NIFI-4199: Consistent proxy support across components

- Added ProxyConfigurationService to manage centralized proxy
configurations
- Adopt ProxyConfigurationService at FTP and HTTP processors

Author: ijokarumawak

nifi-assembly/pom.xml

@@ -703,6 +703,12 @@ language governing permissions and limitations under the License. -->
             <version>1.7.0-SNAPSHOT</version>
             <type>nar</type>
         </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-proxy-configuration-nar</artifactId>
+            <version>1.7.0-SNAPSHOT</version>
+            <type>nar</type>
+        </dependency>
     </dependencies>
     <profiles>
         <profile>

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml

@@ -64,6 +64,10 @@
             <groupId>org.apache.nifi</groupId>
             <artifactId>nifi-record-serialization-service-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-proxy-configuration-api</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.apache.nifi</groupId>
             <artifactId>nifi-record</artifactId>

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/FetchFTP.java

@@ -30,6 +30,7 @@
 import org.apache.nifi.processor.ProcessContext;
 import org.apache.nifi.processors.standard.util.FileTransfer;
 import org.apache.nifi.processors.standard.util.FTPTransfer;
+import org.apache.nifi.proxy.ProxyConfigurationService;
 
 // Note that we do not use @SupportsBatching annotation. This processor cannot support batching because it must ensure that session commits happen before remote files are deleted.
 @InputRequirement(Requirement.INPUT_REQUIRED)
@@ -63,6 +64,7 @@ protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
         properties.add(FTPTransfer.USE_COMPRESSION);
         properties.add(FTPTransfer.CONNECTION_MODE);
         properties.add(FTPTransfer.TRANSFER_MODE);
+        properties.add(ProxyConfigurationService.PROXY_CONFIGURATION_SERVICE);
         properties.add(FTPTransfer.PROXY_TYPE);
         properties.add(FTPTransfer.PROXY_HOST);
         properties.add(FTPTransfer.PROXY_PORT);

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetFTP.java

@@ -32,6 +32,7 @@
 import org.apache.nifi.processor.ProcessorInitializationContext;
 import org.apache.nifi.processors.standard.util.FTPTransfer;
 import org.apache.nifi.processors.standard.util.FileTransfer;
+import org.apache.nifi.proxy.ProxyConfigurationService;
 
 @InputRequirement(Requirement.INPUT_FORBIDDEN)
 @Tags({"FTP", "get", "retrieve", "files", "fetch", "remote", "ingest", "source", "input"})
@@ -76,6 +77,7 @@ protected void init(final ProcessorInitializationContext context) {
         properties.add(FTPTransfer.MAX_SELECTS);
         properties.add(FTPTransfer.REMOTE_POLL_BATCH_SIZE);
         properties.add(FTPTransfer.USE_NATURAL_ORDERING);
+        properties.add(ProxyConfigurationService.PROXY_CONFIGURATION_SERVICE);
         properties.add(FTPTransfer.PROXY_TYPE);
         properties.add(FTPTransfer.PROXY_HOST);
         properties.add(FTPTransfer.PROXY_PORT);

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java

@@ -42,7 +42,6 @@
 import javax.net.ssl.SSLContext;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.Header;
-import org.apache.http.HttpHost;
 import org.apache.http.HttpResponse;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
@@ -93,13 +92,18 @@
 import org.apache.nifi.processor.ProcessorInitializationContext;
 import org.apache.nifi.processor.Relationship;
 import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.processors.standard.util.HTTPUtils;
 import org.apache.nifi.security.util.KeyStoreUtils;
 import org.apache.nifi.processor.util.StandardValidators;
 import org.apache.nifi.ssl.SSLContextService;
 import org.apache.nifi.ssl.SSLContextService.ClientAuth;
 import org.apache.nifi.util.StopWatch;
 import org.apache.nifi.util.Tuple;
 
