NIFI-9281 Enable Building on Java 17#5870
NIFI-9281 Enable Building on Java 17#5870exceptionfactory wants to merge 1 commit intoapache:mainfrom
Conversation
- Added Ubuntu Zulu JDK 17 GitHub build - Adjusted MiNiFi C2 FileSystemConfigurationCache test to avoid using environment variables - Adjusted MiNiFi StatusLogger and StatusLoggerTest to avoid overriding private logger - Adjusted failure reason attribute check in TestGetIgniteCache - Adjusted TestRangerAuthorizer and TestRangerNiFiAuthorizer to avoid checking nested exceptions - Adjusted encrypt-config TestUtil to avoid unnecessary comparison of different types - Disabled Javascript tests on Java 15 and higher - Disabled several Hive 3 tests on Java 17 for StringInternUtils illegal access - Refactored nifi-enrich-processors tests to use Mockito without Powermock - Refactored nifi-toolkit-tls tests to avoid illegal reflective access - Removed deprecated X509Certificate test in CertificateUtilsTest - Removed kryo serialization from nifi-site-to-site-client test - Updated TestHashContent to use SHA-1 instead of SHA for hash algorithm - Upgraded maven-war-plugin from 2.5 to 3.3.2 - Upgraded nifi-graph-bundle dependencies from Groovy 2.5.14 to 3.0.8 - Upgraded QuestDB from 4.2.1 to 6.2.1 in nifi-framework-core
|
I'll try to review this later tonight or tomorrow morning. Would love to have an excuse to go to Java 17 on the job :-D |
greyp9
left a comment
greyp9
left a comment
There was a problem hiding this comment.
This all looks really solid. I tackled this by building from HEAD using a fresh Java 17 install, and using the PR as a reference. Had a couple of questions about fidelity of test cases, but nothing dire.
| } | ||
| } | ||
|
|
||
| @SuppressWarnings("deprecation") |
There was a problem hiding this comment.
There seems to be a good deal of alternate test coverage for the three nifi classes under test here. But another option would be to replace the problematic com.esotericsoftware usage. (just making notes...)
There was a problem hiding this comment.
The kryo dependency did not have any direct runtime references, as indicated by the test scope, so other than rewriting the tests using standard Java Obejct serialization, I'm not sure what would be considered a comparable approach.
| final Map<String, String> attributes = new HashMap<>(); | ||
| attributes.put("ip", "somenonexistentdomain.comm"); | ||
|
|
||
| when(InetAddress.getByName("somenonexistentdomain.comm")).thenThrow(UnknownHostException.class); |
There was a problem hiding this comment.
Why don't we need the Mockito.when anymore?
There was a problem hiding this comment.
The purpose of this mock was to ensure that this lookup would always throw an UnknownHostException. Unfortunately, static mocking can be problematic in some cases. Removing the mock resulted in the expected exception being thrown.
| import static org.junit.jupiter.api.Assertions.assertArrayEquals; | ||
| import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
|
||
| @DisabledOnJre(value = JRE.JAVA_17, disabledReason = "Hive3 StringInternUtils illegal reflective access") |
There was a problem hiding this comment.
Definitely a benefit of moving to junit 5!
| assertEquals(1, getFailureFlowFiles.size()); | ||
|
|
||
| final MockFlowFile getOut = getRunner.getFlowFilesForRelationship(GetIgniteCache.REL_FAILURE).get(0); | ||
| getOut.assertAttributeEquals(GetIgniteCache.IGNITE_GET_FAILED_REASON_ATTRIBUTE_KEY, |
There was a problem hiding this comment.
Assertions.assertTrue(getOut.getAttribute(GetIgniteCache.IGNITE_GET_FAILED_REASON_ATTRIBUTE_KEY).contains(
GetIgniteCache.IGNITE_GET_FAILED_MESSAGE_PREFIX + "java.lang.NullPointerException"));
Looks like the new exception is purely additive, so we could constrain the value safely.
| cause = cause.getCause(); | ||
| } | ||
| assertTrue(foundLoginException); | ||
| assertThrows(AuthorizerCreationException.class, () -> authorizer.onConfigured(configurationContext)); |
There was a problem hiding this comment.
Not sure how important it is, but we're losing some precision here.
There was a problem hiding this comment.
Yes, this does make the test looser in terms of expected exception checking. There appear to be other issues with Ranger and Java 17, so the other option is marking several of these methods as ignored on Java 17, but it seemed better to make the tests somewhat more general in this scenario.
|
|
||
| private File file; | ||
|
|
||
| private static void setUnlimitedCrypto(boolean value) { |
There was a problem hiding this comment.
Does this removal imply that the unlimited strength crypto is expected, or are we saying that it shouldn't matter?
There was a problem hiding this comment.
Good question, this change implies that unlimited strength cryptography support is expected. Java 8 Update 171 introduced this by default, so there should be a separate effort to remove all checks for unlimited strength cryptography.
There was a problem hiding this comment.
