From fc33181f9bffcc845171fb8e156c24d917605517 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 12 May 2025 11:22:45 +0200 Subject: [PATCH 1/6] chore(nifi): Remove 2.2.0 --- CHANGELOG.md | 2 + ...able-zip-assembly-to-save-disk-space.patch | 21 ------- ...llow-bypassing-check-for-host-header.patch | 62 ------------------- .../2.2.0/0003-Add-CycloneDX-plugin.patch | 38 ------------ nifi/stackable/patches/2.2.0/patchable.toml | 2 - nifi/versions.py | 6 -- 6 files changed, 2 insertions(+), 129 deletions(-) delete mode 100644 nifi/stackable/patches/2.2.0/0001-Disable-zip-assembly-to-save-disk-space.patch delete mode 100644 nifi/stackable/patches/2.2.0/0002-Allow-bypassing-check-for-host-header.patch delete mode 100644 nifi/stackable/patches/2.2.0/0003-Add-CycloneDX-plugin.patch delete mode 100644 nifi/stackable/patches/2.2.0/patchable.toml diff --git a/CHANGELOG.md b/CHANGELOG.md index 992625c34..8b4c8b566 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -76,6 +76,7 @@ All notable changes to this project will be documented in this file. - Remove ubi8-rust-builder image ([#1091]). - opa: Remove `0.67.1` ([#1103]). - opa: Remove legacy bundle-builder from container build ([#1103]). +- nifi: Remove `2.2.0` ([#1114]). [#916]: https://github.com/stackabletech/docker-images/pull/916 [#1025]: https://github.com/stackabletech/docker-images/pull/1025 @@ -106,6 +107,7 @@ All notable changes to this project will be documented in this file. [#1103]: https://github.com/stackabletech/docker-images/pull/1103 [#1106]: https://github.com/stackabletech/docker-images/pull/1106 [#1108]: https://github.com/stackabletech/docker-images/pull/1108 +[#1114]: https://github.com/stackabletech/docker-images/pull/1114 ## [25.3.0] - 2025-03-21 diff --git a/nifi/stackable/patches/2.2.0/0001-Disable-zip-assembly-to-save-disk-space.patch b/nifi/stackable/patches/2.2.0/0001-Disable-zip-assembly-to-save-disk-space.patch deleted file mode 100644 index 25e389653..000000000 --- a/nifi/stackable/patches/2.2.0/0001-Disable-zip-assembly-to-save-disk-space.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 450dee471deaad0d154cc722b11054ba5fa3a084 Mon Sep 17 00:00:00 2001 -From: Malte Sander -Date: Fri, 17 May 2024 15:38:33 +0200 -Subject: Disable zip assembly to save disk space - ---- - nifi-assembly/pom.xml | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml -index c04e1c8650..adcecd6206 100644 ---- a/nifi-assembly/pom.xml -+++ b/nifi-assembly/pom.xml -@@ -66,7 +66,6 @@ language governing permissions and limitations under the License. --> - posix - - dir -- zip - - - diff --git a/nifi/stackable/patches/2.2.0/0002-Allow-bypassing-check-for-host-header.patch b/nifi/stackable/patches/2.2.0/0002-Allow-bypassing-check-for-host-header.patch deleted file mode 100644 index caa3cca26..000000000 --- a/nifi/stackable/patches/2.2.0/0002-Allow-bypassing-check-for-host-header.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 63c87c2fde2714836fe3f522605ac24a39b2c81f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6nke=20Liebau?= -Date: Mon, 24 Jun 2024 09:04:43 +0200 -Subject: Allow bypassing check for host header - -NiFi has the configuration option 'nifi.web.proxy.host' which controls allowed -values for the host header field in any incoming request for the web ui. - -This frequently causes issues when trying to expose the NiFi UI via for example -an ingress, loadbalancer or any similar type of mechanism. - -NiFi does not allow to disable this behavior, so at the moment the nifi operator -simply hardcodes all even remotely possible values into this field. -But in order to allow putting for example in ingress in front of NiFi this means -using config overrides to change the value of