NIFI-8725 Added Single User Environment Variables for Docker (#5178)
* NIFI-8725 Added Single User Environment Variables for Docker
- Updated Docker README.md with example command and link to Administration Guide section
- Updated Docker integration test to check HTTP response status
- Disabled integration test plugin for dockerhub because it depends on changes on the main branch. Can be re-enabled after 1.14.0 is released.
diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md
index b3884b7..39bef82 100644
--- a/nifi-docker/dockerhub/README.md
+++ b/nifi-docker/dockerhub/README.md
@@ -39,8 +39,9 @@
## Capabilities
This image currently supports running in standalone mode either unsecured or with user authentication provided through:
- * [Two-Way SSL with Client Certificates](http://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration)
- * [Lightweight Directory Access Protocol (LDAP)](http://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#ldap_login_identity_provider)
+ * [Single User Authentication](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#single_user_identity_provider)
+ * [Mutual TLS with Client Certificates](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration)
+ * [Lightweight Directory Access Protocol (LDAP)](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#ldap_login_identity_provider)
This image also contains the NiFi Toolkit (as of version 1.8.0) preconfigured to use either in secure and unsecure mode.
@@ -77,7 +78,7 @@
This will provide a running instance, exposing the instance UI to the host system on at port 8443,
viewable at `https://localhost:8443/nifi`.
-You can also pass in environment variables to change the NiFi communication ports and hostname using the Docker '-e' switch as follows:
+Environment variables can be used to set the NiFi communication ports and hostname using the Docker '-e' switch as follows:
docker run --name nifi \
-p 9443:9443 \
@@ -85,7 +86,16 @@
-e NIFI_WEB_HTTPS_PORT='9443' \
apache/nifi:latest
-For a list of the environment variables recognised in this build, look into the .sh/secure.sh and .sh/start.sh scripts
+Single User Authentication credentials can be specified using environment variables as follows:
+
+ docker run --name nifi \
+ -p 8443:8443 \
+ -d \
+ -e SINGLE_USER_CREDENTIALS_USERNAME=admin \
+ -e SINGLE_USER_CREDENTIALS_PASSWORD=ctsBtRBKHRAx69EqUghvvgEvjnaLjFEB \
+ apache/nifi:latest
+
+See `secure.sh` and `start.sh` scripts for supported environment variables.
### Standalone Instance secured with HTTPS and Mutual TLS Authentication
In this configuration, the user will need to provide certificates and associated configuration information.
diff --git a/nifi-docker/dockerhub/pom.xml b/nifi-docker/dockerhub/pom.xml
index 3481e56..642c32f 100644
--- a/nifi-docker/dockerhub/pom.xml
+++ b/nifi-docker/dockerhub/pom.xml
@@ -57,6 +57,7 @@
</execution>
</executions>
</plugin>
+ <!-- Disabled integration test pending release of Single User Authentication
<plugin>
<artifactId>exec-maven-plugin</artifactId>
<groupId>org.codehaus.mojo</groupId>
@@ -70,13 +71,14 @@
<configuration>
<arguments>
<argument>${project.version}-dockerhub</argument>
- <argument>1.7.0</argument>
+ <argument>1.14.0</argument>
</arguments>
<executable>${project.basedir}/../dockermaven/integration-test.sh</executable>
</configuration>
</execution>
</executions>
</plugin>
+ -->
</plugins>
</build>
</profile>
diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh
index 53cc43b..2730b62 100755
--- a/nifi-docker/dockerhub/sh/start.sh
+++ b/nifi-docker/dockerhub/sh/start.sh
@@ -44,6 +44,11 @@
"${scripts_dir}/toolkit.sh"
prop_replace 'baseUrl' "https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}" ${nifi_toolkit_props_file}
+prop_replace 'keystore' "${NIFI_HOME}/conf/keystore.p12" ${nifi_toolkit_props_file}
+prop_replace 'keystoreType' "PKCS12" ${nifi_toolkit_props_file}
