- Removed Security.addProvider() references from several tests
- Refactored KeyStoreUtils to use instance of BouncyCastleProvider instead of BC provider name string
- Refactored MiNiFi references to pass BouncyCastleProvider for BCFKS
Signed-off-by: Joseph Witt <joewitt@apache.org>
- Set getClusterNodeProtocolMaxPoolSize method reference in place of deprecated getClusterNodeProtocolThreads
Signed-off-by: Joseph Witt <joewitt@apache.org>
Fixed issue in logic of LocalComponentLifecycle, which was waiting for all PGs to reach desired stateless run schedule, even when the group itself was not stateless
Fixed JavaScript to specify correct value for recursivity when updating process group parameter context
- Extracted common logic from setState() and replace() into modifyState()
- Removed redundant code from createNode() because exceptions are handled on the caller side
- NodeExistsException and InterruptedException are handled in setState() and replace()
- Also used KeeperException's subclasses instead of KeeperException.code()
This closes#7324
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Updated component references to remove use of Object[] wrapping for log methods
This closes#7748
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Adjusted Groovy Maven coordinates to org.apache.groovy
- Adjusted build configuration and tests for Groovy 4
This closes#7692
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Upgraded SLF4J from 2.0.7 to 2.0.9
- Upgraded Logback from 1.3.8 to 1.3.11
- Upgraded Testcontainers from 1.18.3 to 1.19.0
- Upgraded Fabric8 Kubernetes from 6.5.1 to 6.8.1
- Upgraded AspectJ from 1.9.19 to 1.9.20.1
- Upgraded Caffeine from 3.1.6 to 3.1.8
- Upgraded AWS SDK from 2.20.103 to 2.20.148
- Upgraded Guava from 32.0.1 to 32.1.2
- Upgraded Nimbus JOSE JWT from 9.31 to 9.33
- Upgraded Apache Tika from 2.8.0 to 2.9.0
- Upgraded gRPC from 1.57.2 to 1.58.0
- Upgraded Google Libraries from 26.17.0 to 26.22.0
- Upgraded Azure SDK from 1.2.13 to 1.2.16
This closes#7733
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Added org.spockframework to the list of banned dependencies
- Removed several other Groovy tests and associated build profiles
Signed-off-by: Joseph Witt <joewitt@apache.org>
- Changed default value of nifi.web.https.application.protocols to include both h2 and http/1.1
- Changed default value of nifi.registry.web.https.application.protocols to include both h2 and http/1.1
- Updated HostHeaderHandler logging
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#7684.
* NIFI-10904 Changed the font color for dropdown menus to avoid the appearance of menu items being disabled
* NIFI-10904 Changed the CSS tag used to set the color of the dropdown menu text
* NIFI-10904 Used a new css class to set the color of dropdown options
* nifi-10904 Changed the css class for create/reference drop down menu items.
Merged #7502 into main.
- Added nifi-security-cert for reusable components without dependencies
- Added nifi-security-cert-builder for certificate generation
Signed-off-by: Matt Burgess <mattyb149@apache.org>
This closes#7651
- Added new extensible Component Type: FlowAnalysisRule
- Added DisallowComponentType Rule implementation
- Flow Analysis Rules can be managed from the UI under Controller Settings -> Flow Analysis Rules
- Flow Analysis Rules can be set up with an enforcement policy of WARN or ENFORCE
- Flow Analysis Rules can evaluate an individual Component or a Process Group
This closes#7191
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Updated Jetty WebSocket components using Jetty 10 components
- Upgraded Solr components from 8.11.2 to 9.2.1 to align with Jetty 10 dependencies
Signed-off-by: Matt Burgess <mattyb149@apache.org>
This closes#7622
* NIFI-11303 Added a go-to entry on the right click context menu for the provenance lineage tree to take you to the specified component in the graph
* nifi-11303 Removed unused variable.
Merged #7461 into main.
When shutting down FlowController, wait up to gracefulShutdownSeconds seconds for the components to stop before shutting down thread pools. This allows for asynchronous operations such as disableControllerServicesAsync to complete during shutdown. Updated StandardStatelessFlow so that on shutdown it catches more general Exception to ensure that shutdown succeeds
Ensure that Max Concurrent Tasks cannot be set less than 1 for stateless group; fixed typo in ProcessGroupDTO's docs; on shutdown, we may need to disable controller services asynchronously. At that point, the thread pool used to do so may already be shutdown. If so, catch this and create a new single-thread pool, disable the service, and immediately shutdown the pool. Also, if we fail to disable services on shutdown of a stateless flow, instead of throwing an Exception, just log it and move on - it doesn't make much sense for shutdown() to throw an Exception in that case.
