchemeResolver
- Updated command argument descriptions for protection schemes to include supported values
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5650.
NIFI-7749 Added authenticated HTTP proxy support for SFTP
- Added StandardSocketFactoryProvider to return SocketFactory based on credentials
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5624.
NIFI-9390: Addressed underlying condition in stateless framework that caused Merge-related processors and similar to not properly be triggered as necessary. Added several system tests to verify different configurations.
NIFI-9390: Simplified the logic for how to iterate over the components in a Stateless flow that are ready to be triggered
This closes#5634.
Co-authored-by: Peter Turcsanyi <turcsanyi@apache.org>
Signed-off-by: Peter Turcsanyi <turcsanyi@apache.org>
- Upgraded Apache HttpCore to 4.4.15
- Added dependency management declarations in root Maven configuration for HttpClient and HttpCore
- Removed version numbers from multiple modules
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5647.
- Removed nifi-elasticsearch-5-bundle
- Removed include-elasticsearch-5-bundle profile from nifi-assembly
This closes#5636
Signed-off-by: Mike Thomsen <mthomsen@apache.org>
- Removed incorrect usage of TriggerWhenEmpty
- Allow for 0 seconds of gracefully waiting for incoming threads on shutdown since we won't have any
- Updated unit tests to no longer have arbitrary sleep statements
This closes#5639
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Centralized Spring Framework and Spring Security versions using BOM dependencies
- Upgraded Spring Security from 5.5.2 to 5.6.1
- Upgraded Spring Boot from 2.5.5 to 2.5.8 in Registry
- Upgraded Spring Integration from 5.5.2 to 5.5.7
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5631.
* NIFI-9391: Modified MergeRecord to process FlowFiles within a loop in a single onTrigger
MergeRecord processed the FlowFiles in multiple onTrigger-s and it needed an extra onTrigger call
(with no incoming FFs) to realize that no more FFs are available and it is time to send the merged FF downstream.
It was not compatible with Stateless Runtime which does not trigger the flow any more if no FFs available.
Also changed "unschedule" logic in StandardProcessorTestRunner: @OnUnscheduled methods were called immediately after
the 1st FlowFile was processed. Unschedule the processor only at the end of the execution (onTrigger finished)
and only if stopOnFinish has been requested by the test case.
change the default value of auto commit function to true
Changed the auto commit property name and add more details in the description
If the auto commit is set to false, commit() is called for consistency
adds unit tests
Fix the check style issue of having more than 200 characters in single line
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5554
- SSHJ 0.32.0 introduced support for rename flags in SFTP commands without checking the protocol version
- PatchedSFTPEngine overrides the rename method to check the SFTP protocol version
Signed-off-by: Joe Witt <joewitt@apache.org>
- Refactored SSH Client configuration and connection to SSHClientProvider
- Implemented exception handling for configuration and connection failures
- Named SSH keep-alive thread for improved runtime tracking
- Closed SSH Client and interrupted keep-alive thread on configuration failures
- Added missing Compression Property to ListSFTP
- Corrected Hostname and Port property descriptors in ListSFTP
Signed-off-by: Joe Witt <joewitt@apache.org>
- Added log4j-core to list of banned dependencies
- Added log4j-to-slf4j for Elasticsearch 5 processors to support runtime logging
Signed-off-by: Joe Witt <joewitt@apache.org>
- Replaced JUnit 4 and TestNG references with JUnit 5
- Added test method for bulletin sorting
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5607
- Changed display name of Max Number of TCP Connections to Max Number of Worker Threads for ListenTCP
- Set Netty Socket Receive Buffer using Max Socket Buffer Size in ListenTCP
This closes#5599
Signed-off-by: David Handermann <exceptionfactory@apache.org>
* NIFI-9423 - Show icon and tooltip for Parameter values that have leading and/or trailing whitespaces
NIFI-9429 - Parameters should allow blank values that are non-null (only whitespace)
* - Update areas to clean up tooltips in parameter values
- Show whitespaces and ellipsis in parameter and property values and tooltips
- Update serializeValue to accommodate for blank values
* - Address review findings
* - Remove commented out code
* - Add multiline check for ellipsis
* NIFI-9459 - Empty string checked will disable Edit Parameter value field on dialog open
* - Add multi-line style to parameter and property table
* - Safely insert title attribute content
* - Fix Edit Parameter bug that clears textarea for sensitive and empty string values on dialog open
This closes#5569
- Add log4j-bom to root Maven configuration
- Remove previous overrides in favor of log4j-bom in root Maven configuration
This closes#5598
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Implemented override for Timestamp Record Field Type format handling to add support for optional microseconds
- Added FieldConverter and ObjectTimestampFieldConverter implementation for generalized Timestamp parsing using DateTimeFormatter
- Updated PutKudu unit tests for standard Timestamp and Timestamp with microseconds
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5589.
NIFI-9382: Fixed issue with SharedInstanceClassLoader where the classloader may get closed but then get used again. When the SharedInstanceClassLoader is closed, we will now ensure that we don't use anymore and instead create a new one.
Signed-off-by: Joe Witt <joewitt@apache.org>
- Add PutElasticsearchJson processor to Elasticsearch REST bundle
- Deprecate PutElasticsearchHttp/PutElasticsearchHttpReccord in favour of Elasticsearch REST processors
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5566.
