Hi Mark,
NiFi supports many different forms of authentication. The "simple" way is
"http basic" and you can roll your own /etc/passwd style authenticator with
it. I actually recommend NOT doing this unless it's a test system as http
basic is trash and can be a right pest if you need to "unauth".
Hi David,
See the RHEL bug [1] for the shellacking this now rescinded CVE received.
Removing pip from the python side should also be accompanied by removing
maven from the Java side, if you are serious about addressing the actual
security concern raised in this CVE.
(That malicious content may ex
> CVE is specifically applicable but rather sourcing dependencies at runtime
> is not an ideal production practice without some additional controls in
> place.
>
> Thanks
> Joe
>
> On Wed, Jul 24, 2024 at 4:51 PM Matthew Hawkins
> wrote:
>
> > Hi David,
> >
eive some guidance on this?
>
> Thank you!
> Hannah Luke
>
--
Kind regards,
Matthew Hawkins
my forte and I'm new to contributing to
NiFi so keen to hear what experienced devs think.
--
Kind regards,
Matthew Hawkins
Hi Adam,
PostHTTP was marked deprecated 3 years ago (aka six technology lifetimes).
The successive technologies to replace it's functionality are well
documented and proven in production. The technical reason to remove it is
that it is superfluous code that has a cost to maintain and zero benefit.
Nifi is a Java based application and so the underlying OS is irrelevant as
long as you're;
a) using a supported JVM version (8-17 LTS should be fine, I believe
release is built using 11)
b) reading the release notes of your JVM on your OS to comprehend any local
issues, which you can take up with R
Hi devs,
Using 1.23.0 I have a simple transform adding some flowfile attributes into
the content.
When putting the spec directly to the processor it works fine. If I have
the spec in an external file however it seems to put in the literal string
${attrname} - ie the EL didn't process.
Have I done
code seems like it should work, but I'll try to
> > reproduce it and follow up, thanks for bringing this to our attention!
> >
> > Regards,
> > Matt
> >
> > [1] https://issues.apache.org/jira/browse/NIFI-4957
> >
> > On Thu, Aug 10, 2023 at 6:53
Just be aware that simple regex would also include undesirable outcomes
like null hashes and weak bit strengths, effecting a downgrade attack. You
should also explicitly exclude them using something like
nifi.web.https.ciphersuites.exclude=.*128.*,.*NULL.*
Or whatever suits your needs. It should
Hi Russell,
Something I've noticed myself, and it's easily reproducible on the Usage
pages for processors, is that Nifi is doing a reverse DNS lookup when
loading the page. If your DNS is broken, it can take 10-30 seconds for the
page content to appear.
Kr,
On Fri, 18 Aug 2023, 07:29 Russell Bat
ss, wrote:
> Matthew,
>
> What was your second case trying to use ${now():toNumber()} ? My unit
> test evaluated the expression into an integer and it worked (versus
> putting the expression in quotes which would make it a string).
>
> Regards,
> Matt
>
> On Tue, Aug 15,
> using DNS (just localhost). I find this problem less acute on older
> versions of NiFi (1.1.3.2) than more recent ones (1.23.0, 1.19.1).
>
> Thanks,
> Russ
>
> On 8/20/23 19:03, Matthew Hawkins wrote:
> > Hi Russell,
> >
> > Something I've noticed myself
ving the double quotes around the EL expression results in a Java
exception for the spec being invalid. Doing the same with JoltTransformJSON
results in a Java exception for the type conversion failure when
marshalling the object.
On Thu, 24 Aug 2023, 14:06 Matthew Hawkins, wrote:
> Hi Matt,
NiFi in certain configurations requires a specific set of x509_v3
extensions, e.g. when using InvokeHTTP. This is automatically added when
using TLS Toolkit but all other options relies upon the CA either accepting
and passing through extensions in the request, or specifically adding them
in.
You
e can reduce or eliminate the needed maintenance efforts associated
> with TLS Toolkit, this seems worth some one-time effort.
>
>
> On Sun, Sep 17, 2023 at 1:46 AM Matthew Hawkins
> wrote:
>
> > NiFi in certain configurations requires a specific set of x509_v3
> >
Hi devs,
I figured this one out from earlier in the month;
/nifi-docs/css/component-usage.css has a hard-coded import from
https://fonts.googleapis.com/ which of course cannot work on an offline
system. This causes 30+ seconds of waiting for DNS to not resolve the
Internet host before the page ren
I've had similar issues with the different processing done by
JoltTransformJSON and JoltTransformRecord and threw my hands in the air and
just ExcuteScript out to some Python that transforms the data correctly.
Try to minimise content transformations so the content repository doesn't
bloat with in
Hi Team,
As a user I think re-implementing certain scripting languages in Java is a
bad idea compared to having a robust API that any language current or
future can interface with. I make a lot of use of ExecuteProcess and
anecdotally haven't experienced a situation where externally running the
sc
Two Q's regarding the docker container;
1. Why the Debian version instead of Alpine? Was it compatibility with
external stuff? I can confirm 2.0.0-M1 works fine with the alpine version
of liberica-jdk on at least basic flows, with python enabled. It'll save
disk space. I love Debian but Alpine is
command and such
> in the dockerfile.
>
> As far as the repo volumes they can be mapped as you wish now. It is how I
> keep updating my own flow deployments I test with when I want to retain
> state across deployment. Are you not able to map them?
>
> Thanks
>
>
>
&g
The wait/notify pattern might work here too.
https://pierrevillard.com/2018/06/27/nifi-workflow-monitoring-wait-notify-pattern-with-split-and-merge/
Wait the getfile and notify when the validatejson is stopped?
On Tue, 6 Feb 2024, 22:55 Mike Thomsen, wrote:
> I think the easiest way to do the
A reminder I tossed up a gist over here with a java keytool version of a
local CA with a NiFi bent:
https://gist.github.com/hawko2600/922b727634784614465b83e52ec2be52
For clusters, you just need a key per host and share them around the common
truststore.jks
Consider it Apache License 2.0.
On Mo
It's more than that,
You also need to setup TLS keys for the hostname, user accounts, etc. Also,
I would never expose a service directly on a public IP that way either. Use
a priv subnet and access via a VPN. Route 53 can manage DNS for a private
domain so you can have eg nifi-1.mycloud as the hos
Hi Robert,
You mentioned you have not setup the TLS side. From about Nifi 1.17 or so,
this has been the default and expected behavior.
Please setup the Nifi instance properly with TLS certs (they can be self
signed, I have a script on GitHub gist to help with this previously shared
with this foru
Hi Dharani,
According to Oracle's documentation, the JVM uses more memory than just the
heap.
https://docs.oracle.com/cd/E13150_01/jrockit_jvm/jrockit/geninfo/diagnos/garbage_collect.html
It's been a rule of thumb to have no less than twice as much ram as your
-Xmx needs plus whatever your OS re
26 matches
Mail list logo
