Refactored the createDocsWebApp method of the JettyServer.java class. Previously NiFi would fail to
start up and instead throw an IllegalStatException if the 'docs' directory did not exist in the
installation directory. With the update, if the 'docs' directory is missing, an attempt to create
the missing directory will be made and if successful will enable NIFI to startup successfully, barring
any other startup errors of course. The side effect of this change is that the help documentation
under the 'General' heading of the help page will be missing.
Three small helper methods were extracted from the original method. Each related to a section of the
original code that could throw an exception. In each case if an exception is now thrown a more helpful
log message will be output and the process will be closed via the startUpfailure method rather than
throwing an exception.
This closes#2164.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
- Adding support for KnoxSSO.
- Updated the docs for nifi.security.user.knox.audiences.
- The KnoxSSO cookie is removed prior to request replication.
This closes#2177
Added external compatibility regression test for StringEncryptor to ensure continued functionality during removal of Jasypt.
Documents custom salt lengths and iteration counts for each encryption method.
Added (ignored) failing tests for keyed encryption (Jasypt does not support keyed encryption).
Changed StringEncryptor to non-final class and added protected default constructor.
Added failing test for initialization status.
Added utility methods in CipherUtility.
Moved PBE cipher providers (and tests) from nifi-standard-processors to nifi-security-utils module.
Implemented PBE and keyed encryption/decryption logic.
Moved Scrypt unit test back into scrypt package.
Resolved test failures in limited strength cryptographic environment.
Implemented keyed encryption/decryption and enabled unit tests.
Removed Jasypt dependency from production scope (kept in test scope for backward compatibility tests).
Signed-off-by: joewitt <joewitt@apache.org>
- Added XmlUtils class.
- Added unit test.
- Added XXE test resource.
- Refactored JAXB unmarshalling globally to prevent XXE attacks.
- Refactored duplicated/legacy code.
- Cleaned up commented code.
- Switched from FileInputStream back to StreamSource in AuthorizerFactoryBean.
- This closes#2134
...connection dialog if no relationships selected
Disabled confirmation button for both Create and Configure Connection
dialogs when no relationship was selected.
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
This closes#2152
* Changed the tab title since sharing the name makes things
less clear for newcomers.
* Suggested info sentence is omitted.
This closes#2124.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
- Ensuring that sub context menus are removed when hiding to ensure they are correctly (re)created during mouseenter events.
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
This closes#2109
...FlowFile has no content, UI does not indicate this fact
For FlowFiles with no content:
* Added a simple title replacing the Content Claim's one.
* Defaulted File Size to 0 bytes using common formatting.
..'View Details' button feels confusing and inconsistent with Processors
* Merged 'View Details' and 'Edit' buttons to a single 'Configure'/'View Details' one.
* Fixed confusing 'View Details' modal's title.
- When determining which controller services to return for a component, ensure that we don't show services that belong to 'child groups'
- Fixed a logic bug that determined which process group to use for obtaining controller services
- This closes#2087
- Initial implementation of Process Group level Variable Registry
- Updated to incorporate PR Feedback
- Changed log message because slf4j-simple apparently has a memory leak; passing a String instead of passing in the Controller Service object as an argument addresses this.
- This closes#2051
...name when I create a new Controller Service within a Processor/Service configuration dialog
Changed CS name default's behavior according to PR feedback.
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
This closes#2081
...name when I create a new Controller Service within a Processor/Service configuration dialog
I'm not sure how to integrate/style the text box. Suggestions are welcome.
NIFI-4237 Cleaned up unused alternate approaches.
NIFI-4237 Added failing unit test for better error message.
NIFI-4237 Added logic to capture unhelpful encryption exception and provide context in message. All tests pass.
This closes#2077
- Introducing support for OpenId Connect.
- Updating REST API and UI to support the authorization code flow.
- Adding/fixing documentation.
- Implementing time constant equality checks where appropriate.
- Corrected error handling during startup and throughout the OIDC login sequence.
- Redacting the token values from the user log.
- Defaulting to RS256 when not preferred algorithm is specified.
- Marking the OIDC endpoints as non-guaranteed in to allow for minor adjustments if/when additional SSO techniques are introduced.
