exceptionfactory commented on a change in pull request #4893:
URL: https://github.com/apache/nifi/pull/4893#discussion_r594705897
##########
File path:
nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java
##########
@@ -704,33 +699,47 @@ private void setAtlasSSLConfig(Properties
atlasProperties, ConfigurationContext
boolean isAtlasApiSecure = urls.stream().anyMatch(url ->
url.toLowerCase().startsWith("https"));
atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS,
String.valueOf(isAtlasApiSecure));
- // ssl-client.xml must be deleted, Atlas will not regenerate it
otherwise
- Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
- Files.deleteIfExists(credStorePath);
- Path sslClientXmlPath = new File(confDir,
SSL_CLIENT_XML_FILENAME).toPath();
- Files.deleteIfExists(sslClientXmlPath);
+ deleteSslClientXml(confDir);
if (isAtlasApiSecure) {
SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService == null) {
getLogger().warn("No SSLContextService configured, the system
default truststore will be used.");
} else if (!sslContextService.isTrustStoreConfigured()) {
getLogger().warn("No truststore configured on
SSLContextService, the system default truststore will be used.");
- } else if
(!KeystoreType.JKS.getType().equalsIgnoreCase(sslContextService.getTrustStoreType()))
{
- getLogger().warn("The configured truststore type is not
supported by Atlas (not JKS), the system default truststore will be used.");
} else {
- atlasProperties.put(ATLAS_PROPERTY_TRUSTSTORE_FILE,
sslContextService.getTrustStoreFile());
+ // create ssl-client.xml config file for Hadoop Security used
by Atlas REST client,
+ // Atlas would generate this file with hardcoded JKS keystore
type,
+ // in order to support other keystore types, we generate it
ourselves
+ createSslClientXml(confDir, sslContextService);
+ }
+ }
+ }
+
+ private void deleteSslClientXml(File confDir) throws Exception {
+ Path path = new File(confDir, SSL_CLIENT_XML_FILENAME).toPath();
+ try {
+ Files.deleteIfExists(path);
+ } catch (Exception e) {
+ getLogger().error("Unable to delete " + path, e);
Review comment:
Recommend changing the message to use the placeholder syntax and
indicating a little more detail about the file:
```suggestion
getLogger().error("Unable to delete SSL Client Configuration
File {}", path, e);
```
##########
File path:
nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java
##########
@@ -704,33 +699,47 @@ private void setAtlasSSLConfig(Properties
atlasProperties, ConfigurationContext
boolean isAtlasApiSecure = urls.stream().anyMatch(url ->
url.toLowerCase().startsWith("https"));
atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS,
String.valueOf(isAtlasApiSecure));
- // ssl-client.xml must be deleted, Atlas will not regenerate it
otherwise
- Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
- Files.deleteIfExists(credStorePath);
Review comment:
Do you anticipate any problems if the Credentials Store file remains on
the file system since it will no longer be deleted?
##########
File path:
nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java
##########
@@ -704,33 +699,47 @@ private void setAtlasSSLConfig(Properties
atlasProperties, ConfigurationContext
boolean isAtlasApiSecure = urls.stream().anyMatch(url ->
url.toLowerCase().startsWith("https"));
atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS,
String.valueOf(isAtlasApiSecure));
- // ssl-client.xml must be deleted, Atlas will not regenerate it
otherwise
- Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
- Files.deleteIfExists(credStorePath);
- Path sslClientXmlPath = new File(confDir,
SSL_CLIENT_XML_FILENAME).toPath();
- Files.deleteIfExists(sslClientXmlPath);
+ deleteSslClientXml(confDir);
if (isAtlasApiSecure) {
SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService == null) {
getLogger().warn("No SSLContextService configured, the system
default truststore will be used.");
} else if (!sslContextService.isTrustStoreConfigured()) {
getLogger().warn("No truststore configured on
SSLContextService, the system default truststore will be used.");
- } else if
(!KeystoreType.JKS.getType().equalsIgnoreCase(sslContextService.getTrustStoreType()))
{
- getLogger().warn("The configured truststore type is not
supported by Atlas (not JKS), the system default truststore will be used.");
} else {
- atlasProperties.put(ATLAS_PROPERTY_TRUSTSTORE_FILE,
sslContextService.getTrustStoreFile());
+ // create ssl-client.xml config file for Hadoop Security used
by Atlas REST client,
+ // Atlas would generate this file with hardcoded JKS keystore
type,
+ // in order to support other keystore types, we generate it
ourselves
+ createSslClientXml(confDir, sslContextService);
+ }
+ }
+ }
+
+ private void deleteSslClientXml(File confDir) throws Exception {
+ Path path = new File(confDir, SSL_CLIENT_XML_FILENAME).toPath();
+ try {
+ Files.deleteIfExists(path);
+ } catch (Exception e) {
+ getLogger().error("Unable to delete " + path, e);
+ throw e;
+ }
+ }
- String password = sslContextService.getTrustStorePassword();
- // Hadoop Credential Provider JCEKS URI format:
localjceks://file/PATH/TO/JCEKS
- String credStoreUri =
credStorePath.toUri().toString().replaceFirst("^file://", "localjceks://file");
+ private void createSslClientXml(File confDir, SSLContextService
sslContextService) throws Exception {
+ File sslClientXmlFile = new File(confDir, SSL_CLIENT_XML_FILENAME);
- CredentialProvider credentialProvider = new
LocalJavaKeyStoreProvider.Factory().createProvider(new URI(credStoreUri), new
Configuration());
-
credentialProvider.createCredentialEntry(TRUSTSTORE_PASSWORD_ALIAS,
password.toCharArray());
- credentialProvider.flush();
+ Configuration configuration = new Configuration(false);
- atlasProperties.put(ATLAS_PROPERTY_CRED_STORE_PATH,
credStoreUri);
- }
+ configuration.set(SSL_CLIENT_XML_TRUSTSTORE_LOCATION,
sslContextService.getTrustStoreFile());
+ configuration.set(SSL_CLIENT_XML_TRUSTSTORE_PASSWORD,
sslContextService.getTrustStorePassword());
+ configuration.set(SSL_CLIENT_XML_TRUSTSTORE_TYPE,
sslContextService.getTrustStoreType());
+
+ try (FileWriter fileWriter = new FileWriter(sslClientXmlFile)) {
+ configuration.writeXml(fileWriter);
+ } catch (Exception e) {
+ getLogger().error("Unable to create SSL config file: " +
sslClientXmlFile, e);
Review comment:
As mention in other comment for parameterized logging:
```suggestion
getLogger().error("Unable to create SSL Client Configuration
File {}", sslClientXmlFile, e);
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