Updated system tests so that when emptying a queue, we check the result and if the queue still has data (because a Processor hasn't acknowledged the data, for example) then continue issuing request until the queue fully becomes empty.
When shutting down input/output ports for stateless group, ensure that we wait for the ports' active threads to complete before returning
When stopping StatelessGroupNode, ensure that all the Processors, Controller Services (even those not executed by the Stateless Engine) are stopped/disabled before considering the Stateless Group to be fully STOPPED.
This closes#7253
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Updated QuestDB Status Repository shutdown method to cancel scheduled tasks before immediate shutdown of Scheduled Executor Service
- Updated QuestDB Scheduled Tasks to include initial delay to avoid unnecessary execution when starting
- Updated QuestDB test class to minimize logging for QuestDB 7
- Improved logging and exception messages
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#7564.
Added documentation to indicate how to debug Python side of nifi framework, as well as debugging Python processors themselves using VSCode's Remote debugger.
This also provides the ability to launch the Controller process in such a way that it will listen to incoming remote debug connections.
This closes#7469
Signed-off-by: David Handermann <exceptionfactory@apache.org>
When waiting for all controller services to reach the desired status in the ClusterReplicationComponentLifecycle component, return immediately if there are no services to wait for. Otherwise, request that referencing components not be included in the return value of the Controller Services
This closes#7493
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Added StandardOidcUserService supporting fallback claim names
- Updated StandardClientRegistrationProvider to use standard Subject claim
- Updated OIDC Security Configuration to use customized OidcUserService for claim handling
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#7468.
- Replaced Jetty KeyStoreScanner and custom TrustStoreScanner with shared StoreScanner
- New StoreScanner uses TLS Configuration to reload SSLContext instead of relying on Jetty SslContextFactory properties
This closes#7446
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Removed hamcrest-all from default dependencies
- Added groovy-test to selected modules with Groovy test classes
- Added junit-vintage-engine to selected modules with JUnit 4 test classes
- Corrected references to JUnit 4 assertions in JUnit 5 test classes
- Removed several unnecessary test classes from nifi-socket-utils
- Removed duplicative Registry toolkit test classes
- Removed Kudu integration tests
NIFI-11532 Corrected scope for junit-vintage-engine for Elasticsearch
Signed-off-by: Matt Burgess <mattyb149@apache.org>
This closes#7233
- Resolved BufferOverflowException in PeerChannel with Bouncy Castle Provider
- Changed prepareForWrite() to use Destination Buffer remaining instead of Application Buffer Size
- Changed encrypt() to Packet Buffer Size instead of Application Buffer Size
Rather than creating many FlowFiles with the same Content Claim, refactored content repos' OutputStreams and ClaimWriteCache so that a new ContentClaim is created for each FlowFile. This ensures that we have a content claim offset of 0. The poor performance was due to having to use StreamUtils.skip() in conjunction with the CipherInputStream, which would only skip a max of 511 bytes at a time. By using a separate Content Claim per FlowFile, we no longer need to seek after creating the CipherInputStream
This closes#7363
Signed-off-by: David Handermann <exceptionfactory@apache.org>
* NIFI-11464 Improvements for importing nested versioned flows
- Introduce FlowSnapshotContainer to return root snapshot + children
- Introduce ControllerServiceResolver to extract logic from service facade
- Update resolution logic to correctly consider all services in the hierarchy
- Merge additional parameter contexts and parameter providers from child to parent
- Add unit test for controller service resolver
- Replace use of emptSet/emptyMap with new set/map instance
NIFI-11636: Change default log level from parquet internal reader to WARN as it logs excessively at INFO level
Signed-off-by: Matt Burgess <mattyb149@apache.org>
This closes#7334
- Removed NetworkUtils methods for getting available ports
- Updated Socket-based components to support using 0 to listen on a random available port for improved test reliability
This closes#7299
Signed-off-by: David Handermann <exceptionfactory@apache.org>
NIFI-11557: Added an additional system test and updated github actions to include surefire-report in order to help diagnose problem that occurred in one of the last system-test runs in Github. Could not replicate problem locally
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#7265
- Added Shibboleth repository for OpenSAML
- Replaced deprecated OpenSAML 3 Spring Security components with OpenSAML 4
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#7251.