- Changed framework so that it serializes the dataflow into a VersionedDataflow using JSON as well as XML, and prefers the JSON representation on load, if it's available. This also results in the need for the cluster protocol to exchange its representation of the dataflow to using JSON. Rather than re-implementing all of the complex logic of Flow Fingerprinting, updated to just inherit the cluster's flow.
- Moved logic to synchronize Process Group with Versioned Process Group into a new ProcessGroupSynchronizer class instead of having all of the logic within StandardProcessGroup
- Reworked versioned components to use an instance id.
- Renamed StandardFlowSynchronizer to XmlFlowSynchronizer; introduced new StandardFlowSynchronizer that delegates to the appropriate (Xml or Versioned)FlowSynchronzer
- Updated to allow import of VersionedProcessGroup even if not all bundles are available - will now use ghost components
- Introduced a VersionedDataflow object to hold controller-level services, reporting tasks, parameter contexts, templates, etc.
- Allow mutable requests to be made while nodes are disconnected. Also fixed issue in AbstractPolicyBasedAuthorizer that caused ClassNotFoundException / NoClassDefFoundError if the authorizations were changed and then a node attempts to rejoin the cluster. The Authorizer was attempting to use XmlUtils, which is in nifi-security-utils and so so by madking nifi-security-utils a provided dependency of nifi-framework-api, but this doesn't work, because nifi-framework-api is loaded by a higher-level classloader, so the classloader that loads AbstractPolicyBasedAuthorizer will never have the appropriate classloader to provide nifi-security-utils. Addressed this by copying the code for creating a safe document builder from XmlUtils to AbstractPolicyBasedAuthorizer.
- Fixed bug that occurred when importing a Process Group that has 2 parameter contexts, one inheriting from another, where neither is pre-defined in the existing flow
- Fixed bug that was encountered when Updating a Versioned Process Group where one version had a disabled processor and the other had the processor running.
- Increased system-tests workflow timeout to 120 minutes
- Added additional exception handling to system tests
This closes#5514
Signed-off-by: David Handermann <exceptionfactory@apache.org>
* NIFI-9336 - Show icon in processor and controller services configurations when property values contain leading or trailing whitespace
* - Address PR feedback
* - Fix a bug to clean up tooltips to prevent a DOM leak
This closes#5559
- Upgraded com.fluenda:parcefone from 2.0.0 to 2.1.0
- Added Accept empty extensions property to ParseCEF
This closes#5555
Co-authored-by: David Handermann <exceptionfactory@apache.org>
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Replaced HashMap with LinkedHashMap to avoid potential non-deterministic results for user group properties
This closes#5524
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- NIFI-9163 Refactored nifi-websocket-bundle to use JUnit 5
- NIFI-9162 Refactored nifi-update-attribute-bundle to use JUnit 5
- NIFI-9161 Refactored nifi-tcp-bundle to use JUnit 5
- NIFI-9160 Refactored nifi-stateful-analysis-bundle to use JUnit 5
- NIFI-9159 Refactored nifi-sql-reporting-bundle to use JUnit 5
- NIFI-9158 Refactored nifi-spring-bundle to use JUnit 5
- NIFI-9157 Refactored nifi-splunk-bundle to use JUnit 5
- NIFI-9156 Refactored nifi-spark-bundle to use JUnit 5
- NIFI-9155 Refactored nifi-solr-bundle to use JUnit 5
- NIFI-9154 Refactored nifi-social-media-bundle to use JUnit 5
- NIFI-9153 Refactored nifi-snmp-bundle to use JUnit 5
- NIFI-9152 Refactored nifi-smb-bundle to use JUnit 5
- NIFI-9151 Refactored nifi-slack-bundle to use JUnit 5
- NIFI-9150 Refactored nifi-site-to-site-reporting-bundle to use JUnit 5
- NIFI-9149 Refactored nifi-single-user-iaa-providers-bundle to use JUnit 5
This closes#5362
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Set Scheduled State for Versioned Port and Versioned Remote Port when mapping Flow Definition
- Updated StandardProcessGroup to set disable Port based on Scheduled State of DISABLED
- Updated StandardProcessGroup to set Remote Port transmitting based on Scheduled State of ENABLED
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5534.
* NIFI-9382: Created a new ClassloaderIsolationKey mechanism by which Hadoop related processors (and potentially others) can indicate that they need full classloaders to be cloned but can share with other instances in certain circumstances
- Added system tests
* NIFI-9382: Renamed interface based on review feedback
* NIFI-9382: Removed ReentrantKerberosUser.
- Added XML Stream Reader processing for XSLT with external entities disabled
- Removed unused XsltValidator
- Upgraded Saxon-HE from 9.6.0-5 to 10.6
Signed-off-by: Joe Witt <joewitt@apache.org>
- NIFI-9387: add Proxy capability to ElasticsearchClientService
- NIFI-1576: allow GetElasticsearch to run without requiring FlowFile input
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5535.
- Added nifi.web.request.log.format property
- Added Filters to set and retrieve authenticated username for logging
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5527.
- Addressed compiler warnings in ListenTCP and EventBatcher
- Adjusted ListenTCP property order to match previous version
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5526.
- Deprecated Max Number of Receiving Message Handler Threads property
- Deprecated Pool Receive Buffers property
- Updated TestListenTCP using Netty EventSender
This closes#5493
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Removed unnecessary spaces from initialization log
- Changed bootstrap temporary password file processing messages to debug
- Updated several log statements using parameterized strings
- Refactored NiFi unit test class
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5515.