this option, copy all the values -the operator put in there and add the extra value you need. - -This is less than ideal, the proper solution would probably be -https://github.com/stackabletech/nifi-operator/issues/604 - -But until that is merged this is a simple workaround that allows overriding the list of allowed -hostnames by just setting it to "*" and this will effectively bypass the hostname check entirely if set. - -This allows us to keep the default behavior in place for those users where it works and not remove -security features, but also enables users to disable this check if they know what they are doing. ---- - .../org/apache/nifi/web/server/HostHeaderHandler.java | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java -index 97337d63e2..12ce1d8646 100644 ---- a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java -+++ b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java -@@ -47,6 +47,7 @@ public class HostHeaderHandler extends Handler.Abstract { - private final String serverName; - private final int serverPort; - private final List validHosts; -+ private boolean allowAllHosts = false; - - /** - * Instantiates a handler which accepts incoming requests with a host header that is empty or contains one of the -@@ -68,6 +69,11 @@ public class HostHeaderHandler extends Handler.Abstract { - // The value(s) from nifi.web.proxy.host - hosts.addAll(parseCustomHostnames(niFiProperties)); - -+ // Check if the setting for allowed hosts has only the wildcard entry and -+ // if so store this in allowAllHost for later use -+ List configuredHostNames = niFiProperties.getAllowedHostsAsList(); -+ this.allowAllHosts = configuredHostNames.size() == 1 && configuredHostNames.contains("*"); -+ - // empty is ok here - hosts.add(""); - -@@ -160,7 +166,7 @@ public class HostHeaderHandler extends Handler.Abstract { - * @return Valid status - */ - boolean hostHeaderIsValid(final String hostHeader) { -- return hostHeader != null && validHosts.contains(hostHeader.toLowerCase().trim()); -+ return this.allowAllHosts || (hostHeader != null && validHosts.contains(hostHeader.toLowerCase().trim())); - } - - @Override diff --git a/nifi/stackable/patches/2.2.0/0003-Add-CycloneDX-plugin.patch b/nifi/stackable/patches/2.2.0/0003-Add-CycloneDX-plugin.patch deleted file mode 100644 index 5e4cd897c..000000000 --- a/nifi/stackable/patches/2.2.0/0003-Add-CycloneDX-plugin.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5fb37840eb45dc2b159089e75e2d0ef3054ac03d Mon Sep 17 00:00:00 2001 -From: Lukas Voetmand -Date: Fri, 6 Sep 2024 17:53:52 +0200 -Subject: Add CycloneDX plugin - ---- - pom.xml | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/pom.xml b/pom.xml -index 7885e6c208..07e03e66cd 100644 ---- a/pom.xml -+++ b/pom.xml -@@ -1007,6 +1007,24 @@ - - - -+ -+ org.cyclonedx -+ cyclonedx-maven-plugin -+ 2.8.0 -+ -+ application -+ 1.5 -+ false -+ -+ -+ -+ package -+ -+ makeBom -+ -+ -+ -+ - - - diff --git a/nifi/stackable/patches/2.2.0/patchable.toml b/nifi/stackable/patches/2.2.0/patchable.toml deleted file mode 100644 index cca3aee5b..000000000 --- a/nifi/stackable/patches/2.2.0/patchable.toml +++ /dev/null @@ -1,2 +0,0 @@ -base = "b33ffac8aa10992482f7fa54e6cfccc46a5e8e27" -mirror = "https://github.com/stackabletech/nifi.git" diff --git a/nifi/versions.py b/nifi/versions.py index 9f7ae285c..1b8caad98 100644 --- a/nifi/versions.py +++ b/nifi/versions.py @@ -9,10 +9,4 @@ "java-base": "11", "java-devel": "11", }, - { - "product": "2.2.0", - "java-base": "21", - "java-devel": "21", - "nifi_iceberg_bundle": "0.0.3", - }, ] From 0edd20647251d1bb0e8ecaf99fdfc1432a144a47 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 12 May 2025 11:58:32 +0200 Subject: [PATCH 