NIFI-10251 Add v5 protocol support for existing MQTT processors

[nandorsoma]

Summary

NIFI-10251
This pr adds v5 protocol support for existing MQTT processors. For v5 connections the processor from now on uses HiveMQ Client library while in case of v3.1.x connections it uses the existing Paho library. HiveMQ Client could have been used for v3.1.x connections but it seemed to be safer to use the existing library for compatibility reasons.

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

• Apache NiFi Jira issue created

Pull Request Tracking

• Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
• Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

• Pull Request based on current revision of the main branch
• Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

• Build completed using mvn clean install -P contrib-check
  • JDK 8
  • JDK 11
  • JDK 17

Licensing

• New dependencies are compatible with the Apache License 2.0 according to the License Policy
• New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

• Documentation formatting appears as expected in rendered files

[exceptionfactory]

Thanks for the contribution @nandorsoma!

On initial review, the Static Analysis check failed due to multiple files missing the standard Apache License header. Please review the output of that check and add the header to the files indicated.

[nandorsoma]

Thanks for the contribution @nandorsoma!

On initial review, the Static Analysis check failed due to multiple files missing the standard Apache License header. Please review the output of that check and add the header to the files indicated.

Interesting, because I've run the build with contrib-check enabled which I thought checks for that. Nevertheless I will add them of course!

Edit:
I see now. The presence of the license header is checked with rat plugin, but unfortunately I need to disable it locally otherwise it fails on .iml files...

[turcsanyip]

@nandorsoma Thanks for adding v5 protocol support to MQTT processors!

I started to review / test this PR and found that the v5 client cannot stop properly:

2022-07-28 07:53:40,084 ERROR [Timer-Driven Process Thread-4] org.apache.nifi.util.ReflectionUtils Failed while invoking annotated method 'public void org.apache.nifi.processors.mqtt.ConsumeMQTT.onUnscheduled(org.apache.nifi.processor.ProcessContext)' with arguments '[org.apache.nifi.processor.StandardProcessContext@5f360d4e]'.
com.hivemq.client.mqtt.exceptions.MqttClientStateException: MQTT client is not connected.
	at com.hivemq.client.internal.mqtt.MqttBlockingClient.disconnect(MqttBlockingClient.java:195)
	at com.hivemq.client.internal.mqtt.MqttBlockingClient.disconnect(MqttBlockingClient.java:186)
	at org.apache.nifi.processors.mqtt.paho.HiveMqV5ClientAdapter.close(HiveMqV5ClientAdapter.java:99)
	at org.apache.nifi.processors.mqtt.common.AbstractMQTTProcessor.onStopped(AbstractMQTTProcessor.java:292)
	at org.apache.nifi.processors.mqtt.ConsumeMQTT.onUnscheduled(ConsumeMQTT.java:348)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:145)
	at org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:133)
	at org.apache.nifi.util.ReflectionUtils.quietlyInvokeMethodsWithAnnotations(ReflectionUtils.java:316)
	at org.apache.nifi.util.ReflectionUtils.quietlyInvokeMethodsWithAnnotation(ReflectionUtils.java:93)
	at org.apache.nifi.controller.StandardProcessorNode$2.run(StandardProcessorNode.java:1877)
	at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

Could you please fix it first? Due to this error, the processor cannot create a new client and NiFi restart needed.

[tpalfy]

I'd rather not add the quite redundant and mostly copy-pasted StandardValidators.NON_NEGATIVE_LONG_VALIDATOR. We could use the more user-friendly and readily available .addValidator(StandardValidators.TIME_PERIOD_VALIDATOR) functionality.