Yep, you're right! I remember both policies being included in the distribution, but was fuzzy on the details.
| SecureRandom secureRandom = mock(SecureRandom.class); | ||
| SecureRandom secureRandom = new SecureRandom(); | ||
| PasswordUtil passwordUtil = new PasswordUtil(secureRandom); | ||
| int value = 8675309; |
| cause = cause.getCause(); | ||
| } | ||
| assertFalse(foundOtherException); | ||
| assertThrows(SecurityProviderCreationException.class, () -> setup(registryProperties, mock(UserGroupProvider.class), configurationContext)); |
There was a problem hiding this comment.
Are we losing anything significant here?
There was a problem hiding this comment.
As mentioned in relation to the other Ranger test changes, this does make the exception checking looser, trading off some precision for general test execution on all platforms.
greyp9
left a comment
greyp9
left a comment
There was a problem hiding this comment.
Started up a dev instance (compile=17, runtime=17), and tested with a simple QueryDatabaseTableRecord -> PutDatabaseRecord flow; worked perfectly.
I imagine there will be runtime rough spots around the edges, but this is a solid start. LGTM.
Same here. Going to merge because nothing jumped out at me as problematic with the changes, and it appears to run the whole test suite just fine w/ Java 17. Anything we find problematic going forward that's broken will probably be found through live trial and error. |
- Added Ubuntu Zulu JDK 17 GitHub build - Adjusted MiNiFi C2 FileSystemConfigurationCache test to avoid using environment variables - Adjusted MiNiFi StatusLogger and StatusLoggerTest to avoid overriding private logger - Adjusted failure reason attribute check in TestGetIgniteCache - Adjusted TestRangerAuthorizer and TestRangerNiFiAuthorizer to avoid checking nested exceptions - Adjusted encrypt-config TestUtil to avoid unnecessary comparison of different types - Disabled Javascript tests on Java 15 and higher - Disabled several Hive 3 tests on Java 17 for StringInternUtils illegal access - Refactored nifi-enrich-processors tests to use Mockito without Powermock - Refactored nifi-toolkit-tls tests to avoid illegal reflective access - Removed deprecated X509Certificate test in CertificateUtilsTest - Removed kryo serialization from nifi-site-to-site-client test - Updated TestHashContent to use SHA-1 instead of SHA for hash algorithm - Upgraded maven-war-plugin from 2.5 to 3.3.2 - Upgraded nifi-graph-bundle dependencies from Groovy 2.5.14 to 3.0.8 - Upgraded QuestDB from 4.2.1 to 6.2.1 in nifi-framework-core This closes apache#5870 Signed-off-by: Mike Thomsen <mthomsen@apache.org>
- Added Ubuntu Zulu JDK 17 GitHub build - Adjusted MiNiFi C2 FileSystemConfigurationCache test to avoid using environment variables - Adjusted MiNiFi StatusLogger and StatusLoggerTest to avoid overriding private logger - Adjusted failure reason attribute check in TestGetIgniteCache - Adjusted TestRangerAuthorizer and TestRangerNiFiAuthorizer to avoid checking nested exceptions - Adjusted encrypt-config TestUtil to avoid unnecessary comparison of different types - Disabled Javascript tests on Java 15 and higher - Disabled several Hive 3 tests on Java 17 for StringInternUtils illegal access - Refactored nifi-enrich-processors tests to use Mockito without Powermock - Refactored nifi-toolkit-tls tests to avoid illegal reflective access - Removed deprecated X509Certificate test in CertificateUtilsTest - Removed kryo serialization from nifi-site-to-site-client test - Updated TestHashContent to use SHA-1 instead of SHA for hash algorithm - Upgraded maven-war-plugin from 2.5 to 3.3.2 - Upgraded nifi-graph-bundle dependencies from Groovy 2.5.14 to 3.0.8 - Upgraded QuestDB from 4.2.1 to 6.2.1 in nifi-framework-core This closes apache#5870 Signed-off-by: Mike Thomsen <mthomsen@apache.org>
3 participants
Description of PR
NIFI-9281 Updates a number of tests and several dependencies to support building the project on Java 17. The majority of the changes involve adjustments to unit tests in order to avoid illegal reflective access, which throws an error by default on Java 17.
Dependency updates include upgrading the Maven WAR Plugin, the QuestDB driver for NiFi Framework status history, and the version of Groovy used in several Graph Processors. The GitHub actions workflow includes a new build target for Java 17 on Ubuntu Linux.
Although these changes enable a build across the project, some extension components may require further changes for full runtime support. Additional changes for particular components can be addressed in subsequent pull requests.
The following list summarizes the changes:
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
Has your PR been rebased against the latest commit within the target branch (typically
main)?Is your initial contribution a single, squashed commit? Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not
squashor use--forcewhen pushing to allow for clean monitoring of changes.For code changes:
mvn -Pcontrib-check clean installat the rootnififolder?LICENSEfile, including the mainLICENSEfile undernifi-assembly?NOTICEfile, including the mainNOTICEfile found undernifi-assembly?.displayNamein addition to .name (programmatic access) for each of the new properties?For documentation related changes:
Note:
Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible.