Search in sources :

Example 6 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class AbstractElasticsearch5TransportClientProcessor method createElasticsearchClient.

/**
 * Instantiate ElasticSearch Client. This should be called by subclasses' @OnScheduled method to create a client
 * if one does not yet exist. If called when scheduled, closeClient() should be called by the subclasses' @OnStopped
 * method so the client will be destroyed when the processor is stopped.
 *
 * @param context The context for this processor
 * @throws ProcessException if an error occurs while creating an Elasticsearch client
 */
@Override
protected void createElasticsearchClient(ProcessContext context) throws ProcessException {
    ComponentLog log = getLogger();
    if (esClient.get() != null) {
        return;
    }
    log.debug("Creating ElasticSearch Client");
    try {
        final String clusterName = context.getProperty(CLUSTER_NAME).evaluateAttributeExpressions().getValue();
        final String pingTimeout = context.getProperty(PING_TIMEOUT).evaluateAttributeExpressions().getValue();
        final String samplerInterval = context.getProperty(SAMPLER_INTERVAL).evaluateAttributeExpressions().getValue();
        final String username = context.getProperty(USERNAME).evaluateAttributeExpressions().getValue();
        final String password = context.getProperty(PASSWORD).getValue();
        final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        Settings.Builder settingsBuilder = Settings.builder().put("cluster.name", clusterName).put("client.transport.ping_timeout", pingTimeout).put("client.transport.nodes_sampler_interval", samplerInterval);
        String xPackUrl = context.getProperty(PROP_XPACK_LOCATION).evaluateAttributeExpressions().getValue();
        if (sslService != null) {
            settingsBuilder.put("xpack.security.transport.ssl.enabled", "true");
            if (!StringUtils.isEmpty(sslService.getKeyStoreFile())) {
                settingsBuilder.put("xpack.ssl.keystore.path", sslService.getKeyStoreFile());
            }
            if (!StringUtils.isEmpty(sslService.getKeyStorePassword())) {
                settingsBuilder.put("xpack.ssl.keystore.password", sslService.getKeyStorePassword());
            }
            if (!StringUtils.isEmpty(sslService.getKeyPassword())) {
                settingsBuilder.put("xpack.ssl.keystore.key_password", sslService.getKeyPassword());
            }
            if (!StringUtils.isEmpty(sslService.getTrustStoreFile())) {
                settingsBuilder.put("xpack.ssl.truststore.path", sslService.getTrustStoreFile());
            }
            if (!StringUtils.isEmpty(sslService.getTrustStorePassword())) {
                settingsBuilder.put("xpack.ssl.truststore.password", sslService.getTrustStorePassword());
            }
        }
        // Set username and password for X-Pack
        if (!StringUtils.isEmpty(username)) {
            StringBuffer secureUser = new StringBuffer(username);
            if (!StringUtils.isEmpty(password)) {
                secureUser.append(":");
                secureUser.append(password);
            }
            settingsBuilder.put("xpack.security.user", secureUser);
        }
        final String hosts = context.getProperty(HOSTS).evaluateAttributeExpressions().getValue();
        esHosts = getEsHosts(hosts);
        Client transportClient = getTransportClient(settingsBuilder, xPackUrl, username, password, esHosts, log);
        esClient.set(transportClient);
    } catch (Exception e) {
        log.error("Failed to create Elasticsearch client due to {}", new Object[] { e }, e);
        throw new ProcessException(e);
    }
}
Also used : ProcessException(org.apache.nifi.processor.exception.ProcessException) SSLContextService(org.apache.nifi.ssl.SSLContextService) Client(org.elasticsearch.client.Client) TransportClient(org.elasticsearch.client.transport.TransportClient) PreBuiltTransportClient(org.elasticsearch.transport.client.PreBuiltTransportClient) ComponentLog(org.apache.nifi.logging.ComponentLog) Settings(org.elasticsearch.common.settings.Settings) MalformedURLException(java.net.MalformedURLException) ProcessException(org.apache.nifi.processor.exception.ProcessException) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Example 7 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class TestFetchElasticsearch5 method testSetupSecureClient.

