[GitHub] [nifi] exceptionfactory commented on a change in pull request #4508: NIFI-6576 add basic auth to confluent schema registry service

Mon, 14 Dec 2020 07:35:57 -0800 


exceptionfactory commented on a change in pull request #4508:
URL: https://github.com/apache/nifi/pull/4508#discussion_r542479942



##########
File path: 
nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -112,6 +114,32 @@
         .required(true)
         .build();
 
+    static final PropertyDescriptor PROP_BASIC_AUTH_USERNAME = new 
PropertyDescriptor.Builder()
+        .name("Authentication Username")
+        .displayName("Authentication Username")
+        .description("The username to be used by the client to authenticate 
against the Remote URL.  Cannot include control characters (0-31), ':', or DEL 
(127).")
+        .required(false)
+        
.addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x39\\x3b-\\x7e\\x80-\\xff]+$")))
+        .build();
+
+    static final PropertyDescriptor PROP_BASIC_AUTH_PASSWORD = new 
PropertyDescriptor.Builder()
+        .name("Authentication Password")
+        .displayName("Authentication Password")
+        .description("The password to be used by the client to authenticate 
against the Remote URL.")
+        .required(false)
+        .sensitive(true)
+        
.addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x7e\\x80-\\xff]+$")))
+        .build();
+
+    static final PropertyDescriptor PROP_AUTH_TYPE = new 
PropertyDescriptor.Builder()
+        .name("Authentication Type")
+        .displayName("Authentication Type")
+        .description("Basic authentication will use the 'Authentication 
Username' " +
+                "and 'Authentication Password' property values. See Confluent 
Schema Registry documentation for more details.")
+        .required(false)
+        .allowableValues("BASIC")

Review comment:
       The [Confluent Server 
documentation](https://docs.confluent.io/platform/current/kafka-rest/production-deployment/confluent-server/security.html#http-basic-authentication)
 lists BASIC and NONE as options for the authentication method for certain 
clients.  Following that approach and having a default value of NONE, in 
combination with an AuthenticationType enum, would help make the configuration 
properties and implementation approach clearer.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to