├── schema.sql
├── .dockerignore
├── docker-compose.simple.yml
├── Dockerfile.user.example
├── hooks
    ├── pre_build
    ├── post_checkout
    ├── build
    └── post_push
├── NOTICE
├── docker-compose.kerberos.yml
├── docker-compose.github.yml
├── python
    └── swapcase.py
├── docker-compose.twowayssl.yml
├── conf
    ├── 0.5.0
    │   ├── registry-aliases.xml
    │   ├── bootstrap.conf
    │   ├── nifi-registry.properties
    │   ├── providers.xml
    │   ├── identity-providers.xml
    │   ├── logback.xml
    │   └── authorizers.xml
    ├── 0.6.0
    │   ├── registry-aliases.xml
    │   ├── bootstrap.conf
    │   ├── nifi-registry.properties
    │   ├── providers.xml
    │   ├── identity-providers.xml
    │   ├── logback.xml
    │   └── authorizers.xml
    ├── 0.7.0
    │   ├── registry-aliases.xml
    │   ├── bootstrap.conf
    │   ├── nifi-registry.properties
    │   ├── providers.xml
    │   ├── identity-providers.xml
    │   └── logback.xml
    └── 0.8.0
    │   ├── registry-aliases.xml
    │   ├── bootstrap.conf
    │   ├── nifi-registry.properties
    │   ├── providers.xml
    │   ├── identity-providers.xml
    │   └── logback.xml
├── docker-compose.ldap.yml
├── docker-compose.mysql.yml
├── docker-compose.postgres.yml
├── docker-compose.mariadb.yml
├── RELEASE_NOTES.md
├── .gitignore
├── templates
    ├── bootstrap.conf.gotemplate
    ├── providers.xml.gotemplate
    ├── identity-providers.xml.gotemplate
    └── nifi-registry.properties.gotemplate
├── sh
    ├── start-plain.sh
    └── start.sh
├── Dockerfile
└── LICENSE


/schema.sql:
--------------------------------------------------------------------------------
1 | CREATE DATABASE db;
2 | 


--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | conf/
2 | python/
3 | hooks/
4 | 


--------------------------------------------------------------------------------
/docker-compose.simple.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     ports:
 7 |       - target: 18080
 8 |         published: 18080
 9 |         protocol: tcp
10 |         mode: host
11 | 


--------------------------------------------------------------------------------
/Dockerfile.user.example:
--------------------------------------------------------------------------------
1 | FROM michalklempa/nifi-registry:latest.plain
2 | ARG UID=1000
3 | ARG GID=1000
4 | 
5 | RUN addgroup -g ${GID} nifi \
6 |     && adduser -s /bin/bash -u ${UID} -G nifi -D nifi \
7 |     && chown -R nifi:nifi ${PROJECT_BASE_DIR}
8 | USER nifi


--------------------------------------------------------------------------------
/hooks/pre_build:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # thanks https://github.com/se1exin/
3 | # Register qemu-*-static for all supported processors except the
4 | # current one, but also remove all registered binfmt_misc before
5 | 
6 | docker run --rm --privileged multiarch/qemu-user-static:register --reset
7 | 


--------------------------------------------------------------------------------
/hooks/post_checkout:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # hooks/post_checkout
 3 | # https://docs.docker.com/docker-cloud/builds/advanced/
 4 | 
 5 | if [ -f $(git rev-parse --git-dir)/shallow ]; then
 6 |     echo "[***] Unshallowing to get correct tags to work."
 7 |     git fetch --tags --unshallow --quiet origin
 8 | else
 9 |     echo "[***] Not a shallow repository."
10 | fi
11 | 


--------------------------------------------------------------------------------
/NOTICE:
--------------------------------------------------------------------------------
1 | Unofficial Docker Image For NiFi Registry
2 | Copyright 2019 Michal Klempa
3 | 
4 | This product includes software developed at
5 | The Apache Software Foundation (http://www.apache.org/).
6 | 
7 | This includes derived works from the Apache NiFi Registry (ASLv2 licensed) project (https://git-wip-us.apache.org/repos/asf?p=nifi-registry.git):
8 |   Copyright 2014-2018 The Apache Software Foundation
9 |   This includes sources for configuration, Dockerfile


--------------------------------------------------------------------------------
/docker-compose.kerberos.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     ports:
 7 |       - target: 18080
 8 |         published: 18080
 9 |         protocol: tcp
10 |         mode: host
11 |     environment:
12 |       INITIAL_ADMIN_IDENTITY: cn=nifi-admin,dc=example,dc=org
13 |       NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDER: kerberos-identity-provider
14 |       NIFI_REGISTRY_SECURITY_NEEDcLIENTaUTH: false
15 | 


--------------------------------------------------------------------------------
/docker-compose.github.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     volumes:
 7 |       - ~/.ssh:/home/nifi/.ssh
 8 |     ports:
 9 |       - target: 18080
10 |         published: 18080
11 |         protocol: tcp
12 |         mode: host
13 |     environment:
14 |       DEBUG: 1
15 |       FLOW_PROVIDER: git
16 |       GIT_REMOTE_URL: git@github.com:michalklempa/docker-nifi-registry-example-flow.git
17 |       GIT_CHECKOUT_BRANCH: example
18 |       FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY: /opt/nifi-registry/flow-storage-git
19 |       FLOW_PROVIDER_GIT_REMOTE_TO_PUSH: origin
20 |       GIT_CONFIG_USER_NAME: 'Michal Klempa'
21 |       GIT_CONFIG_USER_EMAIL: michal.klempa@gmail.com
22 | 


--------------------------------------------------------------------------------
/python/swapcase.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | 
 3 | import sys
 4 | 
 5 | prefix = sys.argv[1] if len(sys.argv) > 1 else ''
 6 | 
 7 | for line in sys.stdin:
 8 |     if not line or line.isspace():
 9 |         sys.stdout.write(line)
10 |     elif line.startswith('#') and '=' in line and line[1] != ' ':
11 |         (key, value) = line[1:].split('=', 1)
12 |         sys.stdout.write(line)
13 |         sys.stdout.write('{{{{ if .Env.{}{} -}}}}\n'.format(prefix, key.swapcase().replace('.', '_')));
14 |         sys.stdout.write('{}={{{{ .Env.{}{} }}}}\n'.format(key, prefix, key.swapcase().replace('.', '_') ))
15 |         sys.stdout.write('{{- end }}\n')
16 |     elif line.startswith('#'):
17 |         sys.stdout.write(line)
18 |     elif '=' in line:
19 |         (key, value) = line.split('=', 1)
20 |         sys.stdout.write('{}={{{{ default .Env.{}{} "{}" }}}}\n'.format(key, prefix, key.swapcase().replace('.', '_'), value.rstrip('\n') ))
21 |     else:
22 |         print 'omg', line
23 | 
24 | sys.stdout.flush()
25 | 


--------------------------------------------------------------------------------
/docker-compose.twowayssl.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     volumes:
 7 |       - ./keystore.jks:/opt/certs/keystore.jks
 8 |       - ./truststore.jks:/opt/certs/truststore.jks
 9 |     ports:
10 |       - target: 18443
11 |         published: 18443
12 |         protocol: tcp
13 |         mode: host
14 |     environment:
15 |       NIFI_REGISTRY_SECURITY_KEYSTORE: /opt/certs/keystore.jks
16 |       NIFI_REGISTRY_SECURITY_KEYSTOREtYPE: JKS
17 |       NIFI_REGISTRY_SECURITY_KEYSTOREpASSWD: QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs
18 |       NIFI_REGISTRY_SECURITY_TRUSTSTORE: /opt/certs/truststore.jks
19 |       NIFI_REGISTRY_SECURITY_TRUSTSTOREtYPE: JKS
20 |       NIFI_REGISTRY_SECURITY_TRUSTSTOREpASSWD: rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE
21 |       NIFI_REGISTRY_SECURITY_NEEDcLIENTaUTH: true
22 |       NIFI_REGISTRY_WEB_HTTP_HOST:
23 |       NIFI_REGISTRY_WEB_HTTP_PORT:
24 |       NIFI_REGISTRY_WEB_HTTPS_HOST: 0.0.0.0
25 |       NIFI_REGISTRY_WEB_HTTPS_PORT: 18443
26 |       INITIAL_ADMIN_IDENTITY: CN=AdminUser, OU=nifi


--------------------------------------------------------------------------------
/conf/0.5.0/registry-aliases.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <!--
 3 |   Licensed to the Apache Software Foundation (ASF) under one or more
 4 |   contributor license agreements.  See the NOTICE file distributed with
 5 |   this work for additional information regarding copyright ownership.
 6 |   The ASF licenses this file to You under the Apache License, Version 2.0
 7 |   (the "License"); you may not use this file except in compliance with
 8 |   the License.  You may obtain a copy of the License at
 9 |       http://www.apache.org/licenses/LICENSE-2.0
10 |   Unless required by applicable law or agreed to in writing, software
11 |   distributed under the License is distributed on an "AS IS" BASIS,
12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   See the License for the specific language governing permissions and
14 |   limitations under the License.
15 | -->
16 | <aliases>
17 |     <!--
18 |     <alias>
19 |         <internal>LOCAL_NIFI_REGISTRY</internal>
20 |         <external>http://registry.nifi.apache.org:18080</external>
21 |     </alias>
22 |     -->
23 | </aliases>


--------------------------------------------------------------------------------
/conf/0.6.0/registry-aliases.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <!--
 3 |   Licensed to the Apache Software Foundation (ASF) under one or more
 4 |   contributor license agreements.  See the NOTICE file distributed with
 5 |   this work for additional information regarding copyright ownership.
 6 |   The ASF licenses this file to You under the Apache License, Version 2.0
 7 |   (the "License"); you may not use this file except in compliance with
 8 |   the License.  You may obtain a copy of the License at
 9 |       http://www.apache.org/licenses/LICENSE-2.0
10 |   Unless required by applicable law or agreed to in writing, software
11 |   distributed under the License is distributed on an "AS IS" BASIS,
12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   See the License for the specific language governing permissions and
14 |   limitations under the License.
15 | -->
16 | <aliases>
17 |     <!--
18 |     <alias>
19 |         <internal>LOCAL_NIFI_REGISTRY</internal>
20 |         <external>http://registry.nifi.apache.org:18080</external>
21 |     </alias>
22 |     -->
23 | </aliases>


--------------------------------------------------------------------------------
/conf/0.7.0/registry-aliases.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <!--
 3 |   Licensed to the Apache Software Foundation (ASF) under one or more
 4 |   contributor license agreements.  See the NOTICE file distributed with
 5 |   this work for additional information regarding copyright ownership.
 6 |   The ASF licenses this file to You under the Apache License, Version 2.0
 7 |   (the "License"); you may not use this file except in compliance with
 8 |   the License.  You may obtain a copy of the License at
 9 |       http://www.apache.org/licenses/LICENSE-2.0
10 |   Unless required by applicable law or agreed to in writing, software
11 |   distributed under the License is distributed on an "AS IS" BASIS,
12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   See the License for the specific language governing permissions and
14 |   limitations under the License.
15 | -->
16 | <aliases>
17 |     <!--
18 |     <alias>
19 |         <internal>LOCAL_NIFI_REGISTRY</internal>
20 |         <external>http://registry.nifi.apache.org:18080</external>
21 |     </alias>
22 |     -->
23 | </aliases>


--------------------------------------------------------------------------------
/conf/0.8.0/registry-aliases.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <!--
 3 |   Licensed to the Apache Software Foundation (ASF) under one or more
 4 |   contributor license agreements.  See the NOTICE file distributed with
 5 |   this work for additional information regarding copyright ownership.
 6 |   The ASF licenses this file to You under the Apache License, Version 2.0
 7 |   (the "License"); you may not use this file except in compliance with
 8 |   the License.  You may obtain a copy of the License at
 9 |       http://www.apache.org/licenses/LICENSE-2.0
10 |   Unless required by applicable law or agreed to in writing, software
11 |   distributed under the License is distributed on an "AS IS" BASIS,
12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   See the License for the specific language governing permissions and
14 |   limitations under the License.
15 | -->
16 | <aliases>
17 |     <!--
18 |     <alias>
19 |         <internal>LOCAL_NIFI_REGISTRY</internal>
20 |         <external>http://registry.nifi.apache.org:18080</external>
21 |     </alias>
22 |     -->
23 | </aliases>


--------------------------------------------------------------------------------
/hooks/build:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # hooks/build
 3 | # https://docs.docker.com/docker-cloud/builds/advanced/
 4 | # this file is from https://github.com/jnovack/dockerhub-hooks
 5 | 
 6 | # $IMAGE_NAME var is injected into the build so the tag is correct.
 7 | echo "[***] Build hook running"
 8 | echo "Docker Tag: $DOCKER_TAG"
 9 | 
10 | echo "Flavour 1: $FLAVOUR"
11 | if [[ -z "${FLAVOUR}" ]]; then
12 |     FLAVOUR=`echo ${DOCKER_TAG} | awk -F'-' '{print $2}' | awk -F'.' '{print $2}'`
13 | fi
14 | echo "Flavour 2: $FLAVOUR"
15 | 
16 | if [[ -z "${UPSTREAM_VERSION}" ]]; then
17 |     UPSTREAM_VERSION=`echo ${DOCKER_TAG} | awk -F'-' '{print $1}' | sed 's/latest//'`
18 | fi
19 | echo "Upstream version: $UPSTREAM_VERSION"
20 | 
21 | docker build \
22 |     --build-arg BUILD_RFC3339='"$(date -u +"%Y-%m-%dT%H:%M:%SZ")"' \
23 |     --build-arg COMMIT=$(git rev-parse --short HEAD) \
24 |     --build-arg VERSION=$(git describe --tags --always) \
25 |     --build-arg UPSTREAM_VERSION=${UPSTREAM_VERSION:-0.8.0} \
26 |     --build-arg 'MIRROR='"${MIRROR:-https://archive.apache.org/dist}"'' \
27 |     --target ${FLAVOUR:-defaultuser} \
28 |     -f $DOCKERFILE_PATH \
29 |     -t $DOCKER_REPO:$DOCKER_TAG .
30 | 


--------------------------------------------------------------------------------
/docker-compose.ldap.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     volumes:
 7 |       - ./keystore.jks:/opt/certs/keystore.jks
 8 |       - ./truststore.jks:/opt/certs/truststore.jks
 9 |     ports:
10 |       - target: 18443
11 |         published: 18443
12 |         protocol: tcp
13 |         mode: host
14 |     environment:
15 |       NIFI_REGISTRY_SECURITY_KEYSTORE: /opt/certs/keystore.jks
16 |       NIFI_REGISTRY_SECURITY_KEYSTOREtYPE: JKS
17 |       NIFI_REGISTRY_SECURITY_KEYSTOREpASSWD: QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs
18 |       NIFI_REGISTRY_SECURITY_TRUSTSTORE: /opt/certs/truststore.jks
19 |       NIFI_REGISTRY_SECURITY_TRUSTSTOREtYPE: JKS
20 |       NIFI_REGISTRY_SECURITY_TRUSTSTOREpASSWD: rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE
21 |       NIFI_REGISTRY_WEB_HTTP_HOST:
22 |       NIFI_REGISTRY_WEB_HTTP_PORT:
23 |       NIFI_REGISTRY_WEB_HTTPS_HOST: 0.0.0.0
24 |       NIFI_REGISTRY_WEB_HTTPS_PORT: 18443
25 |       INITIAL_ADMIN_IDENTITY: cn=nifi-admin,dc=example,dc=org
26 |       NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDER: ldap-identity-provider
27 |       NIFI_REGISTRY_SECURITY_NEEDcLIENTaUTH: false
28 |       LDAP_AUTHENTICATION_STRATEGY: SIMPLE
29 |       LDAP_MANAGER_DN: cn=ldap-admin,dc=example,dc=org
30 |       LDAP_MANAGER_PASSWORD: password
31 |       LDAP_USER_SEARCH_BASE: dc=example,dc=org
32 |       LDAP_USER_SEARCH_FILTER: cn={0}
33 |       LDAP_IDENTITY_STRATEGY: USE_DN
34 |       LDAP_URL: ldap://ldap:389
35 | 


--------------------------------------------------------------------------------
/docker-compose.mysql.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     depends_on:
 7 |       - database
 8 |     # see https://dev.mysql.com/downloads/connector/j/
 9 |     volumes:
10 |       - ./mysql-connector-java-5.1.47.jar:/opt/nifi-registry/libs/mysql-connector-java-5.1.47.jar
11 |     ports:
12 |       - target: 18080
13 |         published: 18080
14 |         protocol: tcp
15 |         mode: host
16 |     command: dockerize -timeout 60s -wait tcp://database:3306 /opt/nifi-registry/scripts/start.sh
17 |     networks:
18 |       - nifi-registry-network
19 |     environment:
20 |       NIFI_REGISTRY_DB_URL: jdbc:mysql://database:3306/db
21 |       NIFI_REGISTRY_DB_DRIVER_CLASS: com.mysql.jdbc.Driver
22 |       NIFI_REGISTRY_DB_DRIVER_DIRECTORY: /opt/nifi-registry/libs/
23 |       NIFI_REGISTRY_DB_USERNAME: root
24 |       NIFI_REGISTRY_DB_PASSWORD: myPassword
25 | 
26 |   # see https://hub.docker.com/_/mysql?tab=description
27 |   # see https://flywaydb.org/documentation/database/mysql
28 |   database:
29 |     image: mysql:8
30 |     ports:
31 |       - target: 3306
32 |         published: 3306
33 |         protocol: tcp
34 |         mode: host
35 |     networks:
36 |       - nifi-registry-network
37 |     environment:
38 |       MYSQL_ROOT_PASSWORD: myPassword
39 |       MYSQL_DATABASE: db
40 | 
41 | networks:
42 |   nifi-registry-network:
43 |     name: nifi-registry-network
44 |     ipam:
45 |       driver: default
46 |       config:
47 |         - subnet: 192.168.0.0/24


--------------------------------------------------------------------------------
/docker-compose.postgres.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     depends_on:
 7 |       - database
 8 |     # see https://jdbc.postgresql.org/download.html
 9 |     volumes:
10 |       - ./postgresql-42.2.5.jar:/opt/nifi-registry/libs/postgresql-42.2.5.jar
11 |     ports:
12 |       - target: 18080
13 |         published: 18080
14 |         protocol: tcp
15 |         mode: host
16 |     command: dockerize -timeout 60s -wait tcp://database:5432 /opt/nifi-registry/scripts/start.sh
17 |     networks:
18 |       - nifi-registry-network
19 |     environment:
20 |       NIFI_REGISTRY_DB_URL: jdbc:postgresql://database:5432/db
21 |       NIFI_REGISTRY_DB_DRIVER_CLASS: org.postgresql.Driver
22 |       NIFI_REGISTRY_DB_DRIVER_DIRECTORY: /opt/nifi-registry/libs/
23 |       NIFI_REGISTRY_DB_USERNAME: postgres
24 |       NIFI_REGISTRY_DB_PASSWORD: myPassword
25 | 
26 |   # see https://hub.docker.com/_/postgres
27 |   # see https://flywaydb.org/documentation/database/postgresql
28 |   database:
29 |     image: postgres:10
30 |     ports:
31 |       - target: 5432
32 |         published: 5432
33 |         protocol: tcp
34 |         mode: host
35 |     networks:
36 |       - nifi-registry-network
37 |     volumes:
38 |       - type: bind
39 |         source: ./schema.sql
40 |         target: /docker-entrypoint-initdb.d/schema.sql
41 |     environment:
42 |       POSTGRES_PASSWORD: myPassword
43 | 
44 | networks:
45 |   nifi-registry-network:
46 |     name: nifi-registry-network
47 |     ipam:
48 |       driver: default
49 |       config:
50 |         - subnet: 192.168.0.0/24


--------------------------------------------------------------------------------
/docker-compose.mariadb.yml:
--------------------------------------------------------------------------------
 1 | version: "3.7"
 2 | 
 3 | services:
 4 |   nifi-registry:
 5 |     image: michalklempa/nifi-registry
 6 |     depends_on:
 7 |       - database
 8 |     # see https://downloads.mariadb.com/Connectors/java/connector-java-2.3.0/
 9 |     volumes:
10 |       - ./mariadb-java-client-2.3.0.jar:/opt/nifi-registry/libs/mariadb-java-client-2.3.0.jar
11 |     ports:
12 |       - target: 18080
13 |         published: 18080
14 |         protocol: tcp
15 |         mode: host
16 |     command: dockerize -timeout 60s -wait tcp://database:3306 /opt/nifi-registry/scripts/start.sh
17 |     networks:
18 |       - nifi-registry-network
19 |     environment:
20 |       NIFI_REGISTRY_DB_URL: jdbc:mariadb://database:3306/db
21 |       NIFI_REGISTRY_DB_DRIVER_CLASS: org.mariadb.jdbc.Driver
22 |       NIFI_REGISTRY_DB_DRIVER_DIRECTORY: /opt/nifi-registry/libs/
23 |       NIFI_REGISTRY_DB_USERNAME: root
24 |       NIFI_REGISTRY_DB_PASSWORD: myPassword
25 | 
26 |   # see https://hub.docker.com/_/mariadb
27 |   # see https://flywaydb.org/documentation/database/mariadb
28 |   database:
29 |     image: mariadb:10.3.9-bionic
30 |     ports:
31 |       - target: 3306
32 |         published: 3306
33 |         protocol: tcp
34 |         mode: host
35 |     networks:
36 |       - nifi-registry-network
37 |     volumes:
38 |       - type: bind
39 |         source: ./mariadb_sql
40 |         target: /docker-entrypoint-initdb.d
41 |     environment:
42 |       MYSQL_ROOT_PASSWORD: myPassword
43 | 
44 | networks:
45 |   nifi-registry-network:
46 |     name: nifi-registry-network
47 |     ipam:
48 |       driver: default
49 |       config:
50 |         - subnet: 192.168.0.0/24


--------------------------------------------------------------------------------
/hooks/post_push:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # hooks/post_push
 3 | # https://docs.docker.com/docker-cloud/builds/advanced/
 4 | # https://semver.org/
 5 | 
 6 | function add_tag() {
 7 |     echo "[***] Adding tag ${1}"
 8 |     docker tag $IMAGE_NAME $DOCKER_REPO:$1
 9 |     docker push $DOCKER_REPO:$1
10 | }
11 | 
12 | TAG=$DOCKER_TAG
13 | # `git describe --tag --match "v*"`
14 | 
15 | # Optional Kill Switch for only pushing 'latest', not any prior release versions
16 | # -- comment this out if you want to always update release tags on every push (not recommended)
17 | KILL=`echo ${TAG} | awk -F'-' '{print $3}'`
18 | if [ ! -z $KILL ]; then exit 0; fi
19 | 
20 | # Extract versions
21 | MAJOR=`echo ${TAG} | awk -F'-' '{print $1}' | awk -F'.' '{print $1}' | sed 's/v//'`
22 | MINOR=`echo ${TAG} | awk -F'-' '{print $1}' | awk -F'.' '{print $2}' | sed 's/v//'`
23 | PATCH=`echo ${TAG} | awk -F'-' '{print $1}' | awk -F'.' '{print $3}' | sed 's/v//'`
24 | PRLS=`echo ${TAG} | awk -F'-' '{print $2}' | awk -F'.' '{print $2}'`
25 | 
26 | num='^[0-9_]+$'
27 | pre='^[0-9A-Za-z.]+$'
28 | 
29 | echo "[***] Current Build: ${TAG}"
30 | 
31 | if [ ! -z $MAJOR ] && [[ $MAJOR =~ $num ]]; then
32 |     add_tag ${MAJOR}${PRLS:+-$PRLS}
33 | 
34 |     if [ ! -z $MINOR ] && [[ $MINOR =~ $num ]]; then
35 |         add_tag ${MAJOR}.${MINOR}${PRLS:+-$PRLS}
36 | 
37 |         if [ ! -z $PATCH ] && [[ $PATCH =~ $num ]]; then
38 |             add_tag ${MAJOR}.${MINOR}.${PATCH}${PRLS:+-$PRLS}
39 | 
40 |             if [ ! -z $PRLS ] && [[ ! $PRLS =~ $num ]] && [[ $PRLS =~ $pre ]]; then
41 |                 add_tag ${MAJOR}.${MINOR}.${PATCH}-${PRLS}
42 |             fi
43 |         fi
44 |     fi
45 | fi
46 | 
47 | exit $?
48 | 