+import static org.apache.nifi.processors.standard.util.HTTPUtils.PROXY_HOST;
+import static org.apache.nifi.processors.standard.util.HTTPUtils.PROXY_PORT;
+import static org.apache.nifi.proxy.ProxyConfigurationService.PROXY_CONFIGURATION_SERVICE;
+
 @Tags({"get", "fetch", "poll", "http", "https", "ingest", "source", "input"})
 @InputRequirement(Requirement.INPUT_FORBIDDEN)
 @CapabilityDescription("Fetches data from an HTTP or HTTPS URL and writes the data to the content of a FlowFile. Once the content has been fetched, the ETag and Last Modified "
@@ -195,18 +199,6 @@ public class GetHTTP extends AbstractSessionFactoryProcessor {
             .required(false)
             .identifiesControllerService(SSLContextService.class)
             .build();
-    public static final PropertyDescriptor PROXY_HOST = new PropertyDescriptor.Builder()
-            .name("Proxy Host")
-            .description("The fully qualified hostname or IP address of the proxy server")
-            .required(false)
-            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
-            .build();
-    public static final PropertyDescriptor PROXY_PORT = new PropertyDescriptor.Builder()
-            .name("Proxy Port")
-            .description("The port of the proxy server")
-            .required(false)
-            .addValidator(StandardValidators.PORT_VALIDATOR)
-            .build();
 
     public static final String DEFAULT_COOKIE_POLICY_STR = "default";
     public static final String STANDARD_COOKIE_POLICY_STR = "standard";
@@ -268,6 +260,7 @@ protected void init(final ProcessorInitializationContext context) {
         properties.add(ACCEPT_CONTENT_TYPE);
         properties.add(FOLLOW_REDIRECTS);
         properties.add(REDIRECT_COOKIE_POLICY);
+        properties.add(PROXY_CONFIGURATION_SERVICE);
         properties.add(PROXY_HOST);
         properties.add(PROXY_PORT);
         this.properties = Collections.unmodifiableList(properties);
@@ -315,13 +308,7 @@ protected Collection<ValidationResult> customValidate(final ValidationContext co
                     .build());
         }
 
-        if (context.getProperty(PROXY_HOST).isSet() && !context.getProperty(PROXY_PORT).isSet()) {
-            results.add(new ValidationResult.Builder()
-                    .explanation("Proxy Host was set but no Proxy Port was specified")
-                    .valid(false)
-                    .subject("Proxy server configuration")
-                    .build());
-        }
+        HTTPUtils.validateProxyProperties(context, results);
 
         return results;
     }
@@ -456,22 +443,18 @@ public void onTrigger(final ProcessContext context, final ProcessSessionFactory
             final String password = context.getProperty(PASSWORD).getValue();
 
             // set the credentials if appropriate
+            final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+            clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
             if (username != null) {
-                final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
                 if (password == null) {
                     credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username));
                 } else {
                     credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
                 }
-                clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
             }
 
             // Set the proxy if specified
-            if (context.getProperty(PROXY_HOST).isSet() && context.getProperty(PROXY_PORT).isSet()) {
-                final String host = context.getProperty(PROXY_HOST).getValue();
-                final int port = context.getProperty(PROXY_PORT).asInteger();
-                clientBuilder.setProxy(new HttpHost(host, port));
-            }
+            HTTPUtils.setProxy(context, clientBuilder, credentialsProvider);
 
             // create request
             final HttpGet get = new HttpGet(url);

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java

@@ -59,6 +59,7 @@
 import org.apache.nifi.processor.util.StandardValidators;
 import org.apache.nifi.processors.standard.util.ProxyAuthenticator;
 import org.apache.nifi.processors.standard.util.SoftLimitBoundedByteArrayOutputStream;
+import org.apache.nifi.proxy.ProxyConfiguration;
 import org.apache.nifi.ssl.SSLContextService;
 import org.apache.nifi.ssl.SSLContextService.ClientAuth;
 import org.apache.nifi.stream.io.StreamUtils;
@@ -79,7 +80,6 @@
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.net.InetSocketAddress;
 import java.net.Proxy;
 import java.net.Proxy.Type;
 import java.net.URL;
@@ -109,6 +109,7 @@
 import java.util.regex.Pattern;
 
 import static org.apache.commons.lang3.StringUtils.trimToEmpty;
+import static org.apache.nifi.proxy.ProxyConfigurationService.PROXY_CONFIGURATION_SERVICE;
 
