You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by bb...@apache.org on 2019/10/10 19:09:56 UTC
[nifi] branch master updated (a273ff1 -> af81afc)
This is an automated email from the ASF dual-hosted git repository.
bbende pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git.
from a273ff1 NIFI-6758 fixing checkstyle issues
new 5d65e6a NIFI-5753 Add SSL support to HortonworksSchemaRegistry service
new af81afc NIFI-5753 Make use of keyPassword optional and only used when keystore is used, bump registry client version
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../nifi-hwx-schema-registry-service/pom.xml | 6 +++-
.../hortonworks/HortonworksSchemaRegistry.java | 38 +++++++++++++++++++++-
2 files changed, 42 insertions(+), 2 deletions(-)
[nifi] 01/02: NIFI-5753 Add SSL support to
HortonworksSchemaRegistry service
Posted by bb...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bbende pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 5d65e6aba4d6f98f18aeddf0e17e19fbd881d07a
Author: Grzegorz KoĊakowski <gr...@gmail.com>
AuthorDate: Sat Nov 3 21:30:53 2018 +0100
NIFI-5753 Add SSL support to HortonworksSchemaRegistry service
Signed-off-by: Bryan Bende <bb...@apache.org>
---
.../nifi-hwx-schema-registry-service/pom.xml | 4 +++
.../hortonworks/HortonworksSchemaRegistry.java | 36 +++++++++++++++++++++-
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml
index 7eddcdc..c0d2fdb 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml
@@ -54,6 +54,10 @@ limitations under the License.
<artifactId>nifi-schema-registry-service-api</artifactId>
</dependency>
<dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-ssl-context-service-api</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
<version>1.8.1</version>
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
index b33d5c8..cb97fce 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
@@ -16,6 +16,7 @@
*/
package org.apache.nifi.schemaregistry.hortonworks;
+import com.google.common.collect.ImmutableMap;
import com.hortonworks.registries.schemaregistry.SchemaMetadata;
import com.hortonworks.registries.schemaregistry.SchemaMetadataInfo;
import com.hortonworks.registries.schemaregistry.SchemaVersionInfo;
@@ -39,6 +40,7 @@ import org.apache.nifi.schema.access.SchemaField;
import org.apache.nifi.schemaregistry.services.SchemaRegistry;
import org.apache.nifi.serialization.record.RecordSchema;
import org.apache.nifi.serialization.record.SchemaIdentifier;
+import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.Tuple;
import java.io.IOException;
@@ -61,6 +63,8 @@ public class HortonworksSchemaRegistry extends AbstractControllerService impleme
private static final Set<SchemaField> schemaFields = EnumSet.of(SchemaField.SCHEMA_NAME, SchemaField.SCHEMA_BRANCH_NAME, SchemaField.SCHEMA_TEXT,
SchemaField.SCHEMA_TEXT_FORMAT, SchemaField.SCHEMA_IDENTIFIER, SchemaField.SCHEMA_VERSION);
+ private static final String CLIENT_SSL_PROPERTY_PREFIX = "schema.registry.client.ssl";
+
private final ConcurrentMap<Tuple<SchemaIdentifier, String>, RecordSchema> schemaNameToSchemaMap = new ConcurrentHashMap<>();
private final ConcurrentMap<Tuple<String,String>, Tuple<SchemaVersionInfo, Long>> schemaVersionByNameCache = new ConcurrentHashMap<>();
private final ConcurrentMap<SchemaVersionKey, Tuple<SchemaVersionInfo, Long>> schemaVersionByKeyCache = new ConcurrentHashMap<>();
@@ -95,6 +99,13 @@ public class HortonworksSchemaRegistry extends AbstractControllerService impleme
.defaultValue("1 hour")
.required(true)
.build();
+ static final PropertyDescriptor SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder()
+ .name("ssl-context-service")
+ .displayName("SSL Context Service")
+ .description("Specifies the SSL Context Service to use for communicating with Schema Registry.")