2/6] chore(nifi): Add 2.4.0 --- CHANGELOG.md | 1 + .../patches/2.4.0/0001-no-zip-assembly.patch | 21 ++++++++++ .../2.4.0/0002-add-cyclonedx-plugin.patch | 38 +++++++++++++++++++ nifi/stackable/patches/2.4.0/patchable.toml | 2 + nifi/versions.py | 6 +++ 5 files changed, 68 insertions(+) create mode 100644 nifi/stackable/patches/2.4.0/0001-no-zip-assembly.patch create mode 100644 nifi/stackable/patches/2.4.0/0002-add-cyclonedx-plugin.patch create mode 100644 nifi/stackable/patches/2.4.0/patchable.toml diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b4c8b566..fd4e72aa7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ All notable changes to this project will be documented in this file. - zookeeper: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1043]). - nifi: Add [nifi-iceberg-bundle](https://github.com/stackabletech/nifi-iceberg-bundle) for NiFi `2.2.0` ([#1060], [#1106]). +- nifi: Add `2.4.0` ([#1114]). - java: Add JDK 24 ([#1097]). - ci: Add golang image to mirror workflow ([#1103]). diff --git a/nifi/stackable/patches/2.4.0/0001-no-zip-assembly.patch b/nifi/stackable/patches/2.4.0/0001-no-zip-assembly.patch new file mode 100644 index 000000000..4e93ed77f --- /dev/null +++ b/nifi/stackable/patches/2.4.0/0001-no-zip-assembly.patch @@ -0,0 +1,21 @@ +From cef2caa1141df8974ff853ce3bf55736cc22af4f Mon Sep 17 00:00:00 2001 +From: Nick Larsen +Date: Mon, 17 Feb 2025 17:26:20 +0100 +Subject: no zip assembly + +--- + nifi-assembly/pom.xml | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml +index 41bab2ad37..4ebb494613 100644 +--- a/nifi-assembly/pom.xml ++++ b/nifi-assembly/pom.xml +@@ -66,7 +66,6 @@ language governing permissions and limitations under the License. --> + posix + + dir +- zip + + + diff --git a/nifi/stackable/patches/2.4.0/0002-add-cyclonedx-plugin.patch b/nifi/stackable/patches/2.4.0/0002-add-cyclonedx-plugin.patch new file mode 100644 index 000000000..78432863b --- /dev/null +++ b/nifi/stackable/patches/2.4.0/0002-add-cyclonedx-plugin.patch @@ -0,0 +1,38 @@ +From a9fc3a2eea5add80ca03e8fba97d83d2952f2e5d Mon Sep 17 00:00:00 2001 +From: Nick Larsen +Date: Mon, 17 Feb 2025 17:31:17 +0100 +Subject: add cyclonedx plugin + +--- + pom.xml | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/pom.xml b/pom.xml +index 78f53a9aab..fdcc97cd51 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -1013,6 +1013,24 @@ + + + ++ ++ org.cyclonedx ++ cyclonedx-maven-plugin ++ 2.8.0 ++ ++ application ++ 1.5 ++ false ++ ++ ++ ++ package ++ ++ makeBom ++ ++ ++ ++ + + + diff --git a/nifi/stackable/patches/2.4.0/patchable.toml b/nifi/stackable/patches/2.4.0/patchable.toml new file mode 100644 index 000000000..d055c6804 --- /dev/null +++ b/nifi/stackable/patches/2.4.0/patchable.toml @@ -0,0 +1,2 @@ +mirror = "https://github.com/stackabletech/nifi.git" +base = "65c7732e46cdfcb17afe0dd7b0a3e0956226bcbb" diff --git a/nifi/versions.py b/nifi/versions.py index 1b8caad98..c43a9545d 100644 --- a/nifi/versions.py +++ b/nifi/versions.py @@ -9,4 +9,10 @@ "java-base": "11", "java-devel": "11", }, + { + "product": "2.4.0", + "java-base": "21", + "java-devel": "21", + "nifi_iceberg_bundle": "0.0.3", + }, ] From 28cf380ef2c84acfd724da010368506ff96340be Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 12 May 2025 12:03:13 +0200 Subject: [PATCH 3/6] chore: Reorganise the changelog --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd4e72aa7..98fdb07f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,8 @@ All notable changes to this project will be documented in this file. `check-permissions-ownership.sh` provided in stackable-base image ([#1041]). - nifi: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1027]). +- nifi: Add [nifi-iceberg-bundle] for