MINIFICPP-2718 Windows based docker tests

[martinzink]

Thank you for submitting a contribution to Apache NiFi - MiNiFi C++.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

For all changes:

• Is there a JIRA ticket associated with this PR? Is it referenced
  in the commit message?

• Does your PR title start with MINIFICPP-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.

• Has your PR been rebased against the latest commit within the target branch (typically main)?

• Is your initial contribution a single, squashed commit?

For code changes:

• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE file?
• If applicable, have you updated the NOTICE file?

For documentation related changes:

• Have you ensured that format looks appropriate for the output in which it is rendered?

Note:

Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible.

[Copilot]

Pull request overview

This PR updates the MiNiFi C++ Behave-based test framework to support running a subset of Docker-based tests on Windows hosts, while also refactoring the container abstraction and SSL certificate utilities to be more portable.

Changes:

• Introduces Windows container support (Windows container base class, Windows MiNiFi container, Windows Dockerfile) and gates scenarios via a @SUPPORTS_WINDOWS tag.
• Refactors the Behave container layer to distinguish Linux vs. Windows containers and centralizes controller logic via a MinifiController helper.
• Replaces M2Crypto/PyOpenSSL usage in the Behave framework with cryptography and updates dependent test containers accordingly.

Reviewed changes

Copilot reviewed 37 out of 38 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
run_flake8.sh	Updates flake8 exclude list to ignore additional virtualenv directories.
extensions/standard-processors/tests/features/steps/tcp_client_container.py	Switches test container base class to LinuxContainer.
extensions/standard-processors/tests/features/steps/syslog_container.py	Switches test container base class to LinuxContainer.
extensions/standard-processors/tests/features/steps/minifi_controller_steps.py	Routes controller-related steps through a .controller helper object.
extensions/standard-processors/tests/features/steps/diag_slave_container.py	Switches test container base class to LinuxContainer.
extensions/standard-processors/tests/features/replace_text.feature	Marks feature as @SUPPORTS_WINDOWS.
extensions/standard-processors/tests/features/core_functionality.feature	Marks feature as @SUPPORTS_WINDOWS and adjusts some step text/timeouts.
extensions/sql/tests/features/steps/postgress_server_container.py	Switches test container base class to LinuxContainer.
extensions/splunk/tests/features/steps/splunk_container.py	Removes PyOpenSSL usage and uses ssl_utils.dump_cert/dump_key; switches to LinuxContainer.
extensions/opc/tests/features/steps/opc_ua_server_container.py	Switches test container base class to LinuxContainer.
extensions/kafka/tests/features/steps/kafka_server_container.py	Removes PyOpenSSL usage and uses dump_cert/dump_key with DER output; switches to LinuxContainer.
extensions/grafana-loki/tests/features/steps/reverse_proxy_container.py	Switches test container base class to LinuxContainer.
extensions/grafana-loki/tests/features/steps/grafana_loki_container.py	Removes PyOpenSSL usage and uses dump_cert/dump_key; switches to LinuxContainer.
extensions/gcp/tests/features/steps/fake_gcs_server_container.py	Switches test container base class to LinuxContainer.
extensions/elasticsearch/tests/features/steps/opensearch_container.py	Removes PyOpenSSL usage and uses dump_cert/dump_key.
extensions/elasticsearch/tests/features/steps/elasticsearch_container.py	Removes PyOpenSSL usage and uses dump_cert/dump_key.
extensions/elasticsearch/tests/features/steps/elastic_base_container.py	Switches test container base class to LinuxContainer.
extensions/couchbase/tests/features/steps/couchbase_server_container.py	Removes PyOpenSSL usage and updates retry_check(...) decorator invocation style.
extensions/azure/tests/features/steps/azure_server_container.py	Switches test container base class to LinuxContainer.
extensions/aws/tests/features/steps/s3_server_container.py	Switches test container base class to LinuxContainer.
extensions/aws/tests/features/steps/kinesis_server_container.py	Switches test container base class to LinuxContainer.
docker/installed/win.Dockerfile	Adds a Windows Server Core Dockerfile to run MiNiFi installed via MSI.
behave_framework/src/minifi_test_framework/core/ssl_utils.py	Reimplements cert generation/dumping using cryptography.
behave_framework/src/minifi_test_framework/core/minifi_test_context.py	Selects Linux/FHS/Windows MiNiFi container implementations at runtime; introduces protocol typing.
behave_framework/src/minifi_test_framework/core/hooks.py	Skips non-@SUPPORTS_WINDOWS scenarios on Windows; makes teardown tolerant when setup is skipped.
behave_framework/src/minifi_test_framework/containers/nifi_container.py	Switches NiFi container base class to LinuxContainer.
behave_framework/src/minifi_test_framework/containers/minifi_win_container.py	Adds a Windows MiNiFi container implementation.
behave_framework/src/minifi_test_framework/containers/minifi_protocol.py	Adds a typing Protocol for MiNiFi container capabilities.
behave_framework/src/minifi_test_framework/containers/minifi_linux_container.py	Adds a Linux MiNiFi container implementation with controller support and cert provisioning.
behave_framework/src/minifi_test_framework/containers/minifi_fhs_container.py	Adds an FHS-layout MiNiFi container implementation with controller support and cert provisioning.
behave_framework/src/minifi_test_framework/containers/minifi_controller.py	Adds a helper encapsulating minifi-controller CLI interactions.
behave_framework/src/minifi_test_framework/containers/minifi_container.py	Updates cert dumping to use dump_cert/dump_key (legacy container remains in tree).
behave_framework/src/minifi_test_framework/containers/http_proxy_container.py	Switches test container base class to LinuxContainer.
behave_framework/src/minifi_test_framework/containers/container_windows.py	Adds a Windows container base class for test framework containers.
behave_framework/src/minifi_test_framework/containers/container_protocol.py	Adds a typing Protocol for container operations used by steps.
behave_framework/src/minifi_test_framework/containers/container_linux.py	Renames base container class to LinuxContainer and aligns it with the protocol.
behave_framework/pyproject.toml	Bumps framework version and replaces M2Crypto/PyOpenSSL deps with cryptography.
.gitignore	Ignores additional venv directories (venv, behave_venv).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