+ .required(false)
+ .identifiesControllerService(SSLContextService.class)
+ .build();
private volatile SchemaRegistryClient schemaRegistryClient;
private volatile boolean initialized;
@@ -120,9 +131,31 @@ public class HortonworksSchemaRegistry extends AbstractControllerService impleme
schemaRegistryConfig.put(SchemaRegistryClient.Configuration.CLASSLOADER_CACHE_EXPIRY_INTERVAL_SECS.name(), context.getProperty(CACHE_EXPIRATION).asTimePeriod(TimeUnit.SECONDS));
schemaRegistryConfig.put(SchemaRegistryClient.Configuration.SCHEMA_VERSION_CACHE_SIZE.name(), context.getProperty(CACHE_SIZE).asInteger());
schemaRegistryConfig.put(SchemaRegistryClient.Configuration.SCHEMA_VERSION_CACHE_EXPIRY_INTERVAL_SECS.name(), context.getProperty(CACHE_EXPIRATION).asTimePeriod(TimeUnit.SECONDS));
+ Map<String, String> sslProperties = buildSslProperties(context);
+ if (!sslProperties.isEmpty()) {
+ schemaRegistryConfig.put(CLIENT_SSL_PROPERTY_PREFIX, sslProperties);
+ }
}
-
+ private Map<String, String> buildSslProperties(final ConfigurationContext context) {
+ final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
+ ImmutableMap.Builder<String, String> propertiesBuilder = ImmutableMap.builder();
+ if (sslContextService != null) {
+ propertiesBuilder.put("protocol", sslContextService.getSslAlgorithm());
+ propertiesBuilder.put("keyPassword", sslContextService.getKeyPassword());
+ if (sslContextService.isKeyStoreConfigured()) {
+ propertiesBuilder.put("keyStorePath", sslContextService.getKeyStoreFile());
+ propertiesBuilder.put("keyStorePassword", sslContextService.getKeyStorePassword());
+ propertiesBuilder.put("keyStoreType", sslContextService.getKeyStoreType());
+ }
+ if (sslContextService.isTrustStoreConfigured()) {
+ propertiesBuilder.put("trustStorePath", sslContextService.getTrustStoreFile());
+ propertiesBuilder.put("trustStorePassword", sslContextService.getTrustStorePassword());
+ propertiesBuilder.put("trustStoreType", sslContextService.getTrustStoreType());
+ }
+ }
+ return propertiesBuilder.build();
+ }
@OnDisabled
public void close() {
@@ -140,6 +173,7 @@ public class HortonworksSchemaRegistry extends AbstractControllerService impleme
properties.add(URL);
properties.add(CACHE_SIZE);
properties.add(CACHE_EXPIRATION);
+ properties.add(SSL_CONTEXT_SERVICE);
return properties;
}
[nifi] 02/02: NIFI-5753 Make use of keyPassword optional and only
used when keystore is used, bump registry client version
Posted by bb...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bbende pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit af81afce408a4d4e731d2431fb1b9b2b26def1fe
Author: Bryan Bende <bb...@apache.org>
AuthorDate: Thu Oct 10 15:07:12 2019 -0400
NIFI-5753 Make use of keyPassword optional and only used when keystore is used, bump registry client version
This closes #3126.
---
.../nifi-hwx-schema-registry-service/pom.xml | 2 +-
.../nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml
index c0d2fdb..fe4c35e 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/pom.xml
@@ -28,7 +28,7 @@ limitations under the License.
<artifactId>nifi-hwx-schema-registry-service</artifactId>
<packaging>jar</packaging>
<properties>
- <hwx.registry.version>0.5.3</hwx.registry.version>
+ <hwx.registry.version>0.8.0</hwx.registry.version>
</properties>
<dependencies>
<dependency>
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
index cb97fce..eb5817e 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/nifi-hwx-schema-registry-service/src/main/java/org/apache/nifi/schemaregistry/hortonworks/HortonworksSchemaRegistry.java
@@ -142,11 +142,13 @@ public class HortonworksSchemaRegistry extends AbstractControllerService impleme
ImmutableMap.Builder<String, String> propertiesBuilder = ImmutableMap.builder();
if (sslContextService != null) {
propertiesBuilder.put("protocol", sslContextService.getSslAlgorithm());
- propertiesBuilder.put("keyPassword", sslContextService.getKeyPassword());
if (sslContextService.isKeyStoreConfigured()) {
propertiesBuilder.put("keyStorePath", sslContextService.getKeyStoreFile());
propertiesBuilder.put("keyStorePassword", sslContextService.getKeyStorePassword());
propertiesBuilder.put("keyStoreType", sslContextService.getKeyStoreType());
+ if (sslContextService.getKeyPassword() != null) {
+ propertiesBuilder.put("keyPassword", sslContextService.getKeyPassword());
+ }
}
if (sslContextService.isTrustStoreConfigured()) {
propertiesBuilder.put("trustStorePath", sslContextService.getTrustStoreFile());