--------------------------------------------------------------------------------
/RELEASE_NOTES.md:
--------------------------------------------------------------------------------
 1 | # Unofficial Docker Image For NiFi Registry
 2 | 
 3 | ## Release notes
 4 | 
 5 | <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 6 | <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 7 | **Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*
 8 | 
 9 | - [NiFi Registry 0.4.0](#nifi-registry-040)
10 | 
11 | <!-- END doctoc generated TOC please keep comment here to allow auto update -->
12 | 
13 | ## NiFi Registry 0.4.0 
14 |  - Added templating for [Bundle Persistence Providers](README.md#bundle-persistence-providers-configuration) 
15 | 
16 | ## NiFi Registry 0.5.0 
17 |  - Added templating for [org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider](README.md#) 
18 | 
19 | ## NiFi Registry 0.5.0 (0.5.0-03.plain and 0.5.0-03)
20 |  - Added -plain flavored images, these do not set UIG:GID (nifi:nifi) and do not render any config templates. Suitable for k8s deployments.
21 | 
22 | ## NiFi Registry 0.6.0
23 |  - Added -plain, -default flavored images
24 |     - 0.6.0-plain: no UID:GID set (running as root), env var templating TURNED OFF.
25 |     - 0.6.0-default: no UID:GID set (running as root), ENV var templating is done
26 |     - 0.6.0: UID:GID set to nifi:nifi (1000:1000), ENV var templating is done 
27 | 
28 | ## NiFi Registry 0.7.0
29 |  - upstream added possibility to clone repo (default branch), which we kindly ignore
30 | 
31 | ## NiFi Registry 0.8.0
32 |  - new `nifi-registry.properties`:
33 |   ```
34 | # OIDC #
35 | nifi.registry.security.user.oidc.discovery.url=
36 | nifi.registry.security.user.oidc.connect.timeout=
37 | nifi.registry.security.user.oidc.read.timeout=
38 | nifi.registry.security.user.oidc.client.id=
39 | nifi.registry.security.user.oidc.client.secret=
40 | nifi.registry.security.user.oidc.preferred.jwsalgorithm=
41 |   ```
42 |  - new `DatabaseUserGroupProvider` in `authorizers.xml`, since we do not template this file, we ignore


--------------------------------------------------------------------------------
/conf/0.5.0/bootstrap.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # Licensed to the Apache Software Foundation (ASF) under one or more
 3 | # contributor license agreements.  See the NOTICE file distributed with
 4 | # this work for additional information regarding copyright ownership.
 5 | # The ASF licenses this file to You under the Apache License, Version 2.0
 6 | # (the "License"); you may not use this file except in compliance with
 7 | # the License.  You may obtain a copy of the License at
 8 | #
 9 | #   http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | 
18 | # Java command to use when running nifi-registry
19 | java=java
20 | 
21 | # Username to use when running nifi-registry. This value will be ignored on Windows.
22 | run.as=
23 | 
24 | # Configure the working directory for launching the NiFi Registry process
25 | # If not specified, the working directory will fall back to using the NIFI_REGISTRY_HOME env variable
26 | # If the environment variable is not specified, the working directory will fall back to the parent of this file's parent
27 | working.dir=
28 | 
29 | # Configure where nifi-registry's lib and conf directories live
30 | lib.dir=./lib
31 | conf.dir=./conf
32 | docs.dir=./docs
33 | 
34 | # How long to wait after telling nifi-registry to shutdown before explicitly killing the Process
35 | graceful.shutdown.seconds=20
36 | 
37 | # Disable JSR 199 so that we can use JSP's without running a JDK
38 | java.arg.1=-Dorg.apache.jasper.compiler.disablejsr199=true
39 | 
40 | # JVM memory settings
41 | java.arg.2=-Xms512m
42 | java.arg.3=-Xmx512m
43 | 
44 | # Enable Remote Debugging
45 | #java.arg.debug=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
46 | 
47 | java.arg.4=-Djava.net.preferIPv4Stack=true
48 | 
49 | # allowRestrictedHeaders is required for Cluster/Node communications to work properly
50 | java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true
51 | java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol
52 | 
53 | # Master key in hexadecimal format for encrypted sensitive configuration values
54 | nifi.registry.bootstrap.sensitive.key=


--------------------------------------------------------------------------------
/conf/0.6.0/bootstrap.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # Licensed to the Apache Software Foundation (ASF) under one or more
 3 | # contributor license agreements.  See the NOTICE file distributed with
 4 | # this work for additional information regarding copyright ownership.
 5 | # The ASF licenses this file to You under the Apache License, Version 2.0
 6 | # (the "License"); you may not use this file except in compliance with
 7 | # the License.  You may obtain a copy of the License at
 8 | #
 9 | #   http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | 
18 | # Java command to use when running nifi-registry
19 | java=java
20 | 
21 | # Username to use when running nifi-registry. This value will be ignored on Windows.
22 | run.as=
23 | 
24 | # Configure the working directory for launching the NiFi Registry process
25 | # If not specified, the working directory will fall back to using the NIFI_REGISTRY_HOME env variable
26 | # If the environment variable is not specified, the working directory will fall back to the parent of this file's parent
27 | working.dir=
28 | 
29 | # Configure where nifi-registry's lib and conf directories live
30 | lib.dir=./lib
31 | conf.dir=./conf
32 | docs.dir=./docs
33 | 
34 | # How long to wait after telling nifi-registry to shutdown before explicitly killing the Process
35 | graceful.shutdown.seconds=20
36 | 
37 | # Disable JSR 199 so that we can use JSP's without running a JDK
38 | java.arg.1=-Dorg.apache.jasper.compiler.disablejsr199=true
39 | 
40 | # JVM memory settings
41 | java.arg.2=-Xms512m
42 | java.arg.3=-Xmx512m
43 | 
44 | # Enable Remote Debugging
45 | #java.arg.debug=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
46 | 
47 | java.arg.4=-Djava.net.preferIPv4Stack=true
48 | 
49 | # allowRestrictedHeaders is required for Cluster/Node communications to work properly
50 | java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true
51 | java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol
52 | 
53 | # Master key in hexadecimal format for encrypted sensitive configuration values
54 | nifi.registry.bootstrap.sensitive.key=


--------------------------------------------------------------------------------
/conf/0.7.0/bootstrap.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # Licensed to the Apache Software Foundation (ASF) under one or more
 3 | # contributor license agreements.  See the NOTICE file distributed with
 4 | # this work for additional information regarding copyright ownership.
 5 | # The ASF licenses this file to You under the Apache License, Version 2.0
 6 | # (the "License"); you may not use this file except in compliance with
 7 | # the License.  You may obtain a copy of the License at
 8 | #
 9 | #   http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | 
18 | # Java command to use when running nifi-registry
19 | java=java
20 | 
21 | # Username to use when running nifi-registry. This value will be ignored on Windows.
22 | run.as=
23 | 
24 | # Configure the working directory for launching the NiFi Registry process
25 | # If not specified, the working directory will fall back to using the NIFI_REGISTRY_HOME env variable
26 | # If the environment variable is not specified, the working directory will fall back to the parent of this file's parent
27 | working.dir=
28 | 
29 | # Configure where nifi-registry's lib and conf directories live
30 | lib.dir=./lib
31 | conf.dir=./conf
32 | docs.dir=./docs
33 | 
34 | # How long to wait after telling nifi-registry to shutdown before explicitly killing the Process
35 | graceful.shutdown.seconds=20
36 | 
37 | # Disable JSR 199 so that we can use JSP's without running a JDK
38 | java.arg.1=-Dorg.apache.jasper.compiler.disablejsr199=true
39 | 
40 | # JVM memory settings
41 | java.arg.2=-Xms512m
42 | java.arg.3=-Xmx512m
43 | 
44 | # Enable Remote Debugging
45 | #java.arg.debug=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
46 | 
47 | java.arg.4=-Djava.net.preferIPv4Stack=true
48 | 
49 | # allowRestrictedHeaders is required for Cluster/Node communications to work properly
50 | java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true
51 | java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol
52 | 
53 | # Master key in hexadecimal format for encrypted sensitive configuration values
54 | nifi.registry.bootstrap.sensitive.key=


--------------------------------------------------------------------------------
/conf/0.8.0/bootstrap.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # Licensed to the Apache Software Foundation (ASF) under one or more
 3 | # contributor license agreements.  See the NOTICE file distributed with
 4 | # this work for additional information regarding copyright ownership.
 5 | # The ASF licenses this file to You under the Apache License, Version 2.0
 6 | # (the "License"); you may not use this file except in compliance with
 7 | # the License.  You may obtain a copy of the License at
 8 | #
 9 | #   http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | 
18 | # Java command to use when running nifi-registry
19 | java=java
20 | 
21 | # Username to use when running nifi-registry. This value will be ignored on Windows.
22 | run.as=
23 | 
24 | # Configure the working directory for launching the NiFi Registry process
25 | # If not specified, the working directory will fall back to using the NIFI_REGISTRY_HOME env variable
26 | # If the environment variable is not specified, the working directory will fall back to the parent of this file's parent
27 | working.dir=
28 | 
29 | # Configure where nifi-registry's lib and conf directories live
30 | lib.dir=./lib
31 | conf.dir=./conf
32 | docs.dir=./docs
33 | 
34 | # How long to wait after telling nifi-registry to shutdown before explicitly killing the Process
35 | graceful.shutdown.seconds=20
36 | 
37 | # Disable JSR 199 so that we can use JSP's without running a JDK
38 | java.arg.1=-Dorg.apache.jasper.compiler.disablejsr199=true
39 | 
40 | # JVM memory settings
41 | java.arg.2=-Xms512m
42 | java.arg.3=-Xmx512m
43 | 
44 | # Enable Remote Debugging
45 | #java.arg.debug=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
46 | 
47 | java.arg.4=-Djava.net.preferIPv4Stack=true
48 | 
49 | # allowRestrictedHeaders is required for Cluster/Node communications to work properly
50 | java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true
51 | java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol
52 | 
53 | # Master key in hexadecimal format for encrypted sensitive configuration values
54 | nifi.registry.bootstrap.sensitive.key=


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # nifi binaries
 2 | nifi-registry-*-bin*
 3 | nifi-registry-*-SNAPSHOT*
 4 | *.jar
 5 | 
 6 | # Created by https://www.gitignore.io/api/intellij+all
 7 | # Edit at https://www.gitignore.io/?templates=intellij+all
 8 | 
 9 | ### Intellij+all ###
10 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
11 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
12 | 
13 | # User-specific stuff
14 | .idea/**/workspace.xml
15 | .idea/**/tasks.xml
16 | .idea/**/usage.statistics.xml
17 | .idea/**/dictionaries
18 | .idea/**/shelf
19 | 
20 | # Generated files
21 | .idea/**/contentModel.xml
22 | 
23 | # Sensitive or high-churn files
24 | .idea/**/dataSources/
25 | .idea/**/dataSources.ids
26 | .idea/**/dataSources.local.xml
27 | .idea/**/sqlDataSources.xml
28 | .idea/**/dynamic.xml
29 | .idea/**/uiDesigner.xml
30 | .idea/**/dbnavigator.xml
31 | 
32 | # Gradle
33 | .idea/**/gradle.xml
34 | .idea/**/libraries
35 | 
36 | # Gradle and Maven with auto-import
37 | # When using Gradle or Maven with auto-import, you should exclude module files,
38 | # since they will be recreated, and may cause churn.  Uncomment if using
39 | # auto-import.
40 | # .idea/modules.xml
41 | # .idea/*.iml
42 | # .idea/modules
43 | 
44 | # CMake
45 | cmake-build-*/
46 | 
47 | # Mongo Explorer plugin
48 | .idea/**/mongoSettings.xml
49 | 
50 | # File-based project format
51 | *.iws
52 | 
53 | # IntelliJ
54 | out/
55 | 
56 | # mpeltonen/sbt-idea plugin
57 | .idea_modules/
58 | 
59 | # JIRA plugin
60 | atlassian-ide-plugin.xml
61 | 
62 | # Cursive Clojure plugin
63 | .idea/replstate.xml
64 | 
65 | # Crashlytics plugin (for Android Studio and IntelliJ)
66 | com_crashlytics_export_strings.xml
67 | crashlytics.properties
68 | crashlytics-build.properties
69 | fabric.properties
70 | 
71 | # Editor-based Rest Client
72 | .idea/httpRequests
73 | 
74 | # Android studio 3.1+ serialized cache file
75 | .idea/caches/build_file_checksums.ser
76 | 
77 | ### Intellij+all Patch ###
78 | # Ignores the whole .idea folder and all .iml files
79 | # See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360
80 | 
81 | .idea/
82 | 
83 | # Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
84 | 
85 | *.iml
86 | modules.xml
87 | .idea/misc.xml
88 | *.ipr
89 | 
90 | # Sonarlint plugin
91 |  .idea/sonarlint
92 | 
93 | # End of https://www.gitignore.io/api/intellij+all
94 | 
95 | 


--------------------------------------------------------------------------------
/templates/bootstrap.conf.gotemplate:
--------------------------------------------------------------------------------
 1 | #
 2 | # Licensed to the Apache Software Foundation (ASF) under one or more
 3 | # contributor license agreements.  See the NOTICE file distributed with
 4 | # this work for additional information regarding copyright ownership.
 5 | # The ASF licenses this file to You under the Apache License, Version 2.0
 6 | # (the "License"); you may not use this file except in compliance with
 7 | # the License.  You may obtain a copy of the License at
 8 | #
 9 | #   http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | 
18 | # Java command to use when running nifi-registry
19 | java={{ default .Env.BOOTSTRAP_JAVA "java" }}
20 | 
21 | # Username to use when running nifi-registry. This value will be ignored on Windows.
22 | run.as={{ default .Env.BOOTSTRAP_RUN_AS "" }}
23 | 
24 | # Configure the working directory for launching the NiFi Registry process
25 | # If not specified, the working directory will fall back to using the NIFI_REGISTRY_HOME env variable
26 | # If the environment variable is not specified, the working directory will fall back to the parent of this file's parent
27 | working.dir={{ default .Env.BOOTSTRAP_WORKING_DIR "" }}
28 | 
29 | # Configure where nifi-registry's lib and conf directories live
30 | lib.dir={{ default .Env.BOOTSTRAP_LIB_DIR "./lib" }}
31 | conf.dir={{ default .Env.BOOTSTRAP_CONF_DIR "./conf" }}
32 | docs.dir={{ default .Env.BOOTSTRAP_DOCS_DIR "./docs" }}
33 | 
34 | # How long to wait after telling nifi-registry to shutdown before explicitly killing the Process
35 | graceful.shutdown.seconds={{ default .Env.BOOTSTRAP_GRACEFUL_SHUTDOWN_SECONDS "20" }}
36 | 
37 | # Disable JSR 199 so that we can use JSP's without running a JDK
38 | java.arg.1={{ default .Env.BOOTSTRAP_JAVA_ARG_1 "-Dorg.apache.jasper.compiler.disablejsr199=true" }}
39 | 
40 | # JVM memory settings
41 | java.arg.2={{ default .Env.BOOTSTRAP_JAVA_ARG_2 "-Xms512m" }}
42 | java.arg.3={{ default .Env.BOOTSTRAP_JAVA_ARG_3 "-Xmx512m" }}
43 | 
44 | # Enable Remote Debugging
45 | #java.arg.debug=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
46 | {{ if .Env.BOOTSTRAP_JAVA_ARG_DEBUG -}}
47 | java.arg.debug={{ .Env.BOOTSTRAP_JAVA_ARG_DEBUG }}
48 | {{- end }}
49 | 
50 | java.arg.4={{ default .Env.BOOTSTRAP_JAVA_ARG_4 "-Djava.net.preferIPv4Stack=true" }}
51 | 
52 | # allowRestrictedHeaders is required for Cluster/Node communications to work properly
53 | java.arg.5={{ default .Env.BOOTSTRAP_JAVA_ARG_5 "-Dsun.net.http.allowRestrictedHeaders=true" }}
54 | java.arg.6={{ default .Env.BOOTSTRAP_JAVA_ARG_6 "-Djava.protocol.handler.pkgs=sun.net.www.protocol" }}
55 | 
56 | # Master key in hexadecimal format for encrypted sensitive configuration values
57 | nifi.registry.bootstrap.sensitive.key={{ default .Env.BOOTSTRAP_NIFI_REGISTRY_BOOTSTRAP_SENSITIVE_KEY "" }}
58 | 


--------------------------------------------------------------------------------
/conf/0.5.0/nifi-registry.properties:
--------------------------------------------------------------------------------
  1 | # Licensed to the Apache Software Foundation (ASF) under one or more
  2 | # contributor license agreements.  See the NOTICE file distributed with
  3 | # this work for additional information regarding copyright ownership.
  4 | # The ASF licenses this file to You under the Apache License, Version 2.0
  5 | # (the "License"); you may not use this file except in compliance with
  6 | # the License.  You may obtain a copy of the License at
  7 | #
  8 | #     http://www.apache.org/licenses/LICENSE-2.0
  9 | #
 10 | # Unless required by applicable law or agreed to in writing, software
 11 | # distributed under the License is distributed on an "AS IS" BASIS,
 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 | # See the License for the specific language governing permissions and
 14 | # limitations under the License.
 15 | 
 16 | # web properties #
 17 | nifi.registry.web.war.directory=./lib
 18 | nifi.registry.web.http.host=
 19 | nifi.registry.web.http.port=18080
 20 | nifi.registry.web.https.host=
 21 | nifi.registry.web.https.port=
 22 | nifi.registry.web.jetty.working.directory=./work/jetty
 23 | nifi.registry.web.jetty.threads=200
 24 | 
 25 | # security properties #
 26 | nifi.registry.security.keystore=
 27 | nifi.registry.security.keystoreType=
 28 | nifi.registry.security.keystorePasswd=
 29 | nifi.registry.security.keyPasswd=
 30 | nifi.registry.security.truststore=
 31 | nifi.registry.security.truststoreType=
 32 | nifi.registry.security.truststorePasswd=
 33 | nifi.registry.security.needClientAuth=
 34 | nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml
 35 | nifi.registry.security.authorizer=managed-authorizer
 36 | nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml
 37 | nifi.registry.security.identity.provider=
 38 | 
 39 | # sensitive property protection properties #
 40 | # nifi.registry.sensitive.props.additional.keys=
 41 | 
 42 | # providers properties #
 43 | nifi.registry.providers.configuration.file=./conf/providers.xml
 44 | 
 45 | # registry alias properties #
 46 | nifi.registry.registry.alias.configuration.file=./conf/registry-aliases.xml
 47 | 
 48 | # extensions working dir #
 49 | nifi.registry.extensions.working.directory=./work/extensions
 50 | 
 51 | # legacy database properties, used to migrate data from original DB to new DB below
 52 | # NOTE: Users upgrading from 0.1.0 should leave these populated, but new installs after 0.1.0 should leave these empty
 53 | nifi.registry.db.directory=
 54 | nifi.registry.db.url.append=
 55 | 
 56 | # database properties
 57 | nifi.registry.db.url=jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
 58 | nifi.registry.db.driver.class=org.h2.Driver
 59 | nifi.registry.db.driver.directory=
 60 | nifi.registry.db.username=nifireg
 61 | nifi.registry.db.password=nifireg
 62 | nifi.registry.db.maxConnections=5
 63 | nifi.registry.db.sql.debug=false
 64 | 
 65 | # extension directories #
 66 | # Each property beginning with "nifi.registry.extension.dir." will be treated as location for an extension,
 67 | # and a class loader will be created for each location, with the system class loader as the parent
 68 | #
 69 | #nifi.registry.extension.dir.1=/path/to/extension1
 70 | #nifi.registry.extension.dir.2=/path/to/extension2
 71 | 
 72 | nifi.registry.extension.dir.aws=./ext/aws/lib
 73 | 
 74 | # Identity Mapping Properties #
 75 | # These properties allow normalizing user identities such that identities coming from different identity providers
 76 | # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing
 77 | # DNs from certificates and principals from Kerberos into a common identity string:
 78 | #
 79 | # nifi.registry.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
 80 | # nifi.registry.security.identity.mapping.value.dn=$1@$2
 81 | # nifi.registry.security.identity.mapping.transform.dn=NONE
 82 | 
 83 | # nifi.registry.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
 84 | # nifi.registry.security.identity.mapping.value.kerb=$1@$2
 85 | # nifi.registry.security.identity.mapping.transform.kerb=UPPER
 86 | 
 87 | # Group Mapping Properties #
 88 | # These properties allow normalizing group names coming from external sources like LDAP. The following example
 89 | # lowercases any group name.
 90 | #
 91 | # nifi.registry.security.group.mapping.pattern.anygroup=^(.*)$
 92 | # nifi.registry.security.group.mapping.value.anygroup=$1
 93 | # nifi.registry.security.group.mapping.transform.anygroup=LOWER
 94 | 
 95 | 
 96 | # kerberos properties #
 97 | nifi.registry.kerberos.krb5.file=
 98 | nifi.registry.kerberos.spnego.principal=
 99 | nifi.registry.kerberos.spnego.keytab.location=
100 | nifi.registry.kerberos.spnego.authentication.expiration=12 hours
101 | 


--------------------------------------------------------------------------------
/conf/0.6.0/nifi-registry.properties:
--------------------------------------------------------------------------------
  1 | # Licensed to the Apache Software Foundation (ASF) under one or more
  2 | # contributor license agreements.  See the NOTICE file distributed with
  3 | # this work for additional information regarding copyright ownership.
  4 | # The ASF licenses this file to You under the Apache License, Version 2.0
  5 | # (the "License"); you may not use this file except in compliance with
  6 | # the License.  You may obtain a copy of the License at
  7 | #
  8 | #     http://www.apache.org/licenses/LICENSE-2.0
  9 | #
 10 | # Unless required by applicable law or agreed to in writing, software
 11 | # distributed under the License is distributed on an "AS IS" BASIS,
 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 | # See the License for the specific language governing permissions and
 14 | # limitations under the License.
 15 | 
 16 | # web properties #
 17 | nifi.registry.web.war.directory=./lib
 18 | nifi.registry.web.http.host=
 19 | nifi.registry.web.http.port=18080
 20 | nifi.registry.web.https.host=
 21 | nifi.registry.web.https.port=
 22 | nifi.registry.web.jetty.working.directory=./work/jetty
 23 | nifi.registry.web.jetty.threads=200
 24 | 
 25 | # security properties #
 26 | nifi.registry.security.keystore=
 27 | nifi.registry.security.keystoreType=
 28 | nifi.registry.security.keystorePasswd=
 29 | nifi.registry.security.keyPasswd=
 30 | nifi.registry.security.truststore=
 31 | nifi.registry.security.truststoreType=
 32 | nifi.registry.security.truststorePasswd=
 33 | nifi.registry.security.needClientAuth=
 34 | nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml
 35 | nifi.registry.security.authorizer=managed-authorizer
 36 | nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml
 37 | nifi.registry.security.identity.provider=
 38 | 
 39 | # sensitive property protection properties #
 40 | # nifi.registry.sensitive.props.additional.keys=
 41 | 
 42 | # providers properties #
 43 | nifi.registry.providers.configuration.file=./conf/providers.xml
 44 | 
 45 | # registry alias properties #
 46 | nifi.registry.registry.alias.configuration.file=./conf/registry-aliases.xml
 47 | 
 48 | # extensions working dir #
 49 | nifi.registry.extensions.working.directory=./work/extensions
 50 | 
 51 | # legacy database properties, used to migrate data from original DB to new DB below
 52 | # NOTE: Users upgrading from 0.1.0 should leave these populated, but new installs after 0.1.0 should leave these empty
 53 | nifi.registry.db.directory=
 54 | nifi.registry.db.url.append=
 55 | 
 56 | # database properties
 57 | nifi.registry.db.url=jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
 58 | nifi.registry.db.driver.class=org.h2.Driver
 59 | nifi.registry.db.driver.directory=
 60 | nifi.registry.db.username=nifireg
 61 | nifi.registry.db.password=nifireg
 62 | nifi.registry.db.maxConnections=5
 63 | nifi.registry.db.sql.debug=false
 64 | 
 65 | # extension directories #
 66 | # Each property beginning with "nifi.registry.extension.dir." will be treated as location for an extension,
 67 | # and a class loader will be created for each location, with the system class loader as the parent
 68 | #
 69 | #nifi.registry.extension.dir.1=/path/to/extension1
 70 | #nifi.registry.extension.dir.2=/path/to/extension2
 71 | 
 72 | nifi.registry.extension.dir.aws=./ext/aws/lib
 73 | 
 74 | # Identity Mapping Properties #
 75 | # These properties allow normalizing user identities such that identities coming from different identity providers
 76 | # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing
 77 | # DNs from certificates and principals from Kerberos into a common identity string:
 78 | #
 79 | # nifi.registry.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
 80 | # nifi.registry.security.identity.mapping.value.dn=$1@$2
 81 | # nifi.registry.security.identity.mapping.transform.dn=NONE
 82 | 
 83 | # nifi.registry.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
 84 | # nifi.registry.security.identity.mapping.value.kerb=$1@$2
 85 | # nifi.registry.security.identity.mapping.transform.kerb=UPPER
 86 | 
 87 | # Group Mapping Properties #
 88 | # These properties allow normalizing group names coming from external sources like LDAP. The following example
 89 | # lowercases any group name.
 90 | #
 91 | # nifi.registry.security.group.mapping.pattern.anygroup=^(.*)$
 92 | # nifi.registry.security.group.mapping.value.anygroup=$1
 93 | # nifi.registry.security.group.mapping.transform.anygroup=LOWER
 94 | 
 95 | 
 96 | # kerberos properties #
 97 | nifi.registry.kerberos.krb5.file=
 98 | nifi.registry.kerberos.spnego.principal=
 99 | nifi.registry.kerberos.spnego.keytab.location=
100 | nifi.registry.kerberos.spnego.authentication.expiration=12 hours
101 | 


