This commit fixes following two issues, that happens when a Root Group Port
policy for S2S data transfer is removed at a remote NiFi, after a client NiFi has
connected to that port:
1. At client side, Remote Process Group should show that authorization
is failing on its bulletin, but the Exception is caught and
ignored. Nothing is shown on the UI with HTTP transport protocol.
RAW S2S shows error on RPG bulletin. This commit fixes HTTP S2S to
behave the same.
2. At server side, corresponding input-port or output-port should show
that it is accessed by an unauthorized client on its bulletin, but it's
not shown with HTTP transport protocol.
RAW S2S shows warning messages for this. This commit fixes HTTP S2S to
behave the same.
In order to fix the 2nd issue above, request authorization at
DataTransferResource is changed from using DataTransferAuthorizable
directly, to call RootGroupPort.checkUserAuthorization().
Because the blettin is tied to the Port instance and it's
difficult to produce blettin message from this resource.
Since RootGroupPort.checkUserAuthorization uses
DataTransferAuthorizable inside, the check logic stays the same as
before.
Adding a RootGroupPortAuthorizable to provide access to necessary components for performing the authorization.
This closes#996
- Updating the component entity as long as the proposed entity is not older than the current one since stats are bundled in the entity too.
This closes#983
Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
- Ensuring the controller services table to correctly reloaded regardless if its the processor group or controller level controller services. This closes#968
- Re-using the DataTransferAuthorizable in the DataTransferResource.
- Removing use of the DataTransferResource when obtaining site to site details as it performs additional unnecessary checks.
- Code clean up.
- This closes#971.
It caused "Error: Unable to find remote process group with id 'XXXX'" error with modifying the transmitting toggle switch of an Input or Output port.
This closes#962
Removed $sanitize from breadcrumbs controller, as it escapes multibyte
chars with numerical reference. Even without $sanitize, html tags can be
escaped when Angular binds the value to text content.
- Fixing contrib check issues.
- Clean up pom.
- Addressing issue where reporting task property descriptor using wrong scope.
NIFI-2635:
- Fixing issue with revisions when creating users and user groups.
- Forwarding requests to the coordinator instead of replicating.
- Tweaking verbage in dialog for removing users and groups.
This closes#943
- Ensure that we log which node is the cluster coordinator on startup instead of just indicating that there is one. If we later determine that there is none, ensure that we register for the role
This closes#900
Signed-off-by: jpercivall <joepercivall@yahoo.com>
- Addressing issue when fingerprinting ReportingTasks and ControllerServices properties with default values.
- Ensuring the flow is saved when templates are created and imported.
- Ensuring default values are included in templates.
- Fixing unit tests.
This closes#908.
- Making the bulletin responses consistent in that all bulletins will be included but in redacted form as appropriate.
- Fixing broken unit test.
This closes#892.
Signed-off-by: Bryan Bende <bbende@apache.org>
NIFI-2566: Removed storage of cluster roles from heartbeats and NodeConnectionStatus; use LeaderElectionManager to determine roles instead
NIFI-2566: Updated Heartbeats so that if a node is out-of-sync with cluster topology, cluster coordinator will provide updated information back to the nodes
NIFI-2566: Fixed issue that prevented standalone instance from starting by creating a standalone-instance version of the Leader Election Manager. Also added Controller Service enabled/disabled state to fingerprint rather than attempting to update the state when joining the cluster, as the implementation was incorrect and the correct implementation will be a rather significant effort that doesn't have to happen for 1.0.0 release
This closes#866
Signed-off-by: jpercivall <joepercivall@yahoo.com>
- Preventing client side selection of unauthorized controller services unless they were the previously configured value.
This closes#860.
Signed-off-by: Bryan Bende <bbende@apache.org>
- Addressing potential NullPointerException when an AccessDeniedException is thrown from an endpoint that isn't subject to the security filter chain.
This closes#846.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
NIFI-1876 Updated PermissionsDTO to use boolean primitives instead of Boolean objects for read and write permission
Removed ISE throwing from EntityFactory, it will rely on null checks instead
This closes#694
Signed-off-by: jpercivall <joepercivall@yahoo.com>
NIFI-1876 Added merging for labels, funnels, and controller service references.
NIFI-1876 Added Label and Funnel merging to FlowMerger.java
NIFI-1876 Added replication of request for process group controller services
- Updated merging code for Status and Status History based on read permissions
NIFI-1876 Fixed issue with node status snapshots all looking like they came from one node
Updated ProcessGroupStatusSnapshotDTO to contain status snapshot entities to retain readability permission
Added entity classes for ConnectionStatusSnapshotDTO, PortStatusSnapshotDTO, ProcessGroupStatusSnapshotDTO, ProcessorStatusSnapshotDTO, and RemoteProcessGroupStatusSnapshotDTO
Updated PropertyDescriptorDTO to contain AllowableValueEntity to retain readability permission
Added entity class for AllowableValueDTO
Moved AllowableValueDTO to its own top-level class
Updated DtoFactory to get permissions for status snapshot entities
Updated StatusMerger to merge status snapshot entities
Signed-off-by: jpercivall <joepercivall@yahoo.com>
- Allowing selection of User/Cluster node when searching and encountering an exact match.
This closes#839
Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
NIFI-2543: - Ensuring we have permissions before attempting to reload a controller service.
This closes#837
Signed-off-by: jpercivall <joepercivall@yahoo.com>
Extend template handling to read only properties.
* Add read only property handling to type.hbs template.
