This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 2cb8411d4f NIFI-13848 Migrated
AWSCredentialsProviderControllerService's Proxy properties to
ProxyConfigurationService
2cb8411d4f is described below
commit 2cb8411d4f3008f89396b16d7d1647ad00cb407c
Author: Peter Turcsanyi <[email protected]>
AuthorDate: Tue Oct 8 07:13:29 2024 +0200
NIFI-13848 Migrated AWSCredentialsProviderControllerService's Proxy
properties to ProxyConfigurationService
Signed-off-by: Pierre Villard <[email protected]>
This closes #9357.
---
.../strategies/AssumeRoleCredentialsStrategy.java | 65 ++++++++++------------
.../AWSCredentialsProviderControllerService.java | 41 ++++++--------
.../provider/service/MockAWSProcessor.java | 6 +-
...entialsProviderControllerServiceStrategies.java | 29 ----------
4 files changed, 49 insertions(+), 92 deletions(-)
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
index e89168eb90..33ed1469bd 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
@@ -30,6 +30,8 @@ import org.apache.nifi.context.PropertyContext;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
import org.apache.nifi.processors.aws.signer.AwsCustomSignerUtil;
import org.apache.nifi.processors.aws.signer.AwsSignerType;
+import org.apache.nifi.proxy.ProxyConfiguration;
+import org.apache.nifi.proxy.ProxyConfigurationService;
import org.apache.nifi.ssl.SSLContextService;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
@@ -40,6 +42,7 @@ import
software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import javax.net.ssl.SSLContext;
+import java.net.Proxy;
import java.net.URI;
import java.time.Duration;
import java.util.ArrayList;
@@ -48,8 +51,7 @@ import java.util.Collection;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_ARN;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_EXTERNAL_ID;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_NAME;
-import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_HOST;
-import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_PORT;
+import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_SSL_CONTEXT_SERVICE;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_STS_ENDPOINT;
@@ -93,16 +95,6 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
return false;
}
- protected boolean proxyVariablesValidForAssumeRole(final PropertyContext
propertyContext) {
- final String assumeRoleProxyHost =
propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
- final String assumeRoleProxyPort =
propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).getValue();
- if (assumeRoleProxyHost != null && !assumeRoleProxyHost.isEmpty()
- && assumeRoleProxyPort != null &&
!assumeRoleProxyPort.isEmpty()) {
- return true;
- }
- return false;
- }
-
@Override
public Collection<ValidationResult> validate(final ValidationContext
validationContext,
final CredentialsStrategy
primaryStrategy) {
@@ -119,17 +111,6 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
.explanation(MAX_SESSION_TIME.getDisplayName() +
" must be between 900 and 3600
seconds").build());
}
-
- final boolean assumeRoleProxyHostIsSet =
validationContext.getProperty(ASSUME_ROLE_PROXY_HOST).isSet();
- final boolean assumeRoleProxyPortIsSet =
validationContext.getProperty(ASSUME_ROLE_PROXY_PORT).isSet();
-
- // Both proxy host and proxy port are required if present
- if (assumeRoleProxyHostIsSet ^ assumeRoleProxyPortIsSet) {
- validationFailureResults.add(new
ValidationResult.Builder().input("Assume Role Proxy Host and Port")
- .valid(false)
- .explanation("Assume role with proxy requires both
host and port for the proxy to be set")
- .build());
- }
}
return validationFailureResults;
@@ -151,6 +132,7 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
final String assumeRoleSTSEndpoint =
propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
final String assumeRoleSTSSigner =
propertyContext.getProperty(ASSUME_ROLE_STS_SIGNER_OVERRIDE).getValue();
final SSLContextService sslContextService =
propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
+ final ProxyConfigurationService proxyConfigurationService =
propertyContext.getProperty(ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE).asControllerService(ProxyConfigurationService.class);
final ClientConfiguration config = new ClientConfiguration();
@@ -159,12 +141,16 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
config.getApacheHttpClientConfig().setSslSocketFactory(new
SSLConnectionSocketFactory(sslContext));
}
- // If proxy variables are set, then create Client Configuration with
those values
- if (proxyVariablesValidForAssumeRole(propertyContext)) {
- final String assumeRoleProxyHost =
propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
- final int assumeRoleProxyPort =
propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
- config.withProxyHost(assumeRoleProxyHost);
- config.withProxyPort(assumeRoleProxyPort);
+ if (proxyConfigurationService != null) {
+ final ProxyConfiguration proxyConfiguration =
proxyConfigurationService.getConfiguration();
