This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new d2f80b1645 NIFI-11260 Added STS SSL Context Service for AWS
Credentials Provider
d2f80b1645 is described below
commit d2f80b1645c6b6f611130451cd8875ee78dc3b46
Author: Peter Turcsanyi <[email protected]>
AuthorDate: Wed Mar 8 12:30:05 2023 +0100
NIFI-11260 Added STS SSL Context Service for AWS Credentials Provider
This closes #7021
Signed-off-by: David Handermann <[email protected]>
---
.../factory/CredentialPropertyDescriptors.java | 10 +++
.../factory/CredentialsProviderFactory.java | 33 ++++----
.../provider/factory/CredentialsStrategy.java | 15 ++--
.../AbstractBooleanCredentialsStrategy.java | 14 +++-
.../strategies/AbstractCredentialsStrategy.java | 19 +++--
.../AccessKeyPairCredentialsStrategy.java | 15 ++--
.../strategies/AnonymousCredentialsStrategy.java | 8 +-
.../strategies/AssumeRoleCredentialsStrategy.java | 91 ++++++++++++----------
.../ExplicitDefaultCredentialsStrategy.java | 10 +--
.../strategies/FileCredentialsStrategy.java | 10 +--
.../ImplicitDefaultCredentialsStrategy.java | 7 +-
.../NamedProfileCredentialsStrategy.java | 11 ++-
.../AWSCredentialsProviderControllerService.java | 25 +++---
.../factory/TestCredentialsProviderFactory.java | 55 ++++---------
14 files changed, 156 insertions(+), 167 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java
index 6c2fc2b8db..f693e97992 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java
@@ -23,6 +23,7 @@ import org.apache.nifi.components.resource.ResourceType;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.aws.AwsPropertyDescriptors;
+import org.apache.nifi.ssl.SSLContextService;
import software.amazon.awssdk.regions.Region;
import java.util.ArrayList;
@@ -173,6 +174,15 @@ public class CredentialPropertyDescriptors {
.dependsOn(ASSUME_ROLE_ARN)
.build();
+ public static final PropertyDescriptor ASSUME_ROLE_SSL_CONTEXT_SERVICE =
new PropertyDescriptor.Builder()
+ .name("assume-role-ssl-context-service")
+ .displayName("Assume Role SSL Context Service")
+ .description("SSL Context Service used when connecting to the STS
Endpoint.")
+ .identifiesControllerService(SSLContextService.class)
+ .required(false)
+ .dependsOn(ASSUME_ROLE_ARN)
+ .build();
+
/**
* Assume Role Proxy variables for configuring proxy to retrieve keys
*/
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java
index 545f3a283a..e1249693f2 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java
@@ -19,11 +19,10 @@ package
org.apache.nifi.processors.aws.credentials.provider.factory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
-import java.util.Map;
-import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.strategies.ExplicitDefaultCredentialsStrategy;
import
org.apache.nifi.processors.aws.credentials.provider.factory.strategies.AccessKeyPairCredentialsStrategy;
import
org.apache.nifi.processors.aws.credentials.provider.factory.strategies.FileCredentialsStrategy;
@@ -66,20 +65,15 @@ public class CredentialsProviderFactory {
strategies.add(new AssumeRoleCredentialsStrategy());
}
- public CredentialsStrategy selectPrimaryStrategy(final
Map<PropertyDescriptor, String> properties) {
+ public CredentialsStrategy selectPrimaryStrategy(final PropertyContext
propertyContext) {
for (CredentialsStrategy strategy : strategies) {
- if (strategy.canCreatePrimaryCredential(properties)) {
+ if (strategy.canCreatePrimaryCredential(propertyContext)) {
return strategy;
}
}
return null;
}
- public CredentialsStrategy selectPrimaryStrategy(final ValidationContext
validationContext) {
- final Map<PropertyDescriptor, String> properties =
validationContext.getProperties();
- return selectPrimaryStrategy(properties);
- }
-
/**
* Validates AWS credential properties against the configured strategies
to report any validation errors.
* @return Validation errors
@@ -104,15 +98,14 @@ public class CredentialsProviderFactory {
* the factory.