--------------------------------------------------------------------------------
/sh/start-plain.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | #    Licensed to the Apache Software Foundation (ASF) under one or more
 4 | #    contributor license agreements.  See the NOTICE file distributed with
 5 | #    this work for additional information regarding copyright ownership.
 6 | #    The ASF licenses this file to You under the Apache License, Version 2.0
 7 | #    (the "License"); you may not use this file except in compliance with
 8 | #    the License.  You may obtain a copy of the License at
 9 | #
10 | #       http://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | #    Unless required by applicable law or agreed to in writing, software
13 | #    distributed under the License is distributed on an "AS IS" BASIS,
14 | #    WITH OUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | #    See the License for the specific language governing permissions and
16 | #    limitations under the License.
17 | 
18 | if [[ -n "$DEBUG" ]]; then
19 |     echo 'Printing all environment variables for debugging'
20 |     env | sort
21 |     echo 'End of debug output'
22 | fi
23 | 
24 | if [[ -n "$SSH_PRIVATE_KEY" ]]; then
25 |     printf "%s\n" 'SSH_PRIVATE_KEY_FILE=$HOME/.ssh/id_rsa'
26 |     SSH_PRIVATE_KEY_FILE="$HOME/.ssh/id_rsa"
27 | 
28 |     printf "%s\n" 'SSH_KNOWN_HOSTS_FILE=$HOME/.ssh/known_hosts'
29 |     SSH_KNOWN_HOSTS_FILE="$HOME/.ssh/known_hosts"
30 | 
31 |     printf "%s\n" 'mkdir -p $HOME/.ssh && chmod 700 $HOME/.ssh'
32 |     mkdir -p $HOME/.ssh && chmod 700 $HOME/.ssh
33 | 
34 |     printf "%s\n" 'echo -n "${SSH_PRIVATE_KEY}" | base64 -d > $SSH_PRIVATE_KEY_FILE && chmod 600 "${SSH_PRIVATE_KEY_FILE}"'
35 |     echo -n "${SSH_PRIVATE_KEY}" | base64 -d > ${SSH_PRIVATE_KEY_FILE} && chmod 600 "${SSH_PRIVATE_KEY_FILE}"
36 | 
37 |     printf "%s\n" 'ssh-keygen ${SSH_PRIVATE_KEY_PASSPHRASE:+'\''-P'\'' "${SSH_PRIVATE_KEY_PASSPHRASE}"} -y -f ${SSH_PRIVATE_KEY_FILE} > ${SSH_PRIVATE_KEY_FILE}.pub && chmod 600 ${SSH_PRIVATE_KEY_FILE}.pub'
38 |     ssh-keygen ${SSH_PRIVATE_KEY_PASSPHRASE:+'-P' "${SSH_PRIVATE_KEY_PASSPHRASE}"} -y -f ${SSH_PRIVATE_KEY_FILE} > ${SSH_PRIVATE_KEY_FILE}.pub && chmod 600 ${SSH_PRIVATE_KEY_FILE}.pub
39 | 
40 |     printf "%s\n" 'echo -n ${SSH_KNOWN_HOSTS} | base64 -d > $SSH_KNOWN_HOSTS_FILE && chmod 600 $SSH_KNOWN_HOSTS_FILE'
41 |     echo -n ${SSH_KNOWN_HOSTS} | base64 -d > $SSH_KNOWN_HOSTS_FILE && chmod 600 $SSH_KNOWN_HOSTS_FILE
42 | fi
43 | 
44 | if [[ -n "$GIT_REMOTE_URL" && ! -d "$FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY" ]]; then
45 |     if [[ -n "$FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD" ]]; then
46 |         echo "FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD is set, trying to set git credential helper for HTTPS password"
47 |         printf "%s\n" 'git config --global credential.${GIT_REMOTE_URL}.helper '\''!f() { sleep 1; echo -e "username=${FLOW_PROVIDER_GIT_REMOTE_ACCESS_USER}\npassword=*****"; }; f'\'
48 |         git config --global credential.${GIT_REMOTE_URL}.helper '!f() { sleep 1; echo -e "username=${FLOW_PROVIDER_GIT_REMOTE_ACCESS_USER}\npassword=${FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD}"; }; f'
49 |     fi
50 |     if [[ -n "$SSH_PRIVATE_KEY_PASSPHRASE" ]]; then
51 |         printf 'SSH_PRIVATE_KEY_PASSPHRASE is set, hacking git ssh command with sshpass\n'
52 |         printf "%s\n" 'export GIT_SSH_COMMAND="sshpass -e -P'assphrase' ssh"'
53 |         export GIT_SSH_COMMAND="sshpass -e -P'assphrase' ssh"
54 |         printf "%s\n" 'export SSHPASS=${SSH_PRIVATE_KEY_PASSPHRASE}'
55 |         export SSHPASS=${SSH_PRIVATE_KEY_PASSPHRASE}
56 |     fi
57 |     printf "Found git remote: %s, cloning into: %s, with remote: %s and branch: %s\n" ${GIT_REMOTE_URL} ${FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY} ${FLOW_PROVIDER_GIT_REMOTE_TO_PUSH} ${GIT_CHECKOUT_BRANCH}
58 |     printf "%s\n" 'git clone -o $FLOW_PROVIDER_GIT_REMOTE_TO_PUSH -b $GIT_CHECKOUT_BRANCH $GIT_REMOTE_URL $FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY'
59 |     git clone -o $FLOW_PROVIDER_GIT_REMOTE_TO_PUSH -b $GIT_CHECKOUT_BRANCH $GIT_REMOTE_URL $FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY
60 |     for KEY in $(compgen -e); do
61 |         if [[ $KEY == GIT_CONFIG* ]]; then
62 |             printf "Found key: %s for git config\n" $KEY
63 |             VALUE=${!KEY}
64 |             KEY=${KEY#GIT_CONFIG_}
65 |             KEY=${KEY~~}
66 |             KEY=${KEY//_/.}
67 |             printf "Setting git config: %s=%s\n" "${KEY}" "${VALUE}"
68 |             printf "%s\n" 'git config -f ${FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY}/.git/config ${KEY} '\''${VALUE}'\'
69 |             git config -f "${FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY}/.git/config" "${KEY}" "'${VALUE}'"
70 |         fi
71 |     done
72 | fi
73 | 
74 | # Continuously provide logs so that 'docker logs' can produce them
75 | tail -F "${PROJECT_HOME}/logs/nifi-registry-app.log" &
76 | "${PROJECT_HOME}/bin/nifi-registry.sh" run &
77 | nifi_registry_pid="$!"
78 | 
79 | trap "echo Received trapped signal, beginning shutdown...;" KILL TERM HUP INT EXIT;
80 | 
81 | echo NiFi-Registry running with PID ${nifi_registry_pid}.
82 | wait ${nifi_registry_pid}


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
  1 | # build phase
  2 | FROM alpine:3.9 as build
  3 | LABEL stage=build
  4 | 
  5 | RUN apk --update add --no-cache \
  6 |   &&   apk add --no-cache ca-certificates openssl curl wget \
  7 |   &&   update-ca-certificates \
  8 |   &&   rm -rf /var/lib/apt/lists/* \
  9 |   &&   rm -f /var/cache/apk/*
 10 | 
 11 | ARG UPSTREAM_VERSION
 12 | ARG MIRROR
 13 | 
 14 | ENV PROJECT_BASE_DIR /opt/nifi-registry
 15 | ENV PROJECT_HOME ${PROJECT_BASE_DIR}/nifi-registry-${UPSTREAM_VERSION}
 16 | 
 17 | ENV UPSTREAM_BINARY_URL nifi/nifi-registry/nifi-registry-${UPSTREAM_VERSION}/nifi-registry-${UPSTREAM_VERSION}-bin.tar.gz
 18 | ENV DOCKERIZE_VERSION v0.6.1
 19 | 
 20 | # Download, validate, and expand Apache NiFi-Registry binary.
 21 | RUN mkdir -p ${PROJECT_BASE_DIR} \
 22 |     && curl -fSL ${MIRROR}/${UPSTREAM_BINARY_URL} -o ${PROJECT_BASE_DIR}/nifi-registry-${UPSTREAM_VERSION}-bin.tar.gz \
 23 |     && echo "$(curl ${MIRROR}/${UPSTREAM_BINARY_URL}.sha256) *${PROJECT_BASE_DIR}/nifi-registry-${UPSTREAM_VERSION}-bin.tar.gz" | sha256sum -c - \
 24 |     && tar -xvzf ${PROJECT_BASE_DIR}/nifi-registry-${UPSTREAM_VERSION}-bin.tar.gz -C ${PROJECT_BASE_DIR} \
 25 |     && rm ${PROJECT_BASE_DIR}/nifi-registry-${UPSTREAM_VERSION}-bin.tar.gz \
 26 |     && rm -fr ${PROJECT_HOME}/docs
 27 | 
 28 | RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
 29 |     && tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
 30 |     && rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 31 | 
 32 | # base phase
 33 | FROM openjdk:8-jdk-alpine as base
 34 | 
 35 | RUN apk --update add --no-cache ca-certificates bash git less openssh sshpass \
 36 |   && update-ca-certificates \
 37 |   &&   rm -rf /var/lib/apt/lists/* \
 38 |   &&   rm -f /var/cache/apk/*
 39 | 
 40 | ARG BUILD_RFC3339
 41 | ARG COMMIT
 42 | ARG VERSION
 43 | 
 44 | LABEL \
 45 |       org.opencontainers.image.ref.name="michalklempa/nifi-registry" \
 46 |       org.opencontainers.image.title="Unofficial Docker Image For NiFi Registry" \
 47 |       org.opencontainers.image.created=$BUILD_RFC3339 \
 48 |       org.opencontainers.image.authors="Michal Klempa <michal.klempa@gmail.com>" \
 49 |       org.opencontainers.image.documentation="https://github.com/michalklempa/docker-nifi-registry/blob/master/README.md" \
 50 |       org.opencontainers.image.description="michalklempa/nifi-registry docker image is an alternative and unofficial image for NiFi Registry project" \
 51 |       org.opencontainers.image.licenses="Apache-2.0" \
 52 |       org.opencontainers.image.source="https://github.com/michalklempa/docker-nifi-registry/" \
 53 |       org.opencontainers.image.revision=$COMMIT \
 54 |       org.opencontainers.image.version=$VERSION \
 55 |       org.opencontainers.image.url="https://hub.docker.com/r/michalklempa/nifi-registry" \
 56 |       org.label-schema.schema-version="1.0" \
 57 |       org.label-schema.docker.cmd='docker run -p 18080:18080 --name nifi-registry -d michalklempa/nifi-registry:latest' \
 58 |       org.label-schema.docker.cmd.devel='docker run -p 8000:8000 -p 18080:18080 -e''BOOTSTRAP_JAVA_ARG_DEBUG=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000'' --name nifi-registry -d michalklempa/nifi-registry:latest'
 59 | 
 60 | ARG UPSTREAM_VERSION
 61 | 
 62 | ENV PROJECT_BASE_DIR /opt/nifi-registry
 63 | ENV PROJECT_HOME ${PROJECT_BASE_DIR}/nifi-registry-${UPSTREAM_VERSION}
 64 | 
 65 | ENV PROJECT_TEMPLATE_DIR ${PROJECT_BASE_DIR}/templates
 66 | 
 67 | ENV PROJECT_CONF_DIR ${PROJECT_HOME}/conf
 68 | 
 69 | # Setup NiFi-Registry user
 70 | RUN mkdir -p ${PROJECT_BASE_DIR}
 71 | 
 72 | COPY --from=build ${PROJECT_HOME} ${PROJECT_HOME}
 73 | COPY --from=build /usr/local/bin/dockerize /usr/local/bin/dockerize
 74 | COPY ./templates ${PROJECT_TEMPLATE_DIR}
 75 | 
 76 | COPY sh/ ${PROJECT_BASE_DIR}/scripts/
 77 | 
 78 | RUN mkdir -p ${PROJECT_HOME}/docs
 79 | 
 80 | # Web HTTP(s) ports
 81 | EXPOSE 18080 18443
 82 | 
 83 | WORKDIR ${PROJECT_HOME}
 84 | 
 85 | FROM base as plain
 86 | 
 87 | # Apply configuration and start NiFi Registry
 88 | CMD ${PROJECT_BASE_DIR}/scripts/start-plain.sh
 89 | 
 90 | FROM plain as plainuser
 91 | ARG UID=1000
 92 | ARG GID=1000
 93 | 
 94 | RUN addgroup -g ${GID} nifi \
 95 |     && adduser -s /bin/bash -u ${UID} -G nifi -D nifi \
 96 |     && chown -R nifi:nifi ${PROJECT_BASE_DIR}
 97 | USER nifi
 98 | 
 99 | FROM base as default
100 | 
101 | ENV FLOW_PROVIDER file
102 | ENV FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY $PROJECT_BASE_DIR/flow-storage
103 | ENV FLOW_PROVIDER_FILE_FLOW_STORAGE_DIRECTORY $PROJECT_BASE_DIR/flow-storage
104 | 
105 | ENV EXTENSION_BUNDLE_PROVIDER file
106 | ENV EXTENSION_BUNDLE_PROVIDER_FILE_EXTENSION_BUNDLE_STORAGE_DIRECTORY $PROJECT_BASE_DIR/extension-bundle-storage
107 | 
108 | # Apply configuration and start NiFi Registry
109 | CMD ${PROJECT_BASE_DIR}/scripts/start.sh
110 | 
111 | FROM default as defaultuser
112 | ARG UID=1000
113 | ARG GID=1000
114 | 
115 | RUN addgroup -g ${GID} nifi \
116 |     && adduser -s /bin/bash -u ${UID} -G nifi -D nifi \
117 |     && chown -R nifi:nifi ${PROJECT_BASE_DIR}
118 | USER nifi
119 | 
120 | 


--------------------------------------------------------------------------------
/conf/0.7.0/nifi-registry.properties:
--------------------------------------------------------------------------------
  1 | # Licensed to the Apache Software Foundation (ASF) under one or more
  2 | # contributor license agreements.  See the NOTICE file distributed with
  3 | # this work for additional information regarding copyright ownership.
  4 | # The ASF licenses this file to You under the Apache License, Version 2.0
  5 | # (the "License"); you may not use this file except in compliance with
  6 | # the License.  You may obtain a copy of the License at
  7 | #
  8 | #     http://www.apache.org/licenses/LICENSE-2.0
  9 | #
 10 | # Unless required by applicable law or agreed to in writing, software
 11 | # distributed under the License is distributed on an "AS IS" BASIS,
 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 | # See the License for the specific language governing permissions and
 14 | # limitations under the License.
 15 | 
 16 | # web properties #
 17 | nifi.registry.web.war.directory=./lib
 18 | nifi.registry.web.http.host=
 19 | nifi.registry.web.http.port=18080
 20 | nifi.registry.web.https.host=
 21 | nifi.registry.web.https.port=
 22 | nifi.registry.web.jetty.working.directory=./work/jetty
 23 | nifi.registry.web.jetty.threads=200
 24 | nifi.registry.web.should.send.server.version=true
 25 | 
 26 | # security properties #
 27 | nifi.registry.security.keystore=
 28 | nifi.registry.security.keystoreType=
 29 | nifi.registry.security.keystorePasswd=
 30 | nifi.registry.security.keyPasswd=
 31 | nifi.registry.security.truststore=
 32 | nifi.registry.security.truststoreType=
 33 | nifi.registry.security.truststorePasswd=
 34 | nifi.registry.security.needClientAuth=
 35 | nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml
 36 | nifi.registry.security.authorizer=managed-authorizer
 37 | nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml
 38 | nifi.registry.security.identity.provider=
 39 | 
 40 | # sensitive property protection properties #
 41 | # nifi.registry.sensitive.props.additional.keys=
 42 | 
 43 | # providers properties #
 44 | nifi.registry.providers.configuration.file=./conf/providers.xml
 45 | 
 46 | # registry alias properties #
 47 | nifi.registry.registry.alias.configuration.file=./conf/registry-aliases.xml
 48 | 
 49 | # extensions working dir #
 50 | nifi.registry.extensions.working.directory=./work/extensions
 51 | 
 52 | # legacy database properties, used to migrate data from original DB to new DB below
 53 | # NOTE: Users upgrading from 0.1.0 should leave these populated, but new installs after 0.1.0 should leave these empty
 54 | nifi.registry.db.directory=
 55 | nifi.registry.db.url.append=
 56 | 
 57 | # database properties
 58 | nifi.registry.db.url=jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
 59 | nifi.registry.db.driver.class=org.h2.Driver
 60 | nifi.registry.db.driver.directory=
 61 | nifi.registry.db.username=nifireg
 62 | nifi.registry.db.password=nifireg
 63 | nifi.registry.db.maxConnections=5
 64 | nifi.registry.db.sql.debug=false
 65 | 
 66 | # extension directories #
 67 | # Each property beginning with "nifi.registry.extension.dir." will be treated as location for an extension,
 68 | # and a class loader will be created for each location, with the system class loader as the parent
 69 | #
 70 | #nifi.registry.extension.dir.1=/path/to/extension1
 71 | #nifi.registry.extension.dir.2=/path/to/extension2
 72 | 
 73 | nifi.registry.extension.dir.aws=./ext/aws/lib
 74 | 
 75 | # Identity Mapping Properties #
 76 | # These properties allow normalizing user identities such that identities coming from different identity providers
 77 | # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing
 78 | # DNs from certificates and principals from Kerberos into a common identity string:
 79 | #
 80 | #nifi.registry.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
 81 | #nifi.registry.security.identity.mapping.value.dn=$1@$2
 82 | #nifi.registry.security.identity.mapping.transform.dn=NONE
 83 | 
 84 | #nifi.registry.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
 85 | #nifi.registry.security.identity.mapping.value.kerb=$1@$2
 86 | #nifi.registry.security.identity.mapping.transform.kerb=UPPER
 87 | 
 88 | # Group Mapping Properties #
 89 | # These properties allow normalizing group names coming from external sources like LDAP. The following example
 90 | # lowercases any group name.
 91 | #
 92 | #nifi.registry.security.group.mapping.pattern.anygroup=^(.*)$
 93 | #nifi.registry.security.group.mapping.value.anygroup=$1
 94 | #nifi.registry.security.group.mapping.transform.anygroup=LOWER
 95 | 
 96 | 
 97 | # kerberos properties #
 98 | nifi.registry.kerberos.krb5.file=
 99 | nifi.registry.kerberos.spnego.principal=
100 | nifi.registry.kerberos.spnego.keytab.location=
101 | nifi.registry.kerberos.spnego.authentication.expiration=12 hours
102 | 
103 | # revision management #
104 | # This feature should remain disabled until a future NiFi release that supports the revision API changes
105 | nifi.registry.revisions.enabled=false


--------------------------------------------------------------------------------
/conf/0.5.0/providers.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <!--
 3 |   Licensed to the Apache Software Foundation (ASF) under one or more
 4 |   contributor license agreements.  See the NOTICE file distributed with
 5 |   this work for additional information regarding copyright ownership.
 6 |   The ASF licenses this file to You under the Apache License, Version 2.0
 7 |   (the "License"); you may not use this file except in compliance with
 8 |   the License.  You may obtain a copy of the License at
 9 |       http://www.apache.org/licenses/LICENSE-2.0
10 |   Unless required by applicable law or agreed to in writing, software
11 |   distributed under the License is distributed on an "AS IS" BASIS,
12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   See the License for the specific language governing permissions and
14 |   limitations under the License.
15 | -->
16 | <providers>
17 | 
18 |     <!-- NOTE: The providers in this file must be listed in the order defined in providers.xsd which is the following:
19 |             1) Flow Persistence Provider (Must occur once and only once)
20 |             2) Event Hook Providers (May occur 0 or more times)
21 |             3) Bundle Persistence Provider (Must occur once and only once)
22 |      -->
23 | 
24 |     <flowPersistenceProvider>
25 |         <class>org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider</class>
26 |         <property name="Flow Storage Directory">./flow_storage</property>
27 |     </flowPersistenceProvider>
28 | 
29 |     <!--
30 |     <flowPersistenceProvider>
31 |         <class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
32 |         <property name="Flow Storage Directory">./flow_storage</property>
33 |         <property name="Remote To Push"></property>
34 |         <property name="Remote Access User"></property>
35 |         <property name="Remote Access Password"></property>
36 |     </flowPersistenceProvider>
37 |     -->
38 | 
39 |     <!--
40 |     <flowPersistenceProvider>
41 |         <class>org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider</class>
42 |     </flowPersistenceProvider>
43 |     -->
44 | 
45 |     <!--
46 |     <eventHookProvider>
47 |     	<class>org.apache.nifi.registry.provider.hook.ScriptEventHookProvider</class>
48 |     	<property name="Script Path"></property>
49 |     	<property name="Working Directory"></property>
50 |     	-->
51 |     	<!-- Optional Whitelist Event types
52 |         <property name="Whitelisted Event Type 1">CREATE_FLOW</property>
53 |         <property name="Whitelisted Event Type 2">DELETE_FLOW</property>
54 |     	-->
55 |     <!--
56 |     </eventHookProvider>
57 |     -->
58 | 
59 |     <!-- This will log all events to a separate file specified by the EVENT_APPENDER in logback.xml -->
60 |     <!--
61 |     <eventHookProvider>
62 |         <class>org.apache.nifi.registry.provider.hook.LoggingEventHookProvider</class>
63 |     </eventHookProvider>
64 |     -->
65 | 
66 |     <extensionBundlePersistenceProvider>
67 |         <class>org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider</class>
68 |         <property name="Extension Bundle Storage Directory">./extension_bundles</property>
69 |     </extensionBundlePersistenceProvider>
70 | 
71 |     <!-- Example S3 Bundle Persistence Provider
72 |             - Requires nifi-registry-aws-assembly to be added to the classpath via a custom extension dir in nifi-registry.properties
73 |                 Example: nifi.registry.extension.dir.aws=./ext/aws/lib
74 |                 Where "./ext/aws/lib" contains the extracted contents of nifi-registry-aws-assembly
75 |             - "Region" - The name of the S3 region where the bucket exists
76 |             - "Bucket Name" - The name of an existing bucket to store extension bundles
77 |             - "Key Prefix" - An optional prefix that if specified will be added to the beginning of all S3 keys
78 |             - "Credentials Provider" - Indicates how credentials will be provided, must be a value of DEFAULT_CHAIN or STATIC
79 |                 - DEFAULT_CHAIN will consider in order: Java system properties, environment variables, credential profiles (~/.aws/credentials)
80 |                 - STATIC requires that "Access Key" and "Secret Access Key" be specified directly in this file
81 |             - "Access Key" - The access key to use when using STATIC credentials provider
82 |             - "Secret Access Key" - The secret access key to use when using STATIC credentials provider
83 |             - "Endpoint URL" - An optional URL that overrides the default AWS S3 endpoint URL.
84 |                  Set this when using an AWS S3 API compatible service hosted at a different URL.
85 |      -->
86 |     <!--
87 |     <extensionBundlePersistenceProvider>
88 |         <class>org.apache.nifi.registry.aws.S3BundlePersistenceProvider</class>
89 |         <property name="Region">us-east-1</property>
90 |         <property name="Bucket Name">my-bundles</property>
91 |         <property name="Key Prefix"></property>
92 |         <property name="Credentials Provider">DEFAULT_CHAIN</property>
93 |         <property name="Access Key"></property>
94 |         <property name="Secret Access Key"></property>
95 |         <property name="Endpoint URL"></property>
96 |     </extensionBundlePersistenceProvider>
97 |     -->
98 | 
99 | </providers>