* NIFI-11287: detect dependent properties when the property it depends on references a parameter
* address review feedback
* address more review comments
* - loadProperties checks type before getting the parameter context
- retrieve the parameter context with ajax call from inside the class
* add type parameter to all places calling loadProperties
* get reference parameters by invoking provided callbacks from the client
* check for user permissions before requesting for referenced parameters
* address review feedback
This closes#7117
- Added methods to enumerate Stored Component Identifiers on State Provider interface and implementations
- Added nifi.state.management.provider.cluster.previous to nifi.properties
- Updated State Manager Provider to restore Cluster State from Previous Cluster Provider
- Updated Configuring State Providers documentation for new property
- Restored previous behavior of sending openid and email scopes for OpenID Connect token requests
- Added offline_access scope as the default value in nifi.properties to support Refresh Tokens
This closes#7168
Signed-off-by: Paul Grey <greyp@apache.org>
* NIFI-11461 Improved User and Group Tenants Search
- Added searchTenants method to NiFiServiceFacade and removed unnecessary object creation
- Updated TenantsResource to use delegated NiFiServiceFacade.searchTenants method
- Changed autocomplete delay from default 300 ms to 500 ms
* NIFI-11461 Adjusted implementation to use EntityFactory.createTenantEntity
This closes#7181
- Updated GitHub workflow so that system tests include Python 3.9
- Updated GitHub actions to build necessary modules for system tests
This closes#7003
Co-authored-by: David Handermann <exceptionfactory@apache.org>
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Fixed system tests so that they work properly in Clustered version of RegistryClientIT
- Fixed system test - ensure that we wait for processors to become valid before attempting to start them; also added an additional system test around Controller Services in versioned flows
This closes#7095
Signed-off-by: David Handermann <exceptionfactory@apache.org>
* NIFI-4890 Refactored OIDC with support for Refresh Tokens
- Implemented OIDC Authorization Code Grant Flow using Spring Security Filters
- Implemented OIDC RP-Initiated Logout 1.0
- Implemented OAuth2 Token Revocation RFC 7009 for Refresh Tokens
- Added OIDC Bearer Token Refresh Filter for updating application Bearer Tokens from Refresh Token exchanges
- Added configurable Token Refresh Window to application properties
- Removed original implementation and supporting classes
* NIFI-4890 Set Bearer Token expiration based on Access Token
* NIFI-4890 Corrected spelling and naming issues based on feedback
This closes#7013
Fixed issue in StandardContentClaimWriteCache in which inner OutputStream class did not have an idempotent close() method; as a result, the stream could be written to while already in use for another active FlowFile; fixed bug in ContentClaimInputStream in which skip() method ignored its own BufferedInputStream - this was discovered because it was causing failures in StandardProcessSessionIT; fixed bug in StandardProcessSessionIT in which the length of StandardContentClaim was being doubled because the OutputStream was setting the claim length but that is already handled at a lower level.
This closes#7087
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Ensure that components are notified that primary node has changed in a background thread instead of the Leader Election thread and activate/deactivate the thread in the case of Processors so that they can be viewed in the UI and terminated
- Fixed system tests that would fail intermittently because they did not wait for node disconnection to complete and did not properly switch the client to look at the connected node before checking cluster status
This closes#7052
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Upgraded direct dependencies in Framework and Registry modules as well as Spark bundle
This closes#7073
This closes#7074
This closes#7075
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Replaced deprecated Matchers references with ArgumentMatchers
- Removed unnecessary Mockito versions for Registry
- Refactored test configuration to Java for mocking
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#7071.