+ if (proxyConfiguration.getProxyType() == Proxy.Type.HTTP) {
+ config.withProxyHost(proxyConfiguration.getProxyServerHost());
+ config.withProxyPort(proxyConfiguration.getProxyServerPort());
+ if (proxyConfiguration.hasCredential()) {
+
config.withProxyUsername(proxyConfiguration.getProxyUserName());
+
config.withProxyPassword(proxyConfiguration.getProxyUserPassword());
+ }
+ }
}
final AwsSignerType assumeRoleSTSSignerType =
AwsSignerType.forValue(assumeRoleSTSSigner);
@@ -214,6 +200,7 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
final String assumeRoleSTSEndpoint =
propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
final String stsRegion =
propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue();
final SSLContextService sslContextService =
propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
+ final ProxyConfigurationService proxyConfigurationService =
propertyContext.getProperty(ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE).asControllerService(ProxyConfigurationService.class);
final StsAssumeRoleCredentialsProvider.Builder builder =
StsAssumeRoleCredentialsProvider.builder();
@@ -224,13 +211,19 @@ public class AssumeRoleCredentialsStrategy extends
AbstractCredentialsStrategy {
httpClientBuilder.socketFactory(new
SSLConnectionSocketFactory(sslContext));
}
- if (proxyVariablesValidForAssumeRole(propertyContext)) {
- final String assumeRoleProxyHost =
propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
- final int assumeRoleProxyPort =
propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
- final software.amazon.awssdk.http.apache.ProxyConfiguration
proxyConfig = software.amazon.awssdk.http.apache.ProxyConfiguration.builder()
- .endpoint(URI.create(String.format("http://%s:%s";,
assumeRoleProxyHost, assumeRoleProxyPort)))
- .build();
- httpClientBuilder.proxyConfiguration(proxyConfig);
+ if (proxyConfigurationService != null) {
+ final ProxyConfiguration proxyConfiguration =
proxyConfigurationService.getConfiguration();
+ if (proxyConfiguration.getProxyType() == Proxy.Type.HTTP) {
+ final
software.amazon.awssdk.http.apache.ProxyConfiguration.Builder
proxyConfigBuilder =
software.amazon.awssdk.http.apache.ProxyConfiguration.builder()
+ .endpoint(URI.create(String.format("http://%s:%s";,
proxyConfiguration.getProxyServerHost(),
proxyConfiguration.getProxyServerPort())));
+
+ if (proxyConfiguration.hasCredential()) {
+
proxyConfigBuilder.username(proxyConfiguration.getProxyUserName());
+
proxyConfigBuilder.password(proxyConfiguration.getProxyUserPassword());
+ }
+
+
httpClientBuilder.proxyConfiguration(proxyConfigBuilder.build());
+ }
}
if (stsRegion == null) {
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
index 9f7dda4023..eaddc94571 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java
@@ -34,6 +34,8 @@ import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
+import org.apache.nifi.migration.PropertyConfiguration;
+import org.apache.nifi.migration.ProxyServiceMigration;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import
org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
@@ -44,6 +46,7 @@ import
org.apache.nifi.processors.aws.credentials.provider.factory.strategies.Ex
import
org.apache.nifi.processors.aws.credentials.provider.factory.strategies.FileCredentialsStrategy;
import
org.apache.nifi.processors.aws.credentials.provider.factory.strategies.ImplicitDefaultCredentialsStrategy;
import
org.apache.nifi.processors.aws.credentials.provider.factory.strategies.NamedProfileCredentialsStrategy;
+import org.apache.nifi.proxy.ProxyConfigurationService;
import org.apache.nifi.ssl.SSLContextService;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.regions.Region;
@@ -77,6 +80,10 @@ import static
org.apache.nifi.processors.aws.signer.AwsSignerType.DEFAULT_SIGNER
)
public class AWSCredentialsProviderControllerService extends
AbstractControllerService implements AWSCredentialsProviderService {
+ // Obsolete property names
+ private static final String OBSOLETE_PROXY_HOST = "assume-role-proxy-host";
+ private static final String OBSOLETE_PROXY_PORT = "assume-role-proxy-port";
+
public static final PropertyDescriptor USE_DEFAULT_CREDENTIALS = new
PropertyDescriptor.Builder()
.name("default-credentials")
.displayName("Use Default Credentials")
@@ -189,28 +196,12 @@ public class AWSCredentialsProviderControllerService
extends AbstractControllerS
.dependsOn(ASSUME_ROLE_ARN)
.build();
- /**
- * Assume Role Proxy variables for configuring proxy to retrieve keys
- */
- public static final PropertyDescriptor ASSUME_ROLE_PROXY_HOST = new
PropertyDescriptor.Builder()
- .name("assume-role-proxy-host")
- .displayName("Assume Role Proxy Host")
- .expressionLanguageSupported(ExpressionLanguageScope.NONE)
- .required(false)
- .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
- .sensitive(false)
- .description("Proxy host for cross-account access, if needed within
your environment. This will configure a proxy to request for temporary access
keys into another AWS account.")