--------------------------------------------------------------------------------
/conf/0.6.0/providers.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <!--
 3 |   Licensed to the Apache Software Foundation (ASF) under one or more
 4 |   contributor license agreements.  See the NOTICE file distributed with
 5 |   this work for additional information regarding copyright ownership.
 6 |   The ASF licenses this file to You under the Apache License, Version 2.0
 7 |   (the "License"); you may not use this file except in compliance with
 8 |   the License.  You may obtain a copy of the License at
 9 |       http://www.apache.org/licenses/LICENSE-2.0
10 |   Unless required by applicable law or agreed to in writing, software
11 |   distributed under the License is distributed on an "AS IS" BASIS,
12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   See the License for the specific language governing permissions and
14 |   limitations under the License.
15 | -->
16 | <providers>
17 | 
18 |     <!-- NOTE: The providers in this file must be listed in the order defined in providers.xsd which is the following:
19 |             1) Flow Persistence Provider (Must occur once and only once)
20 |             2) Event Hook Providers (May occur 0 or more times)
21 |             3) Bundle Persistence Provider (Must occur once and only once)
22 |      -->
23 | 
24 |     <flowPersistenceProvider>
25 |         <class>org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider</class>
26 |         <property name="Flow Storage Directory">./flow_storage</property>
27 |     </flowPersistenceProvider>
28 | 
29 |     <!--
30 |     <flowPersistenceProvider>
31 |         <class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
32 |         <property name="Flow Storage Directory">./flow_storage</property>
33 |         <property name="Remote To Push"></property>
34 |         <property name="Remote Access User"></property>
35 |         <property name="Remote Access Password"></property>
36 |     </flowPersistenceProvider>
37 |     -->
38 | 
39 |     <!--
40 |     <flowPersistenceProvider>
41 |         <class>org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider</class>
42 |     </flowPersistenceProvider>
43 |     -->
44 | 
45 |     <!--
46 |     <eventHookProvider>
47 |     	<class>org.apache.nifi.registry.provider.hook.ScriptEventHookProvider</class>
48 |     	<property name="Script Path"></property>
49 |     	<property name="Working Directory"></property>
50 |     	-->
51 |     	<!-- Optional Whitelist Event types
52 |         <property name="Whitelisted Event Type 1">CREATE_FLOW</property>
53 |         <property name="Whitelisted Event Type 2">DELETE_FLOW</property>
54 |     	-->
55 |     <!--
56 |     </eventHookProvider>
57 |     -->
58 | 
59 |     <!-- This will log all events to a separate file specified by the EVENT_APPENDER in logback.xml -->
60 |     <!--
61 |     <eventHookProvider>
62 |         <class>org.apache.nifi.registry.provider.hook.LoggingEventHookProvider</class>
63 |     </eventHookProvider>
64 |     -->
65 | 
66 |     <extensionBundlePersistenceProvider>
67 |         <class>org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider</class>
68 |         <property name="Extension Bundle Storage Directory">./extension_bundles</property>
69 |     </extensionBundlePersistenceProvider>
70 | 
71 |     <!-- Example S3 Bundle Persistence Provider
72 |             - Requires nifi-registry-aws-assembly to be added to the classpath via a custom extension dir in nifi-registry.properties
73 |                 Example: nifi.registry.extension.dir.aws=./ext/aws/lib
74 |                 Where "./ext/aws/lib" contains the extracted contents of nifi-registry-aws-assembly
75 |             - "Region" - The name of the S3 region where the bucket exists
76 |             - "Bucket Name" - The name of an existing bucket to store extension bundles
77 |             - "Key Prefix" - An optional prefix that if specified will be added to the beginning of all S3 keys
78 |             - "Credentials Provider" - Indicates how credentials will be provided, must be a value of DEFAULT_CHAIN or STATIC
79 |                 - DEFAULT_CHAIN will consider in order: Java system properties, environment variables, credential profiles (~/.aws/credentials)
80 |                 - STATIC requires that "Access Key" and "Secret Access Key" be specified directly in this file
81 |             - "Access Key" - The access key to use when using STATIC credentials provider
82 |             - "Secret Access Key" - The secret access key to use when using STATIC credentials provider
83 |             - "Endpoint URL" - An optional URL that overrides the default AWS S3 endpoint URL.
84 |                  Set this when using an AWS S3 API compatible service hosted at a different URL.
85 |      -->
86 |     <!--
87 |     <extensionBundlePersistenceProvider>
88 |         <class>org.apache.nifi.registry.aws.S3BundlePersistenceProvider</class>
89 |         <property name="Region">us-east-1</property>
90 |         <property name="Bucket Name">my-bundles</property>
91 |         <property name="Key Prefix"></property>
92 |         <property name="Credentials Provider">DEFAULT_CHAIN</property>
93 |         <property name="Access Key"></property>
94 |         <property name="Secret Access Key"></property>
95 |         <property name="Endpoint URL"></property>
96 |     </extensionBundlePersistenceProvider>
97 |     -->
98 | 
99 | </providers>


--------------------------------------------------------------------------------
/conf/0.8.0/nifi-registry.properties:
--------------------------------------------------------------------------------
  1 | # Licensed to the Apache Software Foundation (ASF) under one or more
  2 | # contributor license agreements.  See the NOTICE file distributed with
  3 | # this work for additional information regarding copyright ownership.
  4 | # The ASF licenses this file to You under the Apache License, Version 2.0
  5 | # (the "License"); you may not use this file except in compliance with
  6 | # the License.  You may obtain a copy of the License at
  7 | #
  8 | #     http://www.apache.org/licenses/LICENSE-2.0
  9 | #
 10 | # Unless required by applicable law or agreed to in writing, software
 11 | # distributed under the License is distributed on an "AS IS" BASIS,
 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 | # See the License for the specific language governing permissions and
 14 | # limitations under the License.
 15 | 
 16 | # web properties #
 17 | nifi.registry.web.war.directory=./lib
 18 | nifi.registry.web.http.host=
 19 | nifi.registry.web.http.port=18080
 20 | nifi.registry.web.https.host=
 21 | nifi.registry.web.https.port=
 22 | nifi.registry.web.jetty.working.directory=./work/jetty
 23 | nifi.registry.web.jetty.threads=200
 24 | nifi.registry.web.should.send.server.version=true
 25 | 
 26 | # security properties #
 27 | nifi.registry.security.keystore=
 28 | nifi.registry.security.keystoreType=
 29 | nifi.registry.security.keystorePasswd=
 30 | nifi.registry.security.keyPasswd=
 31 | nifi.registry.security.truststore=
 32 | nifi.registry.security.truststoreType=
 33 | nifi.registry.security.truststorePasswd=
 34 | nifi.registry.security.needClientAuth=
 35 | nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml
 36 | nifi.registry.security.authorizer=managed-authorizer
 37 | nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml
 38 | nifi.registry.security.identity.provider=
 39 | 
 40 | # sensitive property protection properties #
 41 | # nifi.registry.sensitive.props.additional.keys=
 42 | 
 43 | # providers properties #
 44 | nifi.registry.providers.configuration.file=./conf/providers.xml
 45 | 
 46 | # registry alias properties #
 47 | nifi.registry.registry.alias.configuration.file=./conf/registry-aliases.xml
 48 | 
 49 | # extensions working dir #
 50 | nifi.registry.extensions.working.directory=./work/extensions
 51 | 
 52 | # legacy database properties, used to migrate data from original DB to new DB below
 53 | # NOTE: Users upgrading from 0.1.0 should leave these populated, but new installs after 0.1.0 should leave these empty
 54 | nifi.registry.db.directory=
 55 | nifi.registry.db.url.append=
 56 | 
 57 | # database properties
 58 | nifi.registry.db.url=jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
 59 | nifi.registry.db.driver.class=org.h2.Driver
 60 | nifi.registry.db.driver.directory=
 61 | nifi.registry.db.username=nifireg
 62 | nifi.registry.db.password=nifireg
 63 | nifi.registry.db.maxConnections=5
 64 | nifi.registry.db.sql.debug=false
 65 | 
 66 | # extension directories #
 67 | # Each property beginning with "nifi.registry.extension.dir." will be treated as location for an extension,
 68 | # and a class loader will be created for each location, with the system class loader as the parent
 69 | #
 70 | #nifi.registry.extension.dir.1=/path/to/extension1
 71 | #nifi.registry.extension.dir.2=/path/to/extension2
 72 | 
 73 | nifi.registry.extension.dir.aws=./ext/aws/lib
 74 | 
 75 | # Identity Mapping Properties #
 76 | # These properties allow normalizing user identities such that identities coming from different identity providers
 77 | # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing
 78 | # DNs from certificates and principals from Kerberos into a common identity string:
 79 | #
 80 | #nifi.registry.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
 81 | #nifi.registry.security.identity.mapping.value.dn=$1@$2
 82 | #nifi.registry.security.identity.mapping.transform.dn=NONE
 83 | 
 84 | #nifi.registry.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
 85 | #nifi.registry.security.identity.mapping.value.kerb=$1@$2
 86 | #nifi.registry.security.identity.mapping.transform.kerb=UPPER
 87 | 
 88 | # Group Mapping Properties #
 89 | # These properties allow normalizing group names coming from external sources like LDAP. The following example
 90 | # lowercases any group name.
 91 | #
 92 | #nifi.registry.security.group.mapping.pattern.anygroup=^(.*)$
 93 | #nifi.registry.security.group.mapping.value.anygroup=$1
 94 | #nifi.registry.security.group.mapping.transform.anygroup=LOWER
 95 | 
 96 | 
 97 | # kerberos properties #
 98 | nifi.registry.kerberos.krb5.file=
 99 | nifi.registry.kerberos.spnego.principal=
100 | nifi.registry.kerberos.spnego.keytab.location=
101 | nifi.registry.kerberos.spnego.authentication.expiration=12 hours
102 | 
103 | # OIDC #
104 | nifi.registry.security.user.oidc.discovery.url=
105 | nifi.registry.security.user.oidc.connect.timeout=
106 | nifi.registry.security.user.oidc.read.timeout=
107 | nifi.registry.security.user.oidc.client.id=
108 | nifi.registry.security.user.oidc.client.secret=
109 | nifi.registry.security.user.oidc.preferred.jwsalgorithm=
110 | 
111 | # revision management #
112 | # This feature should remain disabled until a future NiFi release that supports the revision API changes
113 | nifi.registry.revisions.enabled=false


--------------------------------------------------------------------------------
/conf/0.7.0/providers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <providers>
 17 | 
 18 |     <!-- NOTE: The providers in this file must be listed in the order defined in providers.xsd which is the following:
 19 |             1) Flow Persistence Provider (Must occur once and only once)
 20 |             2) Event Hook Providers (May occur 0 or more times)
 21 |             3) Bundle Persistence Provider (Must occur once and only once)
 22 |      -->
 23 | 
 24 |     <flowPersistenceProvider>
 25 |         <class>org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider</class>
 26 |         <property name="Flow Storage Directory">./flow_storage</property>
 27 |     </flowPersistenceProvider>
 28 | 
 29 |     <!--
 30 |     <flowPersistenceProvider>
 31 |         <class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
 32 |         <property name="Flow Storage Directory">./flow_storage</property>
 33 |         <property name="Remote To Push"></property>
 34 |         <property name="Remote Access User"></property>
 35 |         <property name="Remote Access Password"></property>
 36 |         <property name="Remote Clone Repository"></property>
 37 |     </flowPersistenceProvider>
 38 |     -->
 39 | 
 40 |     <!--
 41 |     <flowPersistenceProvider>
 42 |         <class>org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider</class>
 43 |     </flowPersistenceProvider>
 44 |     -->
 45 | 
 46 |     <!--
 47 |     <eventHookProvider>
 48 |     	<class>org.apache.nifi.registry.provider.hook.ScriptEventHookProvider</class>
 49 |     	<property name="Script Path"></property>
 50 |     	<property name="Working Directory"></property>
 51 |     	-->
 52 |     	<!-- Optional Whitelist Event types
 53 |         <property name="Whitelisted Event Type 1">CREATE_FLOW</property>
 54 |         <property name="Whitelisted Event Type 2">DELETE_FLOW</property>
 55 |     	-->
 56 |     <!--
 57 |     </eventHookProvider>
 58 |     -->
 59 | 
 60 |     <!-- This will log all events to a separate file specified by the EVENT_APPENDER in logback.xml -->
 61 |     <!--
 62 |     <eventHookProvider>
 63 |         <class>org.apache.nifi.registry.provider.hook.LoggingEventHookProvider</class>
 64 |     </eventHookProvider>
 65 |     -->
 66 | 
 67 |     <extensionBundlePersistenceProvider>
 68 |         <class>org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider</class>
 69 |         <property name="Extension Bundle Storage Directory">./extension_bundles</property>
 70 |     </extensionBundlePersistenceProvider>
 71 | 
 72 |     <!-- Example S3 Bundle Persistence Provider
 73 |             - Requires nifi-registry-aws-assembly to be added to the classpath via a custom extension dir in nifi-registry.properties
 74 |                 Example: nifi.registry.extension.dir.aws=./ext/aws/lib
 75 |                 Where "./ext/aws/lib" contains the extracted contents of nifi-registry-aws-assembly
 76 |             - "Region" - The name of the S3 region where the bucket exists
 77 |             - "Bucket Name" - The name of an existing bucket to store extension bundles
 78 |             - "Key Prefix" - An optional prefix that if specified will be added to the beginning of all S3 keys
 79 |             - "Credentials Provider" - Indicates how credentials will be provided, must be a value of DEFAULT_CHAIN or STATIC
 80 |                 - DEFAULT_CHAIN will consider in order: Java system properties, environment variables, credential profiles (~/.aws/credentials)
 81 |                 - STATIC requires that "Access Key" and "Secret Access Key" be specified directly in this file
 82 |             - "Access Key" - The access key to use when using STATIC credentials provider
 83 |             - "Secret Access Key" - The secret access key to use when using STATIC credentials provider
 84 |             - "Endpoint URL" - An optional URL that overrides the default AWS S3 endpoint URL.
 85 |                  Set this when using an AWS S3 API compatible service hosted at a different URL.
 86 |      -->
 87 |     <!--
 88 |     <extensionBundlePersistenceProvider>
 89 |         <class>org.apache.nifi.registry.aws.S3BundlePersistenceProvider</class>
 90 |         <property name="Region">us-east-1</property>
 91 |         <property name="Bucket Name">my-bundles</property>
 92 |         <property name="Key Prefix"></property>
 93 |         <property name="Credentials Provider">DEFAULT_CHAIN</property>
 94 |         <property name="Access Key"></property>
 95 |         <property name="Secret Access Key"></property>
 96 |         <property name="Endpoint URL"></property>
 97 |     </extensionBundlePersistenceProvider>
 98 |     -->
 99 | 
100 | </providers>


--------------------------------------------------------------------------------
/conf/0.8.0/providers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <providers>
 17 | 
 18 |     <!-- NOTE: The providers in this file must be listed in the order defined in providers.xsd which is the following:
 19 |             1) Flow Persistence Provider (Must occur once and only once)
 20 |             2) Event Hook Providers (May occur 0 or more times)
 21 |             3) Bundle Persistence Provider (Must occur once and only once)
 22 |      -->
 23 | 
 24 |     <flowPersistenceProvider>
 25 |         <class>org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider</class>
 26 |         <property name="Flow Storage Directory">./flow_storage</property>
 27 |     </flowPersistenceProvider>
 28 | 
 29 |     <!--
 30 |     <flowPersistenceProvider>
 31 |         <class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
 32 |         <property name="Flow Storage Directory">./flow_storage</property>
 33 |         <property name="Remote To Push"></property>
 34 |         <property name="Remote Access User"></property>
 35 |         <property name="Remote Access Password"></property>
 36 |         <property name="Remote Clone Repository"></property>
 37 |     </flowPersistenceProvider>
 38 |     -->
 39 | 
 40 |     <!--
 41 |     <flowPersistenceProvider>
 42 |         <class>org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider</class>
 43 |     </flowPersistenceProvider>
 44 |     -->
 45 | 
 46 |     <!--
 47 |     <eventHookProvider>
 48 |     	<class>org.apache.nifi.registry.provider.hook.ScriptEventHookProvider</class>
 49 |     	<property name="Script Path"></property>
 50 |     	<property name="Working Directory"></property>
 51 |     	-->
 52 |     	<!-- Optional Whitelist Event types
 53 |         <property name="Whitelisted Event Type 1">CREATE_FLOW</property>
 54 |         <property name="Whitelisted Event Type 2">DELETE_FLOW</property>
 55 |     	-->
 56 |     <!--
 57 |     </eventHookProvider>
 58 |     -->
 59 | 
 60 |     <!-- This will log all events to a separate file specified by the EVENT_APPENDER in logback.xml -->
 61 |     <!--
 62 |     <eventHookProvider>
 63 |         <class>org.apache.nifi.registry.provider.hook.LoggingEventHookProvider</class>
 64 |     </eventHookProvider>
 65 |     -->
 66 | 
 67 |     <extensionBundlePersistenceProvider>
 68 |         <class>org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider</class>
 69 |         <property name="Extension Bundle Storage Directory">./extension_bundles</property>
 70 |     </extensionBundlePersistenceProvider>
 71 | 
 72 |     <!-- Example S3 Bundle Persistence Provider
 73 |             - Requires nifi-registry-aws-assembly to be added to the classpath via a custom extension dir in nifi-registry.properties
 74 |                 Example: nifi.registry.extension.dir.aws=./ext/aws/lib
 75 |                 Where "./ext/aws/lib" contains the extracted contents of nifi-registry-aws-assembly
 76 |             - "Region" - The name of the S3 region where the bucket exists
 77 |             - "Bucket Name" - The name of an existing bucket to store extension bundles
 78 |             - "Key Prefix" - An optional prefix that if specified will be added to the beginning of all S3 keys
 79 |             - "Credentials Provider" - Indicates how credentials will be provided, must be a value of DEFAULT_CHAIN or STATIC
 80 |                 - DEFAULT_CHAIN will consider in order: Java system properties, environment variables, credential profiles (~/.aws/credentials)
 81 |                 - STATIC requires that "Access Key" and "Secret Access Key" be specified directly in this file
 82 |             - "Access Key" - The access key to use when using STATIC credentials provider
 83 |             - "Secret Access Key" - The secret access key to use when using STATIC credentials provider
 84 |             - "Endpoint URL" - An optional URL that overrides the default AWS S3 endpoint URL.
 85 |                  Set this when using an AWS S3 API compatible service hosted at a different URL.
 86 |      -->
 87 |     <!--
 88 |     <extensionBundlePersistenceProvider>
 89 |         <class>org.apache.nifi.registry.aws.S3BundlePersistenceProvider</class>
 90 |         <property name="Region">us-east-1</property>
 91 |         <property name="Bucket Name">my-bundles</property>
 92 |         <property name="Key Prefix"></property>
 93 |         <property name="Credentials Provider">DEFAULT_CHAIN</property>
 94 |         <property name="Access Key"></property>
 95 |         <property name="Secret Access Key"></property>
 96 |         <property name="Endpoint URL"></property>
 97 |     </extensionBundlePersistenceProvider>
 98 |     -->
 99 | 
100 | </providers>