 @SupportsBatching
 @Tags({"http", "https", "rest", "client"})
@@ -423,6 +424,7 @@ public final class InvokeHTTP extends AbstractProcessor {
             PROP_ATTRIBUTES_TO_SEND,
             PROP_BASIC_AUTH_USERNAME,
             PROP_BASIC_AUTH_PASSWORD,
+            PROXY_CONFIGURATION_SERVICE,
             PROP_PROXY_HOST,
             PROP_PROXY_PORT,
             PROP_PROXY_TYPE,
@@ -565,6 +567,8 @@ protected Collection<ValidationResult> customValidate(final ValidationContext va
             results.add(new ValidationResult.Builder().subject("SSL Context Service").valid(false).explanation("If Proxy Type is HTTPS, SSL Context Service must be set").build());
         }
 
+        ProxyConfiguration.validateProxyType(validationContext, results, Type.HTTP);
+
         return results;
     }
 
@@ -575,14 +579,30 @@ public void setUpClient(final ProcessContext context) throws IOException, Unreco
         OkHttpClient.Builder okHttpClientBuilder = new OkHttpClient().newBuilder();
 
         // Add a proxy if set
-        final String proxyHost = context.getProperty(PROP_PROXY_HOST).evaluateAttributeExpressions().getValue();
-        final Integer proxyPort = context.getProperty(PROP_PROXY_PORT).evaluateAttributeExpressions().asInteger();
-        final String proxyType = context.getProperty(PROP_PROXY_TYPE).evaluateAttributeExpressions().getValue();
-        boolean isHttpsProxy = false;
-        if (proxyHost != null && proxyPort != null) {
-            final Proxy proxy = new Proxy(Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
+        boolean isHttpsProxy = HTTPS.equals(context.getProperty(PROP_PROXY_TYPE).evaluateAttributeExpressions().getValue());
+        final ProxyConfiguration proxyConfig = ProxyConfiguration.getConfiguration(context, () -> {
+            final ProxyConfiguration componentProxyConfig = new ProxyConfiguration();
+            final String proxyHost = context.getProperty(PROP_PROXY_HOST).evaluateAttributeExpressions().getValue();
+            final Integer proxyPort = context.getProperty(PROP_PROXY_PORT).evaluateAttributeExpressions().asInteger();
+            if (proxyHost != null && proxyPort != null) {
+                componentProxyConfig.setProxyType(Type.HTTP);
+                componentProxyConfig.setProxyServerHost(proxyHost);
+                componentProxyConfig.setProxyServerPort(proxyPort);
+                final String proxyUsername = trimToEmpty(context.getProperty(PROP_PROXY_USER).evaluateAttributeExpressions().getValue());
+                final String proxyPassword = context.getProperty(PROP_PROXY_PASSWORD).evaluateAttributeExpressions().getValue();
+                componentProxyConfig.setProxyUserName(proxyUsername);
+                componentProxyConfig.setProxyUserPassword(proxyPassword);
+            }
+            return componentProxyConfig;
+        });
+
+        final Proxy proxy = proxyConfig.createProxy();
+        if (Type.HTTP.equals(proxy.type())) {
             okHttpClientBuilder.proxy(proxy);
-            isHttpsProxy = HTTPS.equals(proxyType);
+            if (proxyConfig.hasCredential()) {
+                ProxyAuthenticator proxyAuthenticator = new ProxyAuthenticator(proxyConfig.getProxyUserName(), proxyConfig.getProxyUserPassword());
+                okHttpClientBuilder.proxyAuthenticator(proxyAuthenticator);
+            }
         }
 