+prop_replace 'truststore' "${NIFI_HOME}/conf/truststore.p12" ${nifi_toolkit_props_file}
+prop_replace 'truststoreType' "PKCS12" ${nifi_toolkit_props_file}
+
if [ -n "${NIFI_WEB_HTTP_PORT}" ]; then
prop_replace 'nifi.web.https.port' ''
prop_replace 'nifi.web.https.host' ''
@@ -56,6 +61,10 @@
prop_replace 'nifi.security.truststore' ''
prop_replace 'nifi.security.truststoreType' ''
prop_replace 'nifi.security.user.login.identity.provider' ''
+ prop_replace 'keystore' '' ${nifi_toolkit_props_file}
+ prop_replace 'keystoreType' '' ${nifi_toolkit_props_file}
+ prop_replace 'truststore' '' ${nifi_toolkit_props_file}
+ prop_replace 'truststoreType' '' ${nifi_toolkit_props_file}
prop_replace 'baseUrl' "http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT}" ${nifi_toolkit_props_file}
fi
@@ -81,6 +90,10 @@
prop_replace 'nifi.sensitive.props.key' "${NIFI_SENSITIVE_PROPS_KEY:-}"
+if [ -n "${SINGLE_USER_CREDENTIALS_USERNAME}" ] && [ -n "${SINGLE_USER_CREDENTIALS_PASSWORD}" ]; then
+ ${NIFI_HOME}/bin/nifi.sh set-single-user-credentials "${SINGLE_USER_CREDENTIALS_USERNAME}" "${SINGLE_USER_CREDENTIALS_PASSWORD}"
+fi
+
. "${scripts_dir}/update_cluster_state_management.sh"
# Check if we are secured or unsecured
diff --git a/nifi-docker/dockermaven/integration-test.sh b/nifi-docker/dockermaven/integration-test.sh
index 346cb99..e7d3dc4 100755
--- a/nifi-docker/dockermaven/integration-test.sh
+++ b/nifi-docker/dockermaven/integration-test.sh
@@ -46,11 +46,8 @@
sleep 10
done
-echo "Checking system diagnostics"
-test ${VERSION} = $(docker exec nifi-${TAG}-integration-test bash -c "curl -s -k $IP:8443/nifi-api/system-diagnostics | jq .systemDiagnostics.aggregateSnapshot.versionInfo.niFiVersion -r")
-
-echo "Checking current user with nifi-toolkit cli"
-test "anonymous" = $(docker exec nifi-${TAG}-integration-test bash -c '$NIFI_TOOLKIT_HOME/bin/cli.sh nifi current-user')
+echo "Checking NiFi REST API Access"
+test "200" = $(docker exec nifi-${TAG}-integration-test bash -c "curl -s -o /dev/null -w %{http_code} -k https://$IP:8443/nifi-api/access")
echo "Stopping NiFi container"
time docker stop nifi-${TAG}-integration-test
\ No newline at end of file
diff --git a/nifi-docker/dockermaven/sh/start.sh b/nifi-docker/dockermaven/sh/start.sh
index d2f33ef..b3207c5 100755
--- a/nifi-docker/dockermaven/sh/start.sh
+++ b/nifi-docker/dockermaven/sh/start.sh
@@ -44,6 +44,11 @@
"${scripts_dir}/toolkit.sh"
prop_replace 'baseUrl' "https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}" ${nifi_toolkit_props_file}
+prop_replace 'keystore' "${NIFI_HOME}/conf/keystore.p12" ${nifi_toolkit_props_file}
+prop_replace 'keystoreType' "PKCS12" ${nifi_toolkit_props_file}
+prop_replace 'truststore' "${NIFI_HOME}/conf/truststore.p12" ${nifi_toolkit_props_file}
+prop_replace 'truststoreType' "PKCS12" ${nifi_toolkit_props_file}
+
if [ -n "${NIFI_WEB_HTTP_PORT}" ]; then
prop_replace 'nifi.web.https.port' ''
prop_replace 'nifi.web.https.host' ''
@@ -56,6 +61,10 @@
prop_replace 'nifi.security.truststore' ''
prop_replace 'nifi.security.truststoreType' ''
prop_replace 'nifi.security.user.login.identity.provider' ''
+ prop_replace 'keystore' '' ${nifi_toolkit_props_file}
+ prop_replace 'keystoreType' '' ${nifi_toolkit_props_file}
+ prop_replace 'truststore' '' ${nifi_toolkit_props_file}
+ prop_replace 'truststoreType' '' ${nifi_toolkit_props_file}
prop_replace 'baseUrl' "http://${NIFI_WEB_HTTP_HOST:-$HOSTNAME}:${NIFI_WEB_HTTP_PORT}" ${nifi_toolkit_props_file}
fi
@@ -81,6 +90,10 @@
prop_replace 'nifi.sensitive.props.key' "${NIFI_SENSITIVE_PROPS_KEY:-}"
+if [ -n "${SINGLE_USER_CREDENTIALS_USERNAME}" ] && [ -n "${SINGLE_USER_CREDENTIALS_PASSWORD}" ]; then
+ ${NIFI_HOME}/bin/nifi.sh set-single-user-credentials "${SINGLE_USER_CREDENTIALS_USERNAME}" "${SINGLE_USER_CREDENTIALS_PASSWORD}"
+fi
+
. "${scripts_dir}/update_cluster_state_management.sh"
# Check if we are secured or unsecured
