NIFI-5247 nifi-toolkit bash entry points should leverage exec to repl…

…ace bash with the current java process in order to handle signals properly in docker. - Also add bash, openssl, jq to make certificate request operations easier - Move project.version to the build config from the Dockerfile, use target/ folder for the build dependency - Docker integration tests for checking exit codes and tls-toolkit basic server-client interaction This closes #2746.
apache · Jun 1, 2018 · caa71fc · caa71fc
1 parent a1794b1
commit caa71fc
Show file tree

Hide file tree

Showing 15 changed files with 102 additions and 22 deletions.
diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile
@@ -21,7 +21,7 @@ LABEL maintainer="Apache NiFi <dev@nifi.apache.org>"
 
 ARG UID=1000
 ARG GID=1000
-ARG NIFI_TOOLKIT_VERSION=${project.version}
+ARG NIFI_TOOLKIT_VERSION=
 ARG NIFI_TOOLKIT_BINARY=nifi-toolkit-${NIFI_TOOLKIT_VERSION}-bin.tar.gz
 
 ENV NIFI_TOOLKIT_BASE_DIR=/opt/nifi-toolkit
@@ -30,7 +30,9 @@ ENV NIFI_TOOLKIT_HOME=${NIFI_TOOLKIT_BASE_DIR}/nifi-toolkit-${NIFI_TOOLKIT_VERSI
 ADD ./sh/docker-entrypoint.sh /opt/sh/docker-entrypoint.sh
 
 # Fix docker-entrypoint perms as per https://issues.apache.org/jira/browse/MRESOURCES-236 and Setup NiFi user
-RUN chmod +x /opt/sh/docker-entrypoint.sh \
+RUN apk add --update curl bash jq openssl \
+    && rm -rf /var/cache/apk/* \
+    && chmod +x /opt/sh/docker-entrypoint.sh \
     && addgroup -g $GID nifi \
     && adduser -D -s /bin/ash -u $UID -G nifi nifi \
     && mkdir -p ${NIFI_TOOLKIT_BASE_DIR}

diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub
@@ -32,7 +32,7 @@ ADD sh/docker-entrypoint.sh /opt/sh/docker-entrypoint.sh
 
 # Setup NiFi user
 # Download, validate, and expand Apache NiFi Toolkit binary.
-RUN apk add --update curl \
+RUN apk add --update curl bash jq openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g $GID nifi \
     && adduser -D -s /bin/ash -u $UID -G nifi nifi \

diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh b/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh
@@ -36,5 +36,5 @@ if ! [ -f "${toolkit_path}/${program}.sh" ]; then
     print_help ${program}
 else
     shift
-    ${toolkit_path}/${program}.sh "$@"
+    exec ${toolkit_path}/${program}.sh "$@"
 fi
diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -xuo pipefail
+
+VERSION=${1:-}
+IMAGE=apache/nifi-toolkit:${VERSION}
+
+echo "Testing return values on missing input:"
+docker run --rm $IMAGE
+test 0 -eq $? || exit 1
+
+echo "Testing return values on invalid input for all commands:"
+docker run --rm $IMAGE encrypt-config invalid 1>/dev/null 2>&1
+test 2 -eq $? || exit 1
+
+docker run --rm $IMAGE s2s invalid 1>/dev/null 2>&1
+test 0 -eq $? || exit 1
+
+docker run --rm $IMAGE zk-migrator invalid 1>/dev/null 2>&1
+test 0 -eq $? || exit 1
+
+docker run --rm $IMAGE node-manager invalid 1>/dev/null 2>&1
+test 1 -eq $? || exit 1
+
+docker run --rm $IMAGE cli invalid 1>/dev/null 2>&1
+test 255 -eq $? || exit 1
+
+docker run --rm $IMAGE tls-toolkit invalid 1>/dev/null 2>&1
+test 2 -eq $? || exit 1
+
+docker run --rm $IMAGE file-manager invalid 1>/dev/null 2>&1
+test 1 -eq $? || exit 1
+
+docker run --rm $IMAGE flow-analyzer invalid 1>/dev/null 2>&1
+test 1 -eq $? || exit 1
diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -exuo pipefail
+
+VERSION=$1
+IMAGE=apache/nifi-toolkit:${VERSION}
+CONTAINER=nifi-toolkit-$VERSION-tls-toolkit-integration-test
+
+TOKEN=D40F6B95-801F-4800-A1E1-A9FCC712E0BD
+
+trap " { docker rm -f $CONTAINER ; } " EXIT
+
+echo "Starting CA server using the tls-toolkit server command"
+docker run -d --name $CONTAINER $IMAGE tls-toolkit server -t $TOKEN -c $CONTAINER
+
+echo "Requesting client certificate using the tls-toolkit client command"
+docker run --rm --link $CONTAINER $IMAGE tls-toolkit client -t $TOKEN -c $CONTAINER
diff --git a/nifi-toolkit/nifi-toolkit-assembly/pom.xml b/nifi-toolkit/nifi-toolkit-assembly/pom.xml
@@ -28,6 +28,8 @@ language governing permissions and limitations under the License. -->
                     <excludes combine.children="append">
                         <exclude>src/main/resources/conf/config-client.json</exclude>
                         <exclude>src/main/resources/conf/config-server.json</exclude>
+                        <exclude>docker/tests/tls-toolkit.sh</exclude>
+                        <exclude>docker/tests/exit-codes.sh</exclude>
                     </excludes>
                 </configuration>
             </plugin>
@@ -182,13 +184,46 @@ language governing permissions and limitations under the License. -->
                                     <buildArgs>
                                         <UID>1000</UID>
                                         <GID>1000</GID>
+                                        <NIFI_TOOLKIT_VERSION>${project.version}</NIFI_TOOLKIT_VERSION>
                                     </buildArgs>
                                     <repository>apache/nifi-toolkit</repository>
                                     <tag>${project.version}</tag>
                                 </configuration>
                             </execution>
                         </executions>
                     </plugin>
+                    <plugin>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <executions>
+                            <execution>
+                                <id>Docker integration tests - exit codes</id>
+                                <phase>integration-test</phase>
+                                <goals>
+                                    <goal>exec</goal>
+                                </goals>
+                                <configuration>
+                                    <arguments>
+                                        <argument>${project.version}</argument>
+                                    </arguments>
+                                    <executable>${project.basedir}/docker/tests/exit-codes.sh</executable>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>Docker integration tests - tls-toolkit</id>
+                                <phase>integration-test</phase>
+                                <goals>
+                                    <goal>exec</goal>
+                                </goals>
+                                <configuration>
+                                    <arguments>
+                                        <argument>${project.version}</argument>
+                                    </arguments>
+                                    <executable>${project.basedir}/docker/tests/tls-toolkit.sh</executable>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
         </profile>

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh
@@ -111,8 +111,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.cli.CLIMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.cli.CLIMain "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh
@@ -111,8 +111,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh
@@ -110,8 +110,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.filemanager.FileManagerTool "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.filemanager.FileManagerTool "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh
@@ -111,8 +111,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.flowanalyzer.FlowAnalyzerDriver "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.flowanalyzer.FlowAnalyzerDriver "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh
@@ -110,8 +110,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.nodemanager.NodeManagerTool "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.nodemanager.NodeManagerTool "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh
@@ -111,8 +111,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.notify.NotificationTool "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.notify.NotificationTool "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh
@@ -111,8 +111,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.s2s.SiteToSiteCliMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.s2s.SiteToSiteCliMain "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh
@@ -111,8 +111,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.tls.TlsToolkitMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.tls.TlsToolkitMain "$@"
 }
 
 

diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh
@@ -111,8 +111,7 @@ run() {
    export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME"
 
    umask 0077
-   "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.zkmigrator.ZooKeeperMigratorMain "$@"
-   return $?
+   exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.zkmigrator.ZooKeeperMigratorMain "$@"
 }