d148fb1854
Added skeleton implementation of EncryptedFileSystemRepository. Added new impl to META-INF registry. Added investigation comments to FileSystemRepository. Implemented RepositoryObject block and stream encryptors. Added passing unit test for encryption and decryption of multiple content writes (large buffered file) for AES-CTR encryptor. Refactored shared logic from AES CTR and G/CM encryptors to abstract parent. Added working unit test for writing/reading via encrypted file system repository. Added stream wrappers. Added encryptor. Added working unit test for writing/reading multiple pieces of content via encrypted file system repository. Added unit test skeleton for writing/reading multiple pieces of content with different keys via encrypted file system repository. Implemented key management skeleton for encrypted content repository. Multiple content claims can now be encrypted with different keys on the same resource claim and retrieved. Implemented validation on setting active key id. Added content repository encryption properties to NiFiProperties. Implemented configuration of encryption services from NiFiProperties. Refactored NiFiPropertiesLoader functionality to CryptoUtils for availability in other modules. Added RepositoryEncryptionConfiguration and repo-specific subclasses for data containers. Continued refactoring of CryptoUtils and RepositoryEncryptorUtils library methods. Exposed some internal state of FileSystemRepository via protected getters so encrypted implementation could access. Refactored EncryptedFileSystemRepository to extend rather than duplicate FSR. Refactored EFSR to use ECROS which now extends extracted ContentRepositoryOutputStream protected inner class in FSR. Added unit test to encrypt & decrypt image resource. Added smaller image resource for easier unit test debugging. Added importFrom method to resolve issue where GetFile would not encrypt content persisted to repository. Added text test resource for tests around exporting claim subsets. Added exportTo methods to handle decrypting encrypted content. Performed large unit test refactoring, moving shared logic to helper methods. Added unit test for merged content claim with header/footer/demarcator. Added unit test for merging content claims each encrypted with a different key. Ignored non-deterministically failing firewall DNS test. Added documentation to User and Admin Guide for Encrypted Content Repository. Added image. Added refactored utility method for shared ROEM extraction and validation logic in AbstractAESEncryptor. Replaced ad-hoc generation of ciphertext stream and byte[] for testing with static initialization from pre-generated serialized form for performance. Cleaned up unused test code. Cleaned up Javadoc and code comments. Refactored shared logic. Fixed checkstyle issue. Fixed test failure due to error message change. Added experimental warning to repository implementation classes and User Guide documentation. Signed-off-by: Joe Witt <joewitt@apache.org> |
||
|---|---|---|
| .github | ||
| nifi-api | ||
| nifi-assembly | ||
| nifi-bootstrap | ||
| nifi-commons | ||
| nifi-docker | ||
| nifi-docs | ||
| nifi-external | ||
| nifi-framework-api | ||
| nifi-maven-archetypes | ||
| nifi-mock | ||
| nifi-nar-bundles | ||
| nifi-toolkit | ||
| .gitignore | ||
| .travis-output-filters | ||
| .travis.sh | ||
| .travis.yml | ||
| KEYS | ||
| LICENSE | ||
| NOTICE | ||
| README.md | ||
| SECURITY.md | ||
| appveyor.yml | ||
| pom.xml | ||
README.md
Apache NiFi is an easy to use, powerful, and reliable system to process and distribute data.
Table of Contents
Features
Apache NiFi was made for dataflow. It supports highly configurable directed graphs of data routing, transformation, and system mediation logic. Some of its key features include:
- Web-based user interface
- Seamless experience for design, control, and monitoring
- Multi-tenant user experience
- Highly configurable
- Loss tolerant vs guaranteed delivery
- Low latency vs high throughput
- Dynamic prioritization
- Flows can be modified at runtime
- Back pressure
- Scales up to leverage full machine capability
- Scales out with zero-master clustering model
- Data Provenance
- Track dataflow from beginning to end
- Designed for extension
- Build your own processors and more
- Enables rapid development and effective testing
- Secure
- SSL, SSH, HTTPS, encrypted content, etc...