--------------------------------------------------------------------------------
/sh/start.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | #    Licensed to the Apache Software Foundation (ASF) under one or more
 4 | #    contributor license agreements.  See the NOTICE file distributed with
 5 | #    this work for additional information regarding copyright ownership.
 6 | #    The ASF licenses this file to You under the Apache License, Version 2.0
 7 | #    (the "License"); you may not use this file except in compliance with
 8 | #    the License.  You may obtain a copy of the License at
 9 | #
10 | #       http://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | #    Unless required by applicable law or agreed to in writing, software
13 | #    distributed under the License is distributed on an "AS IS" BASIS,
14 | #    WITH OUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | #    See the License for the specific language governing permissions and
16 | #    limitations under the License.
17 | 
18 | if [[ -n "$DEBUG" ]]; then
19 |     echo 'Printing all environment variables for debugging'
20 |     env | sort
21 |     echo 'End of debug output'
22 | fi
23 | 
24 | if [[ -n "$SSH_PRIVATE_KEY" ]]; then
25 |     printf "%s\n" 'SSH_PRIVATE_KEY_FILE=$HOME/.ssh/id_rsa'
26 |     SSH_PRIVATE_KEY_FILE="$HOME/.ssh/id_rsa"
27 | 
28 |     printf "%s\n" 'SSH_KNOWN_HOSTS_FILE=$HOME/.ssh/known_hosts'
29 |     SSH_KNOWN_HOSTS_FILE="$HOME/.ssh/known_hosts"
30 | 
31 |     printf "%s\n" 'mkdir -p $HOME/.ssh && chmod 700 $HOME/.ssh'
32 |     mkdir -p $HOME/.ssh && chmod 700 $HOME/.ssh
33 | 
34 |     printf "%s\n" 'echo -n "${SSH_PRIVATE_KEY}" | base64 -d > $SSH_PRIVATE_KEY_FILE && chmod 600 "${SSH_PRIVATE_KEY_FILE}"'
35 |     echo -n "${SSH_PRIVATE_KEY}" | base64 -d > ${SSH_PRIVATE_KEY_FILE} && chmod 600 "${SSH_PRIVATE_KEY_FILE}"
36 | 
37 |     printf "%s\n" 'ssh-keygen ${SSH_PRIVATE_KEY_PASSPHRASE:+'\''-P'\'' "${SSH_PRIVATE_KEY_PASSPHRASE}"} -y -f ${SSH_PRIVATE_KEY_FILE} > ${SSH_PRIVATE_KEY_FILE}.pub && chmod 600 ${SSH_PRIVATE_KEY_FILE}.pub'
38 |     ssh-keygen ${SSH_PRIVATE_KEY_PASSPHRASE:+'-P' "${SSH_PRIVATE_KEY_PASSPHRASE}"} -y -f ${SSH_PRIVATE_KEY_FILE} > ${SSH_PRIVATE_KEY_FILE}.pub && chmod 600 ${SSH_PRIVATE_KEY_FILE}.pub
39 | 
40 |     printf "%s\n" 'echo -n ${SSH_KNOWN_HOSTS} | base64 -d > $SSH_KNOWN_HOSTS_FILE && chmod 600 $SSH_KNOWN_HOSTS_FILE'
41 |     echo -n ${SSH_KNOWN_HOSTS} | base64 -d > $SSH_KNOWN_HOSTS_FILE && chmod 600 $SSH_KNOWN_HOSTS_FILE
42 | fi
43 | 
44 | if [[ -n "$GIT_REMOTE_URL" && ! -d "$FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY" ]]; then
45 |     if [[ -n "$FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD" ]]; then
46 |         echo "FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD is set, trying to set git credential helper for HTTPS password"
47 |         printf "%s\n" 'git config --global credential.${GIT_REMOTE_URL}.helper '\''!f() { sleep 1; echo -e "username=${FLOW_PROVIDER_GIT_REMOTE_ACCESS_USER}\npassword=*****"; }; f'\'
48 |         git config --global credential.${GIT_REMOTE_URL}.helper '!f() { sleep 1; echo -e "username=${FLOW_PROVIDER_GIT_REMOTE_ACCESS_USER}\npassword=${FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD}"; }; f'
49 |     fi
50 |     if [[ -n "$SSH_PRIVATE_KEY_PASSPHRASE" ]]; then
51 |         printf 'SSH_PRIVATE_KEY_PASSPHRASE is set, hacking git ssh command with sshpass\n'
52 |         printf "%s\n" 'export GIT_SSH_COMMAND="sshpass -e -P'assphrase' ssh"'
53 |         export GIT_SSH_COMMAND="sshpass -e -P'assphrase' ssh"
54 |         printf "%s\n" 'export SSHPASS=${SSH_PRIVATE_KEY_PASSPHRASE}'
55 |         export SSHPASS=${SSH_PRIVATE_KEY_PASSPHRASE}
56 |     fi
57 |     printf "Found git remote: %s, cloning into: %s, with remote: %s and branch: %s\n" ${GIT_REMOTE_URL} ${FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY} ${FLOW_PROVIDER_GIT_REMOTE_TO_PUSH} ${GIT_CHECKOUT_BRANCH}
58 |     printf "%s\n" 'git clone -o $FLOW_PROVIDER_GIT_REMOTE_TO_PUSH -b $GIT_CHECKOUT_BRANCH $GIT_REMOTE_URL $FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY'
59 |     git clone -o $FLOW_PROVIDER_GIT_REMOTE_TO_PUSH -b $GIT_CHECKOUT_BRANCH $GIT_REMOTE_URL $FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY
60 |     for KEY in $(compgen -e); do
61 |         if [[ $KEY == GIT_CONFIG* ]]; then
62 |             printf "Found key: %s for git config\n" $KEY
63 |             VALUE=${!KEY}
64 |             KEY=${KEY#GIT_CONFIG_}
65 |             KEY=${KEY~~}
66 |             KEY=${KEY//_/.}
67 |             printf "Setting git config: %s=%s\n" "${KEY}" "${VALUE}"
68 |             printf "%s\n" 'git config -f ${FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY}/.git/config ${KEY} '\''${VALUE}'\'
69 |             git config -f "${FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY}/.git/config" "${KEY}" "'${VALUE}'"
70 |         fi
71 |     done
72 | fi
73 | 
74 | if [[ -n "${!BOOTSTRAP_*}" ]]; then
75 |     /usr/local/bin/dockerize -template ${PROJECT_TEMPLATE_DIR}/bootstrap.conf.gotemplate:${PROJECT_CONF_DIR}/bootstrap.conf
76 | fi
77 | if [[ -n "${!NIFI_REGISTRY*}" ]]; then
78 |     /usr/local/bin/dockerize -template ${PROJECT_TEMPLATE_DIR}/nifi-registry.properties.gotemplate:${PROJECT_CONF_DIR}/nifi-registry.properties
79 | fi
80 | if [[ -n "${INITIAL_ADMIN_IDENTITY}" ]]; then
81 |     /usr/local/bin/dockerize -template ${PROJECT_TEMPLATE_DIR}/authorizers.xml.gotemplate:${PROJECT_CONF_DIR}/authorizers.xml
82 | fi
83 | if [[ -n "${NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDER}" ]]; then
84 |     /usr/local/bin/dockerize -template ${PROJECT_TEMPLATE_DIR}/identity-providers.xml.gotemplate:${PROJECT_CONF_DIR}/identity-providers.xml
85 | fi
86 | if [[ -n "${FLOW_PROVIDER}" ]]; then
87 |     /usr/local/bin/dockerize -template ${PROJECT_TEMPLATE_DIR}/providers.xml.gotemplate:${PROJECT_CONF_DIR}/providers.xml
88 | fi
89 | 
90 | # Continuously provide logs so that 'docker logs' can produce them
91 | tail -F "${PROJECT_HOME}/logs/nifi-registry-app.log" &
92 | "${PROJECT_HOME}/bin/nifi-registry.sh" run &
93 | nifi_registry_pid="$!"
94 | 
95 | trap "echo Received trapped signal, beginning shutdown...;" KILL TERM HUP INT EXIT;
96 | 
97 | echo NiFi-Registry running with PID ${nifi_registry_pid}.
98 | wait ${nifi_registry_pid}


--------------------------------------------------------------------------------
/conf/0.5.0/identity-providers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   ~ Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   ~ contributor license agreements.  See the NOTICE file distributed with
  5 |   ~ this work for additional information regarding copyright ownership.
  6 |   ~ The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   ~ (the "License"); you may not use this file except in compliance with
  8 |   ~ the License.  You may obtain a copy of the License at
  9 |   ~
 10 |   ~     http://www.apache.org/licenses/LICENSE-2.0
 11 |   ~
 12 |   ~ Unless required by applicable law or agreed to in writing, software
 13 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 14 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 |   ~ See the License for the specific language governing permissions and
 16 |   ~ limitations under the License.
 17 |   -->
 18 | <!--
 19 |     This file lists the identity providers to use when running securely. In order
 20 |     to use a specific provider it must be configured here and its identifier
 21 |     must be specified in the nifi-registry.properties file.
 22 | -->
 23 | <identityProviders>
 24 |     <!--
 25 |         Identity Provider for users logging in with username/password against an LDAP server.
 26 |         
 27 |         'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
 28 |             values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
 29 |         
 30 |         'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
 31 |         'Manager Password' - The password of the manager that is used to bind to the LDAP server to
 32 |             search for users.
 33 |             
 34 |         'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.
 35 |         'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
 36 |             using LDAPS or START_TLS.
 37 |         'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
 38 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 39 |         'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.
 40 |         'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
 41 |             LDAP using LDAPS or START_TLS.
 42 |         'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
 43 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 44 |         'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
 45 |             Possible values are REQUIRED, WANT, NONE.
 46 |         'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS,
 47 |             TLSv1.1, TLSv1.2, etc).
 48 |         'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully 
 49 |             before the target context is closed. Defaults to false.
 50 |             
 51 |         'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
 52 |         'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
 53 |         'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
 54 |        
 55 |         'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>).
 56 |         'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com).
 57 |         'User Search Filter' - Filter for searching for users against the 'User Search Base'.
 58 |             (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
 59 | 
 60 |         'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME.
 61 |             The default functionality if this property is missing is USE_DN in order to retain
 62 |             backward compatibility. USE_DN will use the full DN of the user entry if possible.
 63 |             USE_USERNAME will use the username the user logged in with.
 64 |         'Authentication Expiration' - The duration of how long the user authentication is valid
 65 |             for. If the user never logs out, they will be required to log back in following
 66 |             this duration.
 67 |     -->
 68 |     <!-- To enable the ldap-identity-provider remove 2 lines. This is 1 of 2.
 69 |     <provider>
 70 |         <identifier>ldap-identity-provider</identifier>
 71 |         <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
 72 |         <property name="Authentication Strategy">SIMPLE</property>
 73 | 
 74 |         <property name="Manager DN"></property>
 75 |         <property name="Manager Password"></property>
 76 |         
 77 |         <property name="Referral Strategy">FOLLOW</property>
 78 |         <property name="Connect Timeout">10 secs</property>
 79 |         <property name="Read Timeout">10 secs</property>
 80 | 
 81 |         <property name="Url"></property>
 82 |         <property name="User Search Base"></property>
 83 |         <property name="User Search Filter"></property>
 84 | 
 85 |         <property name="Identity Strategy">USE_USERNAME</property>
 86 |         <property name="Authentication Expiration">12 hours</property>
 87 |     </provider>
 88 |     To enable the ldap-identity-provider remove 2 lines. This is 2 of 2. -->
 89 | 
 90 |     <!--
 91 |         Identity Provider for users logging in with username/password against a Kerberos KDC server.
 92 | 
 93 |         'Default Realm' - Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG).
 94 |         'Authentication Expiration' - The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration.
 95 |     -->
 96 |     <!-- To enable the kerberos-identity-provider remove 2 lines. This is 1 of 2.
 97 |     <provider>
 98 |         <identifier>kerberos-identity-provider</identifier>
 99 |         <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class>
100 |         <property name="Default Realm">NIFI.APACHE.ORG</property>
101 |         <property name="Authentication Expiration">12 hours</property>
102 |         <property name="Enable Debug">false</property>
103 |     </provider>
104 |     To enable the kerberos-provider remove 2 lines. This is 2 of 2. -->
105 | 
106 | </identityProviders>


--------------------------------------------------------------------------------
/conf/0.6.0/identity-providers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   ~ Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   ~ contributor license agreements.  See the NOTICE file distributed with
  5 |   ~ this work for additional information regarding copyright ownership.
  6 |   ~ The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   ~ (the "License"); you may not use this file except in compliance with
  8 |   ~ the License.  You may obtain a copy of the License at
  9 |   ~
 10 |   ~     http://www.apache.org/licenses/LICENSE-2.0
 11 |   ~
 12 |   ~ Unless required by applicable law or agreed to in writing, software
 13 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 14 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 |   ~ See the License for the specific language governing permissions and
 16 |   ~ limitations under the License.
 17 |   -->
 18 | <!--
 19 |     This file lists the identity providers to use when running securely. In order
 20 |     to use a specific provider it must be configured here and its identifier
 21 |     must be specified in the nifi-registry.properties file.
 22 | -->
 23 | <identityProviders>
 24 |     <!--
 25 |         Identity Provider for users logging in with username/password against an LDAP server.
 26 |         
 27 |         'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
 28 |             values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
 29 |         
 30 |         'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
 31 |         'Manager Password' - The password of the manager that is used to bind to the LDAP server to
 32 |             search for users.
 33 |             
 34 |         'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.
 35 |         'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
 36 |             using LDAPS or START_TLS.
 37 |         'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
 38 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 39 |         'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.
 40 |         'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
 41 |             LDAP using LDAPS or START_TLS.
 42 |         'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
 43 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 44 |         'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
 45 |             Possible values are REQUIRED, WANT, NONE.
 46 |         'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS,
 47 |             TLSv1.1, TLSv1.2, etc).
 48 |         'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully 
 49 |             before the target context is closed. Defaults to false.
 50 |             
 51 |         'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
 52 |         'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
 53 |         'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
 54 |        
 55 |         'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>).
 56 |         'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com).
 57 |         'User Search Filter' - Filter for searching for users against the 'User Search Base'.
 58 |             (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
 59 | 
 60 |         'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME.
 61 |             The default functionality if this property is missing is USE_DN in order to retain
 62 |             backward compatibility. USE_DN will use the full DN of the user entry if possible.
 63 |             USE_USERNAME will use the username the user logged in with.
 64 |         'Authentication Expiration' - The duration of how long the user authentication is valid
 65 |             for. If the user never logs out, they will be required to log back in following
 66 |             this duration.
 67 |     -->
 68 |     <!-- To enable the ldap-identity-provider remove 2 lines. This is 1 of 2.
 69 |     <provider>
 70 |         <identifier>ldap-identity-provider</identifier>
 71 |         <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
 72 |         <property name="Authentication Strategy">SIMPLE</property>
 73 | 
 74 |         <property name="Manager DN"></property>
 75 |         <property name="Manager Password"></property>
 76 |         
 77 |         <property name="Referral Strategy">FOLLOW</property>
 78 |         <property name="Connect Timeout">10 secs</property>
 79 |         <property name="Read Timeout">10 secs</property>
 80 | 
 81 |         <property name="Url"></property>
 82 |         <property name="User Search Base"></property>
 83 |         <property name="User Search Filter"></property>
 84 | 
 85 |         <property name="Identity Strategy">USE_USERNAME</property>
 86 |         <property name="Authentication Expiration">12 hours</property>
 87 |     </provider>
 88 |     To enable the ldap-identity-provider remove 2 lines. This is 2 of 2. -->
 89 | 
 90 |     <!--
 91 |         Identity Provider for users logging in with username/password against a Kerberos KDC server.
 92 | 
 93 |         'Default Realm' - Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG).
 94 |         'Authentication Expiration' - The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration.
 95 |     -->
 96 |     <!-- To enable the kerberos-identity-provider remove 2 lines. This is 1 of 2.
 97 |     <provider>
 98 |         <identifier>kerberos-identity-provider</identifier>
 99 |         <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class>
100 |         <property name="Default Realm">NIFI.APACHE.ORG</property>
101 |         <property name="Authentication Expiration">12 hours</property>
102 |         <property name="Enable Debug">false</property>
103 |     </provider>
104 |     To enable the kerberos-provider remove 2 lines. This is 2 of 2. -->
105 | 
106 | </identityProviders>


--------------------------------------------------------------------------------
/conf/0.7.0/identity-providers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   ~ Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   ~ contributor license agreements.  See the NOTICE file distributed with
  5 |   ~ this work for additional information regarding copyright ownership.
  6 |   ~ The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   ~ (the "License"); you may not use this file except in compliance with
  8 |   ~ the License.  You may obtain a copy of the License at
  9 |   ~
 10 |   ~     http://www.apache.org/licenses/LICENSE-2.0
 11 |   ~
 12 |   ~ Unless required by applicable law or agreed to in writing, software
 13 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 14 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 |   ~ See the License for the specific language governing permissions and
 16 |   ~ limitations under the License.
 17 |   -->
 18 | <!--
 19 |     This file lists the identity providers to use when running securely. In order
 20 |     to use a specific provider it must be configured here and its identifier
 21 |     must be specified in the nifi-registry.properties file.
 22 | -->
 23 | <identityProviders>
 24 |     <!--
 25 |         Identity Provider for users logging in with username/password against an LDAP server.
 26 |         
 27 |         'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
 28 |             values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
 29 |         
 30 |         'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
 31 |         'Manager Password' - The password of the manager that is used to bind to the LDAP server to
 32 |             search for users.
 33 |             
 34 |         'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.
 35 |         'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
 36 |             using LDAPS or START_TLS.
 37 |         'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
 38 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 39 |         'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.
 40 |         'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
 41 |             LDAP using LDAPS or START_TLS.
 42 |         'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
 43 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 44 |         'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
 45 |             Possible values are REQUIRED, WANT, NONE.
 46 |         'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS,
 47 |             TLSv1.1, TLSv1.2, etc).
 48 |         'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully 
 49 |             before the target context is closed. Defaults to false.
 50 |             
 51 |         'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
 52 |         'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
 53 |         'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
 54 |        
 55 |         'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>).
 56 |         'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com).
 57 |         'User Search Filter' - Filter for searching for users against the 'User Search Base'.
 58 |             (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
 59 | 
 60 |         'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME.
 61 |             The default functionality if this property is missing is USE_DN in order to retain
 62 |             backward compatibility. USE_DN will use the full DN of the user entry if possible.
 63 |             USE_USERNAME will use the username the user logged in with.
 64 |         'Authentication Expiration' - The duration of how long the user authentication is valid
 65 |             for. If the user never logs out, they will be required to log back in following
 66 |             this duration.
 67 |     -->
 68 |     <!-- To enable the ldap-identity-provider remove 2 lines. This is 1 of 2.
 69 |     <provider>
 70 |         <identifier>ldap-identity-provider</identifier>
 71 |         <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
 72 |         <property name="Authentication Strategy">SIMPLE</property>
 73 | 
 74 |         <property name="Manager DN"></property>
 75 |         <property name="Manager Password"></property>
 76 |         
 77 |         <property name="Referral Strategy">FOLLOW</property>
 78 |         <property name="Connect Timeout">10 secs</property>
 79 |         <property name="Read Timeout">10 secs</property>
 80 | 
 81 |         <property name="Url"></property>
 82 |         <property name="User Search Base"></property>
 83 |         <property name="User Search Filter"></property>
 84 | 
 85 |         <property name="Identity Strategy">USE_USERNAME</property>
 86 |         <property name="Authentication Expiration">12 hours</property>
 87 |     </provider>
 88 |     To enable the ldap-identity-provider remove 2 lines. This is 2 of 2. -->
 89 | 
 90 |     <!--
 91 |         Identity Provider for users logging in with username/password against a Kerberos KDC server.
 92 | 
 93 |         'Default Realm' - Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG).
 94 |         'Authentication Expiration' - The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration.
 95 |     -->
 96 |     <!-- To enable the kerberos-identity-provider remove 2 lines. This is 1 of 2.
 97 |     <provider>
 98 |         <identifier>kerberos-identity-provider</identifier>
 99 |         <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class>
100 |         <property name="Default Realm">NIFI.APACHE.ORG</property>
101 |         <property name="Authentication Expiration">12 hours</property>
102 |         <property name="Enable Debug">false</property>
103 |     </provider>
104 |     To enable the kerberos-provider remove 2 lines. This is 2 of 2. -->
105 | 
106 | </identityProviders>


--------------------------------------------------------------------------------
/conf/0.8.0/identity-providers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   ~ Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   ~ contributor license agreements.  See the NOTICE file distributed with
  5 |   ~ this work for additional information regarding copyright ownership.
  6 |   ~ The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   ~ (the "License"); you may not use this file except in compliance with
  8 |   ~ the License.  You may obtain a copy of the License at
  9 |   ~
 10 |   ~     http://www.apache.org/licenses/LICENSE-2.0
 11 |   ~
 12 |   ~ Unless required by applicable law or agreed to in writing, software
 13 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 14 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 |   ~ See the License for the specific language governing permissions and
 16 |   ~ limitations under the License.
 17 |   -->
 18 | <!--
 19 |     This file lists the identity providers to use when running securely. In order
 20 |     to use a specific provider it must be configured here and its identifier
 21 |     must be specified in the nifi-registry.properties file.
 22 | -->
 23 | <identityProviders>
 24 |     <!--
 25 |         Identity Provider for users logging in with username/password against an LDAP server.
 26 |         
 27 |         'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
 28 |             values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
 29 |         
 30 |         'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
 31 |         'Manager Password' - The password of the manager that is used to bind to the LDAP server to
 32 |             search for users.
 33 |             
 34 |         'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.
 35 |         'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
 36 |             using LDAPS or START_TLS.
 37 |         'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
 38 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 39 |         'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.
 40 |         'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
 41 |             LDAP using LDAPS or START_TLS.
 42 |         'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
 43 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 44 |         'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
 45 |             Possible values are REQUIRED, WANT, NONE.
 46 |         'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS,
 47 |             TLSv1.1, TLSv1.2, etc).
 48 |         'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully 
 49 |             before the target context is closed. Defaults to false.
 50 |             
 51 |         'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
 52 |         'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
 53 |         'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
 54 |        
 55 |         'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>).
 56 |         'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com).
 57 |         'User Search Filter' - Filter for searching for users against the 'User Search Base'.
 58 |             (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
 59 | 
 60 |         'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME.
 61 |             The default functionality if this property is missing is USE_DN in order to retain
 62 |             backward compatibility. USE_DN will use the full DN of the user entry if possible.
 63 |             USE_USERNAME will use the username the user logged in with.
 64 |         'Authentication Expiration' - The duration of how long the user authentication is valid
 65 |             for. If the user never logs out, they will be required to log back in following
 66 |             this duration.
 67 |     -->
 68 |     <!-- To enable the ldap-identity-provider remove 2 lines. This is 1 of 2.
 69 |     <provider>
 70 |         <identifier>ldap-identity-provider</identifier>
 71 |         <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
 72 |         <property name="Authentication Strategy">SIMPLE</property>
 73 | 
 74 |         <property name="Manager DN"></property>
 75 |         <property name="Manager Password"></property>
 76 |         
 77 |         <property name="Referral Strategy">FOLLOW</property>
 78 |         <property name="Connect Timeout">10 secs</property>
 79 |         <property name="Read Timeout">10 secs</property>
 80 | 
 81 |         <property name="Url"></property>
 82 |         <property name="User Search Base"></property>
 83 |         <property name="User Search Filter"></property>
 84 | 
 85 |         <property name="Identity Strategy">USE_USERNAME</property>
 86 |         <property name="Authentication Expiration">12 hours</property>
 87 |     </provider>
 88 |     To enable the ldap-identity-provider remove 2 lines. This is 2 of 2. -->
 89 | 
 90 |     <!--
 91 |         Identity Provider for users logging in with username/password against a Kerberos KDC server.
 92 | 
 93 |         'Default Realm' - Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG).
 94 |         'Authentication Expiration' - The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration.
 95 |     -->
 96 |     <!-- To enable the kerberos-identity-provider remove 2 lines. This is 1 of 2.
 97 |     <provider>
 98 |         <identifier>kerberos-identity-provider</identifier>
 99 |         <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class>
100 |         <property name="Default Realm">NIFI.APACHE.ORG</property>
101 |         <property name="Authentication Expiration">12 hours</property>
102 |         <property name="Enable Debug">false</property>
103 |     </provider>
104 |     To enable the kerberos-provider remove 2 lines. This is 2 of 2. -->
105 | 
106 | </identityProviders>


--------------------------------------------------------------------------------
/conf/0.8.0/logback.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <configuration scan="true" scanPeriod="30 seconds">
 17 |     <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
 18 |         <resetJUL>true</resetJUL>
 19 |     </contextListener>
 20 | 
 21 |     <appender name="APP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 22 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app.log</file>
 23 |         <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
 24 |             <!--
 25 |               For daily rollover, use 'app_%d.log'.
 26 |               For hourly rollover, use 'app_%d{yyyy-MM-dd_HH}.log'.
 27 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 28 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 29 |             -->
 30 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app_%d{yyyy-MM-dd_HH}.%i.log</fileNamePattern>
 31 |             <maxFileSize>100MB</maxFileSize>
 32 |             <!-- keep 30 log files worth of history -->
 33 |             <maxHistory>30</maxHistory>
 34 |             <!-- keep 10GB total of log files -->
 35 |             <totalSizeCap>10GB</totalSizeCap>
 36 |         </rollingPolicy>
 37 |         <immediateFlush>true</immediateFlush>
 38 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 39 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 40 |         </encoder>
 41 |     </appender>
 42 | 
 43 |     <appender name="BOOTSTRAP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 44 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap.log</file>
 45 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 46 |             <!--
 47 |               For daily rollover, use 'user_%d.log'.
 48 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 49 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 50 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 51 |             -->
 52 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap_%d.log</fileNamePattern>
 53 |             <!-- keep 5 log files worth of history -->
 54 |             <maxHistory>5</maxHistory>
 55 |         </rollingPolicy>
 56 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 57 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 58 |         </encoder>
 59 |     </appender>
 60 | 
 61 |     <appender name="EVENTS_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 62 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event.log</file>
 63 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 64 |             <!--
 65 |               For daily rollover, use 'user_%d.log'.
 66 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 67 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 68 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 69 |             -->
 70 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event_%d.log</fileNamePattern>
 71 |             <!-- keep 5 log files worth of history -->
 72 |             <maxHistory>5</maxHistory>
 73 |         </rollingPolicy>
 74 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 75 |             <pattern>%date ## %msg%n</pattern>
 76 |         </encoder>
 77 |     </appender>
 78 | 
 79 |     <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
 80 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 81 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 82 |         </encoder>
 83 |     </appender>
 84 |     
 85 |     <!-- valid logging levels: TRACE, DEBUG, INFO, WARN, ERROR -->
 86 |     
 87 |     <logger name="org.apache.nifi.registry" level="INFO"/>
 88 | 
 89 |     <!-- To see SQL statements and parameters set this to TRACE -->
 90 |     <logger name="org.springframework.jdbc" level="INFO"/>
 91 | 
 92 |     <!--
 93 |         Logger for capturing Bootstrap logs and NiFi Registry's standard error and standard out.
 94 |     -->
 95 |     <logger name="org.apache.nifi.registry.bootstrap" level="INFO" additivity="false">
 96 |         <appender-ref ref="BOOTSTRAP_FILE" />
 97 |     </logger>
 98 |     <logger name="org.apache.nifi.registry.bootstrap.Command" level="INFO" additivity="false">
 99 |         <appender-ref ref="CONSOLE" />
100 |         <appender-ref ref="BOOTSTRAP_FILE" />
101 |     </logger>
102 | 
103 |     <!-- Everything written to NiFi Registry's Standard Out will be logged with the logger org.apache.nifi.StdOut at INFO level -->
104 |     <logger name="org.apache.nifi.registry.StdOut" level="INFO" additivity="false">
105 |         <appender-ref ref="BOOTSTRAP_FILE" />
106 |     </logger>
107 | 
108 |     <!-- Everything written to NiFi Registry's Standard Error will be logged with the logger org.apache.nifi.StdErr at ERROR level -->
109 |     <logger name="org.apache.nifi.registry.StdErr" level="ERROR" additivity="false">
110 |         <appender-ref ref="BOOTSTRAP_FILE" />
111 |     </logger>
112 | 
113 |     <!-- This will log all events to a separate file when the LoggingEventHookProvider is enabled in providers.xml -->
114 |     <logger name="org.apache.nifi.registry.provider.hook.LoggingEventHookProvider" level="INFO" additivity="false">
115 |         <appender-ref ref="EVENTS_FILE" />
116 |     </logger>
117 | 
118 |     <root level="INFO">
119 |         <appender-ref ref="APP_FILE"/>
120 |     </root>
121 |     
122 | </configuration>
123 | 