This closes#2047.
Signed-off-by: Andy LoPresto <alopresto@apache.org>
The JIRA issue asks for treating both node and its label as one unit.
Described cursor issues seems to be fixed already.
However, there is an annoying dead space between a node and label
preventing displaying context menu, etc. Due to SVG group's nature
there has been added an opaque joint to remove the dead space.
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#2059.
* Added double-click shortcut opening config/details dialog to processors,
connections, ports and labels.
* Created a base for further default action selection, disabling, etc.
* Omitted default action configuration UI - that might be a separate JIRA ticket.
NIFI-4032: - Generating the appropriate fingerprint for the ManagedRangerAuthorizer based on whether the UserGroupProvider is configurable. - Adding unit tests.
Signed-off-by: Yolanda M. Davis <ymdavis@apache.org>
This closes#2019
- Expose processors' counters in Stats History
- Only include counters in Processors' Status History if user has read access to corresponding Processor
- Addressed review feedback. Found and addressed bug where a counter is not present in all of the aggregate snaphot values for status history, resulting in the UI not rendering the chart properly
- This closes#1872
NIFI-4060: Addressed threading issue with RecordBin being updated after it is completed; fixed issue that caused mime.type attribute not to be written properly if all incoming flowfiles already have a different value for that attribute
NIFI-4060: Bug fixes; improved documentation; added a lot of debug information; updated StandardProcessSession to produce more accurate logs in case of a session being committed/rolled back with open input/output streams
Signed-off-by: Matt Burgess <mattyb149@apache.org>
This closes#1958
- Introducing composite ConfigurableUserGroupProvider and UserGroupProvider.
- Adding appropriate unit tests.
- Updating object model to support per resource (user/group/policy) configuration.
- Updating UI to support per resource (user/group/policy) configuration.
- Adding necessary documentation.
- Updating documentation to clarify integrity checks.
- Providing an example of configuring a composite implementation.
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#1978.
Fixed threads shutdown so that NiFi can shutdown gracefully
NIFI-4111 - Review - Handling SocketRemoteSiteListener (RAW S2S)
This closes#1963.
Signed-off-by: Koji Kawamura <ijokarumawak@apache.org>
- Addressing issues causing the eventId to not be relayed when submitting a lineage request under certain conditions.
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#1903.
When NiFi is clustered, and autopurge.purgeInterval is greater than 1, the DatadirCleanupManager will be started in order to automatically purge transaction log and snapshot files based on the autopurge settings in zookeeper.properties
This closes#1928.
NIFI-4061 Initial version of RedisStateProvider
- Adding PropertyContext and updating existing contexts to extend it
- Added embedded Redis for unit testing
- Added wrapped StateProvider with NAR ClassLoader in StandardStateManagerProvider
- Updating state-management.xml with config for RedisStateProvider
- Renaming tests that use RedisServer to be IT tests so they don't run all the time
This closes#1918.
- Introducing the LdapUserGroupProvider.
- Updating documentation accordingly.
- Moving the IdentityMapping utilities so they were accessible.
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#1923.
- Introducing FileUserGroupProvider and FileAccessPolicyProvider.
- Refactoring FileAuthorizer to utilize the file based implementations.
- Introducing the StandardManagedAuthorizer.
- Decorating the configured ManagedAuthorizer to ensure integrity checks are still performed.
- Loading user groups if possible to use during access decisions.
- Merging responses for requests for AccessPolicies, Users, and UserGroups.
- Adding unit tests as appropriate.
- Adding methods to the User, Group, and AccessPolicy builder that more easily supports generating UUIDs.
- Fixing typo when seeding policies during startup.
- Fixing type in documentation and error messages.
This closes#1897.
Signed-off-by: Bryan Bende <bbende@apache.org>
Mark Owens
Jeff Storck
Matt Gilman
Andy LoPresto
Pierre Villard
Bryan Bende
m-hogue
Mark Payne
yuri1969
Koji Kawamura
combine
Scott Aslan
Yolanda M. Davis
Mike Moser
Tony Kurc
Niels Zeilemaker
Joe Percivall
Wesley-Lawrence
Andre F de Miranda
Joe Skora