NIFI-11310: Fixed META-INF/services file that was mistakenly listing an extra extension point, due to rebase
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#7061
* NIFI-10975 Added Kubernetes Leader Election and State Provider
- Added Kubernetes Leader Election Manager based on Kubernetes Leases
- Added Kubernetes State Provider based on Kubernetes ConfigMaps
- Added nifi-kubernetes-client for generalized access to Fabric8 Kubernetes Client
- Added nifi.cluster.leader.election.implementation Property defaulting to CuratorLeaderElectionManager
- Refactored LeaderElectionManager to nifi-framework-api for Extension Discovering Manager
- Refactored shared ZooKeeper configuration to nifi-framework-cluster-zookeeper
* NIFI-10975 Updated Kubernetes Client and StateMap
- Upgraded Kubernetes Client from 6.2.0 to 6.3.0
- Added getStateVersion to StateMap and deprecated getVersion
- Updated Docker start.sh with additional properties
* NIFI-10975 Corrected MockStateManager.assertStateSet()
* NIFI-10975 Upgraded Kubernetes Client from 6.3.0 to 6.3.1
* NIFI-10975 Corrected unregister leader and disabled release on cancel
* NIFI-10975 Corrected findLeader handling of Lease expiration
- Changed LeaderElectionManager.getLeader() return to Optional String
* NIFI-10975 Corrected StandardNiFiServiceFacade handling of Optional Leader
* NIFI-10975 Changed getLeader() to call findLeader() to avoid stale cached values
* NIFI-10975 Updated LeaderElectionCommand to run LeaderElector in loop
* NIFI-10975 Rebased on project version 2.0.0-SNAPSHOT
* NIFI-10975 Corrected Gson and AspectJ versions
- Updated versions to match current main branch and avoid reverting
- Moved StringUtils from nifi-properties to nifi-property-utils
- Moved Peer Identity methods from CertificateUtils to specific Site-to-Site classes
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#6977.
NIFI-11192: If a failure is encountered when changing the version of a flow from 1 version to another, attempt to rollback the changes instead of just failing with the flow in a bad state
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#6981
- Removed unnecessary references to PropertyEncryptor from multiple framework components
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6962.
- Updated TestAttributesToCSV with LinkedHashMap for deterministic test behavior
- Updated TestHttpFlowFileServerProtocol with adjusted checksums to match expectations from LinkedHashMap changes
This closes#6748
Signed-off-by: David Handermann <exceptionfactory@apache.org>
This closes#6750
Signed-off-by: David Handermann <exceptionfactory@apache.org>
Co-authored-by: Chris Sampson <12159006+ChrisSamo632@users.noreply.github.com>
- Upgraded Logback from 1.2.11 to 1.3.5
- Updated Logback DelayingShutdownHook to DefaultShutdownHook
- Disabled Spring Boot Logging System in favor of standard Logback initialization
- Excluded logback-classic from ZooKeeper and other dependencies to avoid conflicts when running tests
- Excluded spring-boot-starter-logging to avoid failures related to Logback 1.2 and Spring Boot 2.7
- Removed ZooKeeperMigratorTest.groovy based on Apache Curator test server usage of Logback 1.2
NIFI-10580 Added logback-core as explicit dependency
- Set logback-core as provided in root configuration
- Added logback-core as compile dependency in assembly configurations
Signed-off-by: Joe Witt <joewitt@apache.org>
Correcting EmbeddedQuestDbStatusHistoryRepositoryForComponentsTest
Correcting TestQueryNiFiReportingTask
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#6869
- Updated impacted classes to remove redundant import lines
- Removed WebUtilsGroovyTest.groovy class due to use of internal sun.security classes
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6804.
- NIFI-10981 Ensure NarAutoLoader starts after provider retrieves NARs, and ensure the auto-loader attempts to process any NARs available before starting to watch for new files
- Add system test with NAR Provider that copies NARs from a local directory and verifies the NARs were loaded and linked correctly
- Exclude new assembly from CI test-compile
exceptionfactory
Joe Gresock
Emilio Setiadarma
Joe Witt
Mark Payne
Pierre Villard
Nandor Soma Abonyi
Peter Turcsanyi
Timea Barna
Matt Burgess
Peter Turcsanyi
Freedom9339
Tamas Palfy
Tamas Palfy
Ferenc Kis
mr1716
Mike Thomsen
Yolanda M. Davis
dan-s1
simonbence
Bence Simon
timeabarna
Bryan Bende
siddr
Shane Ardell
Scott Aslan
Michael Moser
NissimShiman
Nissim Shiman
M Tien
Lehel Boér
Christian Wahl
dependabot[bot]
Mark Bean
Priyanka Awatramani
Paul Grey
krisztina-zsihovszki
nathluu
greyp9