         // configure ETag cache if enabled
@@ -691,7 +711,6 @@ private void setSslSocketFactory(OkHttpClient.Builder okHttpClientBuilder, SSLCo
 
     private void setAuthenticator(OkHttpClient.Builder okHttpClientBuilder, ProcessContext context) {
         final String authUser = trimToEmpty(context.getProperty(PROP_BASIC_AUTH_USERNAME).getValue());
-        final String proxyUsername = trimToEmpty(context.getProperty(PROP_PROXY_USER).evaluateAttributeExpressions().getValue());
 
         // If the username/password properties are set then check if digest auth is being used
         if (!authUser.isEmpty() && "true".equalsIgnoreCase(context.getProperty(PROP_DIGEST_AUTH).getValue())) {
@@ -706,23 +725,8 @@ private void setAuthenticator(OkHttpClient.Builder okHttpClientBuilder, ProcessC
             com.burgstaller.okhttp.digest.Credentials credentials = new com.burgstaller.okhttp.digest.Credentials(authUser, authPass);
             final DigestAuthenticator digestAuthenticator = new DigestAuthenticator(credentials);
 
-            if(!proxyUsername.isEmpty()) {
-                final String proxyPassword = context.getProperty(PROP_PROXY_PASSWORD).evaluateAttributeExpressions().getValue();
-                ProxyAuthenticator proxyAuthenticator = new ProxyAuthenticator(proxyUsername, proxyPassword);
-
-                okHttpClientBuilder.proxyAuthenticator(proxyAuthenticator);
-            }
-
             okHttpClientBuilder.interceptors().add(new AuthenticationCacheInterceptor(authCache));
             okHttpClientBuilder.authenticator(new CachingAuthenticatorDecorator(digestAuthenticator, authCache));
-        } else {
-            // Add proxy authentication only
-            if(!proxyUsername.isEmpty()) {
-                final String proxyPassword = context.getProperty(PROP_PROXY_PASSWORD).evaluateAttributeExpressions().getValue();
-                ProxyAuthenticator proxyAuthenticator = new ProxyAuthenticator(proxyUsername, proxyPassword);
-
-                okHttpClientBuilder.proxyAuthenticator(proxyAuthenticator);
-            }
         }
     }
 

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListFTP.java

@@ -33,6 +33,7 @@
 import org.apache.nifi.processor.ProcessContext;
 import org.apache.nifi.processors.standard.util.FileTransfer;
 import org.apache.nifi.processors.standard.util.FTPTransfer;
+import org.apache.nifi.proxy.ProxyConfigurationService;
 
 @TriggerSerially
 @InputRequirement(Requirement.INPUT_FORBIDDEN)
@@ -79,6 +80,7 @@ protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
         properties.add(FTPTransfer.DATA_TIMEOUT);
         properties.add(FTPTransfer.CONNECTION_MODE);
         properties.add(FTPTransfer.TRANSFER_MODE);
+        properties.add(ProxyConfigurationService.PROXY_CONFIGURATION_SERVICE);
         properties.add(FTPTransfer.PROXY_TYPE);
         properties.add(FTPTransfer.PROXY_HOST);
         properties.add(FTPTransfer.PROXY_PORT);

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PostHTTP.java

@@ -19,7 +19,6 @@
 import org.apache.commons.io.IOUtils;
 import org.apache.http.Header;
 import org.apache.http.HttpException;
-import org.apache.http.HttpHost;
 import org.apache.http.HttpResponse;
 import org.apache.http.HttpResponseInterceptor;
 import org.apache.http.auth.AuthScope;
@@ -75,6 +74,7 @@
 import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.processor.io.InputStreamCallback;
 import org.apache.nifi.processor.util.StandardValidators;
+import org.apache.nifi.processors.standard.util.HTTPUtils;
 import org.apache.nifi.security.util.CertificateUtils;
 import org.apache.nifi.security.util.KeyStoreUtils;
 import org.apache.nifi.ssl.SSLContextService;
@@ -127,6 +127,10 @@
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.regex.Pattern;
 