- .dependsOn(ASSUME_ROLE_ARN)
- .build();
-
- public static final PropertyDescriptor ASSUME_ROLE_PROXY_PORT = new
PropertyDescriptor.Builder()
- .name("assume-role-proxy-port")
- .displayName("Assume Role Proxy Port")
- .expressionLanguageSupported(ExpressionLanguageScope.NONE)
+ public static final PropertyDescriptor
ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE = new PropertyDescriptor.Builder()
+ .name("assume-role-proxy-configuration-service")
+ .displayName("Assume Role Proxy Configuration Service")
+ .identifiesControllerService(ProxyConfigurationService.class)
.required(false)
- .addValidator(StandardValidators.POSITIVE_INTEGER_VALIDATOR)
- .sensitive(false)
- .description("Proxy port for cross-account access, if needed within
your environment. This will configure a proxy to request for temporary access
keys into another AWS account.")
+ .description("Proxy configuration for cross-account access, if needed
within your environment. This will configure a proxy to request for temporary
access keys into another AWS account.")
.dependsOn(ASSUME_ROLE_ARN)
.build();
@@ -285,8 +276,7 @@ public class AWSCredentialsProviderControllerService
extends AbstractControllerS
MAX_SESSION_TIME,
ASSUME_ROLE_EXTERNAL_ID,
ASSUME_ROLE_SSL_CONTEXT_SERVICE,
- ASSUME_ROLE_PROXY_HOST,
- ASSUME_ROLE_PROXY_PORT,
+ ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE,
ASSUME_ROLE_STS_REGION,
ASSUME_ROLE_STS_ENDPOINT,
ASSUME_ROLE_STS_SIGNER_OVERRIDE,
@@ -317,6 +307,11 @@ public class AWSCredentialsProviderControllerService
extends AbstractControllerS
return PROPERTIES;
}
+ @Override
+ public void migrateProperties(PropertyConfiguration config) {
+ ProxyServiceMigration.migrateProxyProperties(config,
ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE, OBSOLETE_PROXY_HOST,
OBSOLETE_PROXY_PORT, null, null);
+ }
+
@Override
public AWSCredentialsProvider getCredentialsProvider() throws
ProcessException {
return credentialsProvider;
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/MockAWSProcessor.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/MockAWSProcessor.java
index c61ecca99d..4f4d37494a 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/MockAWSProcessor.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/MockAWSProcessor.java
@@ -32,8 +32,7 @@ import java.util.List;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_ARN;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_EXTERNAL_ID;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_NAME;
-import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_HOST;
-import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_PORT;
+import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_STS_CUSTOM_SIGNER_MODULE_LOCATION;
import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ASSUME_ROLE_STS_ENDPOINT;
@@ -58,8 +57,7 @@ public class MockAWSProcessor extends
AbstractAWSCredentialsProviderProcessor<Am
ASSUME_ROLE_NAME,
MAX_SESSION_TIME,
ASSUME_ROLE_EXTERNAL_ID,
- ASSUME_ROLE_PROXY_HOST,
- ASSUME_ROLE_PROXY_PORT,
+ ASSUME_ROLE_PROXY_CONFIGURATION_SERVICE,
ASSUME_ROLE_STS_REGION,
ASSUME_ROLE_STS_ENDPOINT,
ASSUME_ROLE_STS_SIGNER_OVERRIDE,
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/TestAWSCredentialsProviderControllerServiceStrategies.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/TestAWSCredentialsProviderControllerServiceStrategies.java
index ebb571eacb..d6346c1722 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/TestAWSCredentialsProviderControllerServiceStrategies.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/service/TestAWSCredentialsProviderControllerServiceStrategies.java
@@ -163,33 +163,4 @@ public class
TestAWSCredentialsProviderControllerServiceStrategies {
assertNotNull(credentialsProviderV2);
assertEquals(software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.class,
credentialsProviderV2.getClass());
}
-
-
- @Test
- public void testAssumeRoleMissingProxyHost() {
- runner.setProperty(service,
AWSCredentialsProviderControllerService.CREDENTIALS_FILE,
"src/test/resources/mock-aws-credentials.properties");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_ARN, "BogusArn");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_NAME, "BogusSession");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_PORT, "8080");
- runner.assertNotValid(service);
- }
-
- @Test
- public void testAssumeRoleMissingProxyPort() {
- runner.setProperty(service,
AWSCredentialsProviderControllerService.CREDENTIALS_FILE,
"src/test/resources/mock-aws-credentials.properties");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_ARN, "BogusArn");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_NAME, "BogusSession");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_HOST,
"proxy.company.com");
- runner.assertNotValid(service);
- }
-
- @Test
- public void testAssumeRoleInvalidProxyPort() {
- runner.setProperty(service,
AWSCredentialsProviderControllerService.CREDENTIALS_FILE,
"src/test/resources/mock-aws-credentials.properties");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_ARN, "BogusArn");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_NAME, "BogusSession");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_HOST,
"proxy.company.com");
- runner.setProperty(service,
AWSCredentialsProviderControllerService.ASSUME_ROLE_PROXY_PORT, "notIntPort");
- runner.assertNotValid(service);
- }
}
