Merge branch 'main' into feat/airflow-3-opa

Author: razvan

.github/workflows/build_kafka-testing-tools.yaml

@@ -13,7 +13,7 @@ on:
     paths:
       # To check dependencies, run this ( you will need to consider transitive dependencies)
       # bake --product PRODUCT -d | grep -v 'docker buildx bake' | jq '.target | keys[]'
-      - kcat/**
+      - kafka/kcat/**
       - kafka-testing-tools/**
       - vector/**
       - stackable-base/**

.github/workflows/build_kafka.yaml

@@ -13,7 +13,6 @@ on:
     paths:
       # To check dependencies, run this ( you will need to consider transitive dependencies)
       # bake --product PRODUCT -d | grep -v 'docker buildx bake' | jq '.target | keys[]'
-      - kcat/**
       - kafka/**
       - kafka-testing-tools/**
       - vector/**

.github/workflows/build_kcat.yaml

@@ -56,8 +56,10 @@ for BUILD_WORKFLOW_FILE in .github/workflows/build_*.yaml; do
 done
 # This needs to add the remaning empty columns of the last row in the table
 # This is a hack to fix the status quo and make markdownlint happy.
-echo -n "| | | |" >> "$BADGES_TMP"
-echo >> "$BADGES_TMP"
+for _ in $(seq 0 $((COLS - 1))); do
+  echo -n "| " >> "$BADGES_TMP"
+done
+echo "|" >> "$BADGES_TMP"
 echo -n "<!-- end:badges -->" >> "$BADGES_TMP"
 
 # Print the image and link shortcuts. Eg:

.scripts/update_readme_badges.sh

@@ -62,6 +62,8 @@ All notable changes to this project will be documented in this file.
 - vector: Bump to `0.46.1` ([#1098]).
 - spark: update dependencies for 3.5.5 ([#1094])
 - nifi: include NAR SBOMs ([#1119])
+- nifi: update patch allowing to bypass host header validation starting with NiFi 2.4.0 ([#1125]).
+- BREAKING: kcat: Stop building kcat image ([#1124]).
 
 ### Fixed
 
@@ -140,6 +142,8 @@ All notable changes to this project will be documented in this file.
 [#1119]: https://github.com/stackabletech/docker-images/pull/1119
 [#1121]: https://github.com/stackabletech/docker-images/pull/1121
 [#1122]: https://github.com/stackabletech/docker-images/pull/1122
+[#1124]: https://github.com/stackabletech/docker-images/pull/1124
+[#1125]: https://github.com/stackabletech/docker-images/pull/1125
 
 ## [25.3.0] - 2025-03-21
 

CHANGELOG.md

@@ -7,11 +7,11 @@ This repository contains Dockerfiles and scripts to build base images for use wi
 | -: | -: | -: | -: |
 | [![Build Airflow]][build_airflow.yaml] | [![Build Druid]][build_druid.yaml] | [![Build Hadoop]][build_hadoop.yaml] | [![Build HBase]][build_hbase.yaml] |
 | [![Build Hello-World]][build_hello-world.yaml] | [![Build Hive]][build_hive.yaml] | [![Build Java Base]][build_java-base.yaml] | [![Build Java Development]][build_java-devel.yaml] |
-| [![Build Kafka Testing Tools]][build_kafka-testing-tools.yaml] | [![Build Kafka]][build_kafka.yaml] | [![Build kcat]][build_kcat.yaml] | [![Build Krb5]][build_krb5.yaml] |
-| [![Build NiFi]][build_nifi.yaml] | [![Build Omid]][build_omid.yaml] | [![Build OPA]][build_opa.yaml] | [![Build Spark Connect Client]][build_spark-connect-client.yaml] |
-| [![Build Spark K8s]][build_spark-k8s.yaml] | [![Build Stackable Base]][build_stackable-base.yaml] | [![Build Superset]][build_superset.yaml] | [![Build Testing Tools]][build_testing-tools.yaml] |
-| [![Build Tools]][build_tools.yaml] | [![Build Trino CLI]][build_trino-cli.yaml] | [![Build Trino]][build_trino.yaml] | [![Build Vector]][build_vector.yaml] |
-| [![Build ZooKeeper]][build_zookeeper.yaml] | | | |
+| [![Build Kafka Testing Tools]][build_kafka-testing-tools.yaml] | [![Build Kafka]][build_kafka.yaml] | [![Build Krb5]][build_krb5.yaml] | [![Build NiFi]][build_nifi.yaml] |
+| [![Build Omid]][build_omid.yaml] | [![Build OPA]][build_opa.yaml] | [![Build Spark Connect Client]][build_spark-connect-client.yaml] | [![Build Spark K8s]][build_spark-k8s.yaml] |
+| [![Build Stackable Base]][build_stackable-base.yaml] | [![Build Superset]][build_superset.yaml] | [![Build Testing Tools]][build_testing-tools.yaml] | [![Build Tools]][build_tools.yaml] |
+| [![Build Trino CLI]][build_trino-cli.yaml] | [![Build Trino]][build_trino.yaml] | [![Build Vector]][build_vector.yaml] | [![Build ZooKeeper]][build_zookeeper.yaml] |
+| | | | |
 <!-- end:badges -->
 