* @return AWSCredentialsProvider implementation
*/
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final CredentialsStrategy primaryStrategy =
selectPrimaryStrategy(properties);
- AWSCredentialsProvider primaryCredentialsProvider =
primaryStrategy.getCredentialsProvider(properties);
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
+ final CredentialsStrategy primaryStrategy =
selectPrimaryStrategy(propertyContext);
+ AWSCredentialsProvider primaryCredentialsProvider =
primaryStrategy.getCredentialsProvider(propertyContext);
AWSCredentialsProvider derivedCredentialsProvider = null;
for (CredentialsStrategy strategy : strategies) {
- if (strategy.canCreateDerivedCredential(properties)) {
- derivedCredentialsProvider =
strategy.getDerivedCredentialsProvider(properties,
- primaryCredentialsProvider);
+ if (strategy.canCreateDerivedCredential(propertyContext)) {
+ derivedCredentialsProvider =
strategy.getDerivedCredentialsProvider(propertyContext,
primaryCredentialsProvider);
break;
}
}
@@ -129,14 +122,14 @@ public class CredentialsProviderFactory {
* the factory.
* @return AwsCredentialsProvider implementation
*/
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final CredentialsStrategy primaryStrategy =
selectPrimaryStrategy(properties);
- final AwsCredentialsProvider primaryCredentialsProvider =
primaryStrategy.getAwsCredentialsProvider(properties);
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
+ final CredentialsStrategy primaryStrategy =
selectPrimaryStrategy(propertyContext);
+ final AwsCredentialsProvider primaryCredentialsProvider =
primaryStrategy.getAwsCredentialsProvider(propertyContext);
AwsCredentialsProvider derivedCredentialsProvider = null;
for (final CredentialsStrategy strategy : strategies) {
- if (strategy.canCreateDerivedCredential(properties)) {
- derivedCredentialsProvider =
strategy.getDerivedAwsCredentialsProvider(properties,
primaryCredentialsProvider);
+ if (strategy.canCreateDerivedCredential(propertyContext)) {
+ derivedCredentialsProvider =
strategy.getDerivedAwsCredentialsProvider(propertyContext,
primaryCredentialsProvider);
break;
}
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java
index 05dc871ca4..718ec7c98c 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java
@@ -17,13 +17,12 @@
package org.apache.nifi.processors.aws.credentials.provider.factory;
import com.amazonaws.auth.AWSCredentialsProvider;
-import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.context.PropertyContext;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.util.Collection;
-import java.util.Map;
/**
@@ -43,13 +42,13 @@ public interface CredentialsStrategy {
* Determines if this strategy can create primary credentials using the
given properties.
* @return true if primary credentials can be created
*/
- boolean canCreatePrimaryCredential(Map<PropertyDescriptor, String>
properties);
+ boolean canCreatePrimaryCredential(PropertyContext propertyContext);
/**
* Determines if this strategy can create derived credentials using the
given properties.
* @return true if derived credentials can be created
*/
- boolean canCreateDerivedCredential(Map<PropertyDescriptor, String>
properties);
+ boolean canCreateDerivedCredential(PropertyContext propertyContext);
/**
* Validates the properties belonging to this strategy, given the selected
primary strategy. Errors may result
@@ -63,25 +62,25 @@ public interface CredentialsStrategy {
/**
* Creates an AWSCredentialsProvider instance for this strategy, given the
properties defined by the user.
*/
- AWSCredentialsProvider getCredentialsProvider(Map<PropertyDescriptor,
String> properties);
+ AWSCredentialsProvider getCredentialsProvider(PropertyContext
propertyContext);
/**
* Creates an AWSCredentialsProvider instance for this strategy, given the
properties defined by the user and
* the AWSCredentialsProvider from the winning primary strategy.
*/
- AWSCredentialsProvider
getDerivedCredentialsProvider(Map<PropertyDescriptor, String> properties,
+ AWSCredentialsProvider getDerivedCredentialsProvider(PropertyContext
propertyContext,
AWSCredentialsProvider primaryCredentialsProvider);
/**
* Creates an AwsCredentialsProvider instance for this strategy, given the
properties defined by the user.
*/
- AwsCredentialsProvider getAwsCredentialsProvider(Map<PropertyDescriptor,
String> properties);
+ AwsCredentialsProvider getAwsCredentialsProvider(PropertyContext
propertyContext);
/**
* Creates an AwsCredentialsProvider instance for this strategy, given the
properties defined by the user and
* the AwsCredentialsProvider from the winning primary strategy.