@Test
public void testSetupSecureClient() throws Exception {
    FetchElasticsearch5TestProcessor processor = new FetchElasticsearch5TestProcessor(true);
    runner = TestRunners.newTestRunner(processor);
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    runner.addControllerService("ssl-context", sslService);
    runner.enableControllerService(sslService);
    runner.setProperty(FetchElasticsearch5.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(AbstractElasticsearch5TransportClientProcessor.CLUSTER_NAME, "elasticsearch");
    runner.setProperty(AbstractElasticsearch5TransportClientProcessor.HOSTS, "127.0.0.1:9300");
    runner.setProperty(AbstractElasticsearch5TransportClientProcessor.PING_TIMEOUT, "5s");
    runner.setProperty(AbstractElasticsearch5TransportClientProcessor.SAMPLER_INTERVAL, "5s");
    runner.setProperty(FetchElasticsearch5.INDEX, "doc");
    runner.setProperty(FetchElasticsearch5.TYPE, "status");
    runner.setValidateExpressionUsage(true);
    runner.setProperty(FetchElasticsearch5.DOC_ID, "${doc_id}");
    // Allow time for the controller service to fully initialize
    Thread.sleep(500);
    runner.enqueue(docExample, new HashMap<String, String>() {

        {
            put("doc_id", "28039652140");
        }
    });
    runner.run(1, true, true);
}
Also used : SSLContextService(org.apache.nifi.ssl.SSLContextService) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 8 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class AbstractElasticsearchTransportClientProcessor method createElasticsearchClient.

/**
 * Instantiate ElasticSearch Client. This should be called by subclasses' @OnScheduled method to create a client
 * if one does not yet exist. If called when scheduled, closeClient() should be called by the subclasses' @OnStopped
 * method so the client will be destroyed when the processor is stopped.
 *
 * @param context The context for this processor
 * @throws ProcessException if an error occurs while creating an Elasticsearch client
 */
@Override
protected void createElasticsearchClient(ProcessContext context) throws ProcessException {
    ComponentLog log = getLogger();
    if (esClient.get() != null) {
        return;
    }
    log.debug("Creating ElasticSearch Client");
    try {
        final String clusterName = context.getProperty(CLUSTER_NAME).evaluateAttributeExpressions().getValue();
        final String pingTimeout = context.getProperty(PING_TIMEOUT).evaluateAttributeExpressions().getValue();
        final String samplerInterval = context.getProperty(SAMPLER_INTERVAL).evaluateAttributeExpressions().getValue();
        final String username = context.getProperty(USERNAME).evaluateAttributeExpressions().getValue();
        final String password = context.getProperty(PASSWORD).evaluateAttributeExpressions().getValue();
        final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        Settings.Builder settingsBuilder = Settings.settingsBuilder().put("cluster.name", clusterName).put("client.transport.ping_timeout", pingTimeout).put("client.transport.nodes_sampler_interval", samplerInterval);
        String shieldUrl = context.getProperty(PROP_SHIELD_LOCATION).evaluateAttributeExpressions().getValue();
        if (sslService != null) {
            settingsBuilder.put("shield.transport.ssl", "true").put("shield.ssl.keystore.path", sslService.getKeyStoreFile()).put("shield.ssl.keystore.password", sslService.getKeyStorePassword()).put("shield.ssl.truststore.path", sslService.getTrustStoreFile()).put("shield.ssl.truststore.password", sslService.getTrustStorePassword());
        }
        // Set username and password for Shield
        if (!StringUtils.isEmpty(username)) {
            StringBuffer shieldUser = new StringBuffer(username);
            if (!StringUtils.isEmpty(password)) {
                shieldUser.append(":");
                shieldUser.append(password);
            }
            settingsBuilder.put("shield.user", shieldUser);
        }
        TransportClient transportClient = getTransportClient(settingsBuilder, shieldUrl, username, password);
        final String hosts = context.getProperty(HOSTS).evaluateAttributeExpressions().getValue();
        esHosts = getEsHosts(hosts);
        if (esHosts != null) {
            for (final InetSocketAddress host : esHosts) {
                try {
                    transportClient.addTransportAddress(new InetSocketTransportAddress(host));
                } catch (IllegalArgumentException iae) {
                    log.error("Could not add transport address {}", new Object[] { host });
                }
            }
        }
        esClient.set(transportClient);
    } catch (Exception e) {
        log.error("Failed to create Elasticsearch client due to {}", new Object[] { e }, e);
        throw new ProcessException(e);
    }
}
Also used : TransportClient(org.elasticsearch.client.transport.TransportClient) InetSocketAddress(java.net.InetSocketAddress) ComponentLog(org.apache.nifi.logging.ComponentLog) InetSocketTransportAddress(org.elasticsearch.common.transport.InetSocketTransportAddress) MalformedURLException(java.net.MalformedURLException) ProcessException(org.apache.nifi.processor.exception.ProcessException) InvocationTargetException(java.lang.reflect.InvocationTargetException) ProcessException(org.apache.nifi.processor.exception.ProcessException) SSLContextService(org.apache.nifi.ssl.SSLContextService) Settings(org.elasticsearch.common.settings.Settings)

Example 9 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class TestFetchElasticsearchHttp method testSetupSecureClient.