--------------------------------------------------------------------------------
/conf/0.5.0/logback.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <configuration scan="true" scanPeriod="30 seconds">
 17 |     <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
 18 |         <resetJUL>true</resetJUL>
 19 |     </contextListener>
 20 | 
 21 |     <appender name="APP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 22 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app.log</file>
 23 |         <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
 24 |             <!--
 25 |               For daily rollover, use 'app_%d.log'.
 26 |               For hourly rollover, use 'app_%d{yyyy-MM-dd_HH}.log'.
 27 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 28 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 29 |             -->
 30 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app_%d{yyyy-MM-dd_HH}.%i.log</fileNamePattern>
 31 |             <maxFileSize>100MB</maxFileSize>
 32 |             <!-- keep 30 log files worth of history -->
 33 |             <maxHistory>30</maxHistory>
 34 |             <!-- keep 10GB total of log files -->
 35 |             <totalSizeCap>10GB</totalSizeCap>
 36 |         </rollingPolicy>
 37 |         <immediateFlush>true</immediateFlush>
 38 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 39 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 40 |         </encoder>
 41 |     </appender>
 42 | 
 43 |     <appender name="BOOTSTRAP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 44 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap.log</file>
 45 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 46 |             <!--
 47 |               For daily rollover, use 'user_%d.log'.
 48 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 49 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 50 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 51 |             -->
 52 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap_%d.log</fileNamePattern>
 53 |             <!-- keep 5 log files worth of history -->
 54 |             <maxHistory>5</maxHistory>
 55 |         </rollingPolicy>
 56 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 57 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 58 |         </encoder>
 59 |     </appender>
 60 | 
 61 |     <appender name="EVENTS_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 62 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event.log</file>
 63 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 64 |             <!--
 65 |               For daily rollover, use 'user_%d.log'.
 66 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 67 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 68 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 69 |             -->
 70 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event_%d.log</fileNamePattern>
 71 |             <!-- keep 5 log files worth of history -->
 72 |             <maxHistory>5</maxHistory>
 73 |         </rollingPolicy>
 74 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 75 |             <pattern>%date ## %msg%n</pattern>
 76 |         </encoder>
 77 |     </appender>
 78 | 
 79 |     <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
 80 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 81 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 82 |         </encoder>
 83 |     </appender>
 84 |     
 85 |     <!-- valid logging levels: TRACE, DEBUG, INFO, WARN, ERROR -->
 86 |     
 87 |     <logger name="org.apache.nifi.registry" level="INFO"/>
 88 | 
 89 |     <!-- To see SQL statements set this to DEBUG -->
 90 |     <logger name="org.hibernate.SQL" level="INFO" />
 91 |     <!-- To see the values in SQL statements set this to TRACE -->
 92 |     <logger name="org.hibernate.type" level="INFO" />
 93 | 
 94 |     <!--
 95 |         Logger for capturing Bootstrap logs and NiFi Registry's standard error and standard out.
 96 |     -->
 97 |     <logger name="org.apache.nifi.registry.bootstrap" level="INFO" additivity="false">
 98 |         <appender-ref ref="BOOTSTRAP_FILE" />
 99 |     </logger>
100 |     <logger name="org.apache.nifi.registry.bootstrap.Command" level="INFO" additivity="false">
101 |         <appender-ref ref="CONSOLE" />
102 |         <appender-ref ref="BOOTSTRAP_FILE" />
103 |     </logger>
104 | 
105 |     <!-- Everything written to NiFi Registry's Standard Out will be logged with the logger org.apache.nifi.StdOut at INFO level -->
106 |     <logger name="org.apache.nifi.registry.StdOut" level="INFO" additivity="false">
107 |         <appender-ref ref="BOOTSTRAP_FILE" />
108 |     </logger>
109 | 
110 |     <!-- Everything written to NiFi Registry's Standard Error will be logged with the logger org.apache.nifi.StdErr at ERROR level -->
111 |     <logger name="org.apache.nifi.registry.StdErr" level="ERROR" additivity="false">
112 |         <appender-ref ref="BOOTSTRAP_FILE" />
113 |     </logger>
114 | 
115 |     <!-- This will log all events to a separate file when the LoggingEventHookProvider is enabled in providers.xml -->
116 |     <logger name="org.apache.nifi.registry.provider.hook.LoggingEventHookProvider" level="INFO" additivity="false">
117 |         <appender-ref ref="EVENTS_FILE" />
118 |     </logger>
119 | 
120 |     <root level="INFO">
121 |         <appender-ref ref="APP_FILE"/>
122 |     </root>
123 |     
124 | </configuration>
125 | 


--------------------------------------------------------------------------------
/conf/0.6.0/logback.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <configuration scan="true" scanPeriod="30 seconds">
 17 |     <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
 18 |         <resetJUL>true</resetJUL>
 19 |     </contextListener>
 20 | 
 21 |     <appender name="APP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 22 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app.log</file>
 23 |         <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
 24 |             <!--
 25 |               For daily rollover, use 'app_%d.log'.
 26 |               For hourly rollover, use 'app_%d{yyyy-MM-dd_HH}.log'.
 27 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 28 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 29 |             -->
 30 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app_%d{yyyy-MM-dd_HH}.%i.log</fileNamePattern>
 31 |             <maxFileSize>100MB</maxFileSize>
 32 |             <!-- keep 30 log files worth of history -->
 33 |             <maxHistory>30</maxHistory>
 34 |             <!-- keep 10GB total of log files -->
 35 |             <totalSizeCap>10GB</totalSizeCap>
 36 |         </rollingPolicy>
 37 |         <immediateFlush>true</immediateFlush>
 38 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 39 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 40 |         </encoder>
 41 |     </appender>
 42 | 
 43 |     <appender name="BOOTSTRAP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 44 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap.log</file>
 45 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 46 |             <!--
 47 |               For daily rollover, use 'user_%d.log'.
 48 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 49 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 50 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 51 |             -->
 52 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap_%d.log</fileNamePattern>
 53 |             <!-- keep 5 log files worth of history -->
 54 |             <maxHistory>5</maxHistory>
 55 |         </rollingPolicy>
 56 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 57 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 58 |         </encoder>
 59 |     </appender>
 60 | 
 61 |     <appender name="EVENTS_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 62 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event.log</file>
 63 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 64 |             <!--
 65 |               For daily rollover, use 'user_%d.log'.
 66 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 67 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 68 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 69 |             -->
 70 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event_%d.log</fileNamePattern>
 71 |             <!-- keep 5 log files worth of history -->
 72 |             <maxHistory>5</maxHistory>
 73 |         </rollingPolicy>
 74 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 75 |             <pattern>%date ## %msg%n</pattern>
 76 |         </encoder>
 77 |     </appender>
 78 | 
 79 |     <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
 80 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 81 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 82 |         </encoder>
 83 |     </appender>
 84 |     
 85 |     <!-- valid logging levels: TRACE, DEBUG, INFO, WARN, ERROR -->
 86 |     
 87 |     <logger name="org.apache.nifi.registry" level="INFO"/>
 88 | 
 89 |     <!-- To see SQL statements set this to DEBUG -->
 90 |     <logger name="org.hibernate.SQL" level="INFO" />
 91 |     <!-- To see the values in SQL statements set this to TRACE -->
 92 |     <logger name="org.hibernate.type" level="INFO" />
 93 | 
 94 |     <!--
 95 |         Logger for capturing Bootstrap logs and NiFi Registry's standard error and standard out.
 96 |     -->
 97 |     <logger name="org.apache.nifi.registry.bootstrap" level="INFO" additivity="false">
 98 |         <appender-ref ref="BOOTSTRAP_FILE" />
 99 |     </logger>
100 |     <logger name="org.apache.nifi.registry.bootstrap.Command" level="INFO" additivity="false">
101 |         <appender-ref ref="CONSOLE" />
102 |         <appender-ref ref="BOOTSTRAP_FILE" />
103 |     </logger>
104 | 
105 |     <!-- Everything written to NiFi Registry's Standard Out will be logged with the logger org.apache.nifi.StdOut at INFO level -->
106 |     <logger name="org.apache.nifi.registry.StdOut" level="INFO" additivity="false">
107 |         <appender-ref ref="BOOTSTRAP_FILE" />
108 |     </logger>
109 | 
110 |     <!-- Everything written to NiFi Registry's Standard Error will be logged with the logger org.apache.nifi.StdErr at ERROR level -->
111 |     <logger name="org.apache.nifi.registry.StdErr" level="ERROR" additivity="false">
112 |         <appender-ref ref="BOOTSTRAP_FILE" />
113 |     </logger>
114 | 
115 |     <!-- This will log all events to a separate file when the LoggingEventHookProvider is enabled in providers.xml -->
116 |     <logger name="org.apache.nifi.registry.provider.hook.LoggingEventHookProvider" level="INFO" additivity="false">
117 |         <appender-ref ref="EVENTS_FILE" />
118 |     </logger>
119 | 
120 |     <root level="INFO">
121 |         <appender-ref ref="APP_FILE"/>
122 |     </root>
123 |     
124 | </configuration>
125 | 


--------------------------------------------------------------------------------
/conf/0.7.0/logback.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <configuration scan="true" scanPeriod="30 seconds">
 17 |     <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
 18 |         <resetJUL>true</resetJUL>
 19 |     </contextListener>
 20 | 
 21 |     <appender name="APP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 22 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app.log</file>
 23 |         <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
 24 |             <!--
 25 |               For daily rollover, use 'app_%d.log'.
 26 |               For hourly rollover, use 'app_%d{yyyy-MM-dd_HH}.log'.
 27 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 28 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 29 |             -->
 30 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-app_%d{yyyy-MM-dd_HH}.%i.log</fileNamePattern>
 31 |             <maxFileSize>100MB</maxFileSize>
 32 |             <!-- keep 30 log files worth of history -->
 33 |             <maxHistory>30</maxHistory>
 34 |             <!-- keep 10GB total of log files -->
 35 |             <totalSizeCap>10GB</totalSizeCap>
 36 |         </rollingPolicy>
 37 |         <immediateFlush>true</immediateFlush>
 38 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 39 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 40 |         </encoder>
 41 |     </appender>
 42 | 
 43 |     <appender name="BOOTSTRAP_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 44 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap.log</file>
 45 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 46 |             <!--
 47 |               For daily rollover, use 'user_%d.log'.
 48 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 49 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 50 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 51 |             -->
 52 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-bootstrap_%d.log</fileNamePattern>
 53 |             <!-- keep 5 log files worth of history -->
 54 |             <maxHistory>5</maxHistory>
 55 |         </rollingPolicy>
 56 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 57 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 58 |         </encoder>
 59 |     </appender>
 60 | 
 61 |     <appender name="EVENTS_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 62 |         <file>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event.log</file>
 63 |         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 64 |             <!--
 65 |               For daily rollover, use 'user_%d.log'.
 66 |               For hourly rollover, use 'user_%d{yyyy-MM-dd_HH}.log'.
 67 |               To GZIP rolled files, replace '.log' with '.log.gz'.
 68 |               To ZIP rolled files, replace '.log' with '.log.zip'.
 69 |             -->
 70 |             <fileNamePattern>${org.apache.nifi.registry.bootstrap.config.log.dir}/nifi-registry-event_%d.log</fileNamePattern>
 71 |             <!-- keep 5 log files worth of history -->
 72 |             <maxHistory>5</maxHistory>
 73 |         </rollingPolicy>
 74 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 75 |             <pattern>%date ## %msg%n</pattern>
 76 |         </encoder>
 77 |     </appender>
 78 | 
 79 |     <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
 80 |         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
 81 |             <pattern>%date %level [%thread] %logger{40} %msg%n</pattern>
 82 |         </encoder>
 83 |     </appender>
 84 |     
 85 |     <!-- valid logging levels: TRACE, DEBUG, INFO, WARN, ERROR -->
 86 |     
 87 |     <logger name="org.apache.nifi.registry" level="INFO"/>
 88 | 
 89 |     <!-- To see SQL statements set this to DEBUG -->
 90 |     <logger name="org.hibernate.SQL" level="INFO" />
 91 |     <!-- To see the values in SQL statements set this to TRACE -->
 92 |     <logger name="org.hibernate.type" level="INFO" />
 93 | 
 94 |     <!--
 95 |         Logger for capturing Bootstrap logs and NiFi Registry's standard error and standard out.
 96 |     -->
 97 |     <logger name="org.apache.nifi.registry.bootstrap" level="INFO" additivity="false">
 98 |         <appender-ref ref="BOOTSTRAP_FILE" />
 99 |     </logger>
100 |     <logger name="org.apache.nifi.registry.bootstrap.Command" level="INFO" additivity="false">
101 |         <appender-ref ref="CONSOLE" />
102 |         <appender-ref ref="BOOTSTRAP_FILE" />
103 |     </logger>
104 | 
105 |     <!-- Everything written to NiFi Registry's Standard Out will be logged with the logger org.apache.nifi.StdOut at INFO level -->
106 |     <logger name="org.apache.nifi.registry.StdOut" level="INFO" additivity="false">
107 |         <appender-ref ref="BOOTSTRAP_FILE" />
108 |     </logger>
109 | 
110 |     <!-- Everything written to NiFi Registry's Standard Error will be logged with the logger org.apache.nifi.StdErr at ERROR level -->
111 |     <logger name="org.apache.nifi.registry.StdErr" level="ERROR" additivity="false">
112 |         <appender-ref ref="BOOTSTRAP_FILE" />
113 |     </logger>
114 | 
115 |     <!-- This will log all events to a separate file when the LoggingEventHookProvider is enabled in providers.xml -->
116 |     <logger name="org.apache.nifi.registry.provider.hook.LoggingEventHookProvider" level="INFO" additivity="false">
117 |         <appender-ref ref="EVENTS_FILE" />
118 |     </logger>
119 | 
120 |     <root level="INFO">
121 |         <appender-ref ref="APP_FILE"/>
122 |     </root>
123 |     
124 | </configuration>
125 | 


--------------------------------------------------------------------------------
/templates/providers.xml.gotemplate:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <providers>
 17 | 
 18 |     <!-- NOTE: The providers in this file must be listed in the order defined in providers.xsd which is the following:
 19 |             1) Flow Persistence Provider (Must occur once and only once)
 20 |             2) Event Hook Providers (May occur 0 or more times)
 21 |             3) Bundle Persistence Provider (Must occur once and only once)
 22 |      -->
 23 | 
 24 |     {{ if .Env.FLOW_PROVIDER }}
 25 |     {{ if eq .Env.FLOW_PROVIDER "file" }}
 26 |     <flowPersistenceProvider>
 27 |         <class>org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider</class>
 28 |         <property name="Flow Storage Directory">{{ default .Env.FLOW_PROVIDER_FILE_FLOW_STORAGE_DIRECTORY "./flow_storage" }}</property>
 29 |     </flowPersistenceProvider>
 30 |     {{ end }}
 31 |     {{ if eq .Env.FLOW_PROVIDER "git" }}
 32 |     <flowPersistenceProvider>
 33 |         <class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
 34 |         <property name="Flow Storage Directory">{{ default .Env.FLOW_PROVIDER_GIT_FLOW_STORAGE_DIRECTORY "./flow_storage" }}</property>
 35 |         <property name="Remote To Push">{{  default .Env.FLOW_PROVIDER_GIT_REMOTE_TO_PUSH "" }}</property>
 36 |         <property name="Remote Access User">{{ default .Env.FLOW_PROVIDER_GIT_REMOTE_ACCESS_USER "" }}</property>
 37 |         <property name="Remote Access Password">{{  default .Env.FLOW_PROVIDER_GIT_REMOTE_ACCESS_PASSWORD "" }}</property>
 38 |         <property name="Remote Clone Repository">{{  default .Env.FLOW_PROVIDER_GIT_REMOTE_CLONE_REPOSITORY "" }}</property>
 39 |     </flowPersistenceProvider>
 40 |     {{ end }}
 41 |     {{ if eq .Env.FLOW_PROVIDER "database" }}
 42 |     <flowPersistenceProvider>
 43 |         <class>org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider</class>
 44 |     </flowPersistenceProvider>
 45 |     {{ end }}
 46 |     {{ end }}
 47 | 
 48 |     <!--
 49 |     <flowPersistenceProvider>
 50 |         <class>org.apache.nifi.registry.provider.flow.FileSystemFlowPersistenceProvider</class>
 51 |         <property name="Flow Storage Directory">./flow_storage</property>
 52 |     </flowPersistenceProvider>
 53 |     -->
 54 | 
 55 |     <!--
 56 |     <flowPersistenceProvider>
 57 |         <class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
 58 |         <property name="Flow Storage Directory">./flow_storage</property>
 59 |         <property name="Remote To Push"></property>
 60 |         <property name="Remote Access User"></property>
 61 |         <property name="Remote Access Password"></property>
 62 |         <property name="Remote Clone Repository"></property>
 63 |     </flowPersistenceProvider>
 64 |     -->
 65 | 
 66 |     <!--
 67 |     <flowPersistenceProvider>
 68 |         <class>org.apache.nifi.registry.provider.flow.DatabaseFlowPersistenceProvider</class>
 69 |     </flowPersistenceProvider>
 70 |     -->
 71 | 
 72 |     <!--
 73 |     <eventHookProvider>
 74 |     	<class>org.apache.nifi.registry.provider.hook.ScriptEventHookProvider</class>
 75 |     	<property name="Script Path"></property>
 76 |     	<property name="Working Directory"></property>
 77 |     	-->
 78 |     	<!-- Optional Whitelist Event types
 79 |         <property name="Whitelisted Event Type 1">CREATE_FLOW</property>
 80 |         <property name="Whitelisted Event Type 2">DELETE_FLOW</property>
 81 |     	-->
 82 |     <!--
 83 |     </eventHookProvider>
 84 |     -->
 85 | 
 86 |     <!-- This will log all events to a separate file specified by the EVENT_APPENDER in logback.xml -->
 87 |     <!--
 88 |     <eventHookProvider>
 89 |         <class>org.apache.nifi.registry.provider.hook.LoggingEventHookProvider</class>
 90 |     </eventHookProvider>
 91 |     -->
 92 | 
 93 |     {{ if .Env.EXTENSION_BUNDLE_PROVIDER }}
 94 |     {{ if eq .Env.EXTENSION_BUNDLE_PROVIDER "file" }}
 95 |     <extensionBundlePersistenceProvider>
 96 |         <class>org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider</class>
 97 |         <property name="Extension Bundle Storage Directory">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_FILE_EXTENSION_BUNDLE_STORAGE_DIRECTORY "./extension_bundles" }}</property>
 98 |     </extensionBundlePersistenceProvider>
 99 |     {{ end }}
100 |     {{ if eq .Env.EXTENSION_BUNDLE_PROVIDER "s3" }}
101 |     <extensionBundlePersistenceProvider>
102 |         <class>org.apache.nifi.registry.aws.S3BundlePersistenceProvider</class>
103 |         <property name="Region">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_S3_REGION "" }}</property>
104 |         <property name="Bucket Name">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_S3_BUCKET_NAME "" }}</property>
105 |         <property name="Key Prefix">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_S3_KEY_PREFIX "" }}</property>
106 |         <property name="Credentials Provider">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_S3_CREDENTIALS_PROVIDER "DEFAULT_CHAIN" }}</property>
107 |         <property name="Access Key">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_S3_ACCESS_KEY "" }}</property>
108 |         <property name="Secret Access Key">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_S3_SECRET_ACCESS_KEY "" }}</property>
109 |         <property name="Endpoint URL">{{ default .Env.EXTENSION_BUNDLE_PROVIDER_S3_ENDPOINT_URL "" }}</property>
110 |     </extensionBundlePersistenceProvider>
111 |     {{ end }}
112 |     {{ end }}
113 | 
114 |     <!--
115 |     <extensionBundlePersistenceProvider>
116 |         <class>org.apache.nifi.registry.provider.extension.FileSystemBundlePersistenceProvider</class>
117 |         <property name="Extension Bundle Storage Directory">./extension_bundles</property>
118 |     </extensionBundlePersistenceProvider>
119 |     -->
120 | 
121 |     <!-- Example S3 Bundle Persistence Provider
122 |             - Requires nifi-registry-aws-assembly to be added to the classpath via a custom extension dir in nifi-registry.properties
123 |                 Example: nifi.registry.extension.dir.aws=./ext/aws/lib
124 |                 Where "./ext/aws/lib" contains the extracted contents of nifi-registry-aws-assembly
125 |             - "Region" - The name of the S3 region where the bucket exists
126 |             - "Bucket Name" - The name of an existing bucket to store extension bundles
127 |             - "Key Prefix" - An optional prefix that if specified will be added to the beginning of all S3 keys
128 |             - "Credentials Provider" - Indicates how credentials will be provided, must be a value of DEFAULT_CHAIN or STATIC
129 |                 - DEFAULT_CHAIN will consider in order: Java system properties, environment variables, credential profiles (~/.aws/credentials)
130 |                 - STATIC requires that "Access Key" and "Secret Access Key" be specified directly in this file
131 |             - "Access Key" - The access key to use when using STATIC credentials provider
132 |             - "Secret Access Key" - The secret access key to use when using STATIC credentials provider
133 |             - "Endpoint URL" - An optional URL that overrides the default AWS S3 endpoint URL.
134 |                  Set this when using an AWS S3 API compatible service hosted at a different URL.
135 |      -->
136 |     <!--
137 |     <extensionBundlePersistenceProvider>
138 |         <class>org.apache.nifi.registry.aws.S3BundlePersistenceProvider</class>
139 |         <property name="Region">us-east-1</property>
140 |         <property name="Bucket Name">my-bundles</property>
141 |         <property name="Key Prefix"></property>
142 |         <property name="Credentials Provider">DEFAULT_CHAIN</property>
143 |         <property name="Access Key"></property>
144 |         <property name="Secret Access Key"></property>
145 |         <property name="Endpoint URL"></property>
146 |     </extensionBundlePersistenceProvider>
147 |     -->
148 | 
149 | </providers>