- Pluggable fine-grained role-based authentication/authorization
- Multiple teams can manage and share specific portions of the flow
Requirements
- JDK 1.8 (ongoing work to enable NiFi to run on Java 9/10/11; see NIFI-5174)
- Apache Maven 3.1.1 or newer
- Git Client (used during build process by 'bower' plugin)
Getting Started
- Read through the quickstart guide for development. It will include information on getting a local copy of the source, give pointers on issue tracking, and provide some warnings about common problems with development environments.
- For a more comprehensive guide to development and information about contributing to the project read through the NiFi Developer's Guide.
To build:
-
Execute
mvn clean installor for parallel build executemvn -T 2.0C clean install. On a modest development laptop that is a couple of years old, the latter build takes a bit under ten minutes. After a large amount of output you should eventually see a success message.laptop:nifi myuser$ mvn -T 2.0C clean install [INFO] Scanning for projects... [INFO] Inspecting build with total of 115 modules... ...tens of thousands of lines elided... [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 09:24 min (Wall Clock) [INFO] Finished at: 2015-04-30T00:30:36-05:00 [INFO] Final Memory: 173M/1359M [INFO] ------------------------------------------------------------------------ -
Execute
mvn clean install -DskipTeststo compile tests, but skip running them.
To deploy:
-
Change directory to 'nifi-assembly'. In the target directory, there should be a build of nifi.
laptop:nifi myuser$ cd nifi-assembly laptop:nifi-assembly myuser$ ls -lhd target/nifi* drwxr-xr-x 3 myuser mygroup 102B Apr 30 00:29 target/nifi-1.0.0-SNAPSHOT-bin -rw-r--r-- 1 myuser mygroup 144M Apr 30 00:30 target/nifi-1.0.0-SNAPSHOT-bin.tar.gz -rw-r--r-- 1 myuser mygroup 144M Apr 30 00:30 target/nifi-1.0.0-SNAPSHOT-bin.zip -
For testing ongoing development you could use the already unpacked build present in the directory named "nifi-version-bin", where version is the current project version. To deploy in another location make use of either the tarball or zipfile and unpack them wherever you like. The distribution will be within a common parent directory named for the version.
laptop:nifi-assembly myuser$ mkdir ~/example-nifi-deploy laptop:nifi-assembly myuser$ tar xzf target/nifi-*-bin.tar.gz -C ~/example-nifi-deploy laptop:nifi-assembly myuser$ ls -lh ~/example-nifi-deploy/ total 0 drwxr-xr-x 10 myuser mygroup 340B Apr 30 01:06 nifi-1.0.0-SNAPSHOT
To run NiFi:
-
Change directory to the location where you installed NiFi and run it.
laptop:~ myuser$ cd ~/example-nifi-deploy/nifi-* laptop:nifi-1.0.0-SNAPSHOT myuser$ ./bin/nifi.sh start -
Direct your browser to http://localhost:8080/nifi/ and you should see a screen like this screenshot:
-
For help building your first data flow see the NiFi User Guide
-
If you are testing ongoing development, you will likely want to stop your instance.
laptop:~ myuser$ cd ~/example-nifi-deploy/nifi-* laptop:nifi-1.0.0-SNAPSHOT myuser$ ./bin/nifi.sh stop
Getting Help
If you have questions, you can reach out to our mailing list: dev@nifi.apache.org (archive). For more interactive discussions, community members can often be found in the following locations:
-
Apache NiFi Slack Workspace: https://apachenifi.slack.com/
New users can join the workspace using the following invite link.
-
IRC: #nifi on irc.freenode.net
Documentation
See http://nifi.apache.org/ for the latest documentation.
License
Except as otherwise noted this software is licensed under the Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Export Control
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
The following provides more details on the included cryptographic software:
Apache NiFi uses BouncyCastle, JCraft Inc., and the built-in Java cryptography libraries for SSL, SSH, and the protection of sensitive configuration parameters. See http://bouncycastle.org/about.html http://www.jcraft.com/c-info.html http://www.oracle.com/us/products/export/export-regulations-345813.html for more details on each of these libraries cryptography features.