Suggested change

	public static final PropertyDescriptor PROP_SESSION_EXPIRY_INTERVAL = new PropertyDescriptor.Builder()
	.name("Session Expiry Interval")
	.description("After this interval the broker will expire the client and clear the session state.")
	.addValidator(StandardValidators.NON_NEGATIVE_LONG_VALIDATOR)
	.dependsOn(PROP_MQTT_VERSION, ALLOWABLE_VALUE_MQTT_VERSION_500)
	.dependsOn(PROP_CLEAN_SESSION, ALLOWABLE_VALUE_CLEAN_SESSION_FALSE)
	.defaultValue(Long.toString(SESSION_EXPIRY_INTERVAL_IN_SECONDS))
	.build();
	public static final PropertyDescriptor PROP_SESSION_EXPIRY_INTERVAL = new PropertyDescriptor.Builder()
	.name("Session Expiry Interval")
	.description("After this interval the broker will expire the client and clear the session state.")
	.addValidator(StandardValidators.TIME_PERIOD_VALIDATOR)
	.dependsOn(PROP_MQTT_VERSION, ALLOWABLE_VALUE_MQTT_VERSION_500)
	.dependsOn(PROP_CLEAN_SESSION, ALLOWABLE_VALUE_CLEAN_SESSION_FALSE)
	.defaultValue(SESSION_EXPIRY_INTERVAL_IN_SECONDS + " sec")
	.build();

[nandorsoma]

Thanks for the suggestion @tpalfy ! I like this solution however there are similar properties in the processor where just numbers without units were used. I think it is better to stick to the original version to avoid mixing the input types. Nevertheless I've added a hint to the name of the property to match the other properties.

[tpalfy]

This is good but I think we need to add it to nifi-assembly/NOTICE as well.

[nandorsoma]

Thanks for NOTICING that! (pun intended, change added)

[tpalfy]

Clearing the password from the MqttConnectionProperties prevents the the reconnection logic to execute successfully.
I'd rather remove these clear methods as acquiring the password when you have access to the memory of the nifi process is not preventable like this anyway.

[nandorsoma]

Changed, thanks for noticing it.

[turcsanyip]

@nandorsoma I tested the processors and now they work properly for the base use cases (clean/resume session, shared subscription, etc.).

I also found some points in the code that could be refactored and improved. Please find my comments below.

[nandorsoma]

Thank you for the review @turcsanyip, @tpalfy and @exceptionfactory! I've tried to address your comments!

[nandorsoma]

Rebased on top of current main because CI failed on nifi-security-utils that was referenced with 1.17.0-SNAPSHOT version, that's why the force push.

[nandorsoma]

After a discussion I've removed commit [52204e4]. Probably I will open a separate pr for that change.

[turcsanyip]

@nandorsoma Thanks for the review changes so far! I added 2 more comments, otherwise it works properly.

[turcsanyip]

@nandorsoma Thanks for all the review changes!
I tested the processors with different setups (no-TLS / TLS / mTLS, normal / shared subscriptions, session expiration) and they work properly.

+1 LGTM

[exceptionfactory]

Thanks for the updates @nandorsoma, this looks close to completion.

I noted a few additional places where logging statements can be improved to remove Object array wrappers and use placeholders instead of String concatenation.

The only structural issue is the use of SSLContextService, which can be replaced with a reference to TlsConfiguration for passing around the TLS properties.

[exceptionfactory]

This should be changed to use a placeholder variable instead of concatenation.

Suggested change

	logger.trace("Received 'delivery complete' message from broker for:" + token);
	logger.trace("Received 'delivery complete' message from broker token [{}]", token);

[nandorsoma]

Changed.

[exceptionfactory]

The object array wrapper can be removed.

Suggested change

	logger.error("Connection to {} lost due to: {}", new Object[]{clientProperties.getBroker(), cause.getMessage()}, cause);
	logger.error("Connection to {} lost due to: {}", clientProperties.getBroker(), cause.getMessage(), cause);

[nandorsoma]

Are you sure? If I remove the object wrapper void error(String msg, Object... os); will be used instead of void error(String msg, Object[] os, Throwable t);. I didn't test what happens in this situation with NiFi logging, but if I remember right Slf4j throws an error when there are less placeholder than passed parameters. I expect the same in our case. Also we would loose the cause stack trace.

