feat: initial CI scaffolding and processors (#1)

Add initial processors and release please scaffolding

.github/workflows/checks.yaml

@@ -0,0 +1,59 @@
+name: "Checks"
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  merge_group:
+    branches:
+      - main
+    types:
+      - checks_requested
+
+permissions:
+  contents: read
+
+jobs:
+  pr:
+    name: Validate PR title
+    if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name)
+    runs-on: ubuntu-22.04
+    permissions:
+      pull-requests: read
+    steps:
+      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  mavenverify:
+    runs-on: ubuntu-latest
+    if: always()
+    needs:
+      - pr
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Set up JDK
+        uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
+        with:
+          java-version: "21"
+          distribution: "temurin"
+          server-id: github
+      - name: Maven Verify
+        run: |
+          mvn --batch-mode clean install -DskipTests -s settings.xml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+  ci:
+    needs:
+      - mavenverify
+      - pr
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - if: contains(needs.*.result, 'failure')
+        run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1

.github/workflows/release.yaml

@@ -0,0 +1,42 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
+        with:
+          app-id: "${{ secrets.APP_ID }}"
+          private-key: "${{ secrets.AUTOMATION_KEY }}"
+      - uses: google-github-actions/release-please-action@v4
+        with:
+          token: "${{ steps.generate_token.outputs.token }}"
+          config-file: release-please.json
+          manifest-file: .release-please-manifest.json
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Set up JDK
+        uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
+        with:
+          java-version: "21"
+          distribution: "temurin"
+          server-id: github
+      - name: Publish package
+        run: mvn --batch-mode deploy -s settings.xml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.gitignore

@@ -0,0 +1,2 @@
+/.idea/
+/**/target/

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.0.0"
+}

CODEOWNERS

@@ -0,0 +1,8 @@
+# CODEOWNERS
+
+* @opentdf/nifi @opentdf/architecture
+
+## High Security Area
+
+CODEOWNERS     @opentdf/architecture @opentdf/security
+LICENSE        @opentdf/architecture

LICENSE

@@ -0,0 +1,19 @@
+# The Clear BSD License
+
+Copyright 2023 Virtru Corporation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted (subject to the limitations in the disclaimer below)
+provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+* Neither the name of Virtru Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without
+  specific prior written permission.
+NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE

Makefile

@@ -0,0 +1,17 @@
+
+.PHONY: compose-package
+compose-package: nar-build
+	@echo "package for docker compose"
+	rm -rf deploy/extensions/*.nar
+	cp nifi-tdf-nar/target/*.nar deploy/extensions
+	cp nifi-tdf-controller-services-api-nar/target/*.nar deploy/extensions
+
+.PHONY: truststore-create
+truststore-create:
+	@echo "Build Truststore from *.crt in ./deploy/truststore"
+	cd ./deploy && ./build_truststore.sh
+
+.PHONY: nar-build
+nar-build:
+	@echo "Build NARs"
+	mvn clean package -s settings.xml

README.md

@@ -1,2 +1,20 @@
-# nifi
-OpenTDF NiFi Processors
+# OpenTDF NiFi
+Integration of the [OpenTDF Platform](https://github.com/opentdf/platform) into [NiFi](https://nifi.apache.org/)
+
+Components:
+* ConvertToTDF: A NiFi processor that converts FlowFile content to TDF format 
+* ConvertFromTDF: A NiFi processor that converts TDF formatted FlowFile content to it's plaintext representation
+* OpenTDFControllerService: A NiFi controller service providing OpenTDF Platform Configuration
+
+
+# Quick Start - Docker Compose
+
+1. Build the NiFi Archives (NARs) and place in the docker compose mounted volumes
+    ```shell
+    make compose-package
+    ```
+1. Start docker compose
+    ```shell
+    docker compose up
+    ```
+1. [Log into NiFi](http://localhost:18080/nifi)

deploy/build_truststore.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+TRUSTSTORE_PASSWORD=password
+
+certDir="$(pwd)/truststore"
+
+echo "import certs from $certDir"
+
+for filename in $certDir/*.crt; do
+  echo "import $filename into truststore"
+  filelocal=$(basename ${filename})
+  docker run -v $(pwd)/truststore:/keys  \
+      openjdk:latest keytool \
+      -import -trustcacerts \
+      -alias $filelocal \
+      -file keys/$filelocal \
+      -destkeystore keys/ca.jks \
+      -noprompt \
+      -deststorepass "$TRUSTSTORE_PASSWORD"
+done
+