 ## Prerequisites
@@ -234,8 +234,6 @@ ENTRYPOINT ["/stackable-zookeeper-operator"]
 [build_kafka-testing-tools.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_kafka-testing-tools.yaml
 [Build Kafka]: https://github.com/stackabletech/docker-images/actions/workflows/build_kafka.yaml/badge.svg
 [build_kafka.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_kafka.yaml
-[Build kcat]: https://github.com/stackabletech/docker-images/actions/workflows/build_kcat.yaml/badge.svg
-[build_kcat.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_kcat.yaml
 [Build Krb5]: https://github.com/stackabletech/docker-images/actions/workflows/build_krb5.yaml/badge.svg
 [build_krb5.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_krb5.yaml
 [Build NiFi]: https://github.com/stackabletech/docker-images/actions/workflows/build_nifi.yaml/badge.svg

README.md

@@ -34,9 +34,6 @@ ARG CYCLONEDX_BOM
 ARG UV
 ARG EXTRAS
 
-COPY airflow/stackable/constraints/${PRODUCT}/constraints-python${PYTHON}.txt /tmp/constraints.txt
-COPY --from=opa-auth-manager-builder /tmp/opa-auth-manager/dist/opa_auth_manager-0.1.0-py3-none-any.whl /tmp/
-
 # Airflow "extras" packages are listed here: https://airflow.apache.org/docs/apache-airflow/stable/extra-packages-ref.html
 # They evolve over time and thus belong to the version-specific arguments.
 # The mysql provider is currently excluded.

airflow/Dockerfile

@@ -0,0 +1,48 @@
+From 5eb0363521dbb30e3e47ec8a604f5a5c678bf4fb Mon Sep 17 00:00:00 2001
+From: Benedikt Labrenz <[email protected]>
+Date: Thu, 22 May 2025 14:47:24 +0200
+Subject: disable host port validation if list of allowed hosts only contains
+ '*'
+
+---
+ .../connector/FrameworkServerConnectorFactory.java  | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/connector/FrameworkServerConnectorFactory.java b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/connector/FrameworkServerConnectorFactory.java
+index ec1bee66fb..b58c886f4f 100644
+--- a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/connector/FrameworkServerConnectorFactory.java
++++ b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/connector/FrameworkServerConnectorFactory.java
+@@ -54,6 +54,8 @@ public class FrameworkServerConnectorFactory extends StandardServerConnectorFact
+ 
+     private final String excludeCipherSuites;
+ 
++    private final boolean disableHostPortValidator;
++
+     private final Set<Integer> validPorts;
+ 
+     private SslContextFactory.Server sslContextFactory;
+@@ -72,6 +74,11 @@ public class FrameworkServerConnectorFactory extends StandardServerConnectorFact
+         headerSize = DataUnit.parseDataSize(properties.getWebMaxHeaderSize(), DataUnit.B).intValue();
+         validPorts = getValidPorts(properties);
+ 
++        // Check if the property for allowed hosts has only the wildcard entry and
++        // if so store this in disableHostPortValidator for later use
++        List<String> configuredHostNames = properties.getAllowedHostsAsList();
++        disableHostPortValidator = configuredHostNames.size() == 1 && configuredHostNames.contains("*");
++
+         if (properties.isHTTPSConfigured()) {
+             if (properties.isClientAuthRequiredForRestApi()) {
+                 setNeedClientAuth(true);
+@@ -102,8 +109,10 @@ public class FrameworkServerConnectorFactory extends StandardServerConnectorFact
+         // Add HostHeaderCustomizer to set Host Header for HTTP/2 and HostHeaderHandler
+         httpConfiguration.addCustomizer(new HostHeaderCustomizer());
+ 
+-        final HostPortValidatorCustomizer hostPortValidatorCustomizer = new HostPortValidatorCustomizer(validPorts);
+-        httpConfiguration.addCustomizer(hostPortValidatorCustomizer);
++        if (!disableHostPortValidator) {
++            final HostPortValidatorCustomizer hostPortValidatorCustomizer = new HostPortValidatorCustomizer(validPorts);
++            httpConfiguration.addCustomizer(hostPortValidatorCustomizer);
++        }
+ 
+         return httpConfiguration;
+     }