[nandorsoma]

Oh, after checking the implementation of the logger I see that it checks whether the last argument is Throwable.

[exceptionfactory]

Suggested change

	logger.error("Connection to {} lost due to: {}", new Object[]{clientProperties.getBroker(), cause.getMessage()}, cause);
	logger.error("Connection to {} lost due to: {}", clientProperties.getBroker(), cause.getMessage(), cause);

[nandorsoma]

Changed.

[exceptionfactory]

Suggested change

	logger.error("Received MQTT 'delivery complete' message to subscriber: " + token);
	logger.error("Received MQTT 'delivery complete' message to subscriber token [{}]", token);

[nandorsoma]

Changed.

[exceptionfactory]

The toString() call is not necessary.

Suggested change

	logger.debug("Received mqtt5 subscribe ack: {}", ack.toString());
	logger.debug("Received mqtt5 subscribe ack: {}", ack);

[nandorsoma]

Changed.

[exceptionfactory]

Error messages should not use the exclamation mark character.

Suggested change

	.explanation("invalid scheme! supported schemes are: " + MqttProtocolScheme.getValuesAsString(", ")).build();
	.explanation("Invalid Scheme: supported schemes are: " + MqttProtocolScheme.getValuesAsString(", ")).build();

[nandorsoma]

Double colon feels weird in the same sentence. What about dot? The message this way will be 'Broker URI' is invalid because scheme is invalid. Supported schemes are: tcp, ssl, ws, wss Invalid is repeated but still better.

[exceptionfactory]

There should be a space before the path.

Suggested change

	return new ValidationResult.Builder().subject(subject).valid(false).explanation("the broker URI cannot have a path. It currently is:" + brokerURI.getPath()).build();
	return new ValidationResult.Builder().subject(subject).valid(false).explanation("the broker URI cannot have a path. It currently is: " + brokerURI.getPath()).build();

[nandorsoma]

Thanks for noticing it. Changed.

[exceptionfactory]

The error should be changed to an IllegalArgumentException and should include a message.

Suggested change

	throw new RuntimeException(e);
	throw new IllegalArgumentException("Invalid Broker URI", e);

[nandorsoma]

Changed.

[exceptionfactory]

The message could be removed along with the Object array wrapper, since the stack trace includes the message.

Suggested change

	logger.error("Error closing MQTT client due to {}", new Object[]{e.getMessage()}, e);
	logger.error("Error closing MQTT client", e);

[nandorsoma]

Changed.

[exceptionfactory]

As mentioned in the Client Properties, this can be adjusted to call createTlsConfiguration() to pass the properties.

[nandorsoma]

Changed.

[nandorsoma]

Thank you for your additional review @exceptionfactory! Please see my latest commit!

[exceptionfactory]

Thanks for making the adjustments @nandorsoma!

I noted two more minor style improvements, but I am marking this as approved.

Any additional feedback @tpalfy or @turcsanyip? Feel free to merge if it looks good.

[exceptionfactory]

This can be modified to use Collectors.joining():

Suggested change

	return String.join(", ", Arrays.stream(MqttProtocolScheme.values()).map(value -> value.name().toLowerCase()).toArray(String[]::new));
	return Arrays.stream(MqttProtocolScheme.values())
	.map(value -> value.name().toLowerCase())
	.collect(Collectors.joining(", ");

[exceptionfactory]

This should be changed to pass the reference class to asControllerService():

Suggested change

	final SSLContextService sslContextService = (SSLContextService) sslProp.asControllerService();
	final SSLContextService sslContextService = sslProp.asControllerService(SSLContextService.class);

[turcsanyip]

@exceptionfactory Thanks for the review! Your latest minor suggestions will be addressed in an upcoming PR (NIFI-10411) in order to avoid the extra build cycle here.

Merging to main...