[GitHub] [nifi] turcsanyip commented on a change in pull request #4843: NIFI-8258: Add support for Service Principal authentication in ADLS p…

Fri, 26 Feb 2021 13:35:29 -0800 


turcsanyip commented on a change in pull request #4843:
URL: https://github.com/apache/nifi/pull/4843#discussion_r583931321



##########
File path: 
nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/services/azure/storage/ADLSCredentialsControllerService.java
##########
@@ -97,16 +142,38 @@
         boolean sasTokenSet = 
StringUtils.isNotBlank(validationContext.getProperty(AzureStorageUtils.PROP_SAS_TOKEN).getValue());
         boolean useManagedIdentitySet = 
validationContext.getProperty(USE_MANAGED_IDENTITY).asBoolean();
 
-        if (!onlyOneSet(accountKeySet, sasTokenSet, useManagedIdentitySet)) {
-            StringJoiner options = new StringJoiner(", ")
-                .add(AzureStorageUtils.ACCOUNT_KEY.getDisplayName())
-                .add(AzureStorageUtils.PROP_SAS_TOKEN.getDisplayName())
-                .add(USE_MANAGED_IDENTITY.getDisplayName());
+        boolean servicePrincipalTenantIdSet = 
StringUtils.isNotBlank(validationContext.getProperty(SERVICE_PRINCIPAL_TENANT_ID).getValue());
+        boolean servicePrincipalClientIdSet = 
StringUtils.isNotBlank(validationContext.getProperty(SERVICE_PRINCIPAL_CLIENT_ID).getValue());
+        boolean servicePrincipalClientSecretSet = 
StringUtils.isNotBlank(validationContext.getProperty(SERVICE_PRINCIPAL_CLIENT_SECRET).getValue());
+        boolean servicePrincipalClientCertificateSet = 
validationContext.getProperty(SERVICE_PRINCIPAL_CLIENT_CERTIFICATE).isSet();
+
+        boolean servicePrincipalSet = servicePrincipalTenantIdSet || 
servicePrincipalClientIdSet || servicePrincipalClientSecretSet || 
servicePrincipalClientCertificateSet;

Review comment:
       My idea would be:
   - in case of `Auth Type = AUTO`: all props seen, the current validation 
running (eg. `Account Key` cannot be filled in and `Use Managed Identity` 
cannot be true at the same time)
   - in case of `Auth Type = Account Key`: only `Account Key` prop seen, only 
this property validated (must be filled in), the other invisible properties can 
have any values (it would be weird to show warnings for those properties in 
this case)
   - in case of `Auth Type = Managed Identity`: no other property can be seen, 
neither `Use Managed Identity`, no further validation needed, this Auth Type 
simply turns on Managed Identity authentication regardless of the value of the 
invisible `Use Managed Identity` property
   
   With these rules, the visible properties are always consistent. The 
invisible ones may not be but that seems to be acceptable for me.
   
   What do you think of it?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to