+import static org.apache.nifi.processors.standard.util.HTTPUtils.PROXY_HOST;
+import static org.apache.nifi.processors.standard.util.HTTPUtils.PROXY_PORT;
+import static org.apache.nifi.proxy.ProxyConfigurationService.PROXY_CONFIGURATION_SERVICE;
+
 @SupportsBatching
 @InputRequirement(Requirement.INPUT_REQUIRED)
 @Tags({"http", "https", "remote", "copy", "archive"})
@@ -243,18 +247,6 @@ public class PostHTTP extends AbstractProcessor {
             .required(false)
             .identifiesControllerService(SSLContextService.class)
             .build();
-    public static final PropertyDescriptor PROXY_HOST = new PropertyDescriptor.Builder()
-            .name("Proxy Host")
-            .description("The fully qualified hostname or IP address of the proxy server")
-            .required(false)
-            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
-            .build();
-    public static final PropertyDescriptor PROXY_PORT = new PropertyDescriptor.Builder()
-            .name("Proxy Port")
-            .description("The port of the proxy server")
-            .required(false)
-            .addValidator(StandardValidators.PORT_VALIDATOR)
-            .build();
     public static final PropertyDescriptor CONTENT_TYPE = new PropertyDescriptor.Builder()
             .name("Content-Type")
             .description("The Content-Type to specify for the content of the FlowFile being POSTed if " + SEND_AS_FLOWFILE.getName() + " is false. "
@@ -302,6 +294,7 @@ protected void init(final ProcessorInitializationContext context) {
         properties.add(DATA_TIMEOUT);
         properties.add(ATTRIBUTES_AS_HEADERS_REGEX);
         properties.add(USER_AGENT);
+        properties.add(PROXY_CONFIGURATION_SERVICE);
         properties.add(PROXY_HOST);
         properties.add(PROXY_PORT);
         properties.add(CONTENT_TYPE);
@@ -328,14 +321,6 @@ protected Collection<ValidationResult> customValidate(final ValidationContext co
                     .valid(false).subject("SSL Context").build());
         }
 
-        if (context.getProperty(PROXY_HOST).isSet() && !context.getProperty(PROXY_PORT).isSet()) {
-            results.add(new ValidationResult.Builder()
-                    .explanation("Proxy Host was set but no Proxy Port was specified")
-                    .valid(false)
-                    .subject("Proxy server configuration")
-                    .build());
-        }
-
         boolean sendAsFlowFile = context.getProperty(SEND_AS_FLOWFILE).asBoolean();
         int compressionLevel = context.getProperty(COMPRESSION_LEVEL).asInteger();
         boolean chunkedSet = context.getProperty(CHUNKED_ENCODING).isSet();
@@ -345,6 +330,8 @@ protected Collection<ValidationResult> customValidate(final ValidationContext co
                     .explanation("if compression level is 0 and not sending as a FlowFile, then the \'" + CHUNKED_ENCODING.getName() + "\' property must be set").build());
         }
 
+        HTTPUtils.validateProxyProperties(context, results);
+
         return results;
     }
 
@@ -535,22 +522,18 @@ public void process(final HttpResponse response, final HttpContext httpContext)
         final String username = context.getProperty(USERNAME).getValue();
         final String password = context.getProperty(PASSWORD).getValue();
         // set the credentials if appropriate
+        final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+        clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
         if (username != null) {
-            final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
             if (password == null) {
                 credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username));
             } else {
                 credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
             }
-            clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
         }
 
         // Set the proxy if specified
-        if (context.getProperty(PROXY_HOST).isSet() && context.getProperty(PROXY_PORT).isSet()) {
-            final String host = context.getProperty(PROXY_HOST).getValue();
-            final int port = context.getProperty(PROXY_PORT).asInteger();
-            clientBuilder.setProxy(new HttpHost(host, port));
-        }
+        HTTPUtils.setProxy(context, clientBuilder, credentialsProvider);
 
         client = clientBuilder.build();