docker-compose.yaml

@@ -0,0 +1,17 @@
+version: '3'
+services:
+  opentdf-nifi:
+    image: ghcr.io/ttschampel/nifi/nifi-1.25.0-jre17:latest
+    restart: always
+    ulimits:
+      nofile:
+        soft: 2048
+        hard: 4096
+    environment:
+      - NIFI_WEB_HTTP_PORT=8080
+    volumes:
+      - ./deploy/extensions:/opt/nifi/nifi-current/extensions #mount custom NARs
+      - ./deploy/truststore:/opt/nifi/nifi-current/truststore # mounts truststore
+      - ./deploy/custom-libs:/opt/nifi/nifi-current/custom-libs #mount additional libs
+    ports:
+      - 18080:8080/tcp

nifi-tdf-controller-services-api-nar/pom.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>io.opentdf.nifi</groupId>
+        <artifactId>nifi-pom</artifactId>
+        <version>0.1.0-SNAPSHOT</version><!-- {x-version-update:nifi:current} -->
+    </parent>
+    <artifactId>nifi-tdf-controller-services-nar</artifactId>
+    <name>nifi-tdf-controller-services-nar</name>
+    <description>NiFi TDF Controller Service NAR Archive</description>
+    <properties>
+        <source.skip>true</source.skip>
+    </properties>
+    <packaging>nar</packaging>
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>nifi-tdf-controller-services-api</artifactId>
+            <version>0.1.0-SNAPSHOT</version><!-- {x-version-update:nifi:current} -->
+        </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-ssl-context-service-nar</artifactId>
+            <version>${nifi.version}</version>
+            <type>nar</type>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.nifi</groupId>
+                <artifactId>nifi-nar-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

nifi-tdf-controller-services-api/pom.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>io.opentdf.nifi</groupId>
+        <artifactId>nifi-pom</artifactId>
+        <version>0.1.0-SNAPSHOT</version><!-- {x-version-update:nifi:current} -->
+    </parent>
+    <artifactId>nifi-tdf-controller-services-api</artifactId>
+    <name>nifi-tdf-controller-services-api</name>
+    <description>TDF NiFi Controller Service API</description>
+    <packaging>jar</packaging>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-utils</artifactId>
+        </dependency>
+    </dependencies>
+</project>

nifi-tdf-controller-services-api/src/main/java/io/opentdf/nifi/Config.java

@@ -0,0 +1,53 @@
+package io.opentdf.nifi;
+
+
+public class Config {
+
+    private boolean usePlainText;
+    private String platformEndpoint;
+    private String clientId;
+    private String clientSecret;
+
+    public Config(String platformEndpoint, String clientId, String clientSecret) {
+        this();
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+        this.usePlainText = false;
+    }
+
+    public Config() {
+        this.usePlainText = false;
+    }
+
+    public boolean isUsePlainText() {
+        return usePlainText;
+    }
+
+    public void setUsePlainText(boolean usePlainText) {
+        this.usePlainText = usePlainText;
+    }
+
+    public String getPlatformEndpoint() {
+        return platformEndpoint;
+    }
+
+    public void setPlatformEndpoint(String platformEndpoint) {
+        this.platformEndpoint = platformEndpoint;
+    }
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+}

nifi-tdf-controller-services-api/src/main/java/io/opentdf/nifi/OpenTDFControllerService.java

@@ -0,0 +1,18 @@
+package io.opentdf.nifi;
+
+import org.apache.nifi.annotation.documentation.CapabilityDescription;
+import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.controller.ControllerService;
+import org.apache.nifi.processor.exception.ProcessException;
+
+@Tags({"TDF","OpenTDF", "Configuration"})
+@CapabilityDescription("Provides A Configuration Service for the OpenTDF SDK")
+public interface OpenTDFControllerService extends ControllerService {
+
+    /**
+     * Get Configuration
+     * @return
+     * @throws ProcessException
+     */
+    public Config getConfig() throws ProcessException;
+}

nifi-tdf-nar/pom.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>io.opentdf.nifi</groupId>
+        <artifactId>nifi-pom</artifactId>
+        <version>0.1.0-SNAPSHOT</version><!-- {x-version-update:nifi:current} -->
+    </parent>
+    <artifactId>nifi-tdf-nar</artifactId>
+    <name>nifi-tdf-nar</name>
+    <description>NiFi TDF Processor NAR Archive</description>
+    <properties>
+        <source.skip>true</source.skip>
+    </properties>
+    <packaging>nar</packaging>
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>nifi-tdf-processors</artifactId>
+            <version>0.1.0-SNAPSHOT</version><!-- {x-version-update:nifi:current} -->
+        </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-ssl-context-service-nar</artifactId>
+            <version>${nifi.version}</version>
+            <type>nar</type>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.nifi</groupId>
+                <artifactId>nifi-nar-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>