*/
- AwsCredentialsProvider
getDerivedAwsCredentialsProvider(Map<PropertyDescriptor, String> properties,
+ AwsCredentialsProvider getDerivedAwsCredentialsProvider(PropertyContext
propertyContext,
AwsCredentialsProvider primaryCredentialsProvider);
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java
index 4079d5a364..17edf38127 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java
@@ -18,11 +18,12 @@ package
org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
@@ -42,8 +43,15 @@ public abstract class AbstractBooleanCredentialsStrategy
extends AbstractCredent
}
@Override
- public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor,
String> properties) {
- final String useStrategyString = properties.get(strategyProperty);
+ public boolean canCreatePrimaryCredential(final PropertyContext
propertyContext) {
+ PropertyValue strategyPropertyValue =
propertyContext.getProperty(strategyProperty);
+ if (strategyPropertyValue == null) {
+ return false;
+ }
+ if (strategyProperty.isExpressionLanguageSupported()) {
+ strategyPropertyValue =
strategyPropertyValue.evaluateAttributeExpressions();
+ }
+ final String useStrategyString = strategyPropertyValue.getValue();
final Boolean useStrategy = Boolean.parseBoolean(useStrategyString);
return useStrategy;
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java
index 5940bf28f2..f5ed8ab551 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java
@@ -18,11 +18,12 @@ package
org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
import com.amazonaws.auth.AWSCredentialsProvider;
@@ -42,12 +43,10 @@ public abstract class AbstractCredentialsStrategy
implements CredentialsStrategy
}
@Override
- public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor,
String> properties) {
+ public boolean canCreatePrimaryCredential(final PropertyContext
propertyContext) {
for (final PropertyDescriptor requiredProperty : requiredProperties) {
- final boolean containsRequiredProperty =
properties.containsKey(requiredProperty);
- final String propertyValue = properties.get(requiredProperty);
- final boolean containsValue = propertyValue != null;
- if (!containsRequiredProperty || !containsValue) {
+ final PropertyValue propertyValue =
propertyContext.getProperty(requiredProperty);
+ if (!propertyValue.isSet()) {
return false;
}
}
@@ -81,7 +80,7 @@ public abstract class AbstractCredentialsStrategy implements
CredentialsStrategy
return validationFailureResults;
}
- public abstract AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties);
+ public abstract AWSCredentialsProvider getCredentialsProvider(final
PropertyContext propertyContext);
public String getName() {
return name;
@@ -89,18 +88,18 @@ public abstract class AbstractCredentialsStrategy
implements CredentialsStrategy
@Override
- public boolean canCreateDerivedCredential(final Map<PropertyDescriptor,
String> properties) {
+ public boolean canCreateDerivedCredential(final PropertyContext
propertyContext) {
return false;
}
@Override
- public AWSCredentialsProvider getDerivedCredentialsProvider(final
Map<PropertyDescriptor, String> properties,
+ public AWSCredentialsProvider getDerivedCredentialsProvider(final
PropertyContext propertyContext,
final
AWSCredentialsProvider primaryCredentialsProvider) {
return null;
}
@Override
- public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties,
+ public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final
PropertyContext propertyContext,
final
AwsCredentialsProvider primaryCredentialsProvider) {
return null;
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java
index 16251dae5b..142d10c76f 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java
@@ -20,12 +20,11 @@ import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.internal.StaticCredentialsProvider;
import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
-import java.util.Map;
-
/**
* Supports AWS credentials defined by an Access Key and Secret Key pair.
@@ -43,17 +42,17 @@ public class AccessKeyPairCredentialsStrategy extends
AbstractCredentialsStrateg
}
@Override
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final String accessKey =
properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
- final String secretKey =
properties.get(CredentialPropertyDescriptors.SECRET_KEY);
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
+ final String accessKey =
propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue();
+ final String secretKey =
propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue();
final BasicAWSCredentials credentials = new
BasicAWSCredentials(accessKey, secretKey);
return new StaticCredentialsProvider(credentials);
}
@Override
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final String accessKey =
properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
- final String secretKey =
properties.get(CredentialPropertyDescriptors.SECRET_KEY);
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
+ final String accessKey =
propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue();
+ final String secretKey =
propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue();
return
software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey,
secretKey));
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java
index 416163d0ce..fef0ad61cc 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java
@@ -19,13 +19,11 @@ package
org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AnonymousAWSCredentials;
import com.amazonaws.internal.StaticCredentialsProvider;
-import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
-import java.util.Map;
-
/**
* Supports Anonymous AWS credentials.
