NIFI-10675 Correct Neo4J 4.X+ SSL support#6559
NIFI-10675 Correct Neo4J 4.X+ SSL support#6559MikeThomsen wants to merge 3 commits intoapache:mainfrom
Conversation
NIFI-10675 Corrected SSL support in the V4+ cypher service.
exceptionfactory
left a comment
exceptionfactory
left a comment
There was a problem hiding this comment.
Thanks for addressing the issues with TLS support in Neo4j @MikeThomsen, the addition of test containers for integration is also useful.
At a high level, there is a concern with introducing static certificates to version control. These certificates will eventually expire, resulting in test failures. One option is to generate the certificates programmatically in the integration test, which could be done through a combination of the TemporaryKeyStoreBuilder and then writing out the generated values using the Bouncy Castle PEMWriter. On the other hand, since integration tests are not part of automated execution, I'm wondering whether it makes sense to introduce an integration test for TLS.
|
@exceptionfactory we can take that on as a follow on ticket, but FYI the reason Testcontainers is not used in the SSL integration test is that it appears that the Neo4J Testcontainers module doesn't include support for SSL in its API for setting the |
|
Thanks for the additional details @MikeThomsen, that is helpful. |
exceptionfactory
left a comment
exceptionfactory
left a comment
There was a problem hiding this comment.
@MikeThomsen Reviewing these changes in a little more detail, I think it looks good aside from the embedded certificate files.
If it would be helpful, I should be able to implement automatic certificate generation in the integration test, which would avoid the need for checking the certificates into the repository. Let me know, and I could look at pushing an update to this branch.
| .required(false) | ||
| .identifiesControllerService(SSLContextService.class) | ||
| .addValidator(StandardValidators.FILE_EXISTS_VALIDATOR) | ||
| .expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY) |
There was a problem hiding this comment.
This property could make use of the newer Resource Reference feature, which would identify the trusted certificates to be specified a File path.
|
@exceptionfactory I wasn't able to get Testcontainers to work with SSL, so you'd have to work around that in your proposed workflow. |
|
Thanks @MikeThomsen, I will follow up with what I can find in the course of testing. |
|
@MikeThomsen I refactored the SSL integration test to use Testcontainers. The test leverages the I pushed the commit to the pull request branch, so let me know what you think and I can proceed to merge if it looks good. |
exceptionfactory
force-pushed
the
NIFI-10675
branch
from
22a8a67 to
f97f393
Compare
|
@exceptionfactory Verified your changes run to completion. If you're otherwise +1 on merge, we can close this out. |
exceptionfactory
left a comment
exceptionfactory
left a comment
There was a problem hiding this comment.
Thanks for verifying the integration test updates @MikeThomsen! +1 merging
- Added Testcontainers for Neo4j integration tests This closes apache#6559 Co-authored-by: David Handermann <exceptionfactory@apache.org> Signed-off-by: David Handermann <exceptionfactory@apache.org>
2 participants
Summary
NIFI-00000
Tracking
Please complete the following tracking steps prior to pull request creation.
Issue Tracking
Pull Request Tracking
NIFI-00000NIFI-00000Pull Request Formatting
mainbranchVerification
Please indicate the verification steps performed prior to pull request creation.
Build
mvn clean install -P contrib-checkLicensing
LICENSEandNOTICEfilesDocumentation