You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/11/10 22:06:00 UTC

[jira] [Commented] (NIFI-7819) Add Zookeeper client TLS (external zookeeper) for cluster state management

    [ https://issues.apache.org/jira/browse/NIFI-7819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17229542#comment-17229542 ] 

ASF subversion and git services commented on NIFI-7819:
-------------------------------------------------------

Commit 479ee6e3db58ee22dc1c7f4510eed5767c4458a0 in nifi's branch refs/heads/main from Nathan Gough
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=479ee6e ]

NIFI-7819 - Added ZooKeeperStateProvider TLS properties.
- Added tests for TLS with ZooKeeperStateProvider.
- Added docs to administration guide.
- Small fixes for PR comments.
- Changed the ZooKeeperStateProvider to receive configuration from the nifi.properties file. Uses the Zookeeper TLS properties or if they are not declared, uses the standard NiFi TLS properties.
- Updated administration-guide.
- Fixed some boolean literalsl. Set the ZooKeeper watcher to null. Removed stacktrace prints to standard out. Added getPreferredProperty for key/truststore types.
- Removing some unused code. Fixing up NiFi properties methods. Removed whitespace.
- Added some tests for getPreferredProperty().
- Checkstyle fixes.
- Passing through nifi properties to the state provider using an annotation to avoid ZooKeeper references in the StateManagerProvider.
- Fixed comment.
- Added CLIENT_SECURE property to isZooKeeperTlsConfigurationPresent() check.
- Small change to getPreferredProperty, added more tests.
- Added checkstyle fix.
- Moved StateProviderContext to nifi-framework-api.
- Changed combine properties to handle null NiFiProperties. Inject NiFiProperties object for tests.
- Checkstyle fix.
- Changed the connect string in state-management.xml to be required. Rearranged order of property validation to validate before initialization.
- Rearranged the way ZooKeeperClientConfig is initialized and added a non blank validator to connect string.
- Minor change to ZooKeeperClientConfig member variable set and get.

This closes #4613.

Signed-off-by: Bryan Bende <bb...@apache.org>


> Add Zookeeper client TLS (external zookeeper) for cluster state management
> --------------------------------------------------------------------------
>
>                 Key: NIFI-7819
>                 URL: https://issues.apache.org/jira/browse/NIFI-7819
>             Project: Apache NiFi
>          Issue Type: Sub-task
>    Affects Versions: 1.12.0
>            Reporter: Nathan Gough
>            Assignee: Nathan Gough
>            Priority: Major
>              Labels: security, tls, zookeeper
>
> When NiFi is configured to use an external Zookeeper, configuration on the NiFi side should allow cluster state management to use TLS. If configured with TLS, it should not allow any connections/communication to operate unsecured (an all or nothing approach). 
> This ticket, in combination with NIFI-7115, should allow NiFi to completely use an external Zookeeper securely.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)