@@ -40,13 +38,13 @@ public class AnonymousCredentialsStrategy extends
AbstractBooleanCredentialsStra
}
@Override
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
AnonymousAWSCredentials credentials = new AnonymousAWSCredentials();
return new StaticCredentialsProvider(credentials);
}
@Override
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
return AnonymousCredentialsProvider.create();
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
index a55efd6f8c..16a0cebec0 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
@@ -20,12 +20,15 @@ import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
import org.apache.nifi.processors.aws.signer.AwsCustomSignerUtil;
import org.apache.nifi.processors.aws.signer.AwsSignerType;
+import org.apache.nifi.ssl.SSLContextService;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.regions.Region;
@@ -34,17 +37,18 @@ import software.amazon.awssdk.services.sts.StsClientBuilder;
import
software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
+import javax.net.ssl.SSLContext;
import java.net.URI;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Map;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_ARN;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_NAME;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT;
+import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION;
@@ -72,14 +76,14 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
}
@Override
- public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor,
String> properties) {
+ public boolean canCreatePrimaryCredential(final PropertyContext
propertyContext) {
return false;
}
@Override
- public boolean canCreateDerivedCredential(final Map<PropertyDescriptor,
String> properties) {
- final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
- final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
+ public boolean canCreateDerivedCredential(final PropertyContext
propertyContext) {
+ final String assumeRoleArn =
propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
+ final String assumeRoleName =
propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
if (assumeRoleArn != null && !assumeRoleArn.isEmpty()
&& assumeRoleName != null && !assumeRoleName.isEmpty()) {
return true;
@@ -87,9 +91,9 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
return false;
}
- public boolean proxyVariablesValidForAssumeRole(final
Map<PropertyDescriptor, String> properties){
- final String assumeRoleProxyHost =
properties.get(ASSUME_ROLE_PROXY_HOST);
- final String assumeRoleProxyPort =
properties.get(ASSUME_ROLE_PROXY_PORT);
+ protected boolean proxyVariablesValidForAssumeRole(final PropertyContext
propertyContext) {
+ final String assumeRoleProxyHost =
propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
+ final String assumeRoleProxyPort =
propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).getValue();
if (assumeRoleProxyHost != null && !assumeRoleProxyHost.isEmpty()
&& assumeRoleProxyPort != null &&
!assumeRoleProxyPort.isEmpty()) {
return true;
@@ -130,36 +134,41 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
}
@Override
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
throw new UnsupportedOperationException();
}
@Override
- public AWSCredentialsProvider getDerivedCredentialsProvider(final
Map<PropertyDescriptor, String> properties,
+ public AWSCredentialsProvider getDerivedCredentialsProvider(final
PropertyContext propertyContext,
final
AWSCredentialsProvider primaryCredentialsProvider) {
- final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
- final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
- String rawMaxSessionTime = properties.get(MAX_SESSION_TIME);
- rawMaxSessionTime = rawMaxSessionTime == null ?
MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime;
- final Integer maxSessionTime =
Integer.parseInt(rawMaxSessionTime.trim());
- final String assumeRoleExternalId =
properties.get(ASSUME_ROLE_EXTERNAL_ID);
- final String assumeRoleSTSRegion =
properties.get(ASSUME_ROLE_STS_REGION);
- final String assumeRoleSTSEndpoint =
properties.get(ASSUME_ROLE_STS_ENDPOINT);
- final String assumeRoleSTSSigner =
properties.get(ASSUME_ROLE_STS_SIGNER_OVERRIDE);
+ final String assumeRoleArn =
propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
+ final String assumeRoleName =
propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
+ final int maxSessionTime =
propertyContext.getProperty(MAX_SESSION_TIME).asInteger();
+ final String assumeRoleExternalId =
propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue();
+ final String assumeRoleSTSRegion =
propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue();
+ final String assumeRoleSTSEndpoint =
propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
+ final String assumeRoleSTSSigner =
propertyContext.getProperty(ASSUME_ROLE_STS_SIGNER_OVERRIDE).getValue();
+ final SSLContextService sslContextService =
propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
+
STSAssumeRoleSessionCredentialsProvider.Builder builder;
- ClientConfiguration config = new ClientConfiguration();
+ final ClientConfiguration config = new ClientConfiguration();
+
+ if (sslContextService != null) {
+ final SSLContext sslContext = sslContextService.createContext();
+ config.getApacheHttpClientConfig().setSslSocketFactory(new
SSLConnectionSocketFactory(sslContext));
+ }
// If proxy variables are set, then create Client Configuration with
those values
- if (proxyVariablesValidForAssumeRole(properties)) {
- final String assumeRoleProxyHost =
properties.get(ASSUME_ROLE_PROXY_HOST);