--------------------------------------------------------------------------------
/templates/identity-providers.xml.gotemplate:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   ~ Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   ~ contributor license agreements.  See the NOTICE file distributed with
  5 |   ~ this work for additional information regarding copyright ownership.
  6 |   ~ The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   ~ (the "License"); you may not use this file except in compliance with
  8 |   ~ the License.  You may obtain a copy of the License at
  9 |   ~
 10 |   ~     http://www.apache.org/licenses/LICENSE-2.0
 11 |   ~
 12 |   ~ Unless required by applicable law or agreed to in writing, software
 13 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 14 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 |   ~ See the License for the specific language governing permissions and
 16 |   ~ limitations under the License.
 17 |   -->
 18 | <!--
 19 |     This file lists the identity providers to use when running securely. In order
 20 |     to use a specific provider it must be configured here and its identifier
 21 |     must be specified in the nifi-registry.properties file.
 22 | -->
 23 | <identityProviders>
 24 | 
 25 |     {{ if .Env.NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDER }}
 26 |     {{ if eq .Env.NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDER "ldap-identity-provider" }}
 27 |         <provider>
 28 |             <identifier>ldap-identity-provider</identifier>
 29 |             <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
 30 |             <property name="Authentication Strategy">{{ default .Env.LDAP_AUTHENTICATION_STRATEGY "SIMPLE" }}</property>
 31 | 
 32 |             <property name="Manager DN">{{ default .Env.LDAP_MANAGER_DN "" }}</property>
 33 |             <property name="Manager Password">{{ default .Env.LDAP_MANAGER_PASSWORD "" }}</property>
 34 | 
 35 |             <property name="TLS - Keystore">{{ default .Env.LDAP_TLS_KEYSTORE "" }}</property>
 36 |             <property name="TLS - Keystore Password">{{ default .Env.LDAP_TLS_KEYSTORE_PASSWORD "" }}</property>
 37 |             <property name="TLS - Keystore Type">{{ default .Env.LDAP_TLS_KEYSTORE_TYPE "" }}</property>
 38 | 
 39 |             <property name="TLS - Truststore">{{ default .Env.LDAP_TLS_TRUSTSTORE "" }}</property>
 40 |             <property name="TLS - Truststore Password">{{ default .Env.LDAP_TLS_TRUSTSTORE_PASSWORD "" }}</property>
 41 |             <property name="TLS - Truststore Type">{{ default .Env.LDAP_TLS_TRUSTSTORE_TYPE "" }}</property>
 42 | 
 43 |             <property name="TLS - Client Auth">{{ default .Env.LDAP_TLS_CLIENT_AUTH "" }}</property>
 44 |             <property name="TLS - Protocol">{{ default .Env.LDAP_TLS_PROTOCOL "" }}</property>
 45 |             <property name="TLS - Shutdown Gracefully">{{ default .Env.LDAP_TLS_SHUTDOWN_GRACEFULLY "" }}</property>
 46 | 
 47 |             <property name="Referral Strategy">{{ default .Env.LDAP_REFERRAL_STRATEGY "FOLLOW" }}</property>
 48 |             <property name="Connect Timeout">{{ default .Env.LDAP_CONNECT_TIMEOUT "10 secs" }}</property>
 49 |             <property name="Read Timeout">{{ default .Env.LDAP_READ_TIMEOUT "10 secs" }}</property>
 50 | 
 51 |             <property name="Url">{{ default .Env.LDAP_URL "" }}</property>
 52 |             <property name="User Search Base">{{ default .Env.LDAP_USER_SEARCH_BASE "" }}</property>
 53 |             <property name="User Search Filter">{{ default .Env.LDAP_USER_SEARCH_FILTER "" }}</property>
 54 | 
 55 |             <property name="Identity Strategy">{{ default .Env.LDAP_IDENTITY_STRATEGY "USE_USERNAME" }}</property>
 56 |             <property name="Authentication Expiration">{{ default .Env.LDAP_AUTHENTICATION_EXPIRATION "12 hours" }}</property>
 57 |         </provider>
 58 |     {{ end }}
 59 |     {{ if eq .Env.NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDER "kerberos-identity-provider" }}
 60 |     <provider>
 61 |         <identifier>kerberos-identity-provider</identifier>
 62 |         <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class>
 63 |         <property name="Default Realm">{{ default .Env.KERBEROS_DEFAULT_REALM "NIFI.APACHE.ORG" }}</property>
 64 |         <property name="Authentication Expiration">{{ default .Env.KERBEROS_AUTHENTICATION_EXPIRATION "12 hours" }}</property>
 65 |         <property name="Enable Debug">{{ default .Env.KERBEROS_ENABLE_DEBUG "false" }}</property>
 66 |     </provider>
 67 |     {{ end }}
 68 |     {{ end }}
 69 | 
 70 |      <!--
 71 |         Identity Provider for users logging in with username/password against an LDAP server.
 72 | 
 73 |         'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
 74 |             values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
 75 | 
 76 |         'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
 77 |         'Manager Password' - The password of the manager that is used to bind to the LDAP server to
 78 |             search for users.
 79 | 
 80 |         'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.
 81 |         'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
 82 |             using LDAPS or START_TLS.
 83 |         'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
 84 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 85 |         'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.
 86 |         'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
 87 |             LDAP using LDAPS or START_TLS.
 88 |         'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
 89 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 90 |         'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
 91 |             Possible values are REQUIRED, WANT, NONE.
 92 |         'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS,
 93 |             TLSv1.1, TLSv1.2, etc).
 94 |         'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully
 95 |             before the target context is closed. Defaults to false.
 96 | 
 97 |         'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
 98 |         'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
 99 |         'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
100 | 
101 |         'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>).
102 |         'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com).
103 |         'User Search Filter' - Filter for searching for users against the 'User Search Base'.
104 |             (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
105 | 
106 |         'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME.
107 |             The default functionality if this property is missing is USE_DN in order to retain
108 |             backward compatibility. USE_DN will use the full DN of the user entry if possible.
109 |             USE_USERNAME will use the username the user logged in with.
110 |         'Authentication Expiration' - The duration of how long the user authentication is valid
111 |             for. If the user never logs out, they will be required to log back in following
112 |             this duration.
113 |     -->
114 |     <!-- To enable the ldap-identity-provider remove 2 lines. This is 1 of 2.
115 |     <provider>
116 |         <identifier>ldap-identity-provider</identifier>
117 |         <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
118 |         <property name="Authentication Strategy">SIMPLE</property>
119 | 
120 |         <property name="Manager DN"></property>
121 |         <property name="Manager Password"></property>
122 | 
123 |         <property name="Referral Strategy">FOLLOW</property>
124 |         <property name="Connect Timeout">10 secs</property>
125 |         <property name="Read Timeout">10 secs</property>
126 | 
127 |         <property name="Url"></property>
128 |         <property name="User Search Base"></property>
129 |         <property name="User Search Filter"></property>
130 | 
131 |         <property name="Identity Strategy">USE_USERNAME</property>
132 |         <property name="Authentication Expiration">12 hours</property>
133 |     </provider>
134 |     To enable the ldap-identity-provider remove 2 lines. This is 2 of 2. -->
135 | 
136 |     <!--
137 |         Identity Provider for users logging in with username/password against a Kerberos KDC server.
138 | 
139 |         'Default Realm' - Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG).
140 |         'Authentication Expiration' - The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration.
141 |     -->
142 |     <!-- To enable the kerberos-identity-provider remove 2 lines. This is 1 of 2.
143 |     <provider>
144 |         <identifier>kerberos-identity-provider</identifier>
145 |         <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class>
146 |         <property name="Default Realm">NIFI.APACHE.ORG</property>
147 |         <property name="Authentication Expiration">12 hours</property>
148 |         <property name="Enable Debug">false</property>
149 |     </provider>
150 |     To enable the kerberos-provider remove 2 lines. This is 2 of 2. -->
151 | 
152 | </identityProviders>


--------------------------------------------------------------------------------
/templates/nifi-registry.properties.gotemplate:
--------------------------------------------------------------------------------
  1 | # Licensed to the Apache Software Foundation (ASF) under one or more
  2 | # contributor license agreements.  See the NOTICE file distributed with
  3 | # this work for additional information regarding copyright ownership.
  4 | # The ASF licenses this file to You under the Apache License, Version 2.0
  5 | # (the "License"); you may not use this file except in compliance with
  6 | # the License.  You may obtain a copy of the License at
  7 | #
  8 | #     http://www.apache.org/licenses/LICENSE-2.0
  9 | #
 10 | # Unless required by applicable law or agreed to in writing, software
 11 | # distributed under the License is distributed on an "AS IS" BASIS,
 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 | # See the License for the specific language governing permissions and
 14 | # limitations under the License.
 15 | 
 16 | # web properties #
 17 | nifi.registry.web.war.directory={{ default .Env.NIFI_REGISTRY_WEB_WAR_DIRECTORY "./lib" }}
 18 | nifi.registry.web.http.host={{ default .Env.NIFI_REGISTRY_WEB_HTTP_HOST "" }}
 19 | nifi.registry.web.http.port={{ default .Env.NIFI_REGISTRY_WEB_HTTP_PORT "18080" }}
 20 | nifi.registry.web.https.host={{ default .Env.NIFI_REGISTRY_WEB_HTTPS_HOST "" }}
 21 | nifi.registry.web.https.port={{ default .Env.NIFI_REGISTRY_WEB_HTTPS_PORT "" }}
 22 | nifi.registry.web.jetty.working.directory={{ default .Env.NIFI_REGISTRY_WEB_JETTY_WORKING_DIRECTORY "./work/jetty" }}
 23 | nifi.registry.web.jetty.threads={{ default .Env.NIFI_REGISTRY_WEB_JETTY_THREADS "200" }}
 24 | nifi.registry.web.should.send.server.version={{ default .Env.NIFI_REGISTRY_WEB_SHOULD_SEND_SERVER_VERSION "true" }}
 25 | 
 26 | # security properties #
 27 | nifi.registry.security.keystore={{ default .Env.NIFI_REGISTRY_SECURITY_KEYSTORE "" }}
 28 | nifi.registry.security.keystoreType={{ default .Env.NIFI_REGISTRY_SECURITY_KEYSTOREtYPE "" }}
 29 | nifi.registry.security.keystorePasswd={{ default .Env.NIFI_REGISTRY_SECURITY_KEYSTOREpASSWD "" }}
 30 | nifi.registry.security.keyPasswd={{ default .Env.NIFI_REGISTRY_SECURITY_KEYpASSWD "" }}
 31 | nifi.registry.security.truststore={{ default .Env.NIFI_REGISTRY_SECURITY_TRUSTSTORE "" }}
 32 | nifi.registry.security.truststoreType={{ default .Env.NIFI_REGISTRY_SECURITY_TRUSTSTOREtYPE "" }}
 33 | nifi.registry.security.truststorePasswd={{ default .Env.NIFI_REGISTRY_SECURITY_TRUSTSTOREpASSWD "" }}
 34 | nifi.registry.security.needClientAuth={{ default .Env.NIFI_REGISTRY_SECURITY_NEEDcLIENTaUTH "" }}
 35 | nifi.registry.security.authorizers.configuration.file={{ default .Env.NIFI_REGISTRY_SECURITY_AUTHORIZERS_CONFIGURATION_FILE "./conf/authorizers.xml" }}
 36 | nifi.registry.security.authorizer={{ default .Env.NIFI_REGISTRY_SECURITY_AUTHORIZER "managed-authorizer" }}
 37 | nifi.registry.security.identity.providers.configuration.file={{ default .Env.NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDERS_CONFIGURATION_FILE "./conf/identity-providers.xml" }}
 38 | nifi.registry.security.identity.provider={{ default .Env.NIFI_REGISTRY_SECURITY_IDENTITY_PROVIDER "" }}
 39 | 
 40 | # sensitive property protection properties #
 41 | # nifi.registry.sensitive.props.additional.keys=
 42 | 
 43 | # providers properties #
 44 | nifi.registry.providers.configuration.file={{ default .Env.NIFI_REGISTRY_PROVIDERS_CONFIGURATION_FILE "./conf/providers.xml" }}
 45 | 
 46 | # registry alias properties #
 47 | nifi.registry.registry.alias.configuration.file={{ default .Env.NIFI_REGISTRY_REGISTRY_ALIAS_CONFIGURATION_FILE "./conf/registry-aliases.xml" }}
 48 | 
 49 | # extensions working dir #
 50 | nifi.registry.extensions.working.directory={{ default .Env.NIFI_REGISTRY_EXTENSIONS_WORKING_DIRECTORY "./work/extensions" }}
 51 | 
 52 | # legacy database properties, used to migrate data from original DB to new DB below
 53 | # NOTE: Users upgrading from 0.1.0 should leave these populated, but new installs after 0.1.0 should leave these empty
 54 | nifi.registry.db.directory={{ default .Env.NIFI_REGISTRY_DB_DIRECTORY "" }}
 55 | nifi.registry.db.url.append={{ default .Env.NIFI_REGISTRY_DB_URL_APPEND "" }}
 56 | 
 57 | # database properties
 58 | nifi.registry.db.url={{ default .Env.NIFI_REGISTRY_DB_URL "jdbc:h2:./database/nifi-registry-primary;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE" }}
 59 | nifi.registry.db.driver.class={{ default .Env.NIFI_REGISTRY_DB_DRIVER_CLASS "org.h2.Driver" }}
 60 | nifi.registry.db.driver.directory={{ default .Env.NIFI_REGISTRY_DB_DRIVER_DIRECTORY "" }}
 61 | nifi.registry.db.username={{ default .Env.NIFI_REGISTRY_DB_USERNAME "nifireg" }}
 62 | nifi.registry.db.password={{ default .Env.NIFI_REGISTRY_DB_PASSWORD "nifireg" }}
 63 | nifi.registry.db.maxConnections={{ default .Env.NIFI_REGISTRY_DB_MAXcONNECTIONS "5" }}
 64 | nifi.registry.db.sql.debug={{ default .Env.NIFI_REGISTRY_DB_SQL_DEBUG "false" }}
 65 | 
 66 | # extension directories #
 67 | # Each property beginning with "nifi.registry.extension.dir." will be treated as location for an extension,
 68 | # and a class loader will be created for each location, with the system class loader as the parent
 69 | #
 70 | #nifi.registry.extension.dir.1=/path/to/extension1
 71 | {{ if .Env.NIFI_REGISTRY_EXTENSION_DIR_1 -}}
 72 | nifi.registry.extension.dir.1={{ .Env.NIFI_REGISTRY_EXTENSION_DIR_1 }}
 73 | {{- end }}
 74 | #nifi.registry.extension.dir.2=/path/to/extension2
 75 | {{ if .Env.NIFI_REGISTRY_EXTENSION_DIR_2 -}}
 76 | nifi.registry.extension.dir.2={{ .Env.NIFI_REGISTRY_EXTENSION_DIR_2 }}
 77 | {{- end }}
 78 | 
 79 | nifi.registry.extension.dir.aws={{ default .Env.NIFI_REGISTRY_EXTENSION_DIR_AWS "./ext/aws/lib" }}
 80 | 
 81 | # Identity Mapping Properties #
 82 | # These properties allow normalizing user identities such that identities coming from different identity providers
 83 | # (certificates, LDAP, Kerberos) can be treated the same internally in NiFi. The following example demonstrates normalizing
 84 | # DNs from certificates and principals from Kerberos into a common identity string:
 85 | #
 86 | #nifi.registry.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
 87 | {{ if .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_PATTERN_DN -}}
 88 | nifi.registry.security.identity.mapping.pattern.dn={{ .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_PATTERN_DN }}
 89 | {{- end }}
 90 | #nifi.registry.security.identity.mapping.value.dn=$1@$2
 91 | {{ if .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_VALUE_DN -}}
 92 | nifi.registry.security.identity.mapping.value.dn={{ .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_VALUE_DN }}
 93 | {{- end }}
 94 | #nifi.registry.security.identity.mapping.transform.dn=NONE
 95 | {{ if .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_TRANSFORM_DN -}}
 96 | nifi.registry.security.identity.mapping.transform.dn={{ .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_TRANSFORM_DN }}
 97 | {{- end }}
 98 | 
 99 | #nifi.registry.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
100 | {{ if .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_PATTERN_KERB -}}
101 | nifi.registry.security.identity.mapping.pattern.kerb={{ .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_PATTERN_KERB }}
102 | {{- end }}
103 | #nifi.registry.security.identity.mapping.value.kerb=$1@$2
104 | {{ if .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_VALUE_KERB -}}
105 | nifi.registry.security.identity.mapping.value.kerb={{ .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_VALUE_KERB }}
106 | {{- end }}
107 | #nifi.registry.security.identity.mapping.transform.kerb=UPPER
108 | {{ if .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_TRANSFORM_KERB -}}
109 | nifi.registry.security.identity.mapping.transform.kerb={{ .Env.NIFI_REGISTRY_SECURITY_IDENTITY_MAPPING_TRANSFORM_KERB }}
110 | {{- end }}
111 | 
112 | # Group Mapping Properties #
113 | # These properties allow normalizing group names coming from external sources like LDAP. The following example
114 | # lowercases any group name.
115 | #
116 | #nifi.registry.security.group.mapping.pattern.anygroup=^(.*)$
117 | {{ if .Env.NIFI_REGISTRY_SECURITY_GROUP_MAPPING_PATTERN_ANYGROUP -}}
118 | nifi.registry.security.group.mapping.pattern.anygroup={{ .Env.NIFI_REGISTRY_SECURITY_GROUP_MAPPING_PATTERN_ANYGROUP }}
119 | {{- end }}
120 | #nifi.registry.security.group.mapping.value.anygroup=$1
121 | {{ if .Env.NIFI_REGISTRY_SECURITY_GROUP_MAPPING_VALUE_ANYGROUP -}}
122 | nifi.registry.security.group.mapping.value.anygroup={{ .Env.NIFI_REGISTRY_SECURITY_GROUP_MAPPING_VALUE_ANYGROUP }}
123 | {{- end }}
124 | #nifi.registry.security.group.mapping.transform.anygroup=LOWER
125 | {{ if .Env.NIFI_REGISTRY_SECURITY_GROUP_MAPPING_TRANSFORM_ANYGROUP -}}
126 | nifi.registry.security.group.mapping.transform.anygroup={{ .Env.NIFI_REGISTRY_SECURITY_GROUP_MAPPING_TRANSFORM_ANYGROUP }}
127 | {{- end }}
128 | 
129 | 
130 | # kerberos properties #
131 | nifi.registry.kerberos.krb5.file={{ default .Env.NIFI_REGISTRY_KERBEROS_KRB5_FILE "" }}
132 | nifi.registry.kerberos.spnego.principal={{ default .Env.NIFI_REGISTRY_KERBEROS_SPNEGO_PRINCIPAL "" }}
133 | nifi.registry.kerberos.spnego.keytab.location={{ default .Env.NIFI_REGISTRY_KERBEROS_SPNEGO_KEYTAB_LOCATION "" }}
134 | nifi.registry.kerberos.spnego.authentication.expiration={{ default .Env.NIFI_REGISTRY_KERBEROS_SPNEGO_AUTHENTICATION_EXPIRATION "12 hours" }}
135 | 
136 | # OIDC #
137 | nifi.registry.security.user.oidc.discovery.url={{ default .Env.NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL "" }}
138 | nifi.registry.security.user.oidc.connect.timeout={{ default .Env.NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT "" }}
139 | nifi.registry.security.user.oidc.read.timeout={{ default .Env.NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT "" }}
140 | nifi.registry.security.user.oidc.client.id={{ default .Env.NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID "" }}
141 | nifi.registry.security.user.oidc.client.secret={{ default .Env.NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET "" }}
142 | nifi.registry.security.user.oidc.preferred.jwsalgorithm={{ default .Env.NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM "" }}
143 | 
144 | # revision management #
145 | # This feature should remain disabled until a future NiFi release that supports the revision API changes
146 | nifi.registry.revisions.enabled={{ default .Env.NIFI_REGISTRY_REVISIONS_ENABLED "false" }}
147 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright [yyyy] [name of copyright owner]
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/conf/0.5.0/authorizers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <!--
 17 |     This file lists the userGroupProviders, accessPolicyProviders, and authorizers to use when running securely. In order
 18 |     to use a specific authorizer it must be configured here and its identifier must be specified in the nifi-registry.properties file.
 19 |     If the authorizer is a managedAuthorizer, it may need to be configured with an accessPolicyProvider and an userGroupProvider.
 20 |     This file allows for configuration of them, but they must be configured in order:
 21 | 
 22 |     ...
 23 |     all userGroupProviders
 24 |     all accessPolicyProviders
 25 |     all Authorizers
 26 |     ...
 27 | -->
 28 | <authorizers>
 29 | 
 30 |     <!--
 31 |         The FileUserGroupProvider will provide support for managing users and groups which is backed by a file
 32 |         on the local file system.
 33 | 
 34 |         - Users File - The file where the FileUserGroupProvider will store users and groups.
 35 | 
 36 |         - Initial User Identity [unique key] - The identity of a users and systems to seed the Users File. The name of
 37 |             each property must be unique, for example: "Initial User Identity A", "Initial User Identity B",
 38 |             "Initial User Identity C" or "Initial User Identity 1", "Initial User Identity 2", "Initial User Identity 3"
 39 | 
 40 |             NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the user identities,
 41 |             so the values should be the unmapped identities (i.e. full DN from a certificate).
 42 |     -->
 43 |     <userGroupProvider>
 44 |         <identifier>file-user-group-provider</identifier>
 45 |         <class>org.apache.nifi.registry.security.authorization.file.FileUserGroupProvider</class>
 46 |         <property name="Users File">./conf/users.xml</property>
 47 |         <property name="Initial User Identity 1"><!--CN=abc, OU=xyz--></property>
 48 |     </userGroupProvider>
 49 | 
 50 |     <!--
 51 |         The LdapUserGroupProvider will retrieve users and groups from an LDAP server. The users and groups
 52 |         are not configurable.
 53 | 
 54 |         'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
 55 |             values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
 56 | 
 57 |         'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
 58 |         'Manager Password' - The password of the manager that is used to bind to the LDAP server to
 59 |             search for users.
 60 | 
 61 |         'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.
 62 |         'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
 63 |             using LDAPS or START_TLS.
 64 |         'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
 65 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 66 |         'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.
 67 |         'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
 68 |             LDAP using LDAPS or START_TLS.
 69 |         'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
 70 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 71 |         'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
 72 |             Possible values are REQUIRED, WANT, NONE.
 73 |         'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS,
 74 |             TLSv1.1, TLSv1.2, etc).
 75 |         'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully
 76 |             before the target context is closed. Defaults to false.
 77 | 
 78 |         'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
 79 |         'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
 80 |         'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
 81 | 
 82 |         'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>).
 83 |         'Page Size' - Sets the page size when retrieving users and groups. If not specified, no paging is performed.
 84 |         'Sync Interval' - Duration of time between syncing users and groups. (i.e. 30 mins).
 85 |         'Group Membership - Enforce Case Sensitivity' - Sets whether group membership decisions are case sensitive. When a user or group
 86 |             is inferred (by not specifying or user or group search base or user identity attribute or group name attribute) case sensitivity
 87 |             is enforced since the value to use for the user identity or group name would be ambiguous. Defaults to false.
 88 | 
 89 |         'User Search Base' - Base DN for searching for users (i.e. ou=users,o=nifi). Required to search users.
 90 |         'User Object Class' - Object class for identifying users (i.e. person). Required if searching users.
 91 |         'User Search Scope' - Search scope for searching users (ONE_LEVEL, OBJECT, or SUBTREE). Required if searching users.
 92 |         'User Search Filter' - Filter for searching for users against the 'User Search Base' (i.e. (memberof=cn=team1,ou=groups,o=nifi) ). Optional.
 93 |         'User Identity Attribute' - Attribute to use to extract user identity (i.e. cn). Optional. If not set, the entire DN is used.
 94 |         'User Group Name Attribute' - Attribute to use to define group membership (i.e. memberof). Optional. If not set
 95 |             group membership will not be calculated through the users. Will rely on group membership being defined
 96 |             through 'Group Member Attribute' if set. The value of this property is the name of the attribute in the user ldap entry that
 97 |             associates them with a group. The value of that user attribute could be a dn or group name for instance. What value is expected
 98 |             is configured in the 'User Group Name Attribute - Referenced Group Attribute'.
 99 |         'User Group Name Attribute - Referenced Group Attribute' - If blank, the value of the attribute defined in 'User Group Name Attribute'
100 |             is expected to be the full dn of the group. If not blank, this property will define the attribute of the group ldap entry that
101 |             the value of the attribute defined in 'User Group Name Attribute' is referencing (i.e. name). Use of this property requires that
102 |             'Group Search Base' is also configured.
103 | 
104 |         'Group Search Base' - Base DN for searching for groups (i.e. ou=groups,o=nifi). Required to search groups.
105 |         'Group Object Class' - Object class for identifying groups (i.e. groupOfNames). Required if searching groups.
106 |         'Group Search Scope' - Search scope for searching groups (ONE_LEVEL, OBJECT, or SUBTREE). Required if searching groups.
107 |         'Group Search Filter' - Filter for searching for groups against the 'Group Search Base'. Optional.
108 |         'Group Name Attribute' - Attribute to use to extract group name (i.e. cn). Optional. If not set, the entire DN is used.
109 |         'Group Member Attribute' - Attribute to use to define group membership (i.e. member). Optional. If not set
110 |             group membership will not be calculated through the groups. Will rely on group membership being defined
111 |             through 'User Group Name Attribute' if set. The value of this property is the name of the attribute in the group ldap entry that
112 |             associates them with a user. The value of that group attribute could be a dn or memberUid for instance. What value is expected
113 |             is configured in the 'Group Member Attribute - Referenced User Attribute'. (i.e. member: cn=User 1,ou=users,o=nifi-registry vs. memberUid: user1)
114 |         'Group Member Attribute - Referenced User Attribute' - If blank, the value of the attribute defined in 'Group Member Attribute'
115 |             is expected to be the full dn of the user. If not blank, this property will define the attribute of the user ldap entry that
116 |             the value of the attribute defined in 'Group Member Attribute' is referencing (i.e. uid). Use of this property requires that
117 |             'User Search Base' is also configured. (i.e. member: cn=User 1,ou=users,o=nifi-registry vs. memberUid: user1)
118 | 
119 |         NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the user identities.
120 |             Group names are not mapped.
121 |     -->
122 |     <!-- To enable the ldap-user-group-provider remove 2 lines. This is 1 of 2.
123 |     <userGroupProvider>
124 |         <identifier>ldap-user-group-provider</identifier>
125 |         <class>org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider</class>
126 |         <property name="Authentication Strategy">START_TLS</property>
127 | 
128 |         <property name="Manager DN"></property>
129 |         <property name="Manager Password"></property>
130 | 
131 |         <property name="TLS - Keystore"></property>
132 |         <property name="TLS - Keystore Password"></property>
133 |         <property name="TLS - Keystore Type"></property>
134 |         <property name="TLS - Truststore"></property>
135 |         <property name="TLS - Truststore Password"></property>
136 |         <property name="TLS - Truststore Type"></property>
137 |         <property name="TLS - Client Auth"></property>
138 |         <property name="TLS - Protocol"></property>
139 |         <property name="TLS - Shutdown Gracefully"></property>
140 | 
141 |         <property name="Referral Strategy">FOLLOW</property>
142 |         <property name="Connect Timeout">10 secs</property>
143 |         <property name="Read Timeout">10 secs</property>
144 | 
145 |         <property name="Url"></property>
146 |         <property name="Page Size"></property>
147 |         <property name="Sync Interval">30 mins</property>
148 |         <property name="Group Membership - Enforce Case Sensitivity">false</property>
149 | 
150 |         <property name="User Search Base"></property>
151 |         <property name="User Object Class">person</property>
152 |         <property name="User Search Scope">ONE_LEVEL</property>
153 |         <property name="User Search Filter"></property>
154 |         <property name="User Identity Attribute"></property>
155 |         <property name="User Group Name Attribute"></property>
156 |         <property name="User Group Name Attribute - Referenced Group Attribute"></property>
157 | 
158 |         <property name="Group Search Base"></property>
159 |         <property name="Group Object Class">group</property>
160 |         <property name="Group Search Scope">ONE_LEVEL</property>
161 |         <property name="Group Search Filter"></property>
162 |         <property name="Group Name Attribute"></property>
163 |         <property name="Group Member Attribute"></property>
164 |         <property name="Group Member Attribute - Referenced User Attribute"></property>
165 |     </userGroupProvider>
166 |     To enable the ldap-user-group-provider remove 2 lines. This is 2 of 2. -->
167 | 
168 |     <!--
169 |         The CompositeUserGroupProvider will provide support for retrieving users and groups from multiple sources.
170 | 
171 |         - User Group Provider [unique key] - The identifier of user group providers to load from. The name of
172 |             each property must be unique, for example: "User Group Provider A", "User Group Provider B",
173 |             "User Group Provider C" or "User Group Provider 1", "User Group Provider 2", "User Group Provider 3"
174 | 
175 |             NOTE: Any identity mapping rules specified in nifi-registry.properties are not applied in this implementation. This
176 |             behavior would need to be applied by the base implementation.
177 |     -->
178 |     <!-- To enable the composite-user-group-provider remove 2 lines. This is 1 of 2.
179 |     <userGroupProvider>
180 |         <identifier>composite-user-group-provider</identifier>
181 |         <class>org.apache.nifi.registry.security.authorization.CompositeUserGroupProvider</class>
182 |         <property name="User Group Provider 1"></property>
183 |     </userGroupProvider>
184 |     To enable the composite-user-group-provider remove 2 lines. This is 2 of 2. -->
185 | 
186 |     <!--
187 |         The CompositeConfigurableUserGroupProvider will provide support for retrieving users and groups from multiple sources.
188 |         Additionally, a single configurable user group provider is required. Users from the configurable user group provider
189 |         are configurable, however users loaded from one of the User Group Provider [unique key] will not be.
190 | 
191 |         - Configurable User Group Provider - A configurable user group provider.
192 | 
193 |         - User Group Provider [unique key] - The identifier of user group providers to load from. The name of
194 |             each property must be unique, for example: "User Group Provider A", "User Group Provider B",
195 |             "User Group Provider C" or "User Group Provider 1", "User Group Provider 2", "User Group Provider 3"
196 | 
197 |             NOTE: Any identity mapping rules specified in nifi-registry.properties are not applied in this implementation. This
198 |             behavior would need to be applied by the base implementation.
199 |     -->
200 |     <!-- To enable the composite-configurable-user-group-provider remove 2 lines. This is 1 of 2.
201 |     <userGroupProvider>
202 |         <identifier>composite-configurable-user-group-provider</identifier>
203 |         <class>org.apache.nifi.registry.security.authorization.CompositeConfigurableUserGroupProvider</class>
204 |         <property name="Configurable User Group Provider">file-user-group-provider</property>
205 |         <property name="User Group Provider 1"></property>
206 |     </userGroupProvider>
207 |     To enable the composite-configurable-user-group-provider remove 2 lines. This is 2 of 2. -->
208 | 
209 |     <!--
210 |         The FileAccessPolicyProvider will provide support for managing access policies which is backed by a file
211 |         on the local file system.
212 | 
213 |         - User Group Provider - The identifier for an User Group Provider defined above that will be used to access
214 |             users and groups for use in the managed access policies.
215 | 
216 |         - Authorizations File - The file where the FileAccessPolicyProvider will store policies.
217 | 
218 |         - Initial Admin Identity - The identity of an initial admin user that will be granted access to the UI and
219 |             given the ability to create additional users, groups, and policies. The value of this property could be
220 |             a DN when using certificates or LDAP. This property will only be used when there
221 |             are no other policies defined.
222 | 
223 |             NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the initial admin identity,
224 |             so the value should be the unmapped identity. This identity must be found in the configured User Group Provider.
225 | 
226 |         - NiFi Identity [unique key] - The identity of a NiFi node that will have access to this NiFi Registry and will be able
227 |             to act as a proxy on behalf of a NiFi Registry end user. A property should be created for the identity of every NiFi
228 |             node that needs to access this NiFi Registry. The name of each property must be unique, for example for three
229 |             NiFi clients:
230 |             "NiFi Identity A", "NiFi Identity B", "NiFi Identity C" or "NiFi Identity 1", "NiFi Identity 2", "NiFi Identity 3"
231 | 
232 |             NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the nifi identities,
233 |             so the values should be the unmapped identities (i.e. full DN from a certificate). This identity must be found
234 |             in the configured User Group Provider.
235 |     -->
236 |     <accessPolicyProvider>
237 |         <identifier>file-access-policy-provider</identifier>
238 |         <class>org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider</class>
239 |         <property name="User Group Provider">file-user-group-provider</property>
240 |         <property name="Authorizations File">./conf/authorizations.xml</property>
241 |         <property name="Initial Admin Identity"><!-- CN=abc, OU=xyz --></property>
242 | 
243 |         <!--<property name="NiFi Identity 1"></property>-->
244 |     </accessPolicyProvider>
245 | 
246 |     <!--
247 |         The StandardManagedAuthorizer. This authorizer implementation must be configured with the
248 |         Access Policy Provider which it will use to access and manage users, groups, and policies.
249 |         These users, groups, and policies will be used to make all access decisions during authorization
250 |         requests.
251 | 
252 |         - Access Policy Provider - The identifier for an Access Policy Provider defined above.
253 |     -->
254 |     <authorizer>
255 |         <identifier>managed-authorizer</identifier>
256 |         <class>org.apache.nifi.registry.security.authorization.StandardManagedAuthorizer</class>
257 |         <property name="Access Policy Provider">file-access-policy-provider</property>
258 |     </authorizer>
259 | 
260 | </authorizers>
261 | 