NiFi `2.2.0` ([#1060], [#1106]). +- nifi: Add `2.4.0` ([#1114]). - opa: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1038]). - opa: Add `1.4.2` ([#1103]). @@ -34,8 +36,6 @@ All notable changes to this project will be documented in this file. `check-permissions-ownership.sh` provided in stackable-base image ([#1025]). - zookeeper: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1043]). -- nifi: Add [nifi-iceberg-bundle](https://github.com/stackabletech/nifi-iceberg-bundle) for NiFi `2.2.0` ([#1060], [#1106]). -- nifi: Add `2.4.0` ([#1114]). - java: Add JDK 24 ([#1097]). - ci: Add golang image to mirror workflow ([#1103]). @@ -79,6 +79,7 @@ All notable changes to this project will be documented in this file. - opa: Remove legacy bundle-builder from container build ([#1103]). - nifi: Remove `2.2.0` ([#1114]). +[nifi-iceberg-bundle]: https://github.com/stackabletech/nifi-iceberg-bundle [#916]: https://github.com/stackabletech/docker-images/pull/916 [#1025]: https://github.com/stackabletech/docker-images/pull/1025 [#1027]: https://github.com/stackabletech/docker-images/pull/1027 From 9332b95422d7d3024052a4d99c050796efc00272 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Wed, 14 May 2025 14:56:25 +0200 Subject: [PATCH 4/6] chore: Remove leftover from revert (#1115) --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffb575fd2..a68becc51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -84,7 +84,6 @@ All notable changes to this project will be documented in this file. - nifi: Remove `2.2.0` ([#1114]). [nifi-iceberg-bundle]: https://github.com/stackabletech/nifi-iceberg-bundle -[#916]: https://github.com/stackabletech/docker-images/pull/916 [#1025]: https://github.com/stackabletech/docker-images/pull/1025 [#1027]: https://github.com/stackabletech/docker-images/pull/1027 [#1028]: https://github.com/stackabletech/docker-images/pull/1028 From c438cb179581199a03a378abdd57740b59e31113 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Thu, 15 May 2025 10:00:57 +0200 Subject: [PATCH 5/6] chore: Bump nifi-iceberg-bundle to 0.0.4 for proper Nifi 2.4.0 support --- nifi/Dockerfile | 2 ++ nifi/versions.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 5408bf6e5..001e1f425 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -81,6 +81,8 @@ if [[ "${PRODUCT}" != 1.* ]] ; then curl "https://github.com/stackabletech/nifi-iceberg-bundle/archive/refs/tags/${NIFI_ICEBERG_BUNDLE}.tar.gz" | tar -xzC . cd nifi-iceberg-bundle-${NIFI_ICEBERG_BUNDLE} || exit + sed -i -e "s/{{ NIFI_VERSION }}/${PRODUCT}/g" pom.xml + mvn \ --batch-mode \ --no-transfer-progress\ diff --git a/nifi/versions.py b/nifi/versions.py index c43a9545d..59fb9b5f3 100644 --- a/nifi/versions.py +++ b/nifi/versions.py @@ -13,6 +13,6 @@ "product": "2.4.0", "java-base": "21", "java-devel": "21", - "nifi_iceberg_bundle": "0.0.3", + "nifi_iceberg_bundle": "0.0.4", }, ] From 6262bc56cbc7a52adf56a8dc983818c331be4637 Mon Sep 17 00:00:00 2001 From: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Date: Thu, 15 May 2025 10:09:36 +0200 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Sebastian Bernauer --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bacd91aed..9afed0a4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ All notable changes to this project will be documented in this file. `check-permissions-ownership.sh` provided in stackable-base image ([#1041]). - nifi: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1027]). -- nifi: Add [nifi-iceberg-bundle] for NiFi `2.2.0` ([#1060], [#1106]). +- nifi: Add [nifi-iceberg-bundle] for NiFi `2.4.0` ([#1060], [#1106]). - nifi: Add `2.4.0` ([#1114]). - opa: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1038]).