[GitHub] [nifi] turcsanyip commented on a change in pull request #4843: NIFI-8258: Add support for Service Principal authentication in ADLS p…

Thu, 25 Feb 2021 11:10:57 -0800 


turcsanyip commented on a change in pull request #4843:
URL: https://github.com/apache/nifi/pull/4843#discussion_r583095684



##########
File path: 
nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/services/azure/storage/ADLSCredentialsControllerService.java
##########
@@ -74,12 +75,56 @@
         .addValidator(StandardValidators.BOOLEAN_VALIDATOR)
         .build();
 
+    public static final PropertyDescriptor SERVICE_PRINCIPAL_TENANT_ID = new 
PropertyDescriptor.Builder()
+            .name("service-principal-tenant-id")
+            .displayName("Service Principal Tenant ID")
+            .description("Tenant ID of the Azure Active Directory hosting the 
Service Principal. The property is required when Service Principal 
authentication is used.")
+            .sensitive(true)
+            .required(false)
+            .addValidator(StandardValidators.NON_BLANK_VALIDATOR)
+            
.expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
+            .build();
+
+    public static final PropertyDescriptor SERVICE_PRINCIPAL_CLIENT_ID = new 
PropertyDescriptor.Builder()
+            .name("service-principal-client-id")
+            .displayName("Service Principal Client ID")
+            .description("Client ID (or Application ID) of the 
Client/Application having the Service Principal. The property is required when 
Service Principal authentication is used. " +
+                    "Also 'Service Principal Client Secret' or 'Service 
Principal Client Certificate' must be specified in this case.")
+            .sensitive(true)
+            .required(false)
+            .addValidator(StandardValidators.NON_BLANK_VALIDATOR)
+            
.expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
+            .build();
+
+    public static final PropertyDescriptor SERVICE_PRINCIPAL_CLIENT_SECRET = 
new PropertyDescriptor.Builder()
+            .name("service-principal-client-Secret")
+            .displayName("Service Principal Client Secret")
+            .description("Password of the Client/Application.")
+            .sensitive(true)
+            .required(false)
+            .addValidator(StandardValidators.NON_BLANK_VALIDATOR)
+            
.expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
+            .build();
+
+    public static final PropertyDescriptor 
SERVICE_PRINCIPAL_CLIENT_CERTIFICATE = new PropertyDescriptor.Builder()
+            .name("service-principal-client-certificate")
+            .displayName("Service Principal Client Certificate")
+            .description("SSL Context Service referencing the keystore with 
the client certificate of the Client/Application. Only PKCS12 (.pfx) keystore 
type is supported. " +
+                    "The keystore must contain a single key and the password 
of the keystore and the key must be the same.")
+            .identifiesControllerService(SSLContextService.class)

Review comment:
       I believe we use `SSLContextService` just to provide the bare keystore 
attributes (like path and password) at other places in the code too.
   I would prefer to reuse the existing way of configuring a keystore via a CS. 
Otherwise 2 property would be needed that already exist in `SSLContextService`.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to