--------------------------------------------------------------------------------
/conf/0.6.0/authorizers.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 |       http://www.apache.org/licenses/LICENSE-2.0
 10 |   Unless required by applicable law or agreed to in writing, software
 11 |   distributed under the License is distributed on an "AS IS" BASIS,
 12 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   See the License for the specific language governing permissions and
 14 |   limitations under the License.
 15 | -->
 16 | <!--
 17 |     This file lists the userGroupProviders, accessPolicyProviders, and authorizers to use when running securely. In order
 18 |     to use a specific authorizer it must be configured here and its identifier must be specified in the nifi-registry.properties file.
 19 |     If the authorizer is a managedAuthorizer, it may need to be configured with an accessPolicyProvider and an userGroupProvider.
 20 |     This file allows for configuration of them, but they must be configured in order:
 21 | 
 22 |     ...
 23 |     all userGroupProviders
 24 |     all accessPolicyProviders
 25 |     all Authorizers
 26 |     ...
 27 | -->
 28 | <authorizers>
 29 | 
 30 |     <!--
 31 |         The FileUserGroupProvider will provide support for managing users and groups which is backed by a file
 32 |         on the local file system.
 33 | 
 34 |         - Users File - The file where the FileUserGroupProvider will store users and groups.
 35 | 
 36 |         - Initial User Identity [unique key] - The identity of a users and systems to seed the Users File. The name of
 37 |             each property must be unique, for example: "Initial User Identity A", "Initial User Identity B",
 38 |             "Initial User Identity C" or "Initial User Identity 1", "Initial User Identity 2", "Initial User Identity 3"
 39 | 
 40 |             NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the user identities,
 41 |             so the values should be the unmapped identities (i.e. full DN from a certificate).
 42 |     -->
 43 |     <userGroupProvider>
 44 |         <identifier>file-user-group-provider</identifier>
 45 |         <class>org.apache.nifi.registry.security.authorization.file.FileUserGroupProvider</class>
 46 |         <property name="Users File">./conf/users.xml</property>
 47 |         <property name="Initial User Identity 1"><!--CN=abc, OU=xyz--></property>
 48 |     </userGroupProvider>
 49 | 
 50 |     <!--
 51 |         The LdapUserGroupProvider will retrieve users and groups from an LDAP server. The users and groups
 52 |         are not configurable.
 53 | 
 54 |         'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible
 55 |             values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
 56 | 
 57 |         'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users.
 58 |         'Manager Password' - The password of the manager that is used to bind to the LDAP server to
 59 |             search for users.
 60 | 
 61 |         'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.
 62 |         'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP
 63 |             using LDAPS or START_TLS.
 64 |         'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using
 65 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 66 |         'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.
 67 |         'TLS - Truststore Password' - Password for the Truststore that is used when connecting to
 68 |             LDAP using LDAPS or START_TLS.
 69 |         'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using
 70 |             LDAPS or START_TLS (i.e. JKS or PKCS12).
 71 |         'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
 72 |             Possible values are REQUIRED, WANT, NONE.
 73 |         'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS,
 74 |             TLSv1.1, TLSv1.2, etc).
 75 |         'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully
 76 |             before the target context is closed. Defaults to false.
 77 | 
 78 |         'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.
 79 |         'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs).
 80 |         'Read Timeout' - Duration of read timeout. (i.e. 10 secs).
 81 | 
 82 |         'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>).
 83 |         'Page Size' - Sets the page size when retrieving users and groups. If not specified, no paging is performed.
 84 |         'Sync Interval' - Duration of time between syncing users and groups. (i.e. 30 mins).
 85 |         'Group Membership - Enforce Case Sensitivity' - Sets whether group membership decisions are case sensitive. When a user or group
 86 |             is inferred (by not specifying or user or group search base or user identity attribute or group name attribute) case sensitivity
 87 |             is enforced since the value to use for the user identity or group name would be ambiguous. Defaults to false.
 88 | 
 89 |         'User Search Base' - Base DN for searching for users (i.e. ou=users,o=nifi). Required to search users.
 90 |         'User Object Class' - Object class for identifying users (i.e. person). Required if searching users.
 91 |         'User Search Scope' - Search scope for searching users (ONE_LEVEL, OBJECT, or SUBTREE). Required if searching users.
 92 |         'User Search Filter' - Filter for searching for users against the 'User Search Base' (i.e. (memberof=cn=team1,ou=groups,o=nifi) ). Optional.
 93 |         'User Identity Attribute' - Attribute to use to extract user identity (i.e. cn). Optional. If not set, the entire DN is used.
 94 |         'User Group Name Attribute' - Attribute to use to define group membership (i.e. memberof). Optional. If not set
 95 |             group membership will not be calculated through the users. Will rely on group membership being defined
 96 |             through 'Group Member Attribute' if set. The value of this property is the name of the attribute in the user ldap entry that
 97 |             associates them with a group. The value of that user attribute could be a dn or group name for instance. What value is expected
 98 |             is configured in the 'User Group Name Attribute - Referenced Group Attribute'.
 99 |         'User Group Name Attribute - Referenced Group Attribute' - If blank, the value of the attribute defined in 'User Group Name Attribute'
100 |             is expected to be the full dn of the group. If not blank, this property will define the attribute of the group ldap entry that
101 |             the value of the attribute defined in 'User Group Name Attribute' is referencing (i.e. name). Use of this property requires that
102 |             'Group Search Base' is also configured.
103 | 
104 |         'Group Search Base' - Base DN for searching for groups (i.e. ou=groups,o=nifi). Required to search groups.
105 |         'Group Object Class' - Object class for identifying groups (i.e. groupOfNames). Required if searching groups.
106 |         'Group Search Scope' - Search scope for searching groups (ONE_LEVEL, OBJECT, or SUBTREE). Required if searching groups.
107 |         'Group Search Filter' - Filter for searching for groups against the 'Group Search Base'. Optional.
108 |         'Group Name Attribute' - Attribute to use to extract group name (i.e. cn). Optional. If not set, the entire DN is used.
109 |         'Group Member Attribute' - Attribute to use to define group membership (i.e. member). Optional. If not set
110 |             group membership will not be calculated through the groups. Will rely on group membership being defined
111 |             through 'User Group Name Attribute' if set. The value of this property is the name of the attribute in the group ldap entry that
112 |             associates them with a user. The value of that group attribute could be a dn or memberUid for instance. What value is expected
113 |             is configured in the 'Group Member Attribute - Referenced User Attribute'. (i.e. member: cn=User 1,ou=users,o=nifi-registry vs. memberUid: user1)
114 |         'Group Member Attribute - Referenced User Attribute' - If blank, the value of the attribute defined in 'Group Member Attribute'
115 |             is expected to be the full dn of the user. If not blank, this property will define the attribute of the user ldap entry that
116 |             the value of the attribute defined in 'Group Member Attribute' is referencing (i.e. uid). Use of this property requires that
117 |             'User Search Base' is also configured. (i.e. member: cn=User 1,ou=users,o=nifi-registry vs. memberUid: user1)
118 | 
119 |         NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the user identities.
120 |             Group names are not mapped.
121 |     -->
122 |     <!-- To enable the ldap-user-group-provider remove 2 lines. This is 1 of 2.
123 |     <userGroupProvider>
124 |         <identifier>ldap-user-group-provider</identifier>
125 |         <class>org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider</class>
126 |         <property name="Authentication Strategy">START_TLS</property>
127 | 
128 |         <property name="Manager DN"></property>
129 |         <property name="Manager Password"></property>
130 | 
131 |         <property name="TLS - Keystore"></property>
132 |         <property name="TLS - Keystore Password"></property>
133 |         <property name="TLS - Keystore Type"></property>
134 |         <property name="TLS - Truststore"></property>
135 |         <property name="TLS - Truststore Password"></property>
136 |         <property name="TLS - Truststore Type"></property>
137 |         <property name="TLS - Client Auth"></property>
138 |         <property name="TLS - Protocol"></property>
139 |         <property name="TLS - Shutdown Gracefully"></property>
140 | 
141 |         <property name="Referral Strategy">FOLLOW</property>
142 |         <property name="Connect Timeout">10 secs</property>
143 |         <property name="Read Timeout">10 secs</property>
144 | 
145 |         <property name="Url"></property>
146 |         <property name="Page Size"></property>
147 |         <property name="Sync Interval">30 mins</property>
148 |         <property name="Group Membership - Enforce Case Sensitivity">false</property>
149 | 
150 |         <property name="User Search Base"></property>
151 |         <property name="User Object Class">person</property>
152 |         <property name="User Search Scope">ONE_LEVEL</property>
153 |         <property name="User Search Filter"></property>
154 |         <property name="User Identity Attribute"></property>
155 |         <property name="User Group Name Attribute"></property>
156 |         <property name="User Group Name Attribute - Referenced Group Attribute"></property>
157 | 
158 |         <property name="Group Search Base"></property>
159 |         <property name="Group Object Class">group</property>
160 |         <property name="Group Search Scope">ONE_LEVEL</property>
161 |         <property name="Group Search Filter"></property>
162 |         <property name="Group Name Attribute"></property>
163 |         <property name="Group Member Attribute"></property>
164 |         <property name="Group Member Attribute - Referenced User Attribute"></property>
165 |     </userGroupProvider>
166 |     To enable the ldap-user-group-provider remove 2 lines. This is 2 of 2. -->
167 | 
168 |     <!--
169 |         The ShellUserGroupProvider provides support for retrieving users and groups by way of shell commands
170 |         on systems that support `sh`.  Implementations available for Linux and Mac OS, and are selected by the
171 |         provider based on the system property `os.name`.
172 | 
173 |         'Refresh Delay' - duration to wait between subsequent refreshes.  Default is '5 mins'.
174 |         'Exclude Groups' - regular expression used to exclude groups.  Default is '', which means no groups are excluded.
175 |         'Exclude Users' - regular expression used to exclude users.  Default is '', which means no users are excluded.
176 |         'Command Timeout' - amount of time to wait while executing a command before timing out
177 |     -->
178 |     <!-- To enable the shell-user-group-provider remove 2 lines. This is 1 of 2.
179 |     <userGroupProvider>
180 |         <identifier>shell-user-group-provider</identifier>
181 |         <class>org.apache.nifi.registry.security.authorization.shell.ShellUserGroupProvider</class>
182 |         <property name="Refresh Delay">5 mins</property>
183 |         <property name="Exclude Groups"></property>
184 |         <property name="Exclude Users"></property>
185 |         <property name="Command Timeout">60 seconds</property>
186 |     </userGroupProvider>
187 |     To enable the shell-user-group-provider remove 2 lines. This is 2 of 2. -->
188 | 
189 |     <!--
190 |         The CompositeUserGroupProvider will provide support for retrieving users and groups from multiple sources.
191 | 
192 |         - User Group Provider [unique key] - The identifier of user group providers to load from. The name of
193 |             each property must be unique, for example: "User Group Provider A", "User Group Provider B",
194 |             "User Group Provider C" or "User Group Provider 1", "User Group Provider 2", "User Group Provider 3"
195 | 
196 |             NOTE: Any identity mapping rules specified in nifi-registry.properties are not applied in this implementation. This
197 |             behavior would need to be applied by the base implementation.
198 |     -->
199 |     <!-- To enable the composite-user-group-provider remove 2 lines. This is 1 of 2.
200 |     <userGroupProvider>
201 |         <identifier>composite-user-group-provider</identifier>
202 |         <class>org.apache.nifi.registry.security.authorization.CompositeUserGroupProvider</class>
203 |         <property name="User Group Provider 1"></property>
204 |     </userGroupProvider>
205 |     To enable the composite-user-group-provider remove 2 lines. This is 2 of 2. -->
206 | 
207 |     <!--
208 |         The CompositeConfigurableUserGroupProvider will provide support for retrieving users and groups from multiple sources.
209 |         Additionally, a single configurable user group provider is required. Users from the configurable user group provider
210 |         are configurable, however users loaded from one of the User Group Provider [unique key] will not be.
211 | 
212 |         - Configurable User Group Provider - A configurable user group provider.
213 | 
214 |         - User Group Provider [unique key] - The identifier of user group providers to load from. The name of
215 |             each property must be unique, for example: "User Group Provider A", "User Group Provider B",
216 |             "User Group Provider C" or "User Group Provider 1", "User Group Provider 2", "User Group Provider 3"
217 | 
218 |             NOTE: Any identity mapping rules specified in nifi-registry.properties are not applied in this implementation. This
219 |             behavior would need to be applied by the base implementation.
220 |     -->
221 |     <!-- To enable the composite-configurable-user-group-provider remove 2 lines. This is 1 of 2.
222 |     <userGroupProvider>
223 |         <identifier>composite-configurable-user-group-provider</identifier>
224 |         <class>org.apache.nifi.registry.security.authorization.CompositeConfigurableUserGroupProvider</class>
225 |         <property name="Configurable User Group Provider">file-user-group-provider</property>
226 |         <property name="User Group Provider 1"></property>
227 |     </userGroupProvider>
228 |     To enable the composite-configurable-user-group-provider remove 2 lines. This is 2 of 2. -->
229 | 
230 |     <!--
231 |         The FileAccessPolicyProvider will provide support for managing access policies which is backed by a file
232 |         on the local file system.
233 | 
234 |         - User Group Provider - The identifier for an User Group Provider defined above that will be used to access
235 |             users and groups for use in the managed access policies.
236 | 
237 |         - Authorizations File - The file where the FileAccessPolicyProvider will store policies.
238 | 
239 |         - Initial Admin Identity - The identity of an initial admin user that will be granted access to the UI and
240 |             given the ability to create additional users, groups, and policies. The value of this property could be
241 |             a DN when using certificates or LDAP. This property will only be used when there
242 |             are no other policies defined.
243 | 
244 |             NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the initial admin identity,
245 |             so the value should be the unmapped identity. This identity must be found in the configured User Group Provider.
246 | 
247 |         - NiFi Identity [unique key] - The identity of a NiFi node that will have access to this NiFi Registry and will be able
248 |             to act as a proxy on behalf of a NiFi Registry end user. A property should be created for the identity of every NiFi
249 |             node that needs to access this NiFi Registry. The name of each property must be unique, for example for three
250 |             NiFi clients:
251 |             "NiFi Identity A", "NiFi Identity B", "NiFi Identity C" or "NiFi Identity 1", "NiFi Identity 2", "NiFi Identity 3"
252 | 
253 |             NOTE: Any identity mapping rules specified in nifi-registry.properties will also be applied to the nifi identities,
254 |             so the values should be the unmapped identities (i.e. full DN from a certificate). This identity must be found
255 |             in the configured User Group Provider.
256 |         - NiFi Group Name: The name of the group, whose members are NiFi instance/node identities,
257 |             that will have access to this NiFi Registry and will be able to act as a proxy on behalf of a NiFi Registry end user.
258 |             The members of this group will be granted permission to proxy user requests, as well as read any bucket to perform synchronization checks.
259 |     -->
260 |     <accessPolicyProvider>
261 |         <identifier>file-access-policy-provider</identifier>
262 |         <class>org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider</class>
263 |         <property name="User Group Provider">file-user-group-provider</property>
264 |         <property name="Authorizations File">./conf/authorizations.xml</property>
265 |         <property name="Initial Admin Identity"><!-- CN=abc, OU=xyz --></property>
266 |         <property name="NiFi Group Name"></property>
267 | 
268 |         <!--<property name="NiFi Identity 1"></property>-->
269 |     </accessPolicyProvider>
270 | 
271 |     <!--
272 |         The StandardManagedAuthorizer. This authorizer implementation must be configured with the
273 |         Access Policy Provider which it will use to access and manage users, groups, and policies.
274 |         These users, groups, and policies will be used to make all access decisions during authorization
275 |         requests.
276 | 
277 |         - Access Policy Provider - The identifier for an Access Policy Provider defined above.
278 |     -->
279 |     <authorizer>
280 |         <identifier>managed-authorizer</identifier>
281 |         <class>org.apache.nifi.registry.security.authorization.StandardManagedAuthorizer</class>
282 |         <property name="Access Policy Provider">file-access-policy-provider</property>
283 |     </authorizer>
284 | 
285 | </authorizers>
286 | 


--------------------------------------------------------------------------------