root_ca_key / root_ca_cert are typed as Any. Since ssl_utils now uses cryptography, these can be typed more precisely (e.g., cryptography.x509.Certificate and an RSAPrivateKey type) to keep static checking useful.

[Copilot]

print(...) is used for container startup logging. Using the existing logging calls (as in LinuxContainer.deploy) would keep test output consistent and easier to control in CI.

Suggested change

	print(f"Creating and starting container '{self.container_name}'...")
	logging.info(f"Creating and starting container '{self.container_name}'...")

[Copilot]

_copy_content_to_container assumes content is a str and unconditionally calls .encode('utf-8'), but File.content is defined as str | bytes. If a Windows container needs to copy binary content (e.g., JKS files/certs), this will fail. Consider accepting bytes | str and only encoding when the input is text.

[Copilot]

This file no longer includes the ASF license header that is present across the rest of the repository. Please restore the standard Apache 2.0 header at the top of the file to maintain licensing compliance.

[Copilot]

x509.OID_CLIENT_AUTH / x509.OID_SERVER_AUTH are not valid identifiers in cryptography.x509 (extended key usage OIDs are exposed via cryptography.x509.oid.ExtendedKeyUsageOID). As written, these calls will raise at runtime when creating certs. Switch to the correct ExtendedKeyUsageOID constants (or pass ObjectIdentifier instances) so certificate generation works.

[Copilot]

The repo’s Behave test virtualenv is created in ./behave_venv (see docker/RunBehaveTests.sh), but flake8 excludes behave-venv (dash). This means flake8 will still traverse the Behave venv by default. Consider excluding behave_venv here (and keep/remove behave-venv depending on what is actually used).

[Copilot]

Downloading and executing the Chocolatey install script with iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) introduces a supply-chain remote code execution risk: if community.chocolatey.org or the connection is compromised, arbitrary code can run during the Docker build with high privileges. To harden this, rely on a trusted, versioned installation source (e.g., a base image or offline package) and/or verify the installer’s integrity via a pinned checksum or signature instead of executing it directly from the remote URL.