* Add flag to ProcessorDTO.getRelationships to reflect read only nature of the property.
* Remove explicit "read only" message from ConnectionDTO.getAvailableRelationships to avoid duplicate text.
* This closes#806
- Addressing comments from PR. Moving new service button below the tab pane. (+2 squashed commits)
Squashed commits:
[f746d09] NIFI-2468:
- Addressing numerous inconsistencies throughout the UI (button placement above tables, timestamp styles, etc)
[7d1fb09] addressing some inconsistencies
This closes#794.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
This closes#695.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
Defaulting to same keyStore, key password (+18 squashed commits)
Squashed commits:
[9d01ba0] NIFI-2193 - Fixing typo
[55440bc] NIFI-2193 - Standalone can run as long as there are no conflicting files/folders
[0ca34ed] NIFI-2193 - Fixing some filename, absolute path issues
[9d4f65b] NIFI-2193 - Incorporating feedback
[f7550b4] NIFI-2193 - Cleaning up imports
[59a7637] NIFI-2193 - Updating umask to allow owner to execute
[cf824e7] NIFI-2193 - Moving DN arg to CA service specific parent class
[921ee13] NIFI-2193 - Making keystore getInstance more consistent
[a283c4b] NIFI-2193 - Updating sample config files in assembly to reflect new structure
[8d3a21d] NIFI-2193 - Making TlsHelper static, adding option to use same password for Key, KeyStore
[b13d247] NIFI-2193 - Addressing PR feedback
[46ef8ed] NIFI-2193 - Removing commons-logging, log4j from notice
[d4cf41a] NIFI-2193 - Adding option to specify output file for CA certificate when using cli client
[b74bf25] NIFI-2193 - Removing Bouncy Castle from notice
[6e34f9a] NIFI-2193 - Adding CLI client for easier generation of client certificates
[2924fca] NIFI-2193 - nifi-toolkit-ssl -> nifi-toolkit-tls, removing unused constants
[886167e] NIFI-2193 - Adding slf4j to avoid runtime issue
[082de46] NIFI-2193 - Command line SSL config utility as well as certificate authority client/server
HTTP Site-to-Site can't handle TRANSACTION_FINISHED_BUT_DESTINATION_FULL
scenario as expected.
That happens if the remote NiFi's input port destination relationship
becomes full during Site-to-Site client sends data. The data which has
already sent to the remote NiFi has to be committed successfully.
However, the remote NiFi returns 503 as a response of commit HTTP
request. Because it does check port availability.
The port availability check shouldn't be called at commit request, since
the session at source NiFi has already been committed. The remote NiFi
should commit its session as well, and return
TRANSACTION_FINISHED_BUT_DESTINATION_FULL response.
This fix makes a remote NiFi to keep the handshaken properties when it holds
transaction to be committed. Then if a transaction already has
handshaken properties, then use it, instead of doing a handshake process
again.
Fixed Site-to-Site Transit URI for HTTP to be consistent with RAW socket.
- Removed url from CommunicationsSession since it's redundant as we have
Peer.url, too. The value was not used from anywhere other than HTTP
Site-to-Site.
- Added createTransitUri method in Communicant interface, so that
implementation can customize transitUri while providing consistent
interface.
Removed permission check causing "Cannot read property 'canRead' of
undefined". A given user won't have record level permission
difference for component state. It's not required here.
- Returning the enabled state of play and stop buttons in the palette. Allowing the user to always press if they have permissions to modify the selection.
- Only attempting to schedule components that are not running, not disabled, and valid.
This closes#745
Signed-off-by: jpercivall <joepercivall@yahoo.com>
- added SnippetUtilsTest
- renamed TypeOneUUIDGenerator to ComponentIdGenerator
- changed lsb part of ComponentIdGenerator back to long
- Fixed 'isCopy' condition for clustered environments
This closes#718.
[NIFI-2025] update birdseye after dragging/dropping element on the canvas
[NIFI-2367] update width of content viewer combo
[NIFI-2355] update table sorting based on auth efforts
[NIFI-2027] update EL editors
[NIFI-2387] update bulletin alert backgroud color to actually change the color of the icon not the div background
[NIFI-2141] Hide bulletin icon/background on processors unless a bulletin exists
[NIFI-2400] close any open combos contained within a shell when closing the shell
[NIFI-2404] remove extra scrollbar from #node-events
[NIFI-2027] account for min widths of EL editors
[NIFI-2025] update birdseye after changing color
[NIFI-2027] Update EL editor checkbox text
[NIFI-2027] update checkbox text
[NIFI-2355] update table sorting
[NIFI-2141] Hide bulletin icon/background on processors unless a bulletin exists
[NIFI-2027] update EL editors
[NIFI-2367] Overlapping links repositioned on error/login pages
This closes#715
- Introducing data resource for authorizing provenance events and queue listing.
- Authorizing entire proxy chain for data resource and data transfer resource.
NIFI-2338:
- Ensuring that replay authorization only happens once.
- Allowing users with access to policies for a component to be able to access all policies for that component.
-- Includes the component, data, data transfers, and policies.
- Fixing drop request completion to update the correct queued field.
- Fixing access control check for listing and emptying queues.
- Reseting selected policy when re-opening the policy management page.
- Fixing button/link visibility for available actions in policy management page.
- Fixing policy issues with policy removal when the underlying component is deleted.
- Updating file authorizer seeding to grant data access to node's in the cluster.
This closes#720.