- final Integer assumeRoleProxyPort =
Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
+ if (proxyVariablesValidForAssumeRole(propertyContext)) {
+ final String assumeRoleProxyHost =
propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
+ final int assumeRoleProxyPort =
propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
config.withProxyHost(assumeRoleProxyHost);
config.withProxyPort(assumeRoleProxyPort);
}
final AwsSignerType assumeRoleSTSSignerType =
AwsSignerType.forValue(assumeRoleSTSSigner);
if (assumeRoleSTSSignerType == CUSTOM_SIGNER) {
- final String signerClassName =
properties.get(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME);
+ final String signerClassName =
propertyContext.getProperty(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME).evaluateAttributeExpressions().getValue();
config.withSignerOverride(AwsCustomSignerUtil.registerCustomSigner(signerClassName));
} else if (assumeRoleSTSSignerType != DEFAULT_SIGNER) {
@@ -190,29 +199,33 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
}
@Override
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
throw new UnsupportedOperationException();
}
@Override
- public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties,
-
AwsCredentialsProvider primaryCredentialsProvider) {
- final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
- final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
- String rawMaxSessionTime = properties.get(MAX_SESSION_TIME);
- rawMaxSessionTime = rawMaxSessionTime == null ?
MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime;
- final Integer maxSessionTime =
Integer.parseInt(rawMaxSessionTime.trim());
- final String assumeRoleExternalId =
properties.get(ASSUME_ROLE_EXTERNAL_ID);
- final String assumeRoleSTSEndpoint =
properties.get(ASSUME_ROLE_STS_ENDPOINT);
- final String stsRegion = properties.get(ASSUME_ROLE_STS_REGION);
+ public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final
PropertyContext propertyContext,
+ final
AwsCredentialsProvider primaryCredentialsProvider) {
+ final String assumeRoleArn =
propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
+ final String assumeRoleName =
propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
+ final int maxSessionTime =
propertyContext.getProperty(MAX_SESSION_TIME).asInteger();
+ final String assumeRoleExternalId =
propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue();
+ final String assumeRoleSTSEndpoint =
propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
+ final String stsRegion =
propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue();
+ final SSLContextService sslContextService =
propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final StsAssumeRoleCredentialsProvider.Builder builder =
StsAssumeRoleCredentialsProvider.builder();
- // If proxy variables are set, then create Client Configuration with
those values
final ApacheHttpClient.Builder httpClientBuilder =
ApacheHttpClient.builder();
- if (proxyVariablesValidForAssumeRole(properties)) {
- final String assumeRoleProxyHost =
properties.get(ASSUME_ROLE_PROXY_HOST);
- final Integer assumeRoleProxyPort =
Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
+
+ if (sslContextService != null) {
+ final SSLContext sslContext = sslContextService.createContext();
+ httpClientBuilder.socketFactory(new
SSLConnectionSocketFactory(sslContext));
+ }
+
+ if (proxyVariablesValidForAssumeRole(propertyContext)) {
+ final String assumeRoleProxyHost =
propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
+ final int assumeRoleProxyPort =
propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
final software.amazon.awssdk.http.apache.ProxyConfiguration
proxyConfig = software.amazon.awssdk.http.apache.ProxyConfiguration.builder()
.endpoint(URI.create(String.format("%s:%s",
assumeRoleProxyHost, assumeRoleProxyPort)))
.build();
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java
index 03c2ba9a3f..889be287a2 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java
@@ -16,9 +16,7 @@
*/
package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
-import java.util.Map;
-
-import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import com.amazonaws.auth.AWSCredentialsProvider;
@@ -40,13 +38,13 @@ public class ExplicitDefaultCredentialsStrategy extends
AbstractBooleanCredentia
super("Default Credentials",
CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS);
}
- @Override
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ @Override
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
return new DefaultAWSCredentialsProviderChain();
}
@Override
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
return DefaultCredentialsProvider.create();
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java
index 06bfec0139..9d5f0dc75c 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java
@@ -19,12 +19,12 @@ package
org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.PropertiesFileCredentialsProvider;
import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.io.File;
-import java.util.Map;
/**
@@ -47,14 +47,14 @@ public class FileCredentialsStrategy extends
AbstractCredentialsStrategy {
}
@Override
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final String credentialsFile =
properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE);
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
+ final String credentialsFile =
propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue();
return new PropertiesFileCredentialsProvider(credentialsFile);
}
@Override
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final String credentialsFile =
properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE);
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
+ final String credentialsFile =
propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue();
return new PropertiesCredentialsProvider(new File(credentialsFile));
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java
index ab4e025f06..9bc4c90e35 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java
@@ -19,11 +19,10 @@ package
org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
-import java.util.Map;
-
/**
* Supports AWS Default Credentials. Compared to
ExplicitDefaultCredentialsStrategy, this strategy is always
@@ -37,12 +36,12 @@ public class ImplicitDefaultCredentialsStrategy extends
AbstractCredentialsStrat
}
@Override
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
return new DefaultAWSCredentialsProviderChain();
}
@Override
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
return DefaultCredentialsProvider.create();
}
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java
index 8f9ff36fa4..311c17bc00 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java
@@ -16,9 +16,8 @@
*/
package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
-import java.util.Map;
-
import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import com.amazonaws.auth.AWSCredentialsProvider;
@@ -41,14 +40,14 @@ public class NamedProfileCredentialsStrategy extends
AbstractCredentialsStrategy
}
@Override
- public AWSCredentialsProvider getCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final String profileName =
properties.get(CredentialPropertyDescriptors.PROFILE_NAME);
+ public AWSCredentialsProvider getCredentialsProvider(final PropertyContext
propertyContext) {
+ final String profileName =
propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue();
return new ProfileCredentialsProvider(profileName);
}
@Override
- public AwsCredentialsProvider getAwsCredentialsProvider(final
Map<PropertyDescriptor, String> properties) {
- final String profileName =
properties.get(CredentialPropertyDescriptors.PROFILE_NAME);
+ public AwsCredentialsProvider getAwsCredentialsProvider(final
PropertyContext propertyContext) {
+ final String profileName =
propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue();
return
software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.create(profileName);
}
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
index b02dadbcc5..ef06d3d951 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
@@ -36,14 +36,13 @@ import
software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ACCESS_KEY;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT;
+import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_SIGNER_OVERRIDE;
import static
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.CREDENTIALS_FILE;
@@ -79,7 +78,7 @@ public class AWSCredentialsProviderControllerService extends
AbstractControllerS
public static final PropertyDescriptor MAX_SESSION_TIME =
CredentialPropertyDescriptors.MAX_SESSION_TIME;
public static final PropertyDescriptor ASSUME_ROLE_STS_REGION =
CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION;
- private static final List<PropertyDescriptor> properties;
+ private static final List<PropertyDescriptor> PROPERTIES;
static {
final List<PropertyDescriptor> props = new ArrayList<>();
@@ -93,6 +92,7 @@ public class AWSCredentialsProviderControllerService extends
AbstractControllerS
props.add(ASSUME_ROLE_NAME);
props.add(MAX_SESSION_TIME);
props.add(ASSUME_ROLE_EXTERNAL_ID);
+ props.add(ASSUME_ROLE_SSL_CONTEXT_SERVICE);
props.add(ASSUME_ROLE_PROXY_HOST);
props.add(ASSUME_ROLE_PROXY_PORT);
props.add(ASSUME_ROLE_STS_REGION);
@@ -100,16 +100,16 @@ public class AWSCredentialsProviderControllerService
extends AbstractControllerS
props.add(ASSUME_ROLE_STS_SIGNER_OVERRIDE);
props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME);
props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_MODULE_LOCATION);
- properties = Collections.unmodifiableList(props);
+ PROPERTIES = Collections.unmodifiableList(props);
}
+ private volatile ConfigurationContext context;
private volatile AWSCredentialsProvider credentialsProvider;
- private volatile Map<PropertyDescriptor, String> evaluatedProperties;
protected final CredentialsProviderFactory credentialsProviderFactory =
new CredentialsProviderFactory();
@Override
protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
- return properties;
+ return PROPERTIES;
}
@Override
@@ -120,7 +120,7 @@ public class AWSCredentialsProviderControllerService
extends AbstractControllerS
@Override
public AwsCredentialsProvider getAwsCredentialsProvider() {
// Avoiding instantiation until actually used, in case v1-related
configuration is not compatible with v2 clients
- return
credentialsProviderFactory.getAwsCredentialsProvider(evaluatedProperties);
+ return credentialsProviderFactory.getAwsCredentialsProvider(context);
}
@Override
@@ -130,14 +130,9 @@ public class AWSCredentialsProviderControllerService
extends AbstractControllerS
@OnEnabled
public void onConfigured(final ConfigurationContext context) {
- evaluatedProperties = new HashMap<>(context.getProperties());
- evaluatedProperties.keySet().forEach(propertyDescriptor -> {
- if (propertyDescriptor.isExpressionLanguageSupported()) {
- evaluatedProperties.put(propertyDescriptor,
-
context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue());
- }
- });
- credentialsProvider =
credentialsProviderFactory.getCredentialsProvider(evaluatedProperties);
+ this.context = context;
+
+ credentialsProvider =