@Test
public void testSetupSecureClient() throws Exception {
    FetchElasticsearchHttpTestProcessor processor = new FetchElasticsearchHttpTestProcessor(true);
    runner = TestRunners.newTestRunner(processor);
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    runner.addControllerService("ssl-context", sslService);
    runner.enableControllerService(sslService);
    runner.setProperty(FetchElasticsearchHttp.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(AbstractElasticsearchHttpProcessor.ES_URL, "http://127.0.0.1:9200");
    runner.setProperty(FetchElasticsearchHttp.INDEX, "doc");
    runner.setValidateExpressionUsage(true);
    runner.setProperty(FetchElasticsearchHttp.DOC_ID, "${doc_id}");
    // Allow time for the controller service to fully initialize
    Thread.sleep(500);
    runner.enqueue(docExample, new HashMap<String, String>() {

        {
            put("doc_id", "28039652140");
        }
    });
    runner.run(1, true, true);
}
Also used : SSLContextService(org.apache.nifi.ssl.SSLContextService) Test(org.junit.Test)

Example 10 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class AbstractAMQPProcessor method createConnection.

protected Connection createConnection(ProcessContext context) {
    final ConnectionFactory cf = new ConnectionFactory();
    cf.setHost(context.getProperty(HOST).getValue());
    cf.setPort(Integer.parseInt(context.getProperty(PORT).getValue()));
    cf.setUsername(context.getProperty(USER).getValue());
    cf.setPassword(context.getProperty(PASSWORD).getValue());
    final String vHost = context.getProperty(V_HOST).getValue();
    if (vHost != null) {
        cf.setVirtualHost(vHost);
    }
    // handles TLS/SSL aspects
    final Boolean useCertAuthentication = context.getProperty(USE_CERT_AUTHENTICATION).asBoolean();
    final SSLContextService sslService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    // if the property to use cert authentication is set but the SSL service hasn't been configured, throw an exception.
    if (useCertAuthentication && sslService == null) {
        throw new ProviderCreationException("This processor is configured to use cert authentication, " + "but the SSL Context Service hasn't been configured. You need to configure the SSL Context Service.");
    }
    final String rawClientAuth = context.getProperty(CLIENT_AUTH).getValue();
    if (sslService != null) {
        final SSLContextService.ClientAuth clientAuth;
        if (StringUtils.isBlank(rawClientAuth)) {
            clientAuth = SSLContextService.ClientAuth.REQUIRED;
        } else {
            try {
                clientAuth = SSLContextService.ClientAuth.valueOf(rawClientAuth);
            } catch (final IllegalArgumentException iae) {
                throw new ProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
            }
        }
        final SSLContext sslContext = sslService.createSSLContext(clientAuth);
        cf.useSslProtocol(sslContext);
        if (useCertAuthentication) {
            // this tells the factory to use the cert common name for authentication and not user name and password
            // REF: https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl
            cf.setSaslConfig(DefaultSaslConfig.EXTERNAL);
        }
    }
    try {
        Connection connection = cf.newConnection();
        return connection;
    } catch (Exception e) {
        throw new IllegalStateException("Failed to establish connection with AMQP Broker: " + cf.toString(), e);
    }
}
Also used : ConnectionFactory(com.rabbitmq.client.ConnectionFactory) ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException) SSLContextService(org.apache.nifi.ssl.SSLContextService) Connection(com.rabbitmq.client.Connection) SSLContext(javax.net.ssl.SSLContext) ProcessException(org.apache.nifi.processor.exception.ProcessException) ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)

Aggregations

SSLContextService (org.apache.nifi.ssl.SSLContextService)84 SSLContext (javax.net.ssl.SSLContext)29 Test (org.junit.Test)23 StandardSSLContextService (org.apache.nifi.ssl.StandardSSLContextService)22 RestrictedSSLContextService (org.apache.nifi.ssl.RestrictedSSLContextService)18 ArrayList (java.util.ArrayList)12 StandardRestrictedSSLContextService (org.apache.nifi.ssl.StandardRestrictedSSLContextService)12 IOException (java.io.IOException)11 ValidationResult (org.apache.nifi.components.ValidationResult)10 ComponentLog (org.apache.nifi.logging.ComponentLog)9 OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)7 InetSocketAddress (java.net.InetSocketAddress)6 ProcessException (org.apache.nifi.processor.exception.ProcessException)6 Charset (java.nio.charset.Charset)5 InitializationException (org.apache.nifi.reporting.InitializationException)5 MalformedURLException (java.net.MalformedURLException)4 URI (java.net.URI)4 ByteBuffer (java.nio.ByteBuffer)4 ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)4 PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)4