credentialsProviderFactory.getCredentialsProvider(context);
getLogger().debug("Using credentials provider: " +
credentialsProvider.getClass());
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java
index 064a61323e..7d9264776a 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java
@@ -27,7 +27,6 @@ import
com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.auth.Signer;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.internal.StaticCredentialsProvider;
-import org.apache.nifi.components.PropertyDescriptor;
import
org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider;
import org.apache.nifi.processors.aws.s3.FetchS3Object;
import org.apache.nifi.processors.aws.signer.AwsSignerType;
@@ -40,11 +39,8 @@ import
software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import
software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
-import java.util.Map;
-
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@@ -59,14 +55,13 @@ public class TestCredentialsProviderFactory {
final TestRunner runner =
TestRunners.newTestRunner(MockAWSProcessor.class);
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(DefaultAWSCredentialsProviderChain.class,
credentialsProvider.getClass(), "credentials provider should
be equal");
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties);
+ final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(DefaultCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should
be equal");
@@ -78,14 +73,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS,
"true");
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(DefaultAWSCredentialsProviderChain.class,
credentialsProvider.getClass(), "credentials provider should
be equal");
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties);
+ final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(DefaultCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should
be equal");
@@ -107,14 +101,14 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.SECRET_KEY,
"BogusSecretKey");
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
+
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(StaticCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should
be equal");
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties);
+ final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should
be equal");
@@ -140,14 +134,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE,
"src/test/resources/mock-aws-credentials.properties");
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(PropertiesFileCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should
be equal");
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties);
+ final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(PropertiesCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should
be equal");
@@ -161,21 +154,11 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_NAME,
"BogusSession");
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(STSAssumeRoleSessionCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should
be equal");
-
- assertThrows(IllegalStateException.class, () ->
factory.getAwsCredentialsProvider(properties));
-
-
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION,
Region.US_WEST_1.id());
- final Map<PropertyDescriptor, String> properties2 =
runner.getProcessContext().getProperties();
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties2);
- assertNotNull(credentialsProviderV2);
- assertEquals(StsAssumeRoleCredentialsProvider.class,
- credentialsProviderV2.getClass(), "credentials provider should
be equal");
}
@Test
@@ -194,14 +177,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.USE_ANONYMOUS_CREDENTIALS,
"true");
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
final AWSCredentials creds = credentialsProvider.getCredentials();
assertEquals(AnonymousAWSCredentials.class, creds.getClass(),
"credentials should be equal");
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties);
+ final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(AnonymousCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should
be equal");
@@ -222,14 +204,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.PROFILE_NAME,
"BogusProfile");
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(ProfileCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should
be equal");
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties);
+ final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should
be equal");
@@ -246,14 +227,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT,
"8080");
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(STSAssumeRoleSessionCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should
be equal");
- final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(properties);
+ final AwsCredentialsProvider credentialsProviderV2 =
factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(StsAssumeRoleCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should
be equal");
@@ -300,13 +280,12 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME,
CustomSTSSigner.class.getName());
runner.assertValid();
- final Map<PropertyDescriptor, String> properties =
runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new
CredentialsProviderFactory();
final Signer signerChecker = mock(Signer.class);
CustomSTSSigner.setSignerChecker(signerChecker);
- final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(properties);
+ final AWSCredentialsProvider credentialsProvider =
factory.getCredentialsProvider(runner.getProcessContext());
try {
